Jump to content


Photo
- - - - -

Happili Trojan got me...


  • This topic is locked This topic is locked
20 replies to this topic

#1 hippiechic744

hippiechic744

    New Member

  • Members
  • Pip
  • 9 posts

Posted 04 June 2012 - 09:19 PM

My laptop was running slow, and after a Malwarebytes scan it came up with 4 infected files with the 'happili' trojan. Here are my mbam and dds logs:

MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.03.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kristy :: D965GFC1 [administrator]

6/3/2012 4:51:31 PM
mbam-log-2012-06-03 (16-51-31).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 351921
Time elapsed: 4 hour(s), 13 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\Kristy\Local Settings\Application Data\ApplicationHistory\Adobe\szwtdkl.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristy\Local Settings\temp\0.3198980937296608 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristy\Local Settings\temp\nsc2E32.tmp\qrnoxrx.dll (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristy\Local Settings\temp\nsc2E32.tmp\szwtdkl.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

(end)

dds log:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Kristy at 20:06:39 on 2012-06-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.470 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\DOCUME~1\Kristy\LOCALS~1\Temp\clclean.0001
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Zune\ZuneBusEnum.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.amazon.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Spotify Web Helper] "c:\documents and settings\kristy\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SetDefPrt] c:\program files\brother\brmfl04h\BrStDvPt.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: turbotax.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://littlemissmagic777.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} - hxxp://leads400.landstar.com/HFAccess/HFDSP.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mci.webex.com/client/v_mywebex-wbs-mciprodins/webex/ieatgpc.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kristy\application data\mozilla\firefox\profiles\5akt67y1.default\
FF - prefs.js: browser.startup.homepage - hxxp://slickdeals.net/
FF - plugin: c:\documents and settings\kristy\application data\mozilla\firefox\profiles\5akt67y1.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-1-26 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-1-26 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-1-26 656320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-1 314456]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 MpKsle5778334;MpKsle5778334;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{78505797-f2c0-4145-b62f-4e416ff994c3}\MpKsle5778334.sys [2012-6-4 29904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-1 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-1 44768]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-4 40776]
S1 gtmynuyg;gtmynuyg;\??\c:\windows\system32\drivers\gtmynuyg.sys --> c:\windows\system32\drivers\gtmynuyg.sys [?]
S1 iawsnhxh;iawsnhxh;\??\c:\windows\system32\drivers\iawsnhxh.sys --> c:\windows\system32\drivers\iawsnhxh.sys [?]
S1 nlshreox;nlshreox;\??\c:\windows\system32\drivers\nlshreox.sys --> c:\windows\system32\drivers\nlshreox.sys [?]
S1 wsbqjhiq;wsbqjhiq;\??\c:\windows\system32\drivers\wsbqjhiq.sys --> c:\windows\system32\drivers\wsbqjhiq.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-3 129976]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-1-26 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-1-26 1150936]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 20:21:12.03 ===============

attach log:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/3/2007 1:24:00 PM
System Uptime: 6/4/2012 3:05:17 PM (5 hours ago)
.
Motherboard: Dell Inc. | | 0MG532
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | Microprocessor | 798/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 143 GiB total, 54.676 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2008: 4/17/2012 7:46:37 AM - Software Distribution Service 3.0
RP2009: 4/17/2012 10:04:10 AM - Software Distribution Service 3.0
RP2010: 4/18/2012 7:01:57 AM - Software Distribution Service 3.0
RP2011: 4/18/2012 10:16:36 AM - Software Distribution Service 3.0
RP2012: 4/19/2012 6:59:37 AM - Software Distribution Service 3.0
RP2013: 4/19/2012 7:34:06 PM - Software Distribution Service 3.0
RP2014: 4/20/2012 7:35:54 AM - Software Distribution Service 3.0
RP2015: 4/21/2012 7:23:08 AM - Software Distribution Service 3.0
RP2016: 4/21/2012 7:44:23 AM - Software Distribution Service 3.0
RP2017: 4/22/2012 7:20:02 AM - Software Distribution Service 3.0
RP2018: 4/22/2012 9:53:14 AM - Software Distribution Service 3.0
RP2019: 4/23/2012 7:08:05 AM - Software Distribution Service 3.0
RP2020: 4/23/2012 10:20:50 AM - Software Distribution Service 3.0
RP2021: 4/24/2012 7:04:55 AM - Software Distribution Service 3.0
RP2022: 4/24/2012 11:19:47 AM - Software Distribution Service 3.0
RP2023: 4/25/2012 6:59:18 AM - Software Distribution Service 3.0
RP2024: 4/25/2012 12:59:24 PM - Software Distribution Service 3.0
RP2025: 4/26/2012 6:29:57 AM - Software Distribution Service 3.0
RP2026: 4/26/2012 5:00:31 PM - Software Distribution Service 3.0
RP2027: 4/27/2012 6:44:05 AM - Software Distribution Service 3.0
RP2028: 4/28/2012 7:24:26 AM - Software Distribution Service 3.0
RP2029: 4/29/2012 7:19:49 AM - Software Distribution Service 3.0
RP2030: 4/29/2012 7:44:18 AM - Software Distribution Service 3.0
RP2031: 4/30/2012 7:38:29 AM - Software Distribution Service 3.0
RP2032: 4/30/2012 8:01:06 AM - Software Distribution Service 3.0
RP2033: 4/30/2012 12:33:57 PM - Software Distribution Service 3.0
RP2034: 5/1/2012 6:44:47 AM - Software Distribution Service 3.0
RP2035: 5/1/2012 1:19:30 PM - Software Distribution Service 3.0
RP2036: 5/2/2012 6:27:11 AM - Software Distribution Service 3.0
RP2037: 5/2/2012 7:51:14 PM - Software Distribution Service 3.0
RP2038: 5/3/2012 6:45:33 AM - Software Distribution Service 3.0
RP2039: 5/4/2012 8:00:03 AM - Software Distribution Service 3.0
RP2040: 5/4/2012 8:16:43 AM - Software Distribution Service 3.0
RP2041: 5/5/2012 7:07:19 AM - Software Distribution Service 3.0
RP2042: 5/5/2012 10:38:34 AM - Software Distribution Service 3.0
RP2043: 5/6/2012 5:36:37 AM - Software Distribution Service 3.0
RP2044: 5/6/2012 2:28:34 PM - Software Distribution Service 3.0
RP2045: 5/7/2012 6:34:40 AM - Software Distribution Service 3.0
RP2046: 5/7/2012 5:47:45 PM - Software Distribution Service 3.0
RP2047: 5/8/2012 6:36:48 AM - Software Distribution Service 3.0
RP2048: 5/8/2012 9:35:03 PM - Software Distribution Service 3.0
RP2049: 5/9/2012 7:35:31 AM - Software Distribution Service 3.0
RP2050: 5/10/2012 7:39:19 AM - Software Distribution Service 3.0
RP2051: 5/10/2012 7:55:29 AM - Software Distribution Service 3.0
RP2052: 5/11/2012 6:24:55 AM - Software Distribution Service 3.0
RP2053: 5/11/2012 8:36:39 AM - Software Distribution Service 3.0
RP2054: 5/12/2012 7:31:28 AM - Software Distribution Service 3.0
RP2055: 5/12/2012 10:17:19 AM - Software Distribution Service 3.0
RP2056: 5/13/2012 7:12:10 AM - Software Distribution Service 3.0
RP2057: 5/13/2012 4:46:46 PM - Software Distribution Service 3.0
RP2058: 5/14/2012 6:37:20 AM - Software Distribution Service 3.0
RP2059: 5/14/2012 7:56:19 PM - Software Distribution Service 3.0
RP2060: 5/15/2012 8:12:55 AM - Software Distribution Service 3.0
RP2061: 5/15/2012 8:12:52 PM - Software Distribution Service 3.0
RP2062: 5/16/2012 7:27:07 AM - Software Distribution Service 3.0
RP2063: 5/17/2012 7:21:52 AM - Software Distribution Service 3.0
RP2064: 5/17/2012 7:47:19 AM - Software Distribution Service 3.0
RP2065: 5/18/2012 7:53:10 AM - Software Distribution Service 3.0
RP2066: 5/18/2012 8:25:55 AM - Software Distribution Service 3.0
RP2067: 5/19/2012 7:21:30 AM - Software Distribution Service 3.0
RP2068: 5/19/2012 10:37:03 AM - Software Distribution Service 3.0
RP2069: 5/20/2012 6:14:13 AM - Software Distribution Service 3.0
RP2070: 5/20/2012 3:53:26 PM - Software Distribution Service 3.0
RP2071: 5/21/2012 6:31:38 AM - Software Distribution Service 3.0
RP2072: 5/21/2012 5:18:09 PM - Software Distribution Service 3.0
RP2073: 5/22/2012 6:32:24 AM - Software Distribution Service 3.0
RP2074: 5/23/2012 7:16:21 AM - Software Distribution Service 3.0
RP2075: 5/24/2012 7:12:36 AM - Software Distribution Service 3.0
RP2076: 5/25/2012 6:25:10 AM - Software Distribution Service 3.0
RP2077: 5/26/2012 11:20:13 PM - Software Distribution Service 3.0
RP2078: 5/27/2012 7:18:40 AM - Software Distribution Service 3.0
RP2079: 5/28/2012 7:37:53 AM - Software Distribution Service 3.0
RP2080: 5/28/2012 8:09:34 AM - Software Distribution Service 3.0
RP2081: 5/29/2012 7:33:05 AM - Software Distribution Service 3.0
RP2082: 5/29/2012 9:23:05 AM - Software Distribution Service 3.0
RP2083: 5/30/2012 6:55:57 AM - Software Distribution Service 3.0
RP2084: 5/30/2012 10:41:02 AM - Software Distribution Service 3.0
RP2085: 5/31/2012 8:43:55 AM - Software Distribution Service 3.0
RP2086: 6/1/2012 6:58:04 AM - Software Distribution Service 3.0
RP2087: 6/1/2012 7:49:36 PM - Software Distribution Service 3.0
RP2088: 6/2/2012 7:43:46 AM - Software Distribution Service 3.0
RP2089: 6/3/2012 8:51:11 AM - Software Distribution Service 3.0
RP2090: 6/3/2012 9:18:16 AM - Software Distribution Service 3.0
RP2091: 6/4/2012 7:50:51 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
1300
1300_Help
1300Tour
1300Trb
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.3)
AiO_Scan
AIOMinimal
AiOSoftware
Amazon Kindle
Amazon MP3 Downloader 1.0.5
AnswerWorks 4.0 Runtime - English
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudibleManager
avast! Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BDE v5.01
Bonjour
Broadcom Management Programs
Brother MFL-Pro Suite
Conexant HDA D110 MDC V.92 Modem
Copy
Corel Paint Shop Pro X
Coupon Printer for Windows
Creative Audio Pack
Creative MediaSource 5
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Photo Printer 720
Dell Support 3.2.1
Dell System Restore
Dell Wireless WLAN Card
Digital Content Portal
Digital Line Detect
Digital Photo Navigator 1.5
Director
DocProc
EarthLink Setup Files
Fax
Free PS Convert driver 8.15
Garmin Trip and Waypoint Manager v5
getPlus®_ocx
H&R Block Deluxe + Efile + State 2009
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Image Zone 3.5
HP Photo Creations
HP PSC & OfficeJet 3.5
HP Update
hpmdtab
HPSystemDiagnostics
InstantShare
Intel® Graphics Media Accelerator Driver
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java Auto Updater
Java™ 6 Update 29
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.61.0.1400
MediaDirect
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2006
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
OGA Notifier 2.0.0048.0
OutlookAddinSetup
Overland
Photo Viewer
PhotoGallery
PowerCinema NE for Everio
PowerDirector Express
PowerProducer
PrintScreen
QFolder
QuickProjects
QuickSet
QuickTime
Readme
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
SkinsHP2
Sonic Activation Module
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spotify
Spybot - Search & Destroy
Spyware Doctor 8.0
Sure Cuts A Lot 2.012
Sylvan 3rd Grade Reading Success
Synaptics Pointing Device Driver
TrayApp
TurboTax Deluxe 2007
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
URL Assistant
WebEx
WebFldrs XP
WebIQ Client Software
WebReg
Windows Driver Package - (mr7910) Image 08/08/2006 1.4.0.0
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
Windows XP Service Pack 3
WinRAR archiver
Works Upgrade
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
6/4/2012 5:44:51 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1279.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/3/2012 10:11:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/3/2012 10:10:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 APPDRV aswSnx aswSP aswTdi Fips intelppm MpFilter
6/3/2012 10:10:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/31/2012 2:44:48 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ZuneBusEnum service.
5/31/2012 12:00:47 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1045.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
5/31/2012 12:00:47 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1045.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
5/31/2012 1:51:47 PM, error: PlugPlayManager [11] - The device Root\LEGACY_MPKSL99332221\0000 disappeared from the system without first being prepared for removal.
5/30/2012 8:41:00 PM, error: Service Control Manager [7034] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 3 time(s).
5/30/2012 8:40:52 PM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
5/30/2012 2:45:18 PM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
5/30/2012 10:13:33 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
5/29/2012 7:41:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office XP (KB2509461).
.
==== End Of File ===========================

#2 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,596 posts
  • Gender:Male

Posted 06 June 2012 - 03:27 AM

Hello and Welcome!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 hippiechic744

hippiechic744

    New Member

  • Members
  • Pip
  • 9 posts

Posted 06 June 2012 - 09:30 PM

Hi there, thank you for your help. :))

Here are the requested logs:

checkup:

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spyware Doctor 8.0
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 10.3.183.11 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon!
````````````````````End of Log``````````````````````


Combofix log:


ComboFix 12-06-05.04 - Kristy 06/06/2012 9:04:49.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.468 [GMT -5:00]
Running from: D:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Kristy\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Kristy\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp
C:\WINDOWS\EventSystem.log


((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))


2012-06-06 13:37:21 . 2012-06-06 13:37:21 56200 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\offreg.dll
2012-06-04 12:41:47 . 2012-06-04 12:41:47 29904 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\MpKsle5778334.sys
2012-06-04 02:51:09 . 2012-06-04 02:51:14 -------- d-----w- C:\Program Files\Mozilla Maintenance Service
2012-06-03 14:19:21 . 2012-05-08 16:40:12 6737808 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\mpengine.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-08 16:40:12 . 2010-07-21 14:11:32 6737808 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-11 13:14:41 . 2004-08-11 23:00:25 2148352 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2012-04-11 13:12:06 . 2004-08-11 23:00:37 1862272 ----a-w- C:\WINDOWS\system32\win32k.sys
2012-04-11 12:35:51 . 2004-08-04 04:59:00 2026496 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2012-04-04 20:56:40 . 2009-04-13 23:43:54 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-06-04 02:49:58 . 2012-06-04 02:49:58 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01:17 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 10:40:02 24576]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-29 03:57:12 395776]
"Spotify Web Helper"="C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-05-21 11:56:33 932528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 17:48:02 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-22 23:35:50 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 22:30:44 282624]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 16:51:52 57344]
"MBMon"="CTMBHA.DLL" [2006-06-29 05:12:00 1355042]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 07:00:00 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 09:40:34 86960]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 23:16:54 184320]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-02 21:55:11 185896]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 23:13:26 151552]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 14:38:42 241664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-11-11 05:08:18 417792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-11-12 22:33:10 141600]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-31 02:00:02 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-31 02:00:16 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-31 01:59:36 138008]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-11-28 18:01:24 3744552]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe" [2004-11-11 22:14:38 49152]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2011-08-05 17:29:56 159456]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 02:55:54 49208]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 19:06:06 254696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 11:13:08 434080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-1-25 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Documents and Settings\\Kristy\\Application Data\\Spotify\\spotify.exe"=

R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [1/26/2011 8:10:25 PM 239168]
R0 pctDS;PC Tools Data Store;C:\WINDOWS\system32\drivers\pctDS.sys [1/26/2011 8:10:38 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;C:\WINDOWS\system32\drivers\pctEFA.sys [1/26/2011 8:10:38 PM 656320]
R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [3/1/2011 10:10:36 PM 435032]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [3/1/2011 10:10:44 PM 314456]
R1 MpKsle5778334;MpKsle5778334;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\MpKsle5778334.sys [6/4/2012 7:41:47 AM 29904]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [3/1/2011 10:10:45 PM 20568]
S1 gtmynuyg;gtmynuyg;\??\C:\WINDOWS\system32\drivers\gtmynuyg.sys --> C:\WINDOWS\system32\drivers\gtmynuyg.sys [?]
S1 iawsnhxh;iawsnhxh;\??\C:\WINDOWS\system32\drivers\iawsnhxh.sys --> C:\WINDOWS\system32\drivers\iawsnhxh.sys [?]
S1 nlshreox;nlshreox;\??\C:\WINDOWS\system32\drivers\nlshreox.sys --> C:\WINDOWS\system32\drivers\nlshreox.sys [?]
S1 wsbqjhiq;wsbqjhiq;\??\C:\WINDOWS\system32\drivers\wsbqjhiq.sys --> C:\WINDOWS\system32\drivers\wsbqjhiq.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [6/3/2012 9:51:09 PM 129976]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files\PC Tools Security\pctsAuxs.exe [1/26/2011 8:10:04 PM 366840]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [8/5/2011 12:30:02 PM 268512]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSLE5778334

Contents of the 'Scheduled Tasks' folder

2012-06-03 C:\WINDOWS\Tasks\At1.job
- C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12:22 . 2010-11-17 03:12:22]

2012-06-04 C:\WINDOWS\Tasks\At2.job
- C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12:22 . 2010-11-17 03:12:22]

2012-06-03 C:\WINDOWS\Tasks\At3.job
- C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12:22 . 2010-11-17 03:12:22]

2012-06-02 C:\WINDOWS\Tasks\At4.job
- C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12:22 . 2010-11-17 03:12:22]

2012-06-04 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40:42 . 2010-03-26 02:40:42]


------- Supplementary Scan -------

uStart Page = hxxp://www.amazon.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: turbotax.com
FF - ProfilePath - C:\Documents and Settings\Kristy\Application Data\Mozilla\Firefox\Profiles\5akt67y1.default\
FF - prefs.js: browser.startup.homepage - hxxp://slickdeals.net/
FF - user.js: general.useragent.extra.brc -

- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)

#4 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,596 posts
  • Gender:Male

Posted 06 June 2012 - 10:37 PM

Greetings

I would like to know if you are still getting redirected and if so I want to know which browsers are redirecting - please verify all that are installed

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 hippiechic744

hippiechic744

    New Member

  • Members
  • Pip
  • 9 posts

Posted 08 June 2012 - 04:01 PM

I haven't been using that laptop because I thought it was infected, but Firefox and IE are installed.

TDSSKiller log:

07:34:48.0484 3536 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
07:34:48.0640 3536 ============================================================
07:34:48.0640 3536 Current date / time: 2012/06/07 07:34:48.0640
07:34:48.0640 3536 SystemInfo:
07:34:48.0640 3536
07:34:48.0640 3536 OS Version: 5.1.2600 ServicePack: 3.0
07:34:48.0640 3536 Product type: Workstation
07:34:48.0640 3536 ComputerName: D965GFC1
07:34:48.0640 3536 UserName: Kristy
07:34:48.0640 3536 Windows directory: C:\WINDOWS
07:34:48.0640 3536 System windows directory: C:\WINDOWS
07:34:48.0640 3536 Processor architecture: Intel x86
07:34:48.0640 3536 Number of processors: 2
07:34:48.0640 3536 Page size: 0x1000
07:34:48.0640 3536 Boot type: Normal boot
07:34:48.0640 3536 ============================================================
07:34:53.0484 3536 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:34:53.0484 3536 ============================================================
07:34:53.0484 3536 \Device\Harddisk0\DR0:
07:34:53.0484 3536 MBR partitions:
07:34:53.0484 3536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x11E8F510
07:34:53.0515 3536 ============================================================
07:34:53.0578 3536 C: <-> \Device\Harddisk0\DR0\Partition0
07:34:53.0578 3536 ============================================================
07:34:53.0578 3536 Initialize success
07:34:53.0578 3536 ============================================================
07:34:57.0359 2440 ============================================================
07:34:57.0359 2440 Scan started
07:34:57.0359 2440 Mode: Manual;
07:34:57.0359 2440 ============================================================
07:34:59.0921 2440 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
07:34:59.0921 2440 Aavmker4 - ok
07:34:59.0937 2440 Abiosdsk - ok
07:35:00.0000 2440 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:35:00.0000 2440 abp480n5 - ok
07:35:00.0359 2440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:35:00.0375 2440 ACPI - ok
07:35:00.0484 2440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:35:00.0500 2440 ACPIEC - ok
07:35:00.0578 2440 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:35:00.0578 2440 adpu160m - ok
07:35:00.0750 2440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:35:00.0765 2440 aec - ok
07:35:00.0828 2440 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:35:00.0828 2440 AFD - ok
07:35:00.0968 2440 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
07:35:00.0968 2440 AFS2K - ok
07:35:01.0125 2440 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:35:01.0125 2440 agp440 - ok
07:35:01.0187 2440 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:35:01.0187 2440 agpCPQ - ok
07:35:01.0281 2440 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:35:01.0312 2440 Aha154x - ok
07:35:01.0359 2440 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:35:01.0359 2440 aic78u2 - ok
07:35:01.0421 2440 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:35:01.0437 2440 aic78xx - ok
07:35:01.0531 2440 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
07:35:01.0562 2440 Alerter - ok
07:35:01.0625 2440 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
07:35:01.0640 2440 ALG - ok
07:35:01.0703 2440 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:35:01.0703 2440 AliIde - ok
07:35:01.0734 2440 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:35:01.0734 2440 alim1541 - ok
07:35:01.0765 2440 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:35:01.0765 2440 amdagp - ok
07:35:01.0796 2440 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:35:01.0812 2440 amsint - ok
07:35:01.0906 2440 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
07:35:01.0937 2440 APPDRV - ok
07:35:02.0250 2440 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
07:35:02.0250 2440 Apple Mobile Device - ok
07:35:02.0421 2440 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
07:35:02.0484 2440 AppMgmt - ok
07:35:02.0734 2440 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:35:02.0765 2440 Arp1394 - ok
07:35:02.0812 2440 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:35:02.0828 2440 asc - ok
07:35:02.0875 2440 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:35:02.0890 2440 asc3350p - ok
07:35:02.0984 2440 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:35:03.0000 2440 asc3550 - ok
07:35:03.0187 2440 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:35:03.0359 2440 aspnet_state - ok
07:35:03.0421 2440 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
07:35:03.0421 2440 aswFsBlk - ok
07:35:03.0453 2440 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
07:35:03.0468 2440 aswMon2 - ok
07:35:03.0515 2440 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
07:35:03.0515 2440 aswRdr - ok
07:35:03.0671 2440 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
07:35:03.0687 2440 aswSnx - ok
07:35:03.0750 2440 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
07:35:03.0765 2440 aswSP - ok
07:35:03.0812 2440 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
07:35:03.0812 2440 aswTdi - ok
07:35:03.0859 2440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:35:03.0859 2440 AsyncMac - ok
07:35:03.0890 2440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:35:03.0890 2440 atapi - ok
07:35:03.0921 2440 Atdisk - ok
07:35:03.0953 2440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:35:03.0953 2440 Atmarpc - ok
07:35:04.0031 2440 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
07:35:04.0031 2440 AudioSrv - ok
07:35:04.0093 2440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:35:04.0093 2440 audstub - ok
07:35:04.0296 2440 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:35:04.0312 2440 avast! Antivirus - ok
07:35:04.0406 2440 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
07:35:04.0437 2440 BCM43XX - ok
07:35:04.0468 2440 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
07:35:04.0484 2440 bcm4sbxp - ok
07:35:04.0546 2440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:35:04.0562 2440 Beep - ok
07:35:04.0687 2440 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
07:35:05.0703 2440 BITS - ok
07:35:06.0703 2440 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
07:35:06.0718 2440 Bonjour Service - ok
07:35:06.0781 2440 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
07:35:06.0796 2440 Browser - ok
07:35:07.0062 2440 catchme - ok
07:35:07.0156 2440 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:35:07.0171 2440 cbidf - ok
07:35:07.0171 2440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:35:07.0187 2440 cbidf2k - ok
07:35:07.0265 2440 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:35:07.0281 2440 cd20xrnt - ok
07:35:07.0343 2440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:35:07.0343 2440 Cdaudio - ok
07:35:07.0437 2440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:35:07.0437 2440 Cdfs - ok
07:35:07.0578 2440 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:35:07.0593 2440 Cdrom - ok
07:35:07.0609 2440 Changer - ok
07:35:07.0718 2440 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
07:35:07.0750 2440 CiSvc - ok
07:35:07.0765 2440 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
07:35:07.0812 2440 ClipSrv - ok
07:35:08.0203 2440 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:35:08.0640 2440 clr_optimization_v2.0.50727_32 - ok
07:35:08.0750 2440 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:35:08.0765 2440 CmBatt - ok
07:35:08.0859 2440 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:35:08.0875 2440 CmdIde - ok
07:35:08.0937 2440 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:35:08.0953 2440 Compbatt - ok
07:35:08.0953 2440 COMSysApp - ok
07:35:09.0046 2440 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:35:09.0062 2440 Cpqarray - ok
07:35:09.0296 2440 Creative Labs Licensing Service (7db5e3f44d797bd38b8e336ccc2e49d5) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
07:35:09.0328 2440 Creative Labs Licensing Service - ok
07:35:09.0468 2440 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
07:35:09.0484 2440 Creative Service for CDROM Access - ok
07:35:09.0796 2440 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
07:35:09.0812 2440 CryptSvc - ok
07:35:09.0953 2440 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
07:35:09.0968 2440 ctsfm2k - ok
07:35:10.0171 2440 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
07:35:10.0203 2440 CTUSFSYN - ok
07:35:10.0484 2440 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:35:10.0531 2440 dac2w2k - ok
07:35:10.0593 2440 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:35:10.0609 2440 dac960nt - ok
07:35:11.0000 2440 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
07:35:11.0125 2440 DcomLaunch - ok
07:35:11.0281 2440 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
07:35:11.0312 2440 Dhcp - ok
07:35:11.0421 2440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:35:11.0484 2440 Disk - ok
07:35:11.0625 2440 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
07:35:11.0640 2440 DLABOIOM - ok
07:35:11.0843 2440 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
07:35:11.0843 2440 DLACDBHM - ok
07:35:11.0875 2440 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
07:35:11.0890 2440 DLADResN - ok
07:35:11.0984 2440 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
07:35:12.0015 2440 DLAIFS_M - ok
07:35:12.0062 2440 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
07:35:12.0062 2440 DLAOPIOM - ok
07:35:12.0078 2440 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
07:35:12.0078 2440 DLAPoolM - ok
07:35:12.0125 2440 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
07:35:12.0140 2440 DLARTL_N - ok
07:35:12.0328 2440 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
07:35:12.0375 2440 DLAUDFAM - ok
07:35:12.0453 2440 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
07:35:12.0500 2440 DLAUDF_M - ok
07:35:12.0515 2440 dmadmin - ok
07:35:13.0281 2440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:35:13.0437 2440 dmboot - ok
07:35:13.0578 2440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:35:13.0609 2440 dmio - ok
07:35:13.0703 2440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:35:13.0718 2440 dmload - ok
07:35:13.0781 2440 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
07:35:13.0812 2440 dmserver - ok
07:35:13.0859 2440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:35:13.0875 2440 DMusic - ok
07:35:13.0968 2440 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
07:35:13.0968 2440 Dnscache - ok
07:35:14.0265 2440 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
07:35:14.0296 2440 Dot3svc - ok
07:35:14.0640 2440 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:35:14.0640 2440 dpti2o - ok
07:35:14.0734 2440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:35:14.0750 2440 drmkaud - ok
07:35:14.0906 2440 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
07:35:14.0921 2440 DRVMCDB - ok
07:35:15.0000 2440 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
07:35:15.0015 2440 DRVNDDM - ok
07:35:15.0234 2440 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
07:35:15.0265 2440 DSproct - ok
07:35:15.0453 2440 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:35:15.0468 2440 E100B - ok
07:35:15.0546 2440 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
07:35:15.0562 2440 EapHost - ok
07:35:15.0640 2440 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
07:35:15.0656 2440 ERSvc - ok
07:35:15.0796 2440 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:35:15.0859 2440 Eventlog - ok
07:35:16.0109 2440 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
07:35:16.0156 2440 EventSystem - ok
07:35:16.0406 2440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:35:16.0468 2440 Fastfat - ok
07:35:16.0703 2440 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:35:16.0734 2440 FastUserSwitchingCompatibility - ok
07:35:17.0000 2440 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
07:35:17.0078 2440 Fax - ok
07:35:17.0203 2440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:35:17.0218 2440 Fdc - ok
07:35:17.0328 2440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:35:17.0375 2440 Fips - ok
07:35:17.0421 2440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:35:17.0421 2440 Flpydisk - ok
07:35:17.0734 2440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:35:17.0750 2440 FltMgr - ok
07:35:18.0125 2440 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:35:18.0140 2440 FontCache3.0.0.0 - ok
07:35:18.0234 2440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:35:18.0234 2440 Fs_Rec - ok
07:35:18.0375 2440 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys
07:35:18.0390 2440 FTDIBUS - ok
07:35:18.0562 2440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:35:18.0578 2440 Ftdisk - ok
07:35:18.0781 2440 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys
07:35:18.0812 2440 FTSER2K - ok
07:35:18.0906 2440 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:35:18.0953 2440 GEARAspiWDM - ok
07:35:19.0015 2440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:35:19.0031 2440 Gpc - ok
07:35:19.0140 2440 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
07:35:19.0171 2440 grmnusb - ok
07:35:19.0187 2440 gtmynuyg - ok
07:35:19.0375 2440 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:35:19.0406 2440 HDAudBus - ok
07:35:19.0593 2440 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:35:19.0609 2440 helpsvc - ok
07:35:19.0625 2440 HidServ - ok
07:35:19.0812 2440 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
07:35:19.0843 2440 hkmsvc - ok
07:35:19.0937 2440 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
07:35:19.0937 2440 hpn - ok
07:35:20.0015 2440 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:35:20.0109 2440 HPZid412 - ok
07:35:20.0140 2440 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:35:20.0156 2440 HPZipr12 - ok
07:35:20.0265 2440 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:35:20.0312 2440 HPZius12 - ok
07:35:21.0250 2440 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
07:35:21.0390 2440 HSF_DPV - ok
07:35:21.0859 2440 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
07:35:21.0906 2440 HSXHWAZL - ok
07:35:22.0234 2440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:35:22.0281 2440 HTTP - ok
07:35:22.0343 2440 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
07:35:22.0375 2440 HTTPFilter - ok
07:35:22.0437 2440 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
07:35:22.0453 2440 i2omgmt - ok
07:35:22.0484 2440 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:35:22.0500 2440 i2omp - ok
07:35:22.0562 2440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:35:22.0578 2440 i8042prt - ok
07:35:29.0015 2440 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:35:30.0500 2440 ialm - ok
07:35:32.0234 2440 iawsnhxh - ok
07:35:32.0609 2440 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
07:35:32.0625 2440 IDriverT - ok
07:35:33.0515 2440 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:35:33.0765 2440 idsvc - ok
07:35:33.0890 2440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:35:33.0906 2440 Imapi - ok
07:35:34.0078 2440 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
07:35:34.0125 2440 ImapiService - ok
07:35:34.0218 2440 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:35:34.0234 2440 ini910u - ok
07:35:34.0375 2440 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:35:34.0390 2440 IntelIde - ok
07:35:34.0468 2440 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:35:34.0484 2440 intelppm - ok
07:35:34.0546 2440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:35:34.0562 2440 Ip6Fw - ok
07:35:34.0656 2440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:35:34.0671 2440 IpFilterDriver - ok
07:35:34.0718 2440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:35:34.0718 2440 IpInIp - ok
07:35:34.0890 2440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:35:34.0921 2440 IpNat - ok
07:35:35.0734 2440 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe
07:35:35.0859 2440 iPod Service - ok
07:35:35.0968 2440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:35:35.0984 2440 IPSec - ok
07:35:36.0015 2440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:35:36.0031 2440 IRENUM - ok
07:35:36.0156 2440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:35:36.0156 2440 isapnp - ok
07:35:36.0515 2440 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
07:35:36.0515 2440 JavaQuickStarterService - ok
07:35:36.0625 2440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\KBDCLASS.SYS
07:35:36.0640 2440 Kbdclass - ok
07:35:36.0828 2440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:35:36.0906 2440 kmixer - ok
07:35:37.0078 2440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:35:37.0109 2440 KSecDD - ok
07:35:37.0250 2440 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
07:35:37.0265 2440 lanmanserver - ok
07:35:37.0546 2440 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
07:35:37.0609 2440 lanmanworkstation - ok
07:35:37.0625 2440 lbrtfdc - ok
07:35:38.0203 2440 LexBceS (e19c8550b4c6c67fabffd998eacf440a) C:\WINDOWS\system32\LEXBCES.EXE
07:35:38.0281 2440 LexBceS - ok
07:35:38.0375 2440 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
07:35:38.0390 2440 LmHosts - ok
07:35:38.0453 2440 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:35:38.0484 2440 mdmxsdk - ok
07:35:38.0546 2440 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
07:35:38.0562 2440 Messenger - ok
07:35:38.0656 2440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:35:38.0671 2440 mnmdd - ok
07:35:38.0796 2440 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
07:35:38.0828 2440 mnmsrvc - ok
07:35:38.0937 2440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:35:38.0937 2440 Modem - ok
07:35:40.0296 2440 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
07:35:40.0609 2440 monfilt - ok
07:35:41.0671 2440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:35:41.0687 2440 Mouclass - ok
07:35:41.0765 2440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:35:41.0781 2440 MountMgr - ok
07:35:42.0203 2440 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:35:42.0234 2440 MozillaMaintenance - ok
07:35:42.0500 2440 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
07:35:42.0531 2440 MpFilter - ok
07:35:42.0796 2440 MpKsle5778334 - ok
07:35:42.0953 2440 mr7910 (6aa46f9896d3c9e5a00e01bb416c707b) C:\WINDOWS\system32\DRIVERS\mr7910.sys
07:35:42.0984 2440 mr7910 - ok
07:35:43.0093 2440 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:35:43.0109 2440 mraid35x - ok
07:35:43.0421 2440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:35:43.0453 2440 MRxDAV - ok
07:35:43.0875 2440 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:35:43.0984 2440 MRxSmb - ok
07:35:44.0046 2440 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
07:35:44.0078 2440 MSDTC - ok
07:35:44.0171 2440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:35:44.0171 2440 Msfs - ok
07:35:44.0187 2440 MSIServer - ok
07:35:44.0250 2440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:35:44.0265 2440 MSKSSRV - ok
07:35:44.0375 2440 MsMpSvc (578c809bf745608646ea338a9ac48158) c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
07:35:44.0390 2440 MsMpSvc - ok
07:35:44.0421 2440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:35:44.0421 2440 MSPCLOCK - ok
07:35:44.0562 2440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:35:44.0578 2440 MSPQM - ok
07:35:44.0687 2440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:35:44.0703 2440 mssmbios - ok
07:35:44.0890 2440 MSSQL$MSSMLBIZ - ok
07:35:45.0046 2440 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
07:35:45.0062 2440 MSSQLServerADHelper - ok
07:35:45.0265 2440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:35:45.0265 2440 Mup - ok
07:35:45.0734 2440 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
07:35:45.0828 2440 napagent - ok
07:35:46.0203 2440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:35:46.0265 2440 NDIS - ok
07:35:46.0328 2440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:35:46.0343 2440 NdisTapi - ok
07:35:46.0421 2440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:35:46.0437 2440 Ndisuio - ok
07:35:46.0562 2440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:35:46.0593 2440 NdisWan - ok
07:35:46.0718 2440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:35:46.0718 2440 NDProxy - ok
07:35:46.0781 2440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:35:46.0781 2440 NetBIOS - ok
07:35:46.0921 2440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:35:46.0921 2440 NetBT - ok
07:35:47.0328 2440 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:35:47.0343 2440 NetDDE - ok
07:35:47.0343 2440 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:35:47.0359 2440 NetDDEdsdm - ok
07:35:47.0421 2440 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:35:47.0421 2440 Netlogon - ok
07:35:47.0796 2440 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
07:35:47.0828 2440 Netman - ok
07:35:48.0843 2440 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:35:48.0953 2440 NetTcpPortSharing - ok
07:35:49.0140 2440 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:35:49.0187 2440 NIC1394 - ok
07:35:49.0593 2440 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
07:35:49.0687 2440 Nla - ok
07:35:49.0687 2440 nlshreox - ok
07:35:50.0015 2440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:35:50.0031 2440 Npfs - ok
07:35:51.0093 2440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:35:51.0328 2440 Ntfs - ok
07:35:51.0390 2440 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:35:51.0390 2440 NtLmSsp - ok
07:35:51.0890 2440 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
07:35:52.0031 2440 NtmsSvc - ok
07:35:52.0109 2440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:35:52.0125 2440 Null - ok
07:35:54.0125 2440 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:35:54.0468 2440 nv - ok
07:35:55.0687 2440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:35:55.0687 2440 NwlnkFlt - ok
07:35:55.0734 2440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:35:55.0750 2440 NwlnkFwd - ok
07:35:56.0625 2440 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:35:56.0937 2440 odserv - ok
07:35:57.0046 2440 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:35:57.0062 2440 ohci1394 - ok
07:35:57.0312 2440 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:35:57.0390 2440 ose - ok
07:35:57.0625 2440 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
07:35:57.0656 2440 ossrv - ok
07:35:57.0765 2440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:35:57.0781 2440 Parport - ok
07:35:57.0812 2440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:35:57.0828 2440 PartMgr - ok
07:35:57.0890 2440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:35:57.0890 2440 ParVdm - ok
07:35:57.0984 2440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:35:58.0000 2440 PCI - ok
07:35:58.0000 2440 PCIDump - ok
07:35:58.0078 2440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:35:58.0078 2440 PCIIde - ok
07:35:58.0265 2440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:35:58.0312 2440 Pcmcia - ok
07:35:58.0656 2440 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys
07:35:58.0687 2440 PCTCore - ok
07:35:59.0062 2440 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
07:35:59.0140 2440 pctDS - ok
07:35:59.0921 2440 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
07:36:00.0156 2440 pctEFA - ok
07:36:00.0171 2440 PDCOMP - ok
07:36:00.0187 2440 PDFRAME - ok
07:36:00.0203 2440 PDRELI - ok
07:36:00.0218 2440 PDRFRAME - ok
07:36:00.0312 2440 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
07:36:00.0312 2440 perc2 - ok
07:36:00.0375 2440 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:36:00.0375 2440 perc2hib - ok
07:36:00.0484 2440 PfModNT (ede8241b75dadef090aadb6c81c8e1d7) C:\WINDOWS\system32\drivers\PfModNT.sys
07:36:00.0500 2440 PfModNT - ok
07:36:00.0656 2440 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:36:00.0671 2440 PlugPlay - ok
07:36:00.0812 2440 Pml Driver HPZ12 (5c1cadd1cb67c0b9d8a84ec6e4d6b5cc) C:\WINDOWS\system32\HPZipm12.exe
07:36:00.0828 2440 Pml Driver HPZ12 - ok
07:36:01.0281 2440 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:36:01.0296 2440 PolicyAgent - ok
07:36:01.0671 2440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:36:01.0687 2440 PptpMiniport - ok
07:36:01.0703 2440 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:36:01.0703 2440 ProtectedStorage - ok
07:36:01.0937 2440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:36:01.0953 2440 Ptilink - ok
07:36:02.0078 2440 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:36:02.0093 2440 PxHelp20 - ok
07:36:02.0234 2440 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:36:02.0250 2440 ql1080 - ok
07:36:02.0359 2440 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:36:02.0484 2440 Ql10wnt - ok
07:36:02.0593 2440 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:36:02.0625 2440 ql12160 - ok
07:36:02.0734 2440 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:36:02.0734 2440 ql1240 - ok
07:36:02.0890 2440 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:36:02.0906 2440 ql1280 - ok
07:36:03.0031 2440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:36:03.0046 2440 RasAcd - ok
07:36:03.0250 2440 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
07:36:03.0312 2440 RasAuto - ok
07:36:03.0390 2440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:36:03.0390 2440 Rasl2tp - ok
07:36:03.0578 2440 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
07:36:03.0593 2440 RasMan - ok
07:36:03.0656 2440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:36:03.0671 2440 RasPppoe - ok
07:36:03.0765 2440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:36:03.0781 2440 Raspti - ok
07:36:04.0031 2440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:36:04.0078 2440 Rdbss - ok
07:36:04.0093 2440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:36:04.0109 2440 RDPCDD - ok
07:36:04.0328 2440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:36:04.0343 2440 rdpdr - ok
07:36:04.0578 2440 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
07:36:04.0578 2440 RDPWD - ok
07:36:04.0906 2440 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
07:36:04.0953 2440 RDSessMgr - ok
07:36:05.0062 2440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:36:05.0062 2440 redbook - ok
07:36:05.0218 2440 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
07:36:05.0234 2440 RemoteAccess - ok
07:36:05.0359 2440 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
07:36:05.0375 2440 RemoteRegistry - ok
07:36:05.0828 2440 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
07:36:05.0843 2440 RichVideo - ok
07:36:06.0015 2440 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
07:36:06.0031 2440 rimmptsk - ok
07:36:06.0125 2440 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
07:36:06.0187 2440 rimsptsk - ok
07:36:06.0203 2440 RimUsb - ok
07:36:06.0296 2440 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
07:36:06.0312 2440 RimVSerPort - ok
07:36:06.0640 2440 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
07:36:06.0718 2440 rismxdp - ok
07:36:06.0796 2440 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
07:36:06.0812 2440 ROOTMODEM - ok
07:36:06.0953 2440 RoxLiveShare9 - ok
07:36:07.0171 2440 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
07:36:07.0234 2440 RpcLocator - ok
07:36:07.0609 2440 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
07:36:07.0640 2440 RpcSs - ok
07:36:07.0937 2440 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
07:36:07.0968 2440 RSVP - ok
07:36:08.0031 2440 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:36:08.0046 2440 SamSs - ok
07:36:08.0171 2440 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
07:36:08.0234 2440 SCardSvr - ok
07:36:08.0421 2440 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
07:36:08.0500 2440 Schedule - ok
07:36:09.0125 2440 sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) C:\Program Files\PC Tools Security\pctsAuxs.exe
07:36:09.0218 2440 sdAuxService - ok
07:36:09.0921 2440 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
07:36:09.0937 2440 sdbus - ok
07:36:11.0546 2440 sdCoreService (ed6c2efeb47524bff4d5e5109fb1a2bb) C:\Program Files\PC Tools Security\pctsSvc.exe
07:36:11.0937 2440 sdCoreService - ok
07:36:12.0953 2440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:36:12.0984 2440 Secdrv - ok
07:36:13.0281 2440 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
07:36:13.0343 2440 seclogon - ok
07:36:13.0406 2440 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
07:36:13.0437 2440 SENS - ok
07:36:13.0593 2440 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:36:13.0625 2440 serenum - ok
07:36:13.0734 2440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:36:13.0734 2440 Serial - ok
07:36:13.0812 2440 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
07:36:13.0843 2440 sffdisk - ok
07:36:13.0890 2440 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
07:36:13.0906 2440 sffp_sd - ok
07:36:14.0031 2440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:36:14.0046 2440 Sfloppy - ok
07:36:14.0390 2440 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
07:36:14.0453 2440 SharedAccess - ok
07:36:14.0640 2440 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:36:14.0656 2440 ShellHWDetection - ok
07:36:14.0671 2440 Simbad - ok
07:36:14.0984 2440 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:36:15.0000 2440 sisagp - ok
07:36:15.0062 2440 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:36:15.0078 2440 Sparrow - ok
07:36:15.0171 2440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:36:15.0187 2440 splitter - ok
07:36:15.0281 2440 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
07:36:15.0296 2440 Spooler - ok
07:36:15.0750 2440 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:36:15.0781 2440 SQLBrowser - ok
07:36:15.0890 2440 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:36:15.0906 2440 SQLWriter - ok
07:36:16.0078 2440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:36:16.0218 2440 sr - ok
07:36:16.0546 2440 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
07:36:16.0578 2440 srservice - ok
07:36:17.0046 2440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:36:17.0062 2440 Srv - ok
07:36:17.0265 2440 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
07:36:17.0281 2440 SSDPSRV - ok
07:36:18.0296 2440 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
07:36:18.0765 2440 STHDA - ok
07:36:19.0171 2440 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
07:36:19.0281 2440 stisvc - ok
07:36:19.0546 2440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:36:19.0562 2440 swenum - ok
07:36:19.0609 2440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:36:19.0625 2440 swmidi - ok
07:36:19.0640 2440 SwPrv - ok
07:36:19.0734 2440 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
07:36:19.0750 2440 symc810 - ok
07:36:19.0890 2440 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:36:19.0937 2440 symc8xx - ok
07:36:20.0093 2440 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
07:36:20.0109 2440 symlcbrd - ok
07:36:20.0140 2440 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:36:20.0156 2440 sym_hi - ok
07:36:20.0187 2440 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:36:20.0203 2440 sym_u3 - ok
07:36:20.0296 2440 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
07:36:20.0312 2440 SynTP - ok
07:36:20.0406 2440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:36:20.0421 2440 sysaudio - ok
07:36:20.0531 2440 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
07:36:20.0546 2440 SysmonLog - ok
07:36:21.0171 2440 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
07:36:21.0203 2440 TapiSrv - ok
07:36:21.0296 2440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:36:21.0312 2440 Tcpip - ok
07:36:21.0656 2440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:36:21.0687 2440 TDPIPE - ok
07:36:21.0828 2440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:36:21.0843 2440 TDTCP - ok
07:36:21.0937 2440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:36:21.0953 2440 TermDD - ok
07:36:22.0171 2440 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
07:36:22.0218 2440 TermService - ok
07:36:22.0703 2440 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:36:22.0734 2440 Themes - ok
07:36:22.0796 2440 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
07:36:22.0812 2440 TlntSvr - ok
07:36:22.0921 2440 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
07:36:22.0921 2440 TosIde - ok
07:36:23.0531 2440 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
07:36:23.0562 2440 TrkWks - ok
07:36:23.0656 2440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:36:23.0671 2440 Udfs - ok
07:36:23.0750 2440 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
07:36:23.0765 2440 ultra - ok
07:36:23.0875 2440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:36:23.0890 2440 Update - ok
07:36:24.0218 2440 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
07:36:24.0250 2440 upnphost - ok
07:36:24.0312 2440 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
07:36:24.0375 2440 UPS - ok
07:36:24.0656 2440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:36:24.0656 2440 usbccgp - ok
07:36:24.0703 2440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:36:24.0703 2440 usbehci - ok
07:36:24.0781 2440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:36:24.0812 2440 usbhub - ok
07:36:24.0812 2440 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:36:24.0859 2440 usbprint - ok
07:36:24.0890 2440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:36:24.0906 2440 usbscan - ok
07:36:24.0984 2440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:36:25.0000 2440 USBSTOR - ok
07:36:25.0031 2440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:36:25.0031 2440 usbuhci - ok
07:36:25.0046 2440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:36:25.0093 2440 VgaSave - ok
07:36:25.0171 2440 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:36:25.0187 2440 viaagp - ok
07:36:25.0203 2440 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:36:25.0234 2440 ViaIde - ok
07:36:25.0500 2440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:36:25.0515 2440 VolSnap - ok
07:36:25.0890 2440 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
07:36:25.0921 2440 VSS - ok
07:36:25.0984 2440 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
07:36:26.0062 2440 w32time - ok
07:36:26.0156 2440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:36:26.0171 2440 Wanarp - ok
07:36:26.0187 2440 wanatw - ok
07:36:26.0375 2440 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
07:36:26.0406 2440 Wdf01000 - ok
07:36:26.0421 2440 WDICA - ok
07:36:26.0468 2440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:36:26.0484 2440 wdmaud - ok
07:36:26.0578 2440 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
07:36:26.0593 2440 WebClient - ok
07:36:27.0375 2440 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
07:36:27.0671 2440 winachsf - ok
07:36:27.0796 2440 WinDriver6 (032793a8e6288c4c60ff30542eeab22b) C:\WINDOWS\system32\drivers\windrvr6.sys
07:36:27.0812 2440 WinDriver6 - ok
07:36:27.0921 2440 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
07:36:27.0937 2440 winmgmt - ok
07:36:28.0015 2440 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
07:36:28.0031 2440 WinUSB - ok
07:36:28.0046 2440 wltrysvc - ok
07:36:28.0109 2440 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
07:36:28.0125 2440 WmdmPmSN - ok
07:36:28.0453 2440 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
07:36:28.0468 2440 Wmi - ok
07:36:28.0531 2440 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:36:28.0546 2440 WmiAcpi - ok
07:36:28.0625 2440 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:36:28.0640 2440 WmiApSrv - ok
07:36:29.0093 2440 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
07:36:29.0187 2440 WMPNetworkSvc - ok
07:36:29.0421 2440 WMZuneComm (017695393afffed8de58abd1b085be6d) c:\Program Files\Zune\WMZuneComm.exe
07:36:29.0437 2440 WMZuneComm - ok
07:36:29.0921 2440 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:36:29.0953 2440 WS2IFSL - ok
07:36:29.0968 2440 wsbqjhiq - ok
07:36:30.0046 2440 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
07:36:30.0062 2440 wscsvc - ok
07:36:30.0171 2440 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
07:36:30.0250 2440 wuauserv - ok
07:36:30.0359 2440 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:36:30.0359 2440 WudfPf - ok
07:36:30.0421 2440 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:36:30.0437 2440 WudfRd - ok
07:36:30.0546 2440 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
07:36:30.0578 2440 WudfSvc - ok
07:36:30.0687 2440 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
07:36:30.0765 2440 WZCSVC - ok
07:36:30.0843 2440 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
07:36:30.0906 2440 xmlprov - ok
07:36:30.0968 2440 zumbus (ae279cd76b38fc079eec3ca6d65a5926) C:\WINDOWS\system32\DRIVERS\zumbus.sys
07:36:30.0984 2440 zumbus - ok
07:36:31.0281 2440 ZuneBusEnum (37f339b64f19e2775284ed7161b96683) c:\Program Files\Zune\ZuneBusEnum.exe
07:36:31.0296 2440 ZuneBusEnum - ok
07:36:39.0640 2440 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) c:\Program Files\Zune\ZuneNss.exe
07:36:40.0281 2440 ZuneNetworkSvc - ok
07:36:40.0484 2440 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
07:36:40.0500 2440 ZuneWlanCfgSvc - ok
07:36:40.0546 2440 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
07:36:41.0750 2440 \Device\Harddisk0\DR0 - ok
07:36:41.0765 2440 Boot (0x1200) (b0abe7ee760d01d5ec454b02b7ac74ee) \Device\Harddisk0\DR0\Partition0
07:36:41.0765 2440 \Device\Harddisk0\DR0\Partition0 - ok
07:36:41.0765 2440 ============================================================
07:36:41.0765 2440 Scan finished
07:36:41.0765 2440 ============================================================
07:36:45.0812 2188 Detected object count: 0
07:36:45.0812 2188 Actual detected object count: 0

aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-08 14:54:17
-----------------------------
14:54:17.859 OS Version: Windows 5.1.2600 Service Pack 3
14:54:17.859 Number of processors: 2 586 0xE08
14:54:17.859 ComputerName: D965GFC1 UserName: Kristy
14:54:19.515 Initialize success
14:54:19.890 AVAST engine defs: 12060602
14:54:25.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:54:25.640 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3
14:54:25.671 Disk 0 MBR read successfully
14:54:25.671 Disk 0 MBR scan
14:54:25.687 Disk 0 unknown MBR code
14:54:25.687 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
14:54:25.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146718 MB offset 96390
14:54:25.703 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 300592215
14:54:25.734 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3804 MB offset 304785180
14:54:25.750 Disk 0 Partition 4 00 DD MSWIN4.1 2047 MB offset 300592278
14:54:25.750 Disk 0 scanning sectors +312576705
14:54:25.859 Disk 0 scanning C:\WINDOWS\system32\drivers
14:54:47.437 Service scanning
14:55:21.406 Modules scanning
14:55:37.546 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
14:55:39.359 Disk 0 trace - called modules:
14:55:39.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:55:39.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d14ab8]
14:55:39.390 3 CLASSPNP.SYS[f75fdfd7] -> nt!IofCallDriver -> [0x86d5b920]
14:55:39.390 5 PCTCore.sys[f73c2099] -> nt!IofCallDriver -> \Device\00000071[0x86ddb1f8]
14:55:39.406 7 ACPI.sys[f7474620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d5f030]
14:55:40.515 AVAST engine scan C:\WINDOWS
14:56:10.375 AVAST engine scan C:\WINDOWS\system32
15:02:28.265 AVAST engine scan C:\WINDOWS\system32\drivers
15:03:04.031 AVAST engine scan C:\Documents and Settings\Kristy
15:33:20.531 AVAST engine scan C:\Documents and Settings\All Users
15:36:29.765 Scan finished successfully
15:48:25.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kristy\Desktop\MBR.dat"
15:48:25.046 The log file has been saved successfully to "C:\Documents and Settings\Kristy\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,596 posts
  • Gender:Male

Posted 08 June 2012 - 08:38 PM

go ahead and go online and check them out and see which one or both are redirecting



gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 hippiechic744

hippiechic744

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 June 2012 - 08:49 AM

Neither one seems to be redirecting, but it's still running incredibly slow.

#8 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,596 posts
  • Gender:Male

Posted 09 June 2012 - 01:05 PM

Hello hippiechic744



I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 hippiechic744

hippiechic744

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 June 2012 - 03:07 PM

<p>Everything was as it should be with the DMA.  Here is the OTL log:</p>
<p> </p>
<p> </p>
<div>OTL logfile created on: 6/9/2012 2:42:48 PM - Run 1</div>
<div>OTL by OldTimer - Version 3.2.48.0     Folder = C:\Documents and Settings\Kristy\Desktop</div>
<div>Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</div>
<div>Internet Explorer (Version = 8.0.6001.18702)</div>
<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>
<div> </div>
<div>1014.37 Mb Total Physical Memory | 433.07 Mb Available Physical Memory | 42.69% Memory free</div>
<div>2.38 Gb Paging File | 1.82 Gb Available in Paging File | 76.18% Paging File free</div>
<div>Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]</div>
<div> </div>
<div>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</div>
<div>Drive C: | 143.28 Gb Total Space | 54.93 Gb Free Space | 38.34% Space Free | Partition Type: NTFS</div>
<div> </div>
<div>Computer Name: D965GFC1 | User Name: Kristy | Logged in as Administrator.</div>
<div>Boot Mode: Normal | Scan Mode: All users</div>
<div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div>
<div> </div>
<div>========== Processes (SafeList) ==========</div>
<div> </div>
<div>PRC - C:\Documents and Settings\Kristy\Desktop\OTL.exe (OldTimer Tools)</div>
<div>PRC - C:\Documents and Settings\Kristy\Local Settings\temp\clclean.0001 (Macrovision Europe Ltd.)</div>
<div>PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)</div>
<div>PRC - C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe ()</div>
<div>PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)</div>
<div>PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)</div>
<div>PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)</div>
<div>PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)</div>
<div>PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div>
<div>PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)</div>
<div>PRC - C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)</div>
<div>PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)</div>
<div>PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)</div>
<div>PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)</div>
<div>PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)</div>
<div>PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)</div>
<div> </div>
<div> </div>
<div>========== Modules (No Company Name) ==========</div>
<div> </div>
<div>MOD - C:\Program Files\AVAST Software\Avast\defs\12060901\algo.dll ()</div>
<div>MOD - C:\Documents and Settings\Kristy\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp ()</div>
<div>MOD - C:\Program Files\AVAST Software\Avast\defs\12060602\algo.dll ()</div>
<div>MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()</div>
<div>MOD - C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe ()</div>
<div>MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()</div>
<div>MOD - C:\Program Files\WinRAR\RarExt.dll ()</div>
<div>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()</div>
<div>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll ()</div>
<div>MOD - C:\Program Files\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll ()</div>
<div>MOD - C:\WINDOWS\system32\bcm1xsup.dll ()</div>
<div>MOD - C:\WINDOWS\system32\CTMBHA.DLL ()</div>
<div>MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL ()</div>
<div>MOD - C:\WINDOWS\system32\pdfmonnt.dll ()</div>
<div> </div>
<div> </div>
<div>========== Win32 Services (SafeList) ==========</div>
<div> </div>
<div>SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found</div>
<div>SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found</div>
<div>SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)</div>
<div>SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)</div>
<div>SRV - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)</div>
<div>SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)</div>
<div>SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)</div>
<div>SRV - (ZuneBusEnum) -- c:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation)</div>
<div>SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)</div>
<div>SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)</div>
<div>SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)</div>
<div>SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)</div>
<div>SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)</div>
<div> </div>
<div> </div>
<div>========== Driver Services (SafeList) ==========</div>
<div> </div>
<div>DRV - (wsbqjhiq) -- C:\WINDOWS\system32\drivers\wsbqjhiq.sys File not found</div>
<div>DRV - (WDICA) --  File not found</div>
<div>DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found</div>
<div>DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found</div>
<div>DRV - (PDRFRAME) --  File not found</div>
<div>DRV - (PDRELI) --  File not found</div>
<div>DRV - (PDFRAME) --  File not found</div>
<div>DRV - (PDCOMP) --  File not found</div>
<div>DRV - (PCIDump) --  File not found</div>
<div>DRV - (nlshreox) -- C:\WINDOWS\system32\drivers\nlshreox.sys File not found</div>
<div>DRV - (MpKsle5778334) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\MpKsle5778334.sys File not found</div>
<div>DRV - (lbrtfdc) --  File not found</div>
<div>DRV - (iawsnhxh) -- C:\WINDOWS\system32\drivers\iawsnhxh.sys File not found</div>
<div>DRV - (gtmynuyg) -- C:\WINDOWS\system32\drivers\gtmynuyg.sys File not found</div>
<div>DRV - (Changer) --  File not found</div>
<div>DRV - (catchme) -- C:\DOCUME~1\Kristy\LOCALS~1\Temp\catchme.sys File not found</div>
<div>DRV - (aswMBR) -- C:\DOCUME~1\Kristy\LOCALS~1\Temp\aswMBR.sys File not found</div>
<div>DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)</div>
<div>DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)</div>
<div>DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)</div>
<div>DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)</div>
<div>DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)</div>
<div>DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)</div>
<div>DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)</div>
<div>DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)</div>
<div>DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)</div>
<div>DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools)</div>
<div>DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools)</div>
<div>DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)</div>
<div>DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)</div>
<div>DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)</div>
<div>DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)</div>
<div>DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)</div>
<div>DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)</div>
<div>DRV - (mr7910) -- C:\WINDOWS\system32\drivers\mr7910.sys (Mars Semiconductor Corp.)</div>
<div>DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)</div>
<div>DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)</div>
<div>DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)</div>
<div>DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)</div>
<div>DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)</div>
<div>DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)</div>
<div>DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)</div>
<div>DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)</div>
<div>DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)</div>
<div>DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)</div>
<div>DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)</div>
<div>DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)</div>
<div>DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)</div>
<div>DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)</div>
<div>DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)</div>
<div>DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)</div>
<div>DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)</div>
<div>DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)</div>
<div>DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)</div>
<div>DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)</div>
<div>DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)</div>
<div> </div>
<div> </div>
<div>========== Standard Registry (SafeList) ==========</div>
<div> </div>
<div> </div>
<div>========== Internet Explorer ==========</div>
<div> </div>
<div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&amp;client=dell-usuk-rel&amp;channel=us&amp;ibd=6070125</div>
<div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&amp;client=dell-usuk-rel&amp;channel=us&amp;ibd=6070125</div>
<div>IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</div>
<div>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: &quot;URL&quot; = http://search.live.c...:source?}</div>
<div> </div>
<div> </div>
<div>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&amp;client=dell-usuk-rel&amp;channel=us&amp;ibd=6070125</div>
<div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: &quot;ProxyEnable&quot; = 0</div>
<div> </div>
<div>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&amp;client=dell-usuk-rel&amp;channel=us&amp;ibd=6070125</div>
<div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: &quot;ProxyEnable&quot; = 0</div>
<div> </div>
<div> </div>
<div> </div>
<div>IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/</div>
<div>IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found</div>
<div>IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</div>
<div>IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: &quot;URL&quot; = http://search.live.c...rm=IE8SRC</div>
<div>IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: &quot;ProxyEnable&quot; = 0</div>
<div>IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: &quot;ProxyOverride&quot; = &lt;local&gt;</div>
<div> </div>
<div>========== FireFox ==========</div>
<div> </div>
<div>FF - prefs.js..browser.search.update: false</div>
<div>FF - prefs.js..browser.startup.homepage: &quot;http://slickdeals.ne...net/&#34;</div>
<div>FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1367</div>
<div>FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1.0</div>
<div>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26</div>
<div>FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0</div>
<div>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29</div>
<div> </div>
<div> </div>
<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()</div>
<div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found</div>
<div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</div>
<div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div>
<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found</div>
<div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div>
<div>FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()</div>
<div> </div>
<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/03/02 16:55:35 | 000,000,000 | ---D | M]</div>
<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/12 14:23:28 | 000,000,000 | ---D | M]</div>
<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/03 21:50:47 | 000,000,000 | ---D | M]</div>
<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/03 21:50:46 | 000,000,000 | ---D | M]</div>
<div> </div>
<div>[2008/08/28 11:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kristy\Application Data\Mozilla\Extensions</div>
<div>[2012/06/01 19:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kristy\Application Data\Mozilla\Firefox\Profiles\5akt67y1.default\extensions</div>
<div>[2011/11/14 09:14:09 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Kristy\Application Data\Mozilla\Firefox\Profiles\5akt67y1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}</div>
<div>[2010/04/30 20:39:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kristy\Application Data\Mozilla\Firefox\Profiles\5akt67y1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div>
<div>[2012/06/03 21:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</div>
<div>[2012/06/03 21:49:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll</div>
<div>[2012/02/19 09:25:59 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll</div>
<div>[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll</div>
<div>[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll</div>
<div>[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll</div>
<div>[2012/06/03 21:49:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml</div>
<div>[2012/06/03 21:49:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml</div>
<div> </div>
<div>O1 HOSTS File: ([2012/06/06 09:41:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</div>
<div>O1 - Hosts: 127.0.0.1       localhost</div>
<div>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)</div>
<div>O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)</div>
<div>O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)</div>
<div>O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)</div>
<div>O3 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.</div>
<div>O3 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.</div>
<div>O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)</div>
<div>O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)</div>
<div>O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)</div>
<div>O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()</div>
<div>O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)</div>
<div>O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe (Brother Industories, Ltd.)</div>
<div>O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)</div>
<div>O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)</div>
<div>O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)</div>
<div>O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)</div>
<div>O4 - HKU\S-1-5-21-801177909-1084739238-922619174-1005..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)</div>
<div>O4 - HKU\S-1-5-21-801177909-1084739238-922619174-1005..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)</div>
<div>O4 - HKU\S-1-5-21-801177909-1084739238-922619174-1005..\Run: [Spotify Web Helper] C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe ()</div>
<div>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>
<div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>
<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>
<div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>
<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>
<div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>
<div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>
<div>O7 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>
<div>O7 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>
<div>O7 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>
<div>O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</div>
<div>O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)</div>
<div>O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)</div>
<div>O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)</div>
<div>O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)</div>
<div>O15 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)</div>
<div>O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)</div>
<div>O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)</div>
<div>O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)</div>
<div>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)</div>
<div>O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)</div>
<div>O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)</div>
<div>O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)</div>
<div>O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)</div>
<div>O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://littlemissmag...ad/MsnPUpld.cab (Windows Live Photo Upload Control)</div>
<div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)</div>
<div>O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)</div>
<div>O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)</div>
<div>O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)</div>
<div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)</div>
<div>O16 - DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} http://leads400.land...ccess/HFDSP.CAB (HostFront ActiveX Display)</div>
<div>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)</div>
<div>O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mci.webex.co...bex/ieatgpc.cab (GpcContainer Class)</div>
<div>O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)</div>
<div>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div>
<div>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)</div>
<div>O24 - Desktop WallPaper: C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div>
<div>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div>
<div>O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.</div>
<div>O32 - HKLM CDRom: AutoRun - 1</div>
<div>O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]</div>
<div>O34 - HKLM BootExecute: (autocheck autochk *)</div>
<div>O35 - HKLM\..comfile [open] -- &quot;%1&quot; %*</div>
<div>O35 - HKLM\..exefile [open] -- &quot;%1&quot; %*</div>
<div>O37 - HKLM\...com [@ = ComFile] -- &quot;%1&quot; %*</div>
<div>O37 - HKLM\...exe [@ = exefile] -- &quot;%1&quot; %*</div>
<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div>
<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div>
<div> </div>
<div>========== Files/Folders - Created Within 30 Days ==========</div>
<div> </div>
<div>[2012/06/09 14:28:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kristy\Desktop\OTL.exe</div>
<div>[2012/06/09 07:34:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood</div>
<div>[2012/06/07 07:33:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kristy\Desktop\aswMBR.exe</div>
<div>[2012/06/06 08:49:43 | 000,000,000 | RHSD | C] -- C:\cmdcons</div>
<div>[2012/06/06 08:46:29 | 000,000,000 | ---D | C] -- C:\ComboFix</div>
<div>[2012/06/06 08:39:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe</div>
<div>[2012/06/06 08:39:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe</div>
<div>[2012/06/06 08:39:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe</div>
<div>[2012/06/06 08:39:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe</div>
<div>[2012/06/06 08:37:34 | 000,000,000 | ---D | C] -- C:\Qoobox</div>
<div>[2012/06/04 17:38:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Kristy\Desktop\dds.scr</div>
<div>[2012/06/03 21:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla</div>
<div>[2012/06/03 21:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service</div>
<div> </div>
<div>========== Files - Modified Within 30 Days ==========</div>
<div> </div>
<div>[2012/06/09 14:35:14 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\resetdma.vbs</div>
<div>[2012/06/09 14:29:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristy\Desktop\OTL.exe</div>
<div>[2012/06/09 14:00:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job</div>
<div>[2012/06/09 07:34:47 | 000,772,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB</div>
<div>[2012/06/08 15:48:25 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\MBR.dat</div>
<div>[2012/06/08 14:53:10 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job</div>
<div>[2012/06/08 14:52:52 | 000,484,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat</div>
<div>[2012/06/08 14:52:52 | 000,088,502 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat</div>
<div>[2012/06/08 14:49:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</div>
<div>[2012/06/08 14:47:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</div>
<div>[2012/06/08 14:47:44 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys</div>
<div>[2012/06/07 07:34:12 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to tdsskiller.exe.lnk</div>
<div>[2012/06/07 07:33:50 | 000,000,292 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to aswMBR.exe.lnk</div>
<div>[2012/06/07 07:24:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kristy\Desktop\aswMBR.exe</div>
<div>[2012/06/06 09:41:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts</div>
<div>[2012/06/06 08:50:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini</div>
<div>[2012/06/06 08:26:48 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to SecurityCheck.exe.lnk</div>
<div>[2012/06/06 08:26:39 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to ComboFix.exe.lnk</div>
<div>[2012/06/04 19:55:56 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\Kristy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div>
<div>[2012/06/04 17:50:48 | 000,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini</div>
<div>[2012/06/04 17:35:23 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Kristy\Desktop\dds.scr</div>
<div>[2012/06/04 09:07:57 | 000,004,624 | ---- | M] () -- C:\Documents and Settings\Kristy\Application Data\wklnhst.dat</div>
<div>[2012/06/03 20:40:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job</div>
<div>[2012/06/03 16:52:23 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job</div>
<div>[2012/06/03 10:10:10 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job</div>
<div>[2012/05/30 13:38:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat</div>
<div>[2012/05/23 08:22:33 | 000,013,174 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\black_cat_4_background_wall_paper_wallpaper.svg</div>
<div>[2012/05/23 08:10:28 | 000,032,776 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\fsvgfotw_2010_07_10.zip</div>
<div>[2012/05/19 10:32:01 | 000,046,629 | ---- | M] () -- C:\Documents and Settings\Kristy\My Documents\svgcuts_2011_05_16.zip</div>
<div>[2012/05/12 17:48:50 | 000,337,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT</div>
<div>[2012/05/12 07:49:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK</div>
<div> </div>
<div>========== Files Created - No Company Name ==========</div>
<div> </div>
<div>[2012/06/09 14:35:19 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\resetdma.vbs</div>
<div>[2012/06/08 15:48:25 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\MBR.dat</div>
<div>[2012/06/07 07:34:12 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to tdsskiller.exe.lnk</div>
<div>[2012/06/07 07:33:50 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to aswMBR.exe.lnk</div>
<div>[2012/06/06 08:50:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak</div>
<div>[2012/06/06 08:50:01 | 000,260,272 | RHS- | C] () -- C:\cmldr</div>
<div>[2012/06/06 08:39:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe</div>
<div>[2012/06/06 08:39:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe</div>
<div>[2012/06/06 08:39:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe</div>
<div>[2012/06/06 08:39:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe</div>
<div>[2012/06/06 08:39:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe</div>
<div>[2012/06/06 08:26:48 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to SecurityCheck.exe.lnk</div>
<div>[2012/06/06 08:26:38 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to ComboFix.exe.lnk</div>
<div>[2012/06/04 07:40:10 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys</div>
<div>[2012/05/23 08:22:30 | 000,013,174 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\black_cat_4_background_wall_paper_wallpaper.svg</div>
<div>[2012/05/23 08:10:51 | 000,032,776 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\fsvgfotw_2010_07_10.zip</div>
<div>[2012/05/19 10:32:22 | 000,046,629 | ---- | C] () -- C:\Documents and Settings\Kristy\My Documents\svgcuts_2011_05_16.zip</div>
<div>[2012/02/15 09:03:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</div>
<div>[2011/07/18 18:42:58 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini</div>
<div>[2011/07/18 18:42:57 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini</div>
<div>[2011/07/08 21:18:12 | 000,000,825 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini</div>
<div>[2011/07/08 21:18:12 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini</div>
<div>[2011/07/08 21:18:12 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD2820.dat</div>
<div>[2011/07/08 21:18:11 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini</div>
<div>[2011/07/08 21:18:11 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI</div>
<div>[2011/07/08 21:16:15 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL</div>
<div>[2011/07/08 21:15:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat</div>
<div>[2011/01/31 20:42:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI</div>
<div>[2011/01/31 20:32:18 | 000,004,624 | ---- | C] () -- C:\Documents and Settings\Kristy\Application Data\wklnhst.dat</div>
<div>[2010/11/12 21:06:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll</div>
<div>[2010/07/18 17:32:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hdaduw.dat</div>
<div>[2010/07/18 17:32:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ywizisapam.bin</div>
<div> </div>
<div>&lt; End of report &gt;</div>
<div> </div>


#10 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,596 posts
  • Gender:Male

Posted 09 June 2012 - 04:51 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
    O3 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
    :Files
    C:\windows\tasks\At*.job
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 hippiechic744

hippiechic744

    New Member

  • Members
  • Pip
  • 9 posts

Posted 10 June 2012 - 11:03 AM

Ran the fix, here is the log. It is running much faster now!! :))


========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-801177909-1084739238-922619174-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-801177909-1084739238-922619174-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-801177909-1084739238-922619174-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4F07DA45-8170-4859-9B5F-037EF2970034} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F07DA45-8170-4859-9B5F-037EF2970034}\ not found.
========== FILES ==========
C:\windows\tasks\At1.job moved successfully.
C:\windows\tasks\At2.job moved successfully.
C:\windows\tasks\At3.job moved successfully.
C:\windows\tasks\At4.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Kristy\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kristy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Kristy
->Java cache emptied: 48523702 bytes

User: LocalService
->Java cache emptied: 0 bytes

User: Michael

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 46.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 56468 bytes

User: Kristy
->Flash cache emptied: 566 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Michael

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06102012_105609

#12 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,596 posts
  • Gender:Male

Posted 10 June 2012 - 12:24 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 hippiechic744

hippiechic744

    New Member

  • Members
  • Pip
  • 9 posts

Posted 11 June 2012 - 11:06 AM

It's running really nicely now, no problems to report!! You're a wizard. :))

Combofix log:

ComboFix 12-06-05.04 - Kristy 06/11/2012 10:29:50.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.642 [GMT -5:00]
Running from: c:\documents and settings\Kristy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kristy\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Kristy\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Kristy\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Kristy\WINDOWS
.
---- Previous Run -------
.
c:\docume~1\Kristy\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Kristy\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp
c:\windows\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-11 00:34 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6244D2CE-E639-4F49-A67F-EBB0DD7A76ED}\mpengine.dll
2012-06-10 15:56 . 2012-06-10 15:56 -------- d-----w- C:\_OTL
2012-06-04 02:51 . 2012-06-04 02:51 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 15:47 . 2007-10-02 19:04 230808 ----a-r- c:\windows\system32\cpnprt2.cid
2012-05-31 13:22 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-08 16:40 . 2010-07-21 14:11 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-11 13:14 . 2004-08-11 23:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-11 23:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-04 04:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56 . 2009-04-13 23:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 02:49 . 2012-06-04 02:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-06_14.42.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-10 16:12 . 2012-06-10 16:12 16384 c:\windows\Temp\Perflib_Perfdata_628.dat
- 2004-08-11 23:00 . 2012-06-04 12:46 88502 c:\windows\system32\perfc009.dat
+ 2004-08-11 23:00 . 2012-06-10 16:17 88502 c:\windows\system32\perfc009.dat
- 2007-01-25 18:10 . 2011-11-09 21:50 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2007-01-25 18:10 . 2012-06-07 12:33 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-01-25 18:10 . 2011-11-09 21:50 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-01-25 18:10 . 2012-06-07 12:33 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2007-01-25 18:10 . 2011-11-09 21:50 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2007-01-25 18:10 . 2012-06-07 12:33 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-01-25 18:10 . 2011-11-09 21:50 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-01-25 18:10 . 2012-06-07 12:33 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-01-25 18:10 . 2011-11-09 21:50 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-01-25 18:10 . 2012-06-07 12:33 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2007-01-25 18:10 . 2011-11-09 21:50 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2007-01-25 18:10 . 2012-06-07 12:33 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-01-25 18:10 . 2011-11-09 21:50 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2007-01-25 18:10 . 2012-06-07 12:33 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2004-08-11 23:00 . 2012-06-04 12:46 484534 c:\windows\system32\perfh009.dat
+ 2004-08-11 23:00 . 2012-06-10 16:17 484534 c:\windows\system32\perfh009.dat
+ 2011-09-03 10:17 . 2012-05-31 13:22 599040 c:\windows\system32\dllcache\crypt32.dll
- 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-02-25 19:25 . 2011-02-25 19:25 7968256 c:\windows\Installer\235bf69.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"Spotify Web Helper"="c:\documents and settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-05-21 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-02 185896]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SetDefPrt"="c:\program files\Brother\Brmfl04h\BrStDvPt.exe" [2004-11-11 49152]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-25 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Documents and Settings\\Kristy\\Application Data\\Spotify\\spotify.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/26/2011 8:10 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [1/26/2011 8:10 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [1/26/2011 8:10 PM 656320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/1/2011 10:10 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/1/2011 10:10 PM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/1/2011 10:10 PM 20568]
S1 gtmynuyg;gtmynuyg;\??\c:\windows\system32\drivers\gtmynuyg.sys --> c:\windows\system32\drivers\gtmynuyg.sys [?]
S1 iawsnhxh;iawsnhxh;\??\c:\windows\system32\drivers\iawsnhxh.sys --> c:\windows\system32\drivers\iawsnhxh.sys [?]
S1 MpKsle5778334;MpKsle5778334;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\MpKsle5778334.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\MpKsle5778334.sys [?]
S1 nlshreox;nlshreox;\??\c:\windows\system32\drivers\nlshreox.sys --> c:\windows\system32\drivers\nlshreox.sys [?]
S1 wsbqjhiq;wsbqjhiq;\??\c:\windows\system32\drivers\wsbqjhiq.sys --> c:\windows\system32\drivers\wsbqjhiq.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/3/2012 9:51 PM 129976]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [1/26/2011 8:10 PM 366840]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 12:30 PM 268512]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.amazon.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Kristy\Application Data\Mozilla\Firefox\Profiles\5akt67y1.default\
FF - prefs.js: browser.startup.homepage - hxxp://slickdeals.net/
FF - user.js: general.useragent.extra.brc -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-11 10:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,0f,74,50,b6,78,5c,4d,a0,a6,a9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,0f,74,50,b6,78,5c,4d,a0,a6,a9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(716)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2012-06-11 10:48:25
ComboFix-quarantined-files.txt 2012-06-11 15:48
.
Pre-Run: 58,849,239,040 bytes free
Post-Run: 58,917,322,752 bytes free
.
- - End Of File - - 46308B517ABC93865514D19E8A656CFE

#14 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,596 posts
  • Gender:Male

Posted 11 June 2012 - 11:18 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 29 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,596 posts
  • Gender:Male

Posted 14 June 2012 - 01:10 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 hippiechic744

hippiechic744

    New Member

  • Members
  • Pip
  • 9 posts

Posted 14 June 2012 - 02:19 PM

We have been having internet connection issues, I'm still working on this. :)

#17 hippiechic744

hippiechic744

    New Member

  • Members
  • Pip
  • 9 posts

Posted 14 June 2012 - 07:58 PM

Mbam log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.14.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kristy :: D965GFC1 [administrator]

6/14/2012 5:01:25 PM
mbam-log-2012-06-14 (17-01-25).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 338376
Time elapsed: 2 hour(s), 46 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HijackThis logLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:57:33 PM, on 6/14/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\DOCUME~1\Kristy\LOCALS~1\Temp\clclean.0001
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070125
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6087.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://littlemissmag...ad/MsnPUpld.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell....lSystemLite.CAB
O16 - DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} (HostFront ActiveX Display) - http://leads400.land...ccess/HFDSP.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mci.webex.co...bex/ieatgpc.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11532 bytes
:

#18 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,596 posts
  • Gender:Male

Posted 14 June 2012 - 08:28 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):


    • O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
      O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
      O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe"
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#19 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,596 posts
  • Gender:Male

Posted 16 June 2012 - 11:05 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#20 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,596 posts
  • Gender:Male

Posted 19 June 2012 - 11:02 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users