47 replies to this topic

[superwow_rl]

I hope somebody can help me with my laptop. I'm losing my mind.

Last week someone used my information to fraudulently open a credit card. I didn't think it was a computer virus, but slowly I started having more problems with Firefox slowing down. This is an on-and-off problem with Firefox, so I didn't panic right away, as I should have. I had been running Norton 360 & Malwarebytes, & not coming up with anything more harmful than tracking cookies.

The last couple of days I have hardly been able to use the Internet. It's slow, pages won't load at all, etc. I tried to download Kaspersky, & it didn't work. Now I can't uninstall it, either. My mouse will jump sometimes, but I don't know if it's related to the freezing or not. I've had to run Malwarebytes & Norton in Safe Mode, because I couldn't get the computer to operate correctly. I figured that way there was a lot more restrictions on what a possible virus could be doing. Tried to download HijackThis & another program unsuccessfully. One time I restarted & only got a dark screen. I got a popup saying atbroker.exe could not be found, & some other thing. I had to force shut down my computer. I tried doing a System Restore to see if that would solve everything, but it didn't.

At first I still wasn't finding anything. Finally overnight Malwarebytes found 2 PUP files for some toolbar, & Norton 360 found a bloodhound.malpe file. From what little I could read when my internet will work, this could be a virus or not. Had the programs remove those files, & I shut down the computer. This morning I ran the scans at work (no internet connection) in Safe Mode, & didn't find anything again, just 3 cookies. I'm running them now in regular mode, since I've read it's best that way. I'm skeptical as to whether or not anything malicious will be found.

I am really hoping someone will help me. I've become so paranoid about this whole situation. I'm even worried that someone hacked into my wireless home network, or that my cell phones will be infected as well. I tried to do the only things I knew how to do, but it's not enough. I'm thinking of shutting down the scans right now just so I'm not online. Which reminds me, the Diagnose & Repair option for my internet connection also does not work. Please tell me what to do. I wanted to back up my files to my external hard drive but I don't want to contaminate those files as well.

[superwow_rl]

Sorry, here are those logs. I apparently don't read very well About the script blocking, I had to Google it, I didn't know (still don't) what it meant. I read that Norton doesn't have that option anymore (to turn it off)? If I need to do the scans again, I will. Thank you for your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by mom's toy at 22:27:23 on 2012-08-06
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.2002 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.myspanishlab.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - c:\program files\virtual account numbers\CitiVANHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\common files\simple adblock\SimpleAdblock.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - c:\program files\virtual account numbers\CitiVANToolbar.dll
TB: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: {4A62FAC4-1670-430B-8C6B-9C7B53F51798} - No File
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
mRun: [eRecoveryService]
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: usafed.org\mfa
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1D69327A-41BE-45F5-9F83-B01C419E94E5} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D00B9979-42B9-4910-94EB-250C116767D1} : DhcpNameServer = 216.136.95.2 64.163.94.250
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\symds.sys [2012-5-18 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\symefa.sys [2012-5-18 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys [2012-5-18 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\ipsdefs\20120805.001\IDSvix86.sys [2012-8-6 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\ironx86.sys [2012-5-18 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys [2012-5-18 345208]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-12-13 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccsvchst.exe [2012-5-18 138232]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-5 106656]
S2 0112141255231712mcinstcleanup;McAfee Application Installer Cleanup (0112141255231712);c:\users\mom'st~1\appdata\local\temp\011214~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\mom'st~1\appdata\local\temp\011214~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-23 116648]
S2 IpsosLSPService;IpsosLSPService;c:\program files\ipsoslspservice\ipsoslspservice.exe --> c:\program files\ipsoslspservice\IpsosLSPService.exe [?]
S2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-4-25 202296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-12 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-23 116648]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-08-06 23:11:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 23:11:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-24 05:58:49 739824 ----a-w- c:\users\mom's toy\GoogleEarthSetup.exe
2012-07-21 17:49:09 439704 ----a-w- c:\users\mom's toy\msgr11us.exe
2012-07-21 03:40:15 739808 ----a-w- c:\users\mom's toy\ChromeSetup.exe
2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 22:29:50.57 ===============

.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 12/13/2008 1:01:52 PM
System Uptime: 8/6/2012 10:23:45 PM (0 hours ago)
.
Motherboard: Acer | | Nile
Processor: AMD Athlon™ Processor 2650e | Socket M2/S1G1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 9.057 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 69.155 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3600_Help
Acer Assist
Acer Empowering Technology
Acer eRecovery Management
Acer Registration
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Auslogics Disk Defrag
Bonjour
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Byki
Byki Express
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Championship Mah Jongg
Collins
Compatibility Pack for the 2007 Office system
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eMusic Download Manager 4.1.4
eSupportQFolder
Fax
Google Update Helper
GRE POWERPREP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet J3600 Series
HP Photosmart Essential
HP Product Assistant
HP Smart Web Printing 4.60
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
InterVideo WinDVD 8
iTunes
J3600
Java Auto Updater
Java™ 7 Update 5
Kaspersky Security Scan
Launch Manager
LightScribe 1.4.142.1
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.2
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Mythic Mahjong
Norton 360
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OGA Notifier 2.0.0048.0
ProductContext
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Rhapsody
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Simple Adblock
Skins
SmartWebPrinting
SolutionCenter
Status
swMSM
Synaptics Pointing Device Driver
TeLL me More
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Virtual Account Numbers
WebReg
WhiteSmoke
World's Best Word Games
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
8/6/2012 9:18:34 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/6/2012 9:18:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_N360 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIM SymIRON SYMTDIv tdx Wanarpv6
8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/6/2012 9:18:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/6/2012 9:17:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/6/2012 9:17:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/6/2012 12:00:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
8/6/2012 10:25:20 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/6/2012 10:25:20 PM, Error: Service Control Manager [7000] - The Kaspersky Security Scan Service service failed to start due to the following error: Access is denied.
8/6/2012 10:25:20 PM, Error: Service Control Manager [7000] - The IpsosLSPService service failed to start due to the following error: The system cannot find the file specified.
8/6/2012 10:24:51 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet J3600 series with shared resource name HP Officejet J3600 series. Error 2114. The printer cannot be used by others on the network.
8/6/2012 10:24:51 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet J3600 series fax with shared resource name HP Officejet J3600 series fax. Error 2114. The printer cannot be used by others on the network.
8/6/2012 10:24:10 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/6/2012 10:21:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 eeCtrl IDSVix86 spldr SRTSPX SymIRON SYMTDIv Wanarpv6
8/6/2012 10:21:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/6/2012 10:21:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/6/2012 10:21:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/6/2012 10:21:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/6/2012 10:20:49 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
8/5/2012 3:28:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Service Host service to connect.
8/5/2012 3:28:59 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2012 3:15:32 PM, Error: PCTCore [280] -
8/5/2012 12:17:06 PM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
8/5/2012 11:56:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/5/2012 11:23:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/5/2012 11:22:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AswRdr aswSnx aswSP aswTdi BHDrvx86 ccSet_N360 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PCTSD PSched RasAcd rdbss Smb spldr SRTSPX SymIM SymIRON SYMTDIv tdx Wanarpv6 ws2ifsl
8/5/2012 11:21:30 PM, Error: EventLog [6008] - The previous system shutdown at 11:09:28 PM on 8/5/2012 was unexpected.
8/5/2012 11:07:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
8/5/2012 11:07:37 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Image Acquisition (WIA) service to connect.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pml Driver HPZ12 service to connect.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net Driver HPZ12 service to connect.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2012 11:02:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/3/2012 10:12:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
8/2/2012 9:14:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ETService service.
.
==== End Of File ===========================

[superwow_rl]

I didn't see where I was supposed to post this too, but just in case. I'm going to go to bed soon, so hopefully someone will look at it by the time I get a chance to come back tomorrow. Thank you.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.06.12
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
mom's toy :: NIPPERS [administrator]
8/6/2012 11:42:46 PM
mbam-log-2012-08-06 (23-42-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 210003
Time elapsed: 4 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.


Next, please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[superwow_rl]

Here is the Malwarebytes scan. I was not able to save the text file to my desktop (couldn't save, period).

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.07.09
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
mom's toy :: NIPPERS [administrator]
8/7/2012 3:44:31 PM
mbam-log-2012-08-07 (15-44-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup |
Registry | File System |
Heuristics/Extra | Heuristics/Shuriken |
PUP | PUM | P2P
Scan options disabled:
Objects scanned: 210472
Time elapsed: 5 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

[superwow_rl]

Here is the log from ComboFix.

ComboFix 12-08-07.03 - mom's toy 08/07/2012 16:03:16.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1792 [GMT -6:00]
Running from: c:\users\mom's toy\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mom's toy\AmazonMP3DownloaderInstall.exe
c:\users\mom's toy\ChromeSetup.exe
c:\users\mom's toy\GoogleEarthSetup.exe
c:\users\mom's toy\Install Font.exe
c:\users\mom's toy\msgr11us.exe
c:\users\mom's toy\N360Downloader..exe
c:\users\mom's toy\N360Downloader.exe
c:\users\mom's toy\N360Downloaderv5.exe
c:\users\mom's toy\TextTwist2.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 22:14 . 2012-08-07 22:15 -------- d-----w- c:\users\mom's toy\AppData\Local\temp
2012-08-07 22:14 . 2012-08-07 22:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 22:14 . 2012-08-07 22:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 19:46 . 2011-06-02 23:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-22 17:16 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 17:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 17:15 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 17:15 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 17:16 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 17:16 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 17:15 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-22 17:14 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:12 . 2012-06-22 17:14 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-26 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 02:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-26 05:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 03:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-08-31 19:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 01:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-07-23 03:05 846344 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-03 03:27 6266880 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-02-22 03:50 1037608 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 0112141255231712mcinstcleanup;McAfee Application Installer Cleanup (0112141255231712);c:\users\MOM'ST~1\AppData\Local\Temp\011214~1.EXE [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-03-25 17:18 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 23:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspanishlab.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515
uInternet Settings,ProxyOverride = *.local
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: usafed.org\mfa
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKCU-Run-DW7 - c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-WhiteSmoke - c:\program files\WhiteSmoke\Uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-07 16:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{7A21A046-B886-4A62-9D69-EF2059B0A27B}"=hex:51,66,7a,6c,4c,1d,38,12,28,a3,32,
7e,b4,f6,0c,0f,e2,7f,ac,60,5c,ee,e6,6f
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{D84A64A0-F2B2-4975-B264-3A3BCE8D57D6}"=hex:51,66,7a,6c,4c,1d,38,12,ce,67,59,
dc,80,bc,1b,0c,cd,72,79,7b,cb,d3,13,c2
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{17424104-1444-4810-85D7-B4DA413C5A9A}"=hex:51,66,7a,6c,4c,1d,38,12,6a,42,51,
13,76,5a,7e,0d,fa,c1,f7,9a,44,62,1e,8e
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{D93EC24D-8741-4D41-B83D-A5793B998416}"=hex:51,66,7a,6c,4c,1d,38,12,23,c1,2d,
dd,73,c9,2f,08,c7,2b,e6,39,3e,c7,c0,02
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E08861FE-8847-4B2A-8EC2-08EDB20E4020}"=hex:51,66,7a,6c,4c,1d,38,12,90,62,9b,
e4,75,c6,44,0e,f1,d4,4b,ad,b7,50,04,34
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2E5E800E-6AC0-411E-940A-369530A35E43}"=hex:51,66,7a,6c,4c,1d,38,12,60,83,4d,
2a,f2,24,70,04,eb,1c,75,d5,35,fd,1a,57
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:9d,a3,08,fe,4c,ee,cb,01
.
Completion time: 2012-08-07 16:20:21
ComboFix-quarantined-files.txt 2012-08-07 22:20
.
Pre-Run: 9,450,168,320 bytes free
Post-Run: 9,434,308,608 bytes free
.
- - End Of File - - 8C1FC1D433323FF6BDE66DD078A59DF3

[superwow_rl]

DDS text

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by mom's toy at 17:05:18 on 2012-08-07
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1962 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.myspanishlab.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - c:\program files\virtual account numbers\CitiVANHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\common files\simple adblock\SimpleAdblock.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - c:\program files\virtual account numbers\CitiVANToolbar.dll
EB: {4A62FAC4-1670-430B-8C6B-9C7B53F51798} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: usafed.org\mfa
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1D69327A-41BE-45F5-9F83-B01C419E94E5} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D00B9979-42B9-4910-94EB-250C116767D1} : DhcpNameServer = 216.136.95.2 64.163.94.250
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\symds.sys [2012-5-18 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\symefa.sys [2012-5-18 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\bashdefs\20120803.001\BHDrvx86.sys [2012-8-6 821920]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys [2012-5-18 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\ipsdefs\20120807.001\IDSvix86.sys [2012-8-6 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\ironx86.sys [2012-5-18 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys [2012-5-18 345208]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-12-13 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccsvchst.exe [2012-5-18 138232]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-5 106656]
S2 0112141255231712mcinstcleanup;McAfee Application Installer Cleanup (0112141255231712);c:\users\mom'st~1\appdata\local\temp\011214~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\mom'st~1\appdata\local\temp\011214~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-23 116648]
S2 IpsosLSPService;IpsosLSPService;c:\program files\ipsoslspservice\ipsoslspservice.exe --> c:\program files\ipsoslspservice\IpsosLSPService.exe [?]
S2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-4-25 202296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-12 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-23 116648]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-07 22:20:33 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-07 22:20:24 -------- d-----w- c:\users\mom's toy\appdata\local\temp
2012-08-07 21:59:42 98816 ----a-w- c:\windows\sed.exe
2012-08-07 21:59:42 518144 ----a-w- c:\windows\SWREG.exe
2012-08-07 21:59:42 256000 ----a-w- c:\windows\PEV.exe
2012-08-07 21:59:42 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-08-06 23:11:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 23:11:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 17:07:10.43 ===============


Attach Text

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 12/13/2008 1:01:52 PM
System Uptime: 8/7/2012 5:01:31 PM (0 hours ago)
.
Motherboard: Acer | | Nile
Processor: AMD Athlon™ Processor 2650e | Socket M2/S1G1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 8.854 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 69.155 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3600_Help
Acer Assist
Acer Empowering Technology
Acer eRecovery Management
Acer Registration
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Auslogics Disk Defrag
Bonjour
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Byki
Byki Express
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Championship Mah Jongg
Collins
Compatibility Pack for the 2007 Office system
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eMusic Download Manager 4.1.4
eSupportQFolder
Fax
Google Update Helper
GRE POWERPREP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet J3600 Series
HP Photosmart Essential
HP Product Assistant
HP Smart Web Printing 4.60
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
InterVideo WinDVD 8
iTunes
J3600
Java Auto Updater
Java™ 7 Update 5
Kaspersky Security Scan
Launch Manager
LightScribe 1.4.142.1
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.2
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Mythic Mahjong
Norton 360
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OGA Notifier 2.0.0048.0
ProductContext
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Rhapsody
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Simple Adblock
Skins
SmartWebPrinting
SolutionCenter
Status
swMSM
Synaptics Pointing Device Driver
TeLL me More
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Virtual Account Numbers
WebReg
World's Best Word Games
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
8/7/2012 8:55:01 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 8:54:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/7/2012 8:54:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/7/2012 8:54:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/7/2012 8:54:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/7/2012 8:54:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/7/2012 8:54:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/7/2012 8:46:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_N360 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIM SymIRON SYMTDIv tdx Wanarpv6
8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 5:03:33 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/7/2012 5:03:33 PM, Error: Service Control Manager [7000] - The Kaspersky Security Scan Service service failed to start due to the following error: Access is denied.
8/7/2012 5:03:33 PM, Error: Service Control Manager [7000] - The IpsosLSPService service failed to start due to the following error: The system cannot find the file specified.
8/7/2012 5:02:17 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet J3600 series with shared resource name HP Officejet J3600 series. Error 2114. The printer cannot be used by others on the network.
8/7/2012 5:02:17 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet J3600 series fax with shared resource name HP Officejet J3600 series fax. Error 2114. The printer cannot be used by others on the network.
8/7/2012 5:01:59 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/7/2012 4:15:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/7/2012 4:02:12 PM, Error: Service Control Manager [7034] - The NTI Backup Now 5 Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
8/6/2012 12:00:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
8/6/2012 10:21:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 eeCtrl IDSVix86 spldr SRTSPX SymIRON SYMTDIv Wanarpv6
8/6/2012 10:20:49 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
8/5/2012 3:28:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Service Host service to connect.
8/5/2012 3:28:59 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2012 3:15:32 PM, Error: PCTCore [280] -
8/5/2012 12:17:06 PM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
8/5/2012 11:56:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/5/2012 11:23:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/5/2012 11:22:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AswRdr aswSnx aswSP aswTdi BHDrvx86 ccSet_N360 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PCTSD PSched RasAcd rdbss Smb spldr SRTSPX SymIM SymIRON SYMTDIv tdx Wanarpv6 ws2ifsl
8/5/2012 11:21:30 PM, Error: EventLog [6008] - The previous system shutdown at 11:09:28 PM on 8/5/2012 was unexpected.
8/5/2012 11:07:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
8/5/2012 11:07:37 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Image Acquisition (WIA) service to connect.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pml Driver HPZ12 service to connect.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net Driver HPZ12 service to connect.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2012 11:02:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/3/2012 10:12:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
8/2/2012 9:14:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ETService service.
.
==== End Of File ===========================

[screen317]

Hi,

Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.


Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan
  Wait for the scan to finish
  
• Export the threats found (if any), and post them here.

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

[superwow_rl]

TDSS Log: It DID NOT prompt me for a restart. Does it matter?

09:33:35.0525 1924 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:33:35.0557 1924 ============================================================
09:33:35.0557 1924 Current date / time: 2012/08/08 09:33:35.0557
09:33:35.0557 1924 SystemInfo:
09:33:35.0557 1924
09:33:35.0557 1924 OS Version: 6.0.6002 ServicePack: 2.0
09:33:35.0557 1924 Product type: Workstation
09:33:35.0557 1924 ComputerName: NIPPERS
09:33:35.0557 1924 UserName: mom's toy
09:33:35.0557 1924 Windows directory: C:\Windows
09:33:35.0557 1924 System windows directory: C:\Windows
09:33:35.0557 1924 Processor architecture: Intel x86
09:33:35.0557 1924 Number of processors: 1
09:33:35.0557 1924 Page size: 0x1000
09:33:35.0557 1924 Boot type: Normal boot
09:33:35.0557 1924 ============================================================
09:33:37.0429 1924 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:33:37.0444 1924 ============================================================
09:33:37.0444 1924 \Device\Harddisk0\DR0:
09:33:37.0444 1924 MBR partitions:
09:33:37.0444 1924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x8B0C000
09:33:37.0444 1924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9F0E800, BlocksNum 0x8B0A800
09:33:37.0444 1924 ============================================================
09:33:37.0475 1924 C: <-> \Device\Harddisk0\DR0\Partition0
09:33:37.0522 1924 D: <-> \Device\Harddisk0\DR0\Partition1
09:33:37.0522 1924 ============================================================
09:33:37.0522 1924 Initialize success
09:33:37.0522 1924 ============================================================
09:33:43.0294 3720 ============================================================
09:33:43.0294 3720 Scan started
09:33:43.0294 3720 Mode: Manual;
09:33:43.0294 3720 ============================================================
09:33:44.0417 3720 0112141255231712mcinstcleanup - ok
09:33:45.0088 3720 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:33:45.0104 3720 ACPI - ok
09:33:45.0291 3720 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:33:45.0291 3720 AdobeARMservice - ok
09:33:45.0385 3720 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:33:45.0400 3720 AdobeFlashPlayerUpdateSvc - ok
09:33:45.0525 3720 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
09:33:45.0556 3720 adp94xx - ok
09:33:45.0868 3720 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
09:33:45.0884 3720 adpahci - ok
09:33:45.0931 3720 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
09:33:45.0931 3720 adpu160m - ok
09:33:45.0977 3720 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
09:33:45.0993 3720 adpu320 - ok
09:33:46.0040 3720 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
09:33:46.0040 3720 AeLookupSvc - ok
09:33:46.0087 3720 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:33:46.0102 3720 AFD - ok
09:33:46.0133 3720 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
09:33:46.0133 3720 agp440 - ok
09:33:46.0165 3720 ahcix86s (4fa58a158c9d3769ff9248675b53d6a7) C:\Windows\system32\DRIVERS\ahcix86s.sys
09:33:46.0165 3720 ahcix86s - ok
09:33:46.0227 3720 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:33:46.0258 3720 aic78xx - ok
09:33:46.0305 3720 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
09:33:46.0305 3720 ALG - ok
09:33:46.0336 3720 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
09:33:46.0336 3720 aliide - ok
09:33:46.0352 3720 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
09:33:46.0367 3720 amdagp - ok
09:33:46.0383 3720 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
09:33:46.0383 3720 amdide - ok
09:33:46.0399 3720 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
09:33:46.0414 3720 AmdK7 - ok
09:33:46.0430 3720 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
09:33:46.0430 3720 AmdK8 - ok
09:33:46.0461 3720 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
09:33:46.0461 3720 Appinfo - ok
09:33:46.0742 3720 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:33:46.0742 3720 Apple Mobile Device - ok
09:33:46.0804 3720 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
09:33:46.0804 3720 arc - ok
09:33:46.0867 3720 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
09:33:46.0867 3720 arcsas - ok
09:33:47.0163 3720 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:33:47.0194 3720 aspnet_state - ok
09:33:47.0225 3720 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:33:47.0225 3720 AsyncMac - ok
09:33:47.0257 3720 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:33:47.0257 3720 atapi - ok
09:33:47.0491 3720 Ati External Event Utility (4604db6d5eca6362873cc3a76d2204ba) C:\Windows\system32\Ati2evxx.exe
09:33:47.0506 3720 Ati External Event Utility - ok
09:33:48.0629 3720 atikmdag (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys
09:33:48.0739 3720 atikmdag - ok
09:33:49.0082 3720 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
09:33:49.0082 3720 AtiPcie - ok
09:33:49.0175 3720 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:33:49.0191 3720 AudioEndpointBuilder - ok
09:33:49.0191 3720 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:33:49.0207 3720 Audiosrv - ok
09:33:49.0456 3720 BCM43XX (c38077d14adf896ee1e1dbbcbcf77e14) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:33:49.0472 3720 BCM43XX - ok
09:33:49.0519 3720 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:33:49.0519 3720 Beep - ok
09:33:49.0565 3720 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
09:33:49.0581 3720 BFE - ok
09:33:50.0127 3720 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120803.001\BHDrvx86.sys
09:33:50.0127 3720 BHDrvx86 - ok
09:33:50.0267 3720 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
09:33:50.0299 3720 BITS - ok
09:33:50.0345 3720 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
09:33:50.0345 3720 blbdrive - ok
09:33:50.0642 3720 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:33:50.0642 3720 Bonjour Service - ok
09:33:50.0689 3720 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:33:50.0689 3720 bowser - ok
09:33:50.0720 3720 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:33:50.0720 3720 BrFiltLo - ok
09:33:50.0735 3720 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:33:50.0735 3720 BrFiltUp - ok
09:33:50.0782 3720 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
09:33:50.0782 3720 Browser - ok
09:33:50.0829 3720 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:33:50.0829 3720 Brserid - ok
09:33:50.0860 3720 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:33:50.0860 3720 BrSerWdm - ok
09:33:50.0876 3720 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:33:50.0876 3720 BrUsbMdm - ok
09:33:50.0907 3720 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:33:50.0907 3720 BrUsbSer - ok
09:33:50.0938 3720 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:33:50.0938 3720 BTHMODEM - ok
09:33:51.0016 3720 BUNAgentSvc (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
09:33:51.0016 3720 BUNAgentSvc - ok
09:33:51.0110 3720 catchme - ok
09:33:51.0266 3720 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0602010.005\ccSetx86.sys
09:33:51.0266 3720 ccSet_N360 - ok
09:33:51.0297 3720 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:33:51.0297 3720 cdfs - ok
09:33:51.0422 3720 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:33:51.0422 3720 cdrom - ok
09:33:51.0469 3720 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:33:51.0469 3720 CertPropSvc - ok
09:33:51.0500 3720 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
09:33:51.0500 3720 circlass - ok
09:33:51.0656 3720 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:33:51.0656 3720 CLFS - ok
09:33:51.0781 3720 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:33:51.0781 3720 clr_optimization_v2.0.50727_32 - ok
09:33:51.0952 3720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:33:51.0999 3720 clr_optimization_v4.0.30319_32 - ok
09:33:52.0108 3720 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
09:33:52.0108 3720 CmBatt - ok
09:33:52.0155 3720 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
09:33:52.0155 3720 cmdide - ok
09:33:52.0186 3720 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:33:52.0186 3720 Compbatt - ok
09:33:52.0186 3720 COMSysApp - ok
09:33:52.0233 3720 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
09:33:52.0233 3720 crcdisk - ok
09:33:52.0311 3720 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
09:33:52.0311 3720 Crusoe - ok
09:33:52.0358 3720 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
09:33:52.0373 3720 CryptSvc - ok
09:33:52.0483 3720 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:33:52.0498 3720 DcomLaunch - ok
09:33:52.0592 3720 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:33:52.0592 3720 DfsC - ok
09:33:53.0138 3720 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
09:33:53.0216 3720 DFSR - ok
09:33:53.0341 3720 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
09:33:53.0356 3720 Dhcp - ok
09:33:53.0465 3720 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:33:53.0465 3720 disk - ok
09:33:53.0497 3720 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
09:33:53.0497 3720 DKbFltr - ok
09:33:53.0668 3720 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
09:33:53.0668 3720 Dnscache - ok
09:33:53.0980 3720 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
09:33:53.0980 3720 dot3svc - ok
09:33:54.0043 3720 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
09:33:54.0043 3720 Dot4 - ok
09:33:54.0089 3720 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:33:54.0089 3720 Dot4Print - ok
09:33:54.0136 3720 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
09:33:54.0136 3720 dot4usb - ok
09:33:54.0167 3720 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
09:33:54.0167 3720 DPS - ok
09:33:54.0355 3720 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
09:33:54.0355 3720 DritekPortIO - ok
09:33:54.0386 3720 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:33:54.0386 3720 drmkaud - ok
09:33:54.0557 3720 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:33:54.0573 3720 DXGKrnl - ok
09:33:54.0791 3720 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:33:54.0807 3720 E1G60 - ok
09:33:54.0854 3720 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
09:33:54.0854 3720 EapHost - ok
09:33:55.0337 3720 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:33:55.0337 3720 Ecache - ok
09:33:55.0525 3720 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:33:55.0525 3720 eeCtrl - ok
09:33:55.0618 3720 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
09:33:55.0634 3720 elxstor - ok
09:33:56.0227 3720 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
09:33:56.0258 3720 EMDMgmt - ok
09:33:56.0414 3720 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:33:56.0414 3720 EraserUtilRebootDrv - ok
09:33:56.0523 3720 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
09:33:56.0523 3720 ErrDev - ok
09:33:56.0601 3720 ETService (f25247d0e011a643ee60052ce23be05e) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
09:33:56.0601 3720 ETService - ok
09:33:56.0757 3720 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
09:33:56.0773 3720 EventSystem - ok
09:33:56.0804 3720 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:33:56.0819 3720 exfat - ok
09:33:56.0866 3720 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:33:56.0882 3720 fastfat - ok
09:33:56.0913 3720 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:33:56.0913 3720 fdc - ok
09:33:56.0944 3720 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
09:33:56.0960 3720 fdPHost - ok
09:33:56.0975 3720 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
09:33:56.0975 3720 FDResPub - ok
09:33:56.0991 3720 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:33:56.0991 3720 FileInfo - ok
09:33:57.0007 3720 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:33:57.0007 3720 Filetrace - ok
09:33:57.0038 3720 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:33:57.0038 3720 flpydisk - ok
09:33:57.0085 3720 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:33:57.0085 3720 FltMgr - ok
09:33:57.0428 3720 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
09:33:57.0459 3720 FontCache - ok
09:33:57.0553 3720 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:33:57.0568 3720 FontCache3.0.0.0 - ok
09:33:57.0599 3720 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
09:33:57.0599 3720 Fs_Rec - ok
09:33:57.0631 3720 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
09:33:57.0631 3720 gagp30kx - ok
09:33:57.0677 3720 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:33:57.0677 3720 GEARAspiWDM - ok
09:33:57.0755 3720 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
09:33:57.0771 3720 gpsvc - ok
09:33:57.0927 3720 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
09:33:57.0927 3720 gupdate - ok
09:33:57.0943 3720 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
09:33:57.0943 3720 gupdatem - ok
09:33:57.0974 3720 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:33:57.0989 3720 HdAudAddService - ok
09:33:58.0301 3720 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:33:58.0301 3720 HDAudBus - ok
09:33:58.0348 3720 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:33:58.0348 3720 HidBth - ok
09:33:58.0364 3720 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:33:58.0364 3720 HidIr - ok
09:33:58.0395 3720 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
09:33:58.0395 3720 hidserv - ok
09:33:58.0457 3720 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:33:58.0457 3720 HidUsb - ok
09:33:58.0504 3720 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
09:33:58.0504 3720 hkmsvc - ok
09:33:58.0535 3720 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
09:33:58.0535 3720 HpCISSs - ok
09:33:58.0910 3720 hpqcxs08 (af81f7ba6a09119006fe041a2f2f3ece) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:33:58.0910 3720 hpqcxs08 - ok
09:33:58.0941 3720 hpqddsvc (7244f63db8ea883b3dc8e730c645d073) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:33:58.0941 3720 hpqddsvc - ok
09:33:59.0175 3720 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
09:33:59.0191 3720 HTTP - ok
09:33:59.0222 3720 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
09:33:59.0222 3720 i2omp - ok
09:33:59.0378 3720 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:33:59.0378 3720 i8042prt - ok
09:33:59.0425 3720 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
09:33:59.0456 3720 iaStorV - ok
09:33:59.0596 3720 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:33:59.0627 3720 idsvc - ok
09:34:00.0236 3720 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120807.001\IDSvix86.sys
09:34:00.0251 3720 IDSVix86 - ok
09:34:00.0641 3720 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:34:00.0641 3720 iirsp - ok
09:34:00.0875 3720 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
09:34:00.0875 3720 IKEEXT - ok
09:34:00.0938 3720 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
09:34:00.0938 3720 int15 - ok
09:34:01.0624 3720 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
09:34:01.0640 3720 IntcAzAudAddService - ok
09:34:02.0420 3720 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
09:34:02.0435 3720 intelide - ok
09:34:02.0467 3720 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:34:02.0467 3720 intelppm - ok
09:34:02.0498 3720 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
09:34:02.0513 3720 IPBusEnum - ok
09:34:02.0545 3720 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:34:02.0545 3720 IpFilterDriver - ok
09:34:02.0591 3720 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
09:34:02.0591 3720 iphlpsvc - ok
09:34:02.0607 3720 IpInIp - ok
09:34:02.0669 3720 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
09:34:02.0669 3720 IPMIDRV - ok
09:34:02.0716 3720 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:34:02.0716 3720 IPNAT - ok
09:34:03.0137 3720 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
09:34:03.0153 3720 iPod Service - ok
09:34:03.0153 3720 IpsosLSPService - ok
09:34:03.0184 3720 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:34:03.0184 3720 IRENUM - ok
09:34:03.0278 3720 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
09:34:03.0278 3720 isapnp - ok
09:34:03.0434 3720 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:34:03.0434 3720 iScsiPrt - ok
09:34:03.0449 3720 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:34:03.0449 3720 iteatapi - ok
09:34:03.0481 3720 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:34:03.0481 3720 iteraid - ok
09:34:03.0621 3720 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:34:03.0621 3720 IviRegMgr - ok
09:34:03.0668 3720 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:34:03.0668 3720 kbdclass - ok
09:34:03.0683 3720 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
09:34:03.0683 3720 kbdhid - ok
09:34:03.0730 3720 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:34:03.0730 3720 KeyIso - ok
09:34:03.0824 3720 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
09:34:03.0839 3720 KSecDD - ok
09:34:04.0229 3720 KSS (e47ffca0909871ac1bff0d446ff63ca9) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
09:34:04.0229 3720 KSS - ok
09:34:04.0292 3720 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
09:34:04.0307 3720 KtmRm - ok
09:34:04.0401 3720 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
09:34:04.0401 3720 LanmanServer - ok
09:34:04.0526 3720 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
09:34:04.0526 3720 LanmanWorkstation - ok
09:34:04.0635 3720 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:34:04.0635 3720 LightScribeService - ok
09:34:04.0744 3720 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:34:04.0744 3720 lltdio - ok
09:34:04.0791 3720 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
09:34:04.0807 3720 lltdsvc - ok
09:34:04.0853 3720 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
09:34:04.0869 3720 lmhosts - ok
09:34:04.0900 3720 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
09:34:04.0900 3720 LSI_FC - ok
09:34:04.0931 3720 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
09:34:04.0931 3720 LSI_SAS - ok
09:34:04.0963 3720 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
09:34:04.0963 3720 LSI_SCSI - ok
09:34:04.0994 3720 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:34:04.0994 3720 luafv - ok
09:34:05.0025 3720 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
09:34:05.0025 3720 megasas - ok
09:34:05.0072 3720 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
09:34:05.0087 3720 MegaSR - ok
09:34:05.0119 3720 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:34:05.0134 3720 MMCSS - ok
09:34:05.0165 3720 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:34:05.0165 3720 Modem - ok
09:34:05.0181 3720 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:34:05.0197 3720 monitor - ok
09:34:05.0212 3720 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:34:05.0212 3720 mouclass - ok
09:34:05.0243 3720 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:34:05.0243 3720 mouhid - ok
09:34:05.0259 3720 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:34:05.0259 3720 MountMgr - ok
09:34:05.0290 3720 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
09:34:05.0290 3720 mpio - ok
09:34:05.0321 3720 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:34:05.0321 3720 mpsdrv - ok
09:34:05.0477 3720 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
09:34:05.0493 3720 MpsSvc - ok
09:34:05.0509 3720 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:34:05.0509 3720 Mraid35x - ok
09:34:05.0555 3720 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:34:05.0555 3720 MRxDAV - ok
09:34:05.0633 3720 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:34:05.0633 3720 mrxsmb - ok
09:34:05.0711 3720 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:34:05.0711 3720 mrxsmb10 - ok
09:34:05.0743 3720 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:34:05.0758 3720 mrxsmb20 - ok
09:34:05.0774 3720 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
09:34:05.0789 3720 msahci - ok
09:34:05.0805 3720 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
09:34:05.0805 3720 msdsm - ok
09:34:05.0852 3720 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
09:34:05.0883 3720 MSDTC - ok
09:34:05.0914 3720 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:34:05.0914 3720 Msfs - ok
09:34:05.0945 3720 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:34:05.0945 3720 msisadrv - ok
09:34:06.0008 3720 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
09:34:06.0008 3720 MSiSCSI - ok
09:34:06.0023 3720 msiserver - ok
09:34:06.0055 3720 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:34:06.0055 3720 MSKSSRV - ok
09:34:06.0086 3720 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:34:06.0086 3720 MSPCLOCK - ok
09:34:06.0101 3720 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:34:06.0101 3720 MSPQM - ok
09:34:06.0179 3720 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:34:06.0179 3720 MsRPC - ok
09:34:06.0211 3720 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:34:06.0211 3720 mssmbios - ok
09:34:06.0226 3720 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:34:06.0226 3720 MSTEE - ok
09:34:06.0242 3720 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:34:06.0242 3720 Mup - ok
09:34:06.0460 3720 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
09:34:06.0476 3720 N360 - ok
09:34:06.0663 3720 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
09:34:06.0679 3720 napagent - ok
09:34:06.0757 3720 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:34:06.0772 3720 NativeWifiP - ok
09:34:07.0240 3720 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120807.018\NAVENG.SYS
09:34:07.0240 3720 NAVENG - ok
09:34:07.0412 3720 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120807.018\NAVEX15.SYS
09:34:07.0474 3720 NAVEX15 - ok
09:34:07.0755 3720 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:34:07.0771 3720 NDIS - ok
09:34:07.0802 3720 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:34:07.0802 3720 NdisTapi - ok
09:34:07.0817 3720 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:34:07.0817 3720 Ndisuio - ok
09:34:07.0864 3720 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:34:07.0880 3720 NdisWan - ok
09:34:07.0911 3720 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:34:07.0911 3720 NDProxy - ok
09:34:07.0989 3720 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
09:34:07.0989 3720 Net Driver HPZ12 - ok
09:34:08.0067 3720 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:34:08.0067 3720 NetBIOS - ok
09:34:08.0114 3720 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:34:08.0129 3720 netbt - ok
09:34:08.0176 3720 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:34:08.0176 3720 Netlogon - ok
09:34:08.0363 3720 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
09:34:08.0379 3720 Netman - ok
09:34:08.0691 3720 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:34:08.0691 3720 NetMsmqActivator - ok
09:34:08.0707 3720 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:34:08.0707 3720 NetPipeActivator - ok
09:34:08.0894 3720 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
09:34:08.0894 3720 netprofm - ok
09:34:08.0909 3720 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:34:08.0909 3720 NetTcpActivator - ok
09:34:08.0925 3720 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:34:08.0925 3720 NetTcpPortSharing - ok
09:34:08.0987 3720 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:34:08.0987 3720 nfrd960 - ok
09:34:09.0034 3720 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
09:34:09.0050 3720 NlaSvc - ok
09:34:09.0081 3720 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:34:09.0081 3720 Npfs - ok
09:34:09.0112 3720 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
09:34:09.0128 3720 nsi - ok
09:34:09.0143 3720 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:34:09.0143 3720 nsiproxy - ok
09:34:09.0393 3720 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:34:09.0502 3720 Ntfs - ok
09:34:09.0721 3720 NTIBackupSvc (a2b6583a5652a385dff5e4f49ad48761) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
09:34:09.0721 3720 NTIBackupSvc - ok
09:34:09.0752 3720 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
09:34:09.0752 3720 NTIDrvr - ok
09:34:09.0861 3720 NTISchedulerSvc (40b87fe8a1a9a5ac9e5a91d96f212bcd) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
09:34:09.0877 3720 NTISchedulerSvc - ok
09:34:09.0923 3720 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:34:09.0923 3720 ntrigdigi - ok
09:34:09.0955 3720 NuidFltr (e8717d9b0d1919cadafd8896a8e23e17) C:\Windows\system32\DRIVERS\NuidFltr.sys
09:34:09.0970 3720 NuidFltr - ok
09:34:09.0986 3720 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:34:09.0986 3720 Null - ok
09:34:10.0017 3720 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
09:34:10.0017 3720 nvraid - ok
09:34:10.0048 3720 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
09:34:10.0064 3720 nvstor - ok
09:34:10.0095 3720 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
09:34:10.0111 3720 nv_agp - ok
09:34:10.0111 3720 NwlnkFlt - ok
09:34:10.0126 3720 NwlnkFwd - ok
09:34:10.0157 3720 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
09:34:10.0157 3720 ohci1394 - ok
09:34:10.0360 3720 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:34:10.0360 3720 ose - ok
09:34:10.0532 3720 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:34:10.0547 3720 p2pimsvc - ok
09:34:10.0563 3720 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:34:10.0579 3720 p2psvc - ok
09:34:10.0813 3720 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:34:10.0813 3720 Parport - ok
09:34:10.0984 3720 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
09:34:11.0000 3720 partmgr - ok
09:34:11.0047 3720 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:34:11.0062 3720 Parvdm - ok
09:34:11.0093 3720 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
09:34:11.0093 3720 PcaSvc - ok
09:34:11.0156 3720 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:34:11.0156 3720 pci - ok
09:34:11.0187 3720 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:34:11.0187 3720 pciide - ok
09:34:11.0234 3720 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:34:11.0249 3720 pcmcia - ok
09:34:11.0312 3720 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:34:11.0343 3720 PEAUTH - ok
09:34:11.0468 3720 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
09:34:11.0499 3720 pla - ok
09:34:11.0639 3720 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
09:34:11.0639 3720 PlugPlay - ok
09:34:11.0733 3720 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
09:34:11.0733 3720 Pml Driver HPZ12 - ok
09:34:11.0873 3720 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:34:11.0873 3720 PNRPAutoReg - ok
09:34:11.0889 3720 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:34:11.0905 3720 PNRPsvc - ok
09:34:11.0967 3720 Point32 (437827d69040c0c2565d47b024ed5372) C:\Windows\system32\DRIVERS\point32k.sys
09:34:11.0967 3720 Point32 - ok
09:34:12.0107 3720 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
09:34:12.0107 3720 PolicyAgent - ok
09:34:12.0170 3720 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:34:12.0170 3720 PptpMiniport - ok
09:34:12.0201 3720 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
09:34:12.0201 3720 Processor - ok
09:34:12.0310 3720 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
09:34:12.0310 3720 ProfSvc - ok
09:34:12.0357 3720 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:34:12.0357 3720 ProtectedStorage - ok
09:34:12.0419 3720 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:34:12.0419 3720 PSched - ok
09:34:12.0685 3720 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
09:34:12.0700 3720 ql2300 - ok
09:34:12.0809 3720 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:34:12.0809 3720 ql40xx - ok
09:34:12.0856 3720 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
09:34:12.0903 3720 QWAVE - ok
09:34:12.0981 3720 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:34:12.0981 3720 QWAVEdrv - ok
09:34:13.0012 3720 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:34:13.0012 3720 RasAcd - ok
09:34:13.0043 3720 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
09:34:13.0043 3720 RasAuto - ok
09:34:13.0075 3720 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:34:13.0075 3720 Rasl2tp - ok
09:34:13.0168 3720 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
09:34:13.0168 3720 RasMan - ok
09:34:13.0246 3720 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:34:13.0246 3720 RasPppoe - ok
09:34:13.0262 3720 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:34:13.0277 3720 RasSstp - ok
09:34:13.0309 3720 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:34:13.0324 3720 rdbss - ok
09:34:13.0355 3720 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:34:13.0355 3720 RDPCDD - ok
09:34:13.0402 3720 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
09:34:13.0418 3720 rdpdr - ok
09:34:13.0433 3720 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:34:13.0433 3720 RDPENCDD - ok
09:34:13.0496 3720 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
09:34:13.0527 3720 RDPWD - ok
09:34:13.0589 3720 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
09:34:13.0589 3720 regi - ok
09:34:13.0699 3720 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
09:34:13.0699 3720 RemoteAccess - ok
09:34:13.0792 3720 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
09:34:13.0792 3720 RemoteRegistry - ok
09:34:13.0839 3720 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
09:34:13.0839 3720 RpcLocator - ok
09:34:13.0917 3720 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:34:13.0917 3720 RpcSs - ok
09:34:13.0979 3720 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:34:13.0979 3720 rspndr - ok
09:34:14.0073 3720 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
09:34:14.0089 3720 RTL8169 - ok
09:34:14.0120 3720 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:34:14.0120 3720 SamSs - ok
09:34:14.0151 3720 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:34:14.0151 3720 sbp2port - ok
09:34:14.0245 3720 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
09:34:14.0245 3720 SCardSvr - ok
09:34:14.0354 3720 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
09:34:14.0369 3720 Schedule - ok
09:34:14.0416 3720 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:34:14.0416 3720 SCPolicySvc - ok
09:34:14.0791 3720 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
09:34:14.0791 3720 SDRSVC - ok
09:34:14.0869 3720 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:34:14.0869 3720 secdrv - ok
09:34:15.0025 3720 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
09:34:15.0025 3720 seclogon - ok
09:34:15.0103 3720 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
09:34:15.0118 3720 SENS - ok
09:34:15.0149 3720 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:34:15.0149 3720 Serenum - ok
09:34:15.0259 3720 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:34:15.0259 3720 Serial - ok
09:34:15.0305 3720 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:34:15.0305 3720 sermouse - ok
09:34:15.0493 3720 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
09:34:15.0493 3720 SessionEnv - ok
09:34:15.0571 3720 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
09:34:15.0571 3720 sffdisk - ok
09:34:15.0602 3720 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
09:34:15.0602 3720 sffp_mmc - ok
09:34:15.0633 3720 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
09:34:15.0633 3720 sffp_sd - ok
09:34:15.0664 3720 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:34:15.0664 3720 sfloppy - ok
09:34:16.0959 3720 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
09:34:16.0959 3720 SharedAccess - ok
09:34:17.0209 3720 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
09:34:17.0209 3720 ShellHWDetection - ok
09:34:17.0255 3720 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
09:34:17.0255 3720 sisagp - ok
09:34:17.0365 3720 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
09:34:17.0380 3720 SiSRaid2 - ok
09:34:17.0630 3720 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
09:34:17.0661 3720 SiSRaid4 - ok
09:34:36.0834 3720 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
09:34:38.0068 3720 slsvc - ok
09:34:43.0403 3720 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
09:34:43.0450 3720 SLUINotify - ok
09:34:44.0230 3720 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:34:44.0261 3720 Smb - ok
09:34:44.0355 3720 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
09:34:44.0355 3720 SNMPTRAP - ok
09:34:44.0433 3720 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:34:44.0433 3720 spldr - ok
09:34:44.0635 3720 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
09:34:44.0635 3720 Spooler - ok
09:34:45.0852 3720 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\N360\0602010.005\SRTSP.SYS
09:34:48.0739 3720 SRTSP - ok
09:34:49.0098 3720 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\N360\0602010.005\SRTSPX.SYS
09:34:49.0457 3720 SRTSPX - ok
09:34:50.0143 3720 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:34:50.0159 3720 srv - ok
09:34:50.0642 3720 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:34:51.0298 3720 srv2 - ok
09:34:51.0422 3720 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:34:51.0781 3720 srvnet - ok
09:34:51.0922 3720 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
09:34:51.0922 3720 SSDPSRV - ok
09:34:52.0109 3720 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
09:34:52.0109 3720 SstpSvc - ok
09:34:52.0358 3720 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
09:34:52.0421 3720 stisvc - ok
09:34:52.0530 3720 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:34:52.0592 3720 swenum - ok
09:34:52.0873 3720 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
09:34:53.0060 3720 swprv - ok
09:34:53.0138 3720 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:34:53.0170 3720 Symc8xx - ok
09:34:53.0466 3720 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0602010.005\SYMDS.SYS
09:34:53.0638 3720 SymDS - ok
09:34:54.0308 3720 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0602010.005\SYMEFA.SYS
09:34:54.0683 3720 SymEFA - ok
09:34:54.0808 3720 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
09:34:55.0088 3720 SymEvent - ok
09:34:55.0104 3720 SYMFW - ok
09:34:55.0166 3720 SymIM (6e3ad51710cb4a27ea70adf685fca4ca) C:\Windows\system32\DRIVERS\SymIMv.sys
09:34:55.0322 3720 SymIM - ok
09:34:55.0432 3720 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0602010.005\Ironx86.SYS
09:34:55.0603 3720 SymIRON - ok
09:34:55.0619 3720 SYMNDISV - ok
09:34:55.0790 3720 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\N360\0602010.005\SYMTDIV.SYS
09:34:55.0946 3720 SYMTDIv - ok
09:34:56.0040 3720 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:34:56.0040 3720 Sym_hi - ok
09:34:56.0102 3720 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:34:56.0102 3720 Sym_u3 - ok
09:34:56.0165 3720 SynTP (32e8b307f0e9f72b66b518fd62eab91e) C:\Windows\system32\DRIVERS\SynTP.sys
09:34:56.0336 3720 SynTP - ok
09:34:56.0539 3720 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
09:34:56.0555 3720 SysMain - ok
09:34:56.0726 3720 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
09:34:56.0726 3720 TabletInputService - ok
09:34:56.0882 3720 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
09:34:56.0882 3720 TapiSrv - ok
09:34:56.0945 3720 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
09:34:56.0945 3720 TBS - ok
09:34:57.0257 3720 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
09:34:57.0600 3720 Tcpip - ok
09:34:57.0631 3720 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
09:34:57.0631 3720 Tcpip6 - ok
09:34:57.0725 3720 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:34:57.0740 3720 tcpipreg - ok
09:34:57.0787 3720 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:34:57.0803 3720 TDPIPE - ok
09:34:57.0896 3720 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:34:57.0896 3720 TDTCP - ok
09:34:57.0974 3720 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:34:57.0990 3720 tdx - ok
09:34:58.0052 3720 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:34:58.0068 3720 TermDD - ok
09:34:58.0177 3720 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
09:34:58.0208 3720 TermService - ok
09:34:58.0302 3720 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
09:34:58.0302 3720 Themes - ok
09:34:58.0396 3720 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:34:58.0396 3720 THREADORDER - ok
09:34:58.0536 3720 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
09:34:58.0536 3720 TrkWks - ok
09:34:58.0708 3720 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
09:34:58.0708 3720 TrustedInstaller - ok
09:34:58.0801 3720 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:34:58.0817 3720 tssecsrv - ok
09:34:58.0848 3720 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:34:58.0848 3720 tunmp - ok
09:34:58.0895 3720 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:34:58.0910 3720 tunnel - ok
09:34:58.0973 3720 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
09:34:58.0973 3720 uagp35 - ok
09:34:59.0020 3720 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
09:34:59.0020 3720 UBHelper - ok
09:34:59.0176 3720 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:34:59.0191 3720 udfs - ok
09:34:59.0254 3720 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
09:34:59.0269 3720 UI0Detect - ok
09:34:59.0300 3720 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
09:34:59.0300 3720 uliagpkx - ok
09:34:59.0410 3720 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
09:34:59.0472 3720 uliahci - ok
09:34:59.0566 3720 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:34:59.0566 3720 UlSata - ok
09:34:59.0737 3720 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:34:59.0737 3720 ulsata2 - ok
09:34:59.0800 3720 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:34:59.0800 3720 umbus - ok
09:34:59.0893 3720 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
09:34:59.0893 3720 upnphost - ok
09:34:59.0971 3720 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
09:34:59.0971 3720 USBAAPL - ok
09:35:00.0049 3720 usbccgp (cc412cf1a6697c82a481af4e9601a412) C:\Windows\system32\DRIVERS\usbccgp.sys
09:35:00.0049 3720 usbccgp - ok
09:35:00.0174 3720 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:35:00.0174 3720 usbcir - ok
09:35:00.0205 3720 usbehci (153e8515cb86f8bb5d1a8b478ebf4bb2) C:\Windows\system32\DRIVERS\usbehci.sys
09:35:00.0205 3720 usbehci - ok
09:35:00.0346 3720 usbhub (e0e4fb937c8501791fbde57e12c7b20e) C:\Windows\system32\DRIVERS\usbhub.sys
09:35:00.0377 3720 usbhub - ok
09:35:00.0439 3720 usbohci (d457ebd0c3a8b3a3a144355b5ee91cbc) C:\Windows\system32\DRIVERS\usbohci.sys
09:35:00.0439 3720 usbohci - ok
09:35:00.0486 3720 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:35:00.0486 3720 usbprint - ok
09:35:00.0580 3720 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:35:00.0580 3720 usbscan - ok
09:35:00.0689 3720 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:35:00.0689 3720 USBSTOR - ok
09:35:00.0798 3720 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:35:00.0798 3720 usbuhci - ok
09:35:00.0938 3720 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
09:35:00.0954 3720 usbvideo - ok
09:35:01.0001 3720 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
09:35:01.0001 3720 UxSms - ok
09:35:01.0157 3720 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
09:35:01.0204 3720 vds - ok
09:35:01.0250 3720 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
09:35:01.0250 3720 vga - ok
09:35:01.0282 3720 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:35:01.0297 3720 VgaSave - ok
09:35:01.0328 3720 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
09:35:01.0328 3720 viaagp - ok
09:35:01.0375 3720 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
09:35:01.0375 3720 ViaC7 - ok
09:35:01.0422 3720 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
09:35:01.0422 3720 viaide - ok
09:35:01.0453 3720 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:35:01.0453 3720 volmgr - ok
09:35:01.0625 3720 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:35:01.0640 3720 volmgrx - ok
09:35:01.0859 3720 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:35:01.0890 3720 volsnap - ok
09:35:02.0030 3720 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
09:35:02.0062 3720 vsmraid - ok
09:35:03.0060 3720 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
09:35:03.0138 3720 VSS - ok
09:35:03.0278 3720 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
09:35:03.0278 3720 W32Time - ok
09:35:03.0372 3720 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:35:03.0372 3720 WacomPen - ok
09:35:03.0481 3720 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:35:03.0481 3720 Wanarp - ok
09:35:03.0497 3720 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:35:03.0497 3720 Wanarpv6 - ok
09:35:03.0700 3720 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
09:35:03.0715 3720 wcncsvc - ok
09:35:03.0778 3720 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
09:35:03.0793 3720 WcsPlugInService - ok
09:35:03.0887 3720 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:35:03.0887 3720 Wd - ok
09:35:03.0965 3720 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
09:35:03.0965 3720 WDC_SAM - ok
09:35:04.0526 3720 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:35:04.0558 3720 Wdf01000 - ok
09:35:04.0667 3720 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:35:04.0667 3720 WdiServiceHost - ok
09:35:04.0682 3720 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:35:04.0682 3720 WdiSystemHost - ok
09:35:04.0901 3720 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
09:35:04.0916 3720 WebClient - ok
09:35:05.0026 3720 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
09:35:05.0041 3720 Wecsvc - ok
09:35:05.0119 3720 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
09:35:05.0119 3720 wercplsupport - ok
09:35:05.0213 3720 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
09:35:05.0213 3720 WerSvc - ok
09:35:05.0462 3720 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
09:35:05.0509 3720 WinDefend - ok
09:35:05.0525 3720 WinHttpAutoProxySvc - ok
09:35:05.0712 3720 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
09:35:05.0712 3720 Winmgmt - ok
09:35:06.0071 3720 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
09:35:06.0180 3720 WinRM - ok
09:35:06.0929 3720 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
09:35:07.0022 3720 Wlansvc - ok
09:35:07.0132 3720 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:35:07.0132 3720 WmiAcpi - ok
09:35:07.0288 3720 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
09:35:07.0288 3720 wmiApSrv - ok
09:35:07.0834 3720 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:35:07.0896 3720 WMPNetworkSvc - ok
09:35:08.0036 3720 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
09:35:08.0052 3720 WPCSvc - ok
09:35:08.0239 3720 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
09:35:08.0239 3720 WPDBusEnum - ok
09:35:08.0972 3720 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:35:09.0019 3720 WPFFontCache_v0400 - ok
09:35:09.0222 3720 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:35:09.0222 3720 ws2ifsl - ok
09:35:09.0331 3720 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
09:35:09.0331 3720 wscsvc - ok
09:35:09.0347 3720 WSearch - ok
09:35:10.0564 3720 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
09:35:10.0860 3720 wuauserv - ok
09:35:11.0500 3720 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:35:11.0531 3720 WUDFRd - ok
09:35:11.0671 3720 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
09:35:11.0671 3720 wudfsvc - ok
09:35:12.0342 3720 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:35:12.0451 3720 YahooAUService - ok
09:35:12.0482 3720 MBR (0x1B8) (ef9cdc51b437d322d54016b68f003416) \Device\Harddisk0\DR0
09:35:16.0882 3720 \Device\Harddisk0\DR0 - ok
09:35:16.0913 3720 Boot (0x1200) (63f327a36223d433b39752a6beed9c0c) \Device\Harddisk0\DR0\Partition0
09:35:16.0975 3720 \Device\Harddisk0\DR0\Partition0 - ok
09:35:17.0038 3720 Boot (0x1200) (4bb58cd61f4bcb8602da72adbd346982) \Device\Harddisk0\DR0\Partition1
09:35:17.0069 3720 \Device\Harddisk0\DR0\Partition1 - ok
09:35:17.0084 3720 ============================================================
09:35:17.0084 3720 Scan finished
09:35:17.0084 3720 ============================================================
09:35:17.0116 2472 Detected object count: 0
09:35:17.0116 2472 Actual detected object count: 0
09:35:27.0179 1260 Deinitialize success

[superwow_rl]

ESET scan. I selected "Delete quarantined files", I hope that's fine.

C:\Users\mom's toy\registryboosterplb.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\mom's toy\Documents\Java Runtime Environment.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\mom's toy\Documents\misc\registryeasy_lite.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\Users\mom's toy\Downloads\BitZipper50TrialSetupEn.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined

[superwow_rl]

Security Check

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 7 Update 5
Adobe Flash Player 11.3.300.270
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

[screen317]

Hi,

Things look good from here!




Run TFC by OldTimer to clear temporary files:

• Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.


Restart your computer.

Let me know what issues remain.

[superwow_rl]

Hi! Seems to be working better now. I reinstalled Firefox so I could open a bunch of bookmarks at once. Seems like it's back to normal.

Can you please tell me what was wrong with my computer? That way I can know if this ever happens again. Do I need to change all my passwords again? Thank you so much for all of your help!!!

[screen317]

It's really hard to say specifically what was wrong. Looks like a mixture of infections and the damage they cause.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
  
• Yellow for caution
  
• Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!


Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?




Safe surfing,

-screen317

[superwow_rl]

Okay, I will definitely get all that stuff installed, & I started reading that article. One thing I noticed, & I noticed this when my computer was infected, too: Firefox will have one of those "allow" bars across the top on certain pages, but the bar is blank, no text. It just has a tiny box on the left side with the prohibited symbol on it. Do you know what that is?

[screen317]

Hi,

You'll have to take a screenshot of it. It's hard to tell by how you described it.

[superwow_rl]

I couldn't get a screen capture to work. I keep getting an error that my post is too short, even though I added extra text. My page keeps scrolling up, too.

[superwow_rl]

My computer is not running well anymore. Firefox (14) is opening & is almost instantly at 100,000K with just the one tab open. It's very slow & freezes often. My computer itself is very slow, Task Manager is slow to open & also freezes. Yesterday I closed Firefox but it wouldn't terminate in Task Manager. Please tell me how to get this back to normal.

[screen317]

Hi,

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan-- do not download any programs; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

[superwow_rl]

Wow, that was a nightmare to run. Here's the URL. I had to run it in IE9.

http://www.pcpitstop...?conid=25017762