friedmal

Members
  • Content count

    15
  • Joined

  • Last visited

About friedmal

  • Rank
    New Member
  1. But it does this most time I open chrome? How do I make it stop? You sure that does not mean there is ssomething trying to hijack the search engine stil?
  2. Got a msg from chrome today that something tried to reset my search engine, it didn't know what to do so it set it to google...
  3. You never told me what you saw in the logs? What do you beleive I was infected with?
  4. No further instances since I sinstalled chrome, deleted its appdata and reinstalled.
  5. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-05-13 20:22:54 ----------------------------- 20:22:54.831 OS Version: Windows x64 6.1.7601 Service Pack 1 20:22:54.832 Number of processors: 8 586 0x2A07 20:22:54.832 ComputerName: LMF-DELL UserName: lmf1 20:22:55.282 Initialize success 20:22:57.722 AVAST engine defs: 12051301 20:23:00.065 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:23:00.066 Disk 0 Vendor: Patriot_ 332A Size: 114473MB BusType: 3 20:23:00.067 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 20:23:00.068 Disk 1 Vendor: ST315003 CC4G Size: 1430799MB BusType: 3 20:23:00.069 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3 20:23:00.071 Disk 2 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3 20:23:00.097 Disk 0 MBR read successfully 20:23:00.099 Disk 0 MBR scan 20:23:00.101 Disk 0 Windows 7 default MBR code 20:23:00.117 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63 20:23:00.165 Disk 0 scanning C:\Windows\system32\drivers 20:23:25.419 Service scanning 20:23:32.261 Modules scanning 20:23:32.268 Disk 0 trace - called modules: 20:23:32.286 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 20:23:32.289 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800bbd8790] 20:23:32.292 3 CLASSPNP.SYS[fffff88001f9243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a104050] 20:23:32.745 AVAST engine scan C:\Windows 20:23:47.336 AVAST engine scan C:\Windows\system32 20:30:16.860 AVAST engine scan C:\Windows\system32\drivers 20:30:54.527 AVAST engine scan C:\Users\lmf1 20:33:28.053 AVAST engine scan C:\ProgramData 20:33:39.096 Scan finished successfully 20:33:51.757 Disk 0 MBR has been saved successfully to "D:\Downloads\MBR.dat" 20:33:51.759 The log file has been saved successfully to "D:\Downloads\aswMBR.txt"
  6. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial= # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-13 11:49:56 # local_time=2012-05-13 07:49:56 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776574 100 94 6218574 88492767 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=431624 # found=1 # cleaned=1 # scan_time=3679 D:\Zips\Windows 7\Utils\freeopener.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  7. OK, I don't know if this was too eassy but I de-installed chrome. Wiped out the appdata directory for google under my profile and reinstalled and now so far it seems to be working? Will watch for a few days...
  8. ComboFix 12-05-09.01 - lmf1 05/09/12 16:30:13.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12270.8767 [GMT -4:00] Running from: d:\downloads\ComboFix.exe Command switches used :: d:\downloads\CFScript.txt AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\data\Collections.html c:\data\PlayList.txt c:\program files\Realtek\Audio\HDA\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RAVCpl64.exe c:\windows\system32\termsrv.dll . ----- File Replicators ----- . c:\dell\drivers\R282239\Vista64\RAVCpl64.exe c:\drivers\audio\R282239\Vista64\RAVCpl64.exe c:\program files\Realtek\Audio\HDA\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RAVCpl64.exe c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RAVCpl64.exe . . --------------- FCopy --------------- . c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll --> c:\windows\system32\termsrv.dll . ((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 ))))))))))))))))))))))))))))))) . . 2012-05-09 20:34 . 2012-05-09 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-09 20:34 . 2012-05-09 20:34 -------- d-----w- c:\users\adminstrator\AppData\Local\temp 2012-05-09 20:34 . 2012-05-09 20:34 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp 2012-05-09 20:34 . 2012-05-09 20:38 -------- d-----w- C:\Data 2012-05-09 02:21 . 2012-05-09 02:21 -------- d-----w- C:\NBRT 2012-05-09 02:19 . 2012-05-09 02:20 -------- d-----w- c:\users\lmf1\AppData\Roaming\AVG 2012-05-09 01:33 . 2012-05-09 01:33 -------- d--h--w- c:\programdata\Common Files 2012-05-09 01:33 . 2012-05-09 02:18 -------- d-----w- c:\program files (x86)\AVG 2012-05-09 01:31 . 2012-05-09 03:23 -------- d-----w- c:\programdata\MFAData 2012-05-08 22:02 . 2012-05-08 22:02 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64 2012-05-08 22:02 . 2012-05-08 22:02 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard 2012-05-08 21:40 . 2012-05-08 21:53 -------- d-----w- c:\users\lmf1\AppData\Local\NPE 2012-05-07 23:12 . 2012-05-07 23:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-07 23:12 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-06 19:11 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2012-05-06 18:42 . 2012-05-06 18:42 -------- d-----w- c:\users\lmf1\AppData\Roaming\SUPERAntiSpyware.com 2012-05-06 03:12 . 2012-05-06 03:12 -------- d-----w- c:\users\lmf1\AppData\Roaming\SpeedyPC Software 2012-05-06 03:12 . 2012-05-06 03:12 -------- d-----w- c:\users\lmf1\AppData\Roaming\DriverCure 2012-05-06 03:12 . 2012-05-06 03:16 -------- d-----w- c:\programdata\SpeedyPC Software 2012-05-05 17:59 . 2012-05-05 17:59 -------- d-----w- c:\users\lmf1\AppData\Roaming\Anvisoft 2012-05-05 17:58 . 2012-05-06 02:59 -------- d-----w- c:\program files (x86)\Anvisoft 2012-05-05 17:31 . 2012-05-08 21:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-05-05 17:31 . 2012-05-05 17:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-05-05 16:45 . 2012-05-05 16:45 -------- d-----w- c:\users\lmf1\AppData\Roaming\Malwarebytes 2012-05-05 16:45 . 2012-05-05 16:45 -------- d-----w- c:\programdata\Malwarebytes 2012-05-04 23:45 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys 2012-05-01 22:18 . 2012-05-01 22:18 -------- d-----w- c:\program files (x86)\Dell Digital Delivery 2012-04-24 21:37 . 2012-04-24 21:37 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-04-24 21:37 . 2012-04-24 21:37 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-24 21:37 . 2012-04-24 21:37 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-04-23 22:17 . 2012-04-24 21:32 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307000.009 2012-04-11 22:51 . 2012-04-11 22:51 -------- d-----w- c:\users\lmf1\AppData\Roaming\Juniper Networks 2012-04-10 22:49 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-10 22:49 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-10 22:49 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-10 22:49 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-10 22:49 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-10 22:49 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-10 22:49 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-20 21:54 . 2012-03-29 21:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-20 21:54 . 2011-10-21 23:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-23 15:12 . 2012-02-03 18:38 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-03-13 18:36 . 2012-01-30 02:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-08 20:51 . 2012-03-11 22:18 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe 2012-03-08 20:51 . 2012-03-11 22:18 3321728 ----a-w- c:\windows\system32\BootMan.exe 2012-02-29 08:02 . 2012-02-29 08:02 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-02-27 17:14 . 2012-02-27 17:14 251696 ----a-w- c:\windows\SysWow64\prgiso.dll 2012-02-27 17:14 . 2012-02-27 17:14 90928 ----a-w- c:\windows\system32\drivers\uimx64.sys 2012-02-27 17:14 . 2012-02-27 17:14 471728 ----a-w- c:\windows\system32\drivers\UimFIO.sys 2012-02-27 17:14 . 2012-02-27 17:14 632752 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys 2012-02-27 17:14 . 2012-02-27 17:14 379696 ----a-w- c:\windows\system32\drivers\uim_vimx64.sys 2012-02-27 17:14 . 2012-03-06 21:34 39216 ----a-w- c:\windows\system32\drivers\hotcore3.sys 2012-02-25 00:17 . 2012-02-25 00:17 1089024 ----a-w- c:\windows\system32\BCMLogon.dll 2012-02-25 00:17 . 2012-02-25 00:17 8075776 ----a-w- c:\windows\system32\BCMWLCPL.CPL 2012-02-25 00:17 . 2012-02-25 00:17 73728 ----a-w- c:\windows\system32\wltrynt.dll 2012-02-25 00:17 . 2012-02-25 00:17 60928 ----a-w- c:\windows\system32\bcmwlrmt.dll 2012-02-25 00:17 . 2012-02-25 00:17 4961800 ----a-w- c:\windows\SysWow64\vcredist_x64.exe 2012-02-25 00:17 . 2012-02-25 00:17 47632 ----a-w- c:\windows\system32\drivers\npf.sys 2012-02-25 00:17 . 2012-02-25 00:17 4750848 ----a-w- c:\windows\system32\bcmttls.dll 2012-02-25 00:17 . 2012-02-25 00:17 459 ----a-w- c:\windows\SysWow64\vcredist_x64.bat 2012-02-25 00:17 . 2012-02-25 00:17 457 ----a-w- c:\windows\system32\vcredist_x64.bat 2012-02-25 00:17 . 2012-02-25 00:17 3161088 ----a-w- c:\windows\system32\vcredist_x64.exe 2012-02-25 00:17 . 2012-02-25 00:17 22520 ----a-w- c:\windows\system32\drivers\bcm42rly.sys 2012-02-25 00:17 . 2011-10-22 00:08 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2012-02-24 23:36 . 2012-02-24 23:36 31152 ----a-w- c:\windows\system32\drivers\pmxdrv.sys 2012-02-21 08:25 . 2012-02-21 08:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{662DF3E6-1AAB-4189-B9EC-1A53F2D64220}\offreg.dll 2012-02-20 01:22 . 2012-02-20 01:22 197120 ----a-w- c:\windows\SysWow64\System47.scr 2012-02-17 06:38 . 2012-03-15 22:04 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-15 22:04 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-15 22:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-15 22:04 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-02-10 06:36 . 2012-03-15 22:04 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-15 22:04 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-09_10.40.25 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-05-09 03:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-05-09 20:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-05-09 20:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-09 03:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-09 03:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-05-09 20:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2012-05-09 20:20 68280 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2012-05-09 03:29 68280 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-01-29 23:24 . 2012-05-09 20:20 18260 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2759553128-3175843188-3636004894-1000_UserData.bin - 2012-02-02 11:17 . 2012-05-09 03:24 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2012-02-02 11:17 . 2012-05-09 20:34 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2012-05-09 20:38 . 2012-05-09 20:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-09 03:28 . 2012-05-09 03:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 05:12 . 2012-05-09 20:21 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:12 . 2012-05-09 03:30 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:01 . 2012-05-09 03:24 711264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-05-09 20:34 711264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2012-01-30 00:43 . 2012-05-09 03:24 18010224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759553128-3175843188-3636004894-1000-12288.dat + 2012-01-30 00:43 . 2012-05-09 20:34 18010224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759553128-3175843188-3636004894-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-30 39408] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800] "TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336] "TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528] "TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336] "Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736] "MusicManager"="c:\users\lmf1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288] "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128] "TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2009-02-20 24576] "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2009-02-20 40960] "PDFHook"="c:\program files (x86)\ScanSoft\PDF Converter 5\pdfpro5hook.exe" [2008-12-23 628000] "PDF5 Registry Controller"="c:\program files (x86)\ScanSoft\PDF Converter 5\RegistryController.exe" [2008-12-23 58656] "CPQEASYACC"="c:\program files (x86)\Compaq\Easy Access Button Support\StartEAK.exe" [2001-10-10 28672] "Memeo Backup Pro"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2010-07-26 136416] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760] "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\lmf1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Webshots.lnk - c:\program files (x86)\Webshots\3.1.5.7619\Launcher.exe [2012-1-30 157088] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CompanionLink Setup.lnk - c:\program files (x86)\CompanionLink\CompanionLink.exe [2011-12-27 52896768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 1 (0x1) "SynchronousUserGroupPolicy"= 1 (0x1) "HideFastUserSwitching"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HideSCABattery"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2002-02-15 15:51 24638 ----a-w- c:\windows\System32\PCANotify.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS [x] R2 AGCoreService;AG Core Services;c:\program files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe [2010-06-29 20480] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-04-10 166912] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 253088] R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-02-12 2227216] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x] R3 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480] R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [x] S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120508.002\IDSvia64.sys [2012-04-28 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [x] S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808] S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-07-26 25824] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232] S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760] S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe [2008-12-23 144672] S2 PowerAlert Agent;PowerAlert Agent;c:\program files (x86)\TrippLite\PowerAlert\engine\pal.exe [2011-05-09 1658704] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x] S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x] S3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-16 138360] S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176] S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-02-11 2963960] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - PBFILTER . Contents of the 'Scheduled Tasks' folder . 2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:54] . 2012-05-09 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2012-01-30 01:06] . 2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 01:52] . 2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 01:52] . 2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759553128-3175843188-3636004894-1000Core.job - c:\users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:45] . 2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759553128-3175843188-3636004894-1000UA.job - c:\users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:45] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append the content of the link to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\lmf1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Open with PDF Converter 5.2 - c:\program files (x86)\ScanSoft\PDF Converter 5\cnvres_eng.dll /100 IE: Open with PDF Professional 5.2 - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 FF - ProfilePath - c:\users\lmf1\AppData\Roaming\Mozilla\Firefox\Profiles\xly3uqkl.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM-Run-RtHDVCpl - c:\program files\Realtek\Audio\HDA\RAVCpl64.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL] "ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe c:\progra~2\Webshots\315~1.761\webshots.scr c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe c:\program files (x86)\Compaq\Easy Access Button Support\CPQEADM.EXE c:\compaq\CPQINET\CPQInet.exe c:\progra~2\Compaq\EASYAC~1\BttnServ.exe . ************************************************************************** . Completion time: 2012-05-09 16:39:50 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-09 20:39 ComboFix2.txt 2012-05-09 10:41 . Pre-Run: 62,114,779,136 bytes free Post-Run: 61,963,624,448 bytes free . - - End Of File - - B411306263188A66158F201933605636
  9. ComboFix 12-05-08.02 - lmf1 05/09/12 6:35.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12270.8558 [GMT -4:00] Running from: d:\downloads\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\data\Collections.html c:\data\PlayList.txt c:\programdata\ntuser.dat c:\users\adminstrator\Desktop\weather.lnk c:\windows\command c:\windows\command\EXTRACT.PIF c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_d64f4f2e6dacbe2f\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_d64f4f2e6dacbe2f\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RtlUpd64.exe c:\windows\system32\fxsst.dll c:\windows\system32\slwga.dll c:\windows\system32\srrstr.dll c:\windows\system32\systemcpl.dll c:\windows\system32\termsrv.dll c:\windows\SysWow64\odbcad32.exe . ----- File Replicators ----- . c:\dell\drivers\R282239\Vista64\RAVBg64.exe c:\dell\drivers\R282239\Vista64\RtlUpd64.exe c:\drivers\audio\R282239\Vista64\RAVBg64.exe c:\drivers\audio\R282239\Vista64\RtlUpd64.exe c:\program files (x86)\Realtek\Audio\Drivers\RtlUpd64.exe c:\program files (x86)\Realtek\Audio\InstallShield\Rtkupd64.exe c:\program files\Realtek\Audio\HDA\RAVBg64.exe c:\program files\Realtek\Audio\HDA\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_d64f4f2e6dacbe2f\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_d64f4f2e6dacbe2f\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RtlUpd64.exe c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RAVBg64.exe c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RtlUpd64.exe . . ((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 ))))))))))))))))))))))))))))))) . . 2012-05-09 10:39 . 2012-05-09 10:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-09 10:39 . 2012-05-09 10:39 -------- d-----w- c:\users\adminstrator\AppData\Local\temp 2012-05-09 10:39 . 2012-05-09 10:39 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp 2012-05-09 10:39 . 2012-05-09 10:40 -------- d-----w- C:\Data 2012-05-09 02:21 . 2012-05-09 02:21 -------- d-----w- C:\NBRT 2012-05-09 02:19 . 2012-05-09 02:20 -------- d-----w- c:\users\lmf1\AppData\Roaming\AVG 2012-05-09 01:33 . 2012-05-09 01:33 -------- d--h--w- c:\programdata\Common Files 2012-05-09 01:33 . 2012-05-09 02:18 -------- d-----w- c:\program files (x86)\AVG 2012-05-09 01:31 . 2012-05-09 03:23 -------- d-----w- c:\programdata\MFAData 2012-05-08 22:02 . 2012-05-08 22:02 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64 2012-05-08 22:02 . 2012-05-08 22:02 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard 2012-05-08 21:40 . 2012-05-08 21:53 -------- d-----w- c:\users\lmf1\AppData\Local\NPE 2012-05-07 23:12 . 2012-05-07 23:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-07 23:12 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-06 19:11 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2012-05-06 18:42 . 2012-05-06 18:42 -------- d-----w- c:\users\lmf1\AppData\Roaming\SUPERAntiSpyware.com 2012-05-06 03:12 . 2012-05-06 03:12 -------- d-----w- c:\users\lmf1\AppData\Roaming\SpeedyPC Software 2012-05-06 03:12 . 2012-05-06 03:12 -------- d-----w- c:\users\lmf1\AppData\Roaming\DriverCure 2012-05-06 03:12 . 2012-05-06 03:16 -------- d-----w- c:\programdata\SpeedyPC Software 2012-05-05 17:59 . 2012-05-05 17:59 -------- d-----w- c:\users\lmf1\AppData\Roaming\Anvisoft 2012-05-05 17:58 . 2012-05-06 02:59 -------- d-----w- c:\program files (x86)\Anvisoft 2012-05-05 17:31 . 2012-05-08 21:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-05-05 17:31 . 2012-05-05 17:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-05-05 16:45 . 2012-05-05 16:45 -------- d-----w- c:\users\lmf1\AppData\Roaming\Malwarebytes 2012-05-05 16:45 . 2012-05-05 16:45 -------- d-----w- c:\programdata\Malwarebytes 2012-05-04 23:45 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys 2012-05-01 22:18 . 2012-05-01 22:18 -------- d-----w- c:\program files (x86)\Dell Digital Delivery 2012-04-24 21:37 . 2012-04-24 21:37 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-04-24 21:37 . 2012-04-24 21:37 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-24 21:37 . 2012-04-24 21:37 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-04-23 22:17 . 2012-04-24 21:32 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307000.009 2012-04-11 22:51 . 2012-04-11 22:51 -------- d-----w- c:\users\lmf1\AppData\Roaming\Juniper Networks 2012-04-10 22:49 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-10 22:49 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-10 22:49 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-10 22:49 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-10 22:49 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-10 22:49 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-10 22:49 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-20 21:54 . 2012-03-29 21:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-20 21:54 . 2011-10-21 23:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-23 15:12 . 2012-02-03 18:38 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-03-13 18:36 . 2012-01-30 02:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-08 20:51 . 2012-03-11 22:18 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe 2012-03-08 20:51 . 2012-03-11 22:18 3321728 ----a-w- c:\windows\system32\BootMan.exe 2012-02-29 08:02 . 2012-02-29 08:02 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-02-27 17:14 . 2012-02-27 17:14 251696 ----a-w- c:\windows\SysWow64\prgiso.dll 2012-02-27 17:14 . 2012-02-27 17:14 90928 ----a-w- c:\windows\system32\drivers\uimx64.sys 2012-02-27 17:14 . 2012-02-27 17:14 471728 ----a-w- c:\windows\system32\drivers\UimFIO.sys 2012-02-27 17:14 . 2012-02-27 17:14 632752 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys 2012-02-27 17:14 . 2012-02-27 17:14 379696 ----a-w- c:\windows\system32\drivers\uim_vimx64.sys 2012-02-27 17:14 . 2012-03-06 21:34 39216 ----a-w- c:\windows\system32\drivers\hotcore3.sys 2012-02-25 00:17 . 2012-02-25 00:17 1089024 ----a-w- c:\windows\system32\BCMLogon.dll 2012-02-25 00:17 . 2012-02-25 00:17 8075776 ----a-w- c:\windows\system32\BCMWLCPL.CPL 2012-02-25 00:17 . 2012-02-25 00:17 73728 ----a-w- c:\windows\system32\wltrynt.dll 2012-02-25 00:17 . 2012-02-25 00:17 60928 ----a-w- c:\windows\system32\bcmwlrmt.dll 2012-02-25 00:17 . 2012-02-25 00:17 4961800 ----a-w- c:\windows\SysWow64\vcredist_x64.exe 2012-02-25 00:17 . 2012-02-25 00:17 47632 ----a-w- c:\windows\system32\drivers\npf.sys 2012-02-25 00:17 . 2012-02-25 00:17 4750848 ----a-w- c:\windows\system32\bcmttls.dll 2012-02-25 00:17 . 2012-02-25 00:17 459 ----a-w- c:\windows\SysWow64\vcredist_x64.bat 2012-02-25 00:17 . 2012-02-25 00:17 457 ----a-w- c:\windows\system32\vcredist_x64.bat 2012-02-25 00:17 . 2012-02-25 00:17 3161088 ----a-w- c:\windows\system32\vcredist_x64.exe 2012-02-25 00:17 . 2012-02-25 00:17 22520 ----a-w- c:\windows\system32\drivers\bcm42rly.sys 2012-02-25 00:17 . 2011-10-22 00:08 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2012-02-24 23:36 . 2012-02-24 23:36 31152 ----a-w- c:\windows\system32\drivers\pmxdrv.sys 2012-02-21 08:25 . 2012-02-21 08:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{662DF3E6-1AAB-4189-B9EC-1A53F2D64220}\offreg.dll 2012-02-20 01:22 . 2012-02-20 01:22 197120 ----a-w- c:\windows\SysWow64\System47.scr 2012-02-17 06:38 . 2012-03-15 22:04 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-15 22:04 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-15 22:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-15 22:04 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-02-10 06:36 . 2012-03-15 22:04 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-15 22:04 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll . c:\windows\system32\termsrv.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2010-11-21 297808] . [HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] [HKEY_CLASSES_ROOT\agihelper.AGUtils] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] 2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-30 39408] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800] "TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336] "TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528] "TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336] "Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736] "MusicManager"="c:\users\lmf1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288] "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128] "TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2009-02-20 24576] "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2009-02-20 40960] "PDFHook"="c:\program files (x86)\ScanSoft\PDF Converter 5\pdfpro5hook.exe" [2008-12-23 628000] "PDF5 Registry Controller"="c:\program files (x86)\ScanSoft\PDF Converter 5\RegistryController.exe" [2008-12-23 58656] "CPQEASYACC"="c:\program files (x86)\Compaq\Easy Access Button Support\StartEAK.exe" [2001-10-10 28672] "Memeo Backup Pro"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2010-07-26 136416] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760] "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\lmf1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Webshots.lnk - c:\program files (x86)\Webshots\3.1.5.7619\Launcher.exe [2012-1-30 157088] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CompanionLink Setup.lnk - c:\program files (x86)\CompanionLink\CompanionLink.exe [2011-12-27 52896768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 1 (0x1) "SynchronousUserGroupPolicy"= 1 (0x1) "HideFastUserSwitching"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HideSCABattery"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2002-02-15 15:51 24638 ----a-w- c:\windows\System32\PCANotify.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS [x] R2 AGCoreService;AG Core Services;c:\program files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe [2010-06-29 20480] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 253088] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-02-12 2227216] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x] R3 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [x] S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120508.002\IDSvia64.sys [2012-04-28 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [x] S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-04-10 166912] S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808] S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-07-26 25824] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232] S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760] S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe [2008-12-23 144672] S2 PowerAlert Agent;PowerAlert Agent;c:\program files (x86)\TrippLite\PowerAlert\engine\pal.exe [2011-05-09 1658704] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x] S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x] S3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x] S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-16 138360] S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176] S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728] S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-02-11 2963960] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - PBFILTER . Contents of the 'Scheduled Tasks' folder . 2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:54] . 2012-05-09 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2012-01-30 01:06] . 2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 01:52] . 2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 01:52] . 2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759553128-3175843188-3636004894-1000Core.job - c:\users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:45] . 2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759553128-3175843188-3636004894-1000UA.job - c:\users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:45] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append the content of the link to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\lmf1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Open with PDF Converter 5.2 - c:\program files (x86)\ScanSoft\PDF Converter 5\cnvres_eng.dll /100 IE: Open with PDF Professional 5.2 - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 FF - ProfilePath - c:\users\lmf1\AppData\Roaming\Mozilla\Firefox\Profiles\xly3uqkl.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.zonealarm.autoRvrt - true FF - user.js: extensions.zonealarm_i.newTab - false FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN26195060060425-1001&toolbarId=base&affiliateId=1500&Lan=en&utid=7ba4ed40000000000000782bcba8b546&q= FF - user.js: extensions.zonealarm.id - 7ba4ed40000000000000782bcba8b546 FF - user.js: extensions.zonealarm.instlDay - 15414 FF - user.js: extensions.zonealarm.vrsn - 1.5.19.3 FF - user.js: extensions.zonealarm.vrsni - 1.5.19.3 FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.19.318:04 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 1500 FF - user.js: extensions.zonealarm_i.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - base FF - user.js: extensions.zonealarm.instlRef - ZLN26195060060425-1001 FF - user.js: extensions.zonealarm.dfltLng - en FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.admin - false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) AddRemove-Juniper_Setup_Client Activex Control - c:\windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe AddRemove-System47 - c:\windows\system32\System47.scr . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL] "ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-05-09 06:41:38 ComboFix-quarantined-files.txt 2012-05-09 10:41 . Pre-Run: 62,703,800,320 bytes free Post-Run: 62,093,082,624 bytes free . - - End Of File - - AE5CAFBA43ABECA80537109A3FF6008F
  10. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by lmf1 at 17:07:20 on 2012-05-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12270.7724 [GMT -4:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe C:\Windows\system32\atieclxx.exe C:\Program Files\LSI SoftModem\agr64svc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k bthaudiosvc C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe C:\Program Files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe C:\Windows\System32\tcpsvcs.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\fxssvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe C:\Program Files (x86)\AWS\WeatherBug\Weather.exe C:\Users\lmf1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe C:\Program Files\PeerBlock\peerblock.exe C:\Program Files (x86)\CompanionLink\CompanionLink.exe C:\PROGRA~2\Webshots\315~1.761\webshots.scr C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files (x86)\ScanSoft\PDF Converter 5\PdfPro5Hook.exe C:\Program Files (x86)\COMPAQ\Easy Access Button Support\STARTEAK.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Compaq\Easy Access Button Support\CPQEADM.EXE C:\COMPAQ\CPQINET\CPQInet.exe C:\PROGRA~2\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\explorer.exe C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Windows\system32\dllhost.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\System32\msdtc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\notepad.exe D:\Downloads\tdsskiller\TDSSKiller.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\dllhost.exe C:\Windows\system32\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\IPS\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Google Update] "C:\Users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 uRun: [MusicManager] "C:\Users\lmf1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun: [PDFHook] C:\Program Files (x86)\ScanSoft\PDF Converter 5\pdfpro5hook.exe mRun: [PDF5 Registry Controller] C:\Program Files (x86)\ScanSoft\PDF Converter 5\RegistryController.exe mRun: [CPQEASYACC] C:\Program Files (x86)\Compaq\Easy Access Button Support\StartEAK.exe mRun: [Memeo Backup Pro] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe" mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\lmf1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Webshots.lnk - C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COMPAN~1.LNK - C:\Program Files (x86)\CompanionLink\CompanionLink.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: SynchronousMachineGroupPolicy = 1 (0x1) mPolicies-system: SynchronousUserGroupPolicy = 1 (0x1) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - C:\Users\lmf1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Open with PDF Converter 5.2 - C:\Program Files (x86)\ScanSoft\PDF Converter 5\cnvres_eng.dll /100 IE: Open with PDF Professional 5.2 - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 TCP: Interfaces\{30BDBFD5-7CA6-4660-A52E-D131EA8A0574} : DhcpNameServer = 192.168.1.1 68.237.161.12 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: PCANotify - PCANotify.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll BHO-X64: 0x1 - No File BHO-X64: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO-X64: ZoneAlarm Security Engine Registrar - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll BHO-X64: WinZip Courier BHO - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll BHO-X64: Norton Safe Web Lite BHO - No File TB-X64: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun-x64: [PDFHook] C:\Program Files (x86)\ScanSoft\PDF Converter 5\pdfpro5hook.exe mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\ScanSoft\PDF Converter 5\RegistryController.exe mRun-x64: [CPQEASYACC] C:\Program Files (x86)\Compaq\Easy Access Button Support\StartEAK.exe mRun-x64: [Memeo Backup Pro] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe" mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\lmf1\AppData\Roaming\Mozilla\Firefox\Profiles\xly3uqkl.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: keyword.URL - FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files (x86)\WinZip Courier\npwzwmc.dll FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll FF - plugin: C:\Users\lmf1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\lmf1\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.zonealarm.autoRvrt - true FF - user.js: extensions.zonealarm_i.newTab - false FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN26195060060425-1001&toolbarId=base&affiliateId=1500&Lan=en&utid=7ba4ed40000000000000782bcba8b546&q= FF - user.js: extensions.zonealarm.id - 7ba4ed40000000000000782bcba8b546 FF - user.js: extensions.zonealarm.instlDay - 15414 FF - user.js: extensions.zonealarm.vrsn - 1.5.19.3 FF - user.js: extensions.zonealarm.vrsni - 1.5.19.3 FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.19.318:04:44 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 1500 FF - user.js: extensions.zonealarm_i.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - base FF - user.js: extensions.zonealarm.instlRef - ZLN26195060060425-1001 FF - user.js: extensions.zonealarm.dfltLng - en FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.admin - false . ============= SERVICES / DRIVERS =============== . R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-8 1160824] R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [?] R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys --> C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120507.001\IDSviA64.sys [2012-5-7 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1307000.009\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [?] R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\system32\Drivers\uim_vimx64.sys --> C:\Windows\system32\Drivers\uim_vimx64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe [2012-1-30 20480] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-4-10 166912] R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-4 296808] R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 20992] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-21 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-7 654408] R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-7-26 25824] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [2012-4-23 138232] R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2012-2-3 138760] R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe [2008-12-23 144672] R2 PowerAlert Agent;PowerAlert Agent;C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe [2011-5-9 1658704] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 BthAudioHF;BthAudioHF Service;C:\Windows\system32\DRIVERS\BthAudioHF.sys --> C:\Windows\system32\DRIVERS\BthAudioHF.sys [?] R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?] R3 csr_a2dp;Bluetooth AV Profile;C:\Windows\system32\drivers\bthav.sys --> C:\Windows\system32\drivers\bthav.sys [?] R3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-16 138360] R3 GenericMount;Generic Mount Driver;C:\Windows\system32\DRIVERS\GenericMount.sys --> C:\Windows\system32\DRIVERS\GenericMount.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-3-9 24176] R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-13 7168] R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-2-11 2963960] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-29 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253088] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-3-11 14216] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-3-11 8456] S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-29 136176] S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 129976] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?] S3 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-21 1692480] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-05-07 23:12:51 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-07 23:12:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-06 19:11:38 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys 2012-05-06 18:42:37 -------- d-----w- C:\Users\lmf1\AppData\Roaming\SUPERAntiSpyware.com 2012-05-06 03:12:49 -------- d-----w- C:\Users\lmf1\AppData\Roaming\SpeedyPC Software 2012-05-06 03:12:49 -------- d-----w- C:\Users\lmf1\AppData\Roaming\DriverCure 2012-05-06 03:12:42 -------- d-----w- C:\ProgramData\SpeedyPC Software 2012-05-05 17:59:26 -------- d-----w- C:\Users\lmf1\AppData\Roaming\Anvisoft 2012-05-05 17:58:54 -------- d-----w- C:\Program Files (x86)\Anvisoft 2012-05-05 17:31:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-05-05 17:31:23 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-05-05 16:45:16 -------- d-----w- C:\Users\lmf1\AppData\Roaming\Malwarebytes 2012-05-05 16:45:13 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-04 23:45:14 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys 2012-05-01 22:18:36 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery 2012-04-24 21:37:50 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-04-24 21:37:49 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-24 21:37:49 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-04-23 22:17:30 737912 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\srtsp64.sys 2012-04-23 22:17:30 451192 ----a-r- C:\Windows\System32\drivers\NAVx64\1307000.009\symds64.sys 2012-04-23 22:17:30 405624 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\symnets.sys 2012-04-23 22:17:30 37496 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\srtspx64.sys 2012-04-23 22:17:30 190072 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\ironx64.sys 2012-04-23 22:17:30 167048 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\ccsetx64.sys 2012-04-23 22:17:30 1092728 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\symefa64.sys 2012-04-23 22:17:28 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1307000.009 2012-04-11 22:51:28 -------- d-----w- C:\Users\lmf1\AppData\Roaming\Juniper Networks 2012-04-10 22:49:58 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-10 22:49:58 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-10 22:49:58 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-10 22:49:58 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-10 22:49:58 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-10 22:49:58 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-10 22:49:58 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll . ==================== Find3M ==================== . 2012-04-20 21:54:51 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-20 21:54:51 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-03-23 15:12:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-03-13 18:36:50 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-03-08 20:51:50 2469760 ----a-w- C:\Windows\SysWow64\BootMan.exe 2012-03-08 20:51:40 3321728 ----a-w- C:\Windows\System32\BootMan.exe 2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-27 17:14:42 251696 ----a-w- C:\Windows\SysWow64\prgiso.dll 2012-02-27 17:14:28 90928 ----a-w- C:\Windows\System32\drivers\uimx64.sys 2012-02-27 17:14:28 471728 ----a-w- C:\Windows\System32\drivers\UimFIO.sys 2012-02-27 17:14:26 632752 ----a-w- C:\Windows\System32\drivers\Uim_IMx64.sys 2012-02-27 17:14:26 379696 ----a-w- C:\Windows\System32\drivers\uim_vimx64.sys 2012-02-27 17:14:22 39216 ----a-w- C:\Windows\System32\drivers\hotcore3.sys 2012-02-25 00:17:00 8075776 ----a-w- C:\Windows\System32\BCMWLCPL.CPL 2012-02-25 00:17:00 73728 ----a-w- C:\Windows\System32\wltrynt.dll 2012-02-25 00:17:00 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll 2012-02-25 00:17:00 60928 ----a-w- C:\Windows\System32\bcmwlrmt.dll 2012-02-25 00:17:00 4961800 ----a-w- C:\Windows\SysWow64\vcredist_x64.exe 2012-02-25 00:17:00 47632 ----a-w- C:\Windows\System32\drivers\npf.sys 2012-02-25 00:17:00 4750848 ----a-w- C:\Windows\System32\bcmttls.dll 2012-02-25 00:17:00 459 ----a-w- C:\Windows\SysWow64\vcredist_x64.bat 2012-02-25 00:17:00 457 ----a-w- C:\Windows\System32\vcredist_x64.bat 2012-02-25 00:17:00 3161088 ----a-w- C:\Windows\System32\vcredist_x64.exe 2012-02-25 00:17:00 22520 ----a-w- C:\Windows\System32\drivers\bcm42rly.sys 2012-02-25 00:17:00 1089024 ----a-w- C:\Windows\System32\BCMLogon.dll 2012-02-24 23:36:26 31152 ----a-w- C:\Windows\System32\drivers\pmxdrv.sys 2012-02-20 01:22:19 197120 ----a-w- C:\Windows\SysWow64\System47.scr 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-09 03:55:30 92160 ----a-w- C:\Windows\System32\ff_vfw.dll . ============= FINISH: 17:07:43.28 ===============
  11. 17:03:15.0820 7664 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 17:03:16.0091 7664 ============================================================ 17:03:16.0092 7664 Current date / time: 2012/05/08 17:03:16.0091 17:03:16.0092 7664 SystemInfo: 17:03:16.0092 7664 17:03:16.0092 7664 OS Version: 6.1.7601 ServicePack: 1.0 17:03:16.0092 7664 Product type: Workstation 17:03:16.0092 7664 ComputerName: LMF-DELL 17:03:16.0092 7664 UserName: lmf1 17:03:16.0092 7664 Windows directory: C:\Windows 17:03:16.0092 7664 System windows directory: C:\Windows 17:03:16.0092 7664 Running under WOW64 17:03:16.0092 7664 Processor architecture: Intel x64 17:03:16.0092 7664 Number of processors: 8 17:03:16.0092 7664 Page size: 0x1000 17:03:16.0092 7664 Boot type: Normal boot 17:03:16.0092 7664 ============================================================ 17:03:16.0285 7664 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:03:16.0292 7664 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:03:16.0317 7664 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:03:16.0321 7664 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 17:03:16.0907 7664 ============================================================ 17:03:16.0907 7664 \Device\Harddisk0\DR0: 17:03:16.0909 7664 MBR partitions: 17:03:16.0909 7664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782 17:03:16.0909 7664 \Device\Harddisk1\DR1: 17:03:16.0909 7664 MBR partitions: 17:03:16.0909 7664 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1E00000 17:03:16.0909 7664 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1E170AC, BlocksNum 0xACC6F695 17:03:16.0909 7664 \Device\Harddisk2\DR2: 17:03:16.0909 7664 MBR partitions: 17:03:16.0909 7664 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705C02 17:03:16.0909 7664 \Device\Harddisk3\DR3: 17:03:16.0910 7664 MBR partitions: 17:03:16.0910 7664 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982 17:03:16.0910 7664 ============================================================ 17:03:16.0911 7664 C: <-> \Device\Harddisk0\DR0\Partition0 17:03:16.0932 7664 J: <-> \Device\Harddisk3\DR3\Partition0 17:03:16.0942 7664 E: <-> \Device\Harddisk2\DR2\Partition0 17:03:16.0964 7664 D: <-> \Device\Harddisk1\DR1\Partition1 17:03:16.0964 7664 ============================================================ 17:03:16.0964 7664 Initialize success 17:03:16.0964 7664 ============================================================ 17:03:25.0106 7564 ============================================================ 17:03:25.0106 7564 Scan started 17:03:25.0106 7564 Mode: Manual; SigCheck; TDLFS; 17:03:25.0106 7564 ============================================================ 17:03:25.0417 7564 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 17:03:25.0468 7564 1394ohci - ok 17:03:25.0481 7564 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 17:03:25.0491 7564 ACPI - ok 17:03:25.0493 7564 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 17:03:25.0501 7564 AcpiPmi - ok 17:03:25.0509 7564 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:03:25.0514 7564 AdobeARMservice - ok 17:03:25.0543 7564 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:03:25.0550 7564 AdobeFlashPlayerUpdateSvc - ok 17:03:25.0567 7564 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 17:03:25.0578 7564 adp94xx - ok 17:03:25.0591 7564 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 17:03:25.0600 7564 adpahci - ok 17:03:25.0607 7564 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 17:03:25.0615 7564 adpu320 - ok 17:03:25.0620 7564 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 17:03:25.0642 7564 AeLookupSvc - ok 17:03:25.0659 7564 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 17:03:25.0669 7564 AFD - ok 17:03:25.0674 7564 AGCoreService (ead9c3ab25a3159abd7b05dcac607a61) C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe 17:03:25.0677 7564 AGCoreService ( UnsignedFile.Multi.Generic ) - warning 17:03:25.0677 7564 AGCoreService - detected UnsignedFile.Multi.Generic (1) 17:03:25.0680 7564 AgereModemAudio (48008d4ea73c1058f36d323a644410d4) C:\Program Files\LSI SoftModem\agr64svc.exe 17:03:25.0709 7564 AgereModemAudio - ok 17:03:25.0744 7564 AGERESoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys 17:03:25.0760 7564 AGERESoftModem - ok 17:03:25.0764 7564 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 17:03:25.0771 7564 agp440 - ok 17:03:25.0776 7564 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 17:03:25.0784 7564 ALG - ok 17:03:25.0786 7564 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 17:03:25.0792 7564 aliide - ok 17:03:25.0801 7564 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe 17:03:25.0811 7564 AMD External Events Utility - ok 17:03:25.0813 7564 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 17:03:25.0819 7564 amdide - ok 17:03:25.0823 7564 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 17:03:25.0831 7564 AmdK8 - ok 17:03:26.0090 7564 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys 17:03:26.0159 7564 amdkmdag - ok 17:03:26.0195 7564 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys 17:03:26.0206 7564 amdkmdap - ok 17:03:26.0210 7564 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 17:03:26.0217 7564 AmdPPM - ok 17:03:26.0222 7564 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 17:03:26.0229 7564 amdsata - ok 17:03:26.0236 7564 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 17:03:26.0244 7564 amdsbs - ok 17:03:26.0246 7564 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 17:03:26.0253 7564 amdxata - ok 17:03:26.0256 7564 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 17:03:26.0277 7564 AppID - ok 17:03:26.0279 7564 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 17:03:26.0300 7564 AppIDSvc - ok 17:03:26.0304 7564 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 17:03:26.0325 7564 Appinfo - ok 17:03:26.0332 7564 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:03:26.0338 7564 Apple Mobile Device - ok 17:03:26.0344 7564 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 17:03:26.0351 7564 arc - ok 17:03:26.0356 7564 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 17:03:26.0363 7564 arcsas - ok 17:03:26.0376 7564 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 17:03:26.0382 7564 aspnet_state - ok 17:03:26.0384 7564 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 17:03:26.0405 7564 AsyncMac - ok 17:03:26.0407 7564 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 17:03:26.0414 7564 atapi - ok 17:03:26.0421 7564 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys 17:03:26.0427 7564 AtiHDAudioService - ok 17:03:26.0450 7564 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 17:03:26.0475 7564 AudioEndpointBuilder - ok 17:03:26.0479 7564 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 17:03:26.0502 7564 AudioSrv - ok 17:03:26.0515 7564 awhost32 (9c2ce606e4e7e572799f33aee5a59c3c) C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe 17:03:26.0519 7564 awhost32 ( UnsignedFile.Multi.Generic ) - warning 17:03:26.0519 7564 awhost32 - detected UnsignedFile.Multi.Generic (1) 17:03:26.0520 7564 awlegacy - ok 17:03:26.0526 7564 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 17:03:26.0536 7564 AxInstSV - ok 17:03:26.0552 7564 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 17:03:26.0562 7564 b06bdrv - ok 17:03:26.0574 7564 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 17:03:26.0582 7564 b57nd60a - ok 17:03:26.0586 7564 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys 17:03:26.0591 7564 BCM42RLY - ok 17:03:26.0678 7564 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys 17:03:26.0711 7564 BCM43XX - ok 17:03:26.0741 7564 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 17:03:26.0749 7564 BDESVC - ok 17:03:26.0754 7564 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 17:03:26.0774 7564 Beep - ok 17:03:26.0796 7564 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 17:03:26.0821 7564 BFE - ok 17:03:26.0859 7564 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys 17:03:26.0874 7564 BHDrvx64 - ok 17:03:26.0922 7564 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 17:03:26.0948 7564 BITS - ok 17:03:26.0955 7564 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 17:03:26.0963 7564 blbdrive - ok 17:03:26.0979 7564 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 17:03:26.0987 7564 Bonjour Service - ok 17:03:26.0993 7564 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 17:03:27.0001 7564 bowser - ok 17:03:27.0003 7564 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 17:03:27.0012 7564 BrFiltLo - ok 17:03:27.0014 7564 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 17:03:27.0022 7564 BrFiltUp - ok 17:03:27.0028 7564 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 17:03:27.0049 7564 BridgeMP - ok 17:03:27.0057 7564 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 17:03:27.0078 7564 Browser - ok 17:03:27.0089 7564 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 17:03:27.0097 7564 Brserid - ok 17:03:27.0101 7564 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 17:03:27.0110 7564 BrSerWdm - ok 17:03:27.0112 7564 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 17:03:27.0121 7564 BrUsbMdm - ok 17:03:27.0123 7564 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 17:03:27.0130 7564 BrUsbSer - ok 17:03:27.0133 7564 BthAudioHF (07dcb3c254d584e3949fe2c0ee3963f2) C:\Windows\system32\DRIVERS\BthAudioHF.sys 17:03:27.0139 7564 BthAudioHF - ok 17:03:27.0142 7564 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys 17:03:27.0148 7564 BthAvrcp - ok 17:03:27.0151 7564 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys 17:03:27.0158 7564 BthEnum - ok 17:03:27.0162 7564 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 17:03:27.0171 7564 BTHMODEM - ok 17:03:27.0178 7564 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 17:03:27.0187 7564 BthPan - ok 17:03:27.0205 7564 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys 17:03:27.0217 7564 BTHPORT - ok 17:03:27.0222 7564 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 17:03:27.0243 7564 bthserv - ok 17:03:27.0247 7564 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys 17:03:27.0254 7564 BTHUSB - ok 17:03:27.0262 7564 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys 17:03:27.0269 7564 ccSet_NAV - ok 17:03:27.0276 7564 ccSet_NST (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys 17:03:27.0282 7564 ccSet_NST - ok 17:03:27.0289 7564 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 17:03:27.0310 7564 cdfs - ok 17:03:27.0316 7564 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 17:03:27.0324 7564 cdrom - ok 17:03:27.0329 7564 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 17:03:27.0350 7564 CertPropSvc - ok 17:03:27.0353 7564 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 17:03:27.0363 7564 circlass - ok 17:03:27.0377 7564 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 17:03:27.0386 7564 CLFS - ok 17:03:27.0396 7564 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:03:27.0402 7564 clr_optimization_v2.0.50727_32 - ok 17:03:27.0410 7564 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:03:27.0416 7564 clr_optimization_v2.0.50727_64 - ok 17:03:27.0427 7564 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:03:27.0434 7564 clr_optimization_v4.0.30319_32 - ok 17:03:27.0447 7564 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:03:27.0453 7564 clr_optimization_v4.0.30319_64 - ok 17:03:27.0456 7564 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 17:03:27.0463 7564 CmBatt - ok 17:03:27.0465 7564 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 17:03:27.0471 7564 cmdide - ok 17:03:27.0487 7564 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 17:03:27.0501 7564 CNG - ok 17:03:27.0505 7564 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 17:03:27.0511 7564 Compbatt - ok 17:03:27.0514 7564 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 17:03:27.0523 7564 CompositeBus - ok 17:03:27.0524 7564 COMSysApp - ok 17:03:27.0527 7564 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 17:03:27.0533 7564 crcdisk - ok 17:03:27.0542 7564 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 17:03:27.0564 7564 CryptSvc - ok 17:03:27.0569 7564 csr_a2dp (df07c6d98ba7f81d0571e366b1cd6672) C:\Windows\system32\drivers\bthav.sys 17:03:27.0575 7564 csr_a2dp - ok 17:03:27.0593 7564 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 17:03:27.0617 7564 DcomLaunch - ok 17:03:27.0631 7564 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 17:03:27.0653 7564 defragsvc - ok 17:03:27.0664 7564 DellDigitalDelivery (fc72d309e86e5caecbbbbc37f7be038d) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe 17:03:27.0668 7564 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning 17:03:27.0668 7564 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1) 17:03:27.0674 7564 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 17:03:27.0695 7564 DfsC - ok 17:03:27.0709 7564 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 17:03:27.0731 7564 Dhcp - ok 17:03:27.0734 7564 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 17:03:27.0755 7564 discache - ok 17:03:27.0759 7564 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 17:03:27.0765 7564 Disk - ok 17:03:27.0834 7564 Diskeeper (e1d08ebc5d2c11d7e49b28ea5303d1cd) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe 17:03:27.0861 7564 Diskeeper - ok 17:03:27.0889 7564 DKRtWrt (0172038dabf0df25b2d95cd886b8aa56) C:\Windows\system32\DRIVERS\DKRtWrt.sys 17:03:27.0895 7564 DKRtWrt - ok 17:03:27.0903 7564 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 17:03:27.0912 7564 Dnscache - ok 17:03:27.0925 7564 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 17:03:27.0947 7564 dot3svc - ok 17:03:27.0955 7564 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 17:03:27.0976 7564 DPS - ok 17:03:27.0989 7564 DragonSvc (b123656688d67df3a08fe5912203f71b) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe 17:03:27.0997 7564 DragonSvc - ok 17:03:27.0999 7564 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 17:03:28.0007 7564 drmkaud - ok 17:03:28.0036 7564 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 17:03:28.0051 7564 DXGKrnl - ok 17:03:28.0053 7564 EACMOS - ok 17:03:28.0061 7564 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 17:03:28.0082 7564 EapHost - ok 17:03:28.0084 7564 EAWDMFD - ok 17:03:28.0170 7564 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 17:03:28.0198 7564 ebdrv - ok 17:03:28.0219 7564 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 17:03:28.0228 7564 eeCtrl - ok 17:03:28.0253 7564 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 17:03:28.0260 7564 EFS - ok 17:03:28.0282 7564 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 17:03:28.0293 7564 ehRecvr - ok 17:03:28.0300 7564 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 17:03:28.0308 7564 ehSched - ok 17:03:28.0326 7564 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 17:03:28.0337 7564 elxstor - ok 17:03:28.0340 7564 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys 17:03:28.0344 7564 epmntdrv ( UnsignedFile.Multi.Generic ) - warning 17:03:28.0344 7564 epmntdrv - detected UnsignedFile.Multi.Generic (1) 17:03:28.0355 7564 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 17:03:28.0361 7564 EraserUtilRebootDrv - ok 17:03:28.0363 7564 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 17:03:28.0370 7564 ErrDev - ok 17:03:28.0374 7564 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys 17:03:28.0378 7564 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning 17:03:28.0378 7564 EuGdiDrv - detected UnsignedFile.Multi.Generic (1) 17:03:28.0392 7564 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 17:03:28.0415 7564 EventSystem - ok 17:03:28.0428 7564 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 17:03:28.0450 7564 exfat - ok 17:03:28.0460 7564 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 17:03:28.0482 7564 fastfat - ok 17:03:28.0503 7564 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 17:03:28.0514 7564 Fax - ok 17:03:28.0517 7564 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 17:03:28.0524 7564 fdc - ok 17:03:28.0527 7564 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 17:03:28.0548 7564 fdPHost - ok 17:03:28.0551 7564 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 17:03:28.0572 7564 FDResPub - ok 17:03:28.0578 7564 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 17:03:28.0585 7564 FileInfo - ok 17:03:28.0588 7564 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 17:03:28.0609 7564 Filetrace - ok 17:03:28.0640 7564 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 17:03:28.0654 7564 FLEXnet Licensing Service - ok 17:03:28.0658 7564 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 17:03:28.0665 7564 flpydisk - ok 17:03:28.0676 7564 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 17:03:28.0685 7564 FltMgr - ok 17:03:28.0719 7564 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 17:03:28.0733 7564 FontCache - ok 17:03:28.0739 7564 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:03:28.0745 7564 FontCache3.0.0.0 - ok 17:03:28.0752 7564 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 17:03:28.0758 7564 FsDepends - ok 17:03:28.0761 7564 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 17:03:28.0767 7564 Fs_Rec - ok 17:03:28.0777 7564 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 17:03:28.0787 7564 fvevol - ok 17:03:28.0793 7564 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 17:03:28.0800 7564 gagp30kx - ok 17:03:28.0803 7564 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:03:28.0808 7564 GEARAspiWDM - ok 17:03:28.0813 7564 GenericMount (9ba50351af95c9df28c8bcd382427d11) C:\Windows\system32\DRIVERS\GenericMount.sys 17:03:28.0819 7564 GenericMount - ok 17:03:28.0884 7564 GenericMount Helper Service (9573dc01b6baa0371ed4afbaebee4dcc) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe 17:03:28.0909 7564 GenericMount Helper Service - ok 17:03:28.0938 7564 Gernuwa - ok 17:03:28.0962 7564 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 17:03:28.0987 7564 gpsvc - ok 17:03:28.0996 7564 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:03:29.0002 7564 gupdate - ok 17:03:29.0004 7564 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:03:29.0010 7564 gupdatem - ok 17:03:29.0017 7564 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 17:03:29.0023 7564 gusvc - ok 17:03:29.0027 7564 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 17:03:29.0034 7564 hcw85cir - ok 17:03:29.0046 7564 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 17:03:29.0057 7564 HdAudAddService - ok 17:03:29.0065 7564 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 17:03:29.0074 7564 HDAudBus - ok 17:03:29.0094 7564 HFGService (ee8c05f926521a0e24edaf40f45d01e6) C:\Windows\System32\HFGService.dll 17:03:29.0104 7564 HFGService - ok 17:03:29.0107 7564 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 17:03:29.0114 7564 HidBatt - ok 17:03:29.0120 7564 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 17:03:29.0129 7564 HidBth - ok 17:03:29.0134 7564 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 17:03:29.0142 7564 HidIr - ok 17:03:29.0146 7564 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 17:03:29.0167 7564 hidserv - ok 17:03:29.0170 7564 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 17:03:29.0177 7564 HidUsb - ok 17:03:29.0183 7564 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 17:03:29.0204 7564 hkmsvc - ok 17:03:29.0215 7564 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 17:03:29.0223 7564 HomeGroupListener - ok 17:03:29.0232 7564 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 17:03:29.0240 7564 HomeGroupProvider - ok 17:03:29.0245 7564 hotcore3 (493e56dd377ab330873ae659004b134c) C:\Windows\system32\DRIVERS\hotcore3.sys 17:03:29.0251 7564 hotcore3 - ok 17:03:29.0255 7564 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 17:03:29.0262 7564 HpSAMD - ok 17:03:29.0284 7564 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 17:03:29.0309 7564 HTTP - ok 17:03:29.0312 7564 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 17:03:29.0319 7564 hwpolicy - ok 17:03:29.0324 7564 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 17:03:29.0332 7564 i8042prt - ok 17:03:29.0351 7564 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys 17:03:29.0361 7564 iaStor - ok 17:03:29.0367 7564 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 17:03:29.0372 7564 IAStorDataMgrSvc - ok 17:03:29.0389 7564 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\DRIVERS\iaStorV.sys 17:03:29.0399 7564 iaStorV - ok 17:03:29.0406 7564 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 17:03:29.0409 7564 IDriverT ( UnsignedFile.Multi.Generic ) - warning 17:03:29.0409 7564 IDriverT - detected UnsignedFile.Multi.Generic (1) 17:03:29.0435 7564 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:03:29.0448 7564 idsvc - ok 17:03:29.0470 7564 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120507.001\IDSvia64.sys 17:03:29.0480 7564 IDSVia64 - ok 17:03:29.0506 7564 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 17:03:29.0513 7564 iirsp - ok 17:03:29.0539 7564 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 17:03:29.0565 7564 IKEEXT - ok 17:03:29.0572 7564 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys 17:03:29.0579 7564 Impcd - ok 17:03:29.0656 7564 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys 17:03:29.0684 7564 IntcAzAudAddService - ok 17:03:29.0717 7564 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 17:03:29.0725 7564 IntcDAud - ok 17:03:29.0728 7564 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 17:03:29.0734 7564 intelide - ok 17:03:29.0739 7564 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 17:03:29.0747 7564 intelppm - ok 17:03:29.0753 7564 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 17:03:29.0774 7564 IPBusEnum - ok 17:03:29.0780 7564 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:03:29.0800 7564 IpFilterDriver - ok 17:03:29.0819 7564 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 17:03:29.0843 7564 iphlpsvc - ok 17:03:29.0850 7564 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 17:03:29.0857 7564 IPMIDRV - ok 17:03:29.0864 7564 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 17:03:29.0885 7564 IPNAT - ok 17:03:29.0919 7564 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 17:03:29.0932 7564 iPod Service - ok 17:03:29.0935 7564 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 17:03:29.0945 7564 IRENUM - ok 17:03:29.0948 7564 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 17:03:29.0955 7564 isapnp - ok 17:03:29.0968 7564 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 17:03:29.0976 7564 iScsiPrt - ok 17:03:29.0993 7564 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys 17:03:30.0002 7564 k57nd60a - ok 17:03:30.0006 7564 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 17:03:30.0013 7564 kbdclass - ok 17:03:30.0016 7564 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 17:03:30.0023 7564 kbdhid - ok 17:03:30.0027 7564 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:03:30.0034 7564 KeyIso - ok 17:03:30.0039 7564 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 17:03:30.0046 7564 KSecDD - ok 17:03:30.0054 7564 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 17:03:30.0062 7564 KSecPkg - ok 17:03:30.0065 7564 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 17:03:30.0086 7564 ksthunk - ok 17:03:30.0101 7564 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 17:03:30.0125 7564 KtmRm - ok 17:03:30.0134 7564 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 17:03:30.0156 7564 LanmanServer - ok 17:03:30.0163 7564 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 17:03:30.0184 7564 LanmanWorkstation - ok 17:03:30.0270 7564 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE 17:03:30.0302 7564 LiveUpdate - ok 17:03:30.0329 7564 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 17:03:30.0350 7564 lltdio - ok 17:03:30.0364 7564 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 17:03:30.0387 7564 lltdsvc - ok 17:03:30.0390 7564 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 17:03:30.0411 7564 lmhosts - ok 17:03:30.0420 7564 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 17:03:30.0427 7564 LSI_FC - ok 17:03:30.0435 7564 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 17:03:30.0441 7564 LSI_SAS - ok 17:03:30.0446 7564 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 17:03:30.0453 7564 LSI_SAS2 - ok 17:03:30.0459 7564 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 17:03:30.0466 7564 LSI_SCSI - ok 17:03:30.0473 7564 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 17:03:30.0494 7564 luafv - ok 17:03:30.0498 7564 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 17:03:30.0504 7564 MBAMProtector - ok 17:03:30.0529 7564 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 17:03:30.0539 7564 MBAMService - ok 17:03:30.0546 7564 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 17:03:30.0554 7564 Mcx2Svc - ok 17:03:30.0558 7564 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 17:03:30.0565 7564 megasas - ok 17:03:30.0577 7564 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 17:03:30.0586 7564 MegaSR - ok 17:03:30.0590 7564 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 17:03:30.0596 7564 MEIx64 - ok 17:03:30.0600 7564 MemeoBackgroundService (8329d3f6ae70ffab1259f18ba9c6b29a) C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe 17:03:30.0605 7564 MemeoBackgroundService - ok 17:03:30.0612 7564 Microsoft SharePoint Workspace Audit Service - ok 17:03:30.0617 7564 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 17:03:30.0638 7564 MMCSS - ok 17:03:30.0643 7564 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 17:03:30.0663 7564 Modem - ok 17:03:30.0667 7564 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 17:03:30.0675 7564 monitor - ok 17:03:30.0680 7564 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 17:03:30.0686 7564 mouclass - ok 17:03:30.0690 7564 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 17:03:30.0697 7564 mouhid - ok 17:03:30.0703 7564 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 17:03:30.0710 7564 mountmgr - ok 17:03:30.0717 7564 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 17:03:30.0724 7564 MozillaMaintenance - ok 17:03:30.0733 7564 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 17:03:30.0741 7564 mpio - ok 17:03:30.0746 7564 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 17:03:30.0767 7564 mpsdrv - ok 17:03:30.0793 7564 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 17:03:30.0820 7564 MpsSvc - ok 17:03:30.0830 7564 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 17:03:30.0841 7564 MRxDAV - ok 17:03:30.0849 7564 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:03:30.0857 7564 mrxsmb - ok 17:03:30.0870 7564 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:03:30.0878 7564 mrxsmb10 - ok 17:03:30.0886 7564 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:03:30.0893 7564 mrxsmb20 - ok 17:03:30.0897 7564 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys 17:03:30.0903 7564 msahci - ok 17:03:30.0928 7564 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 17:03:30.0936 7564 msdsm - ok 17:03:30.0945 7564 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 17:03:30.0954 7564 MSDTC - ok 17:03:30.0960 7564 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 17:03:30.0980 7564 Msfs - ok 17:03:30.0983 7564 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 17:03:31.0003 7564 mshidkmdf - ok 17:03:31.0007 7564 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 17:03:31.0013 7564 msisadrv - ok 17:03:31.0022 7564 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 17:03:31.0044 7564 MSiSCSI - ok 17:03:31.0046 7564 msiserver - ok 17:03:31.0050 7564 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 17:03:31.0071 7564 MSKSSRV - ok 17:03:31.0074 7564 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 17:03:31.0095 7564 MSPCLOCK - ok 17:03:31.0097 7564 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 17:03:31.0118 7564 MSPQM - ok 17:03:31.0131 7564 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 17:03:31.0141 7564 MsRPC - ok 17:03:31.0146 7564 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 17:03:31.0152 7564 mssmbios - ok 17:03:31.0155 7564 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 17:03:31.0176 7564 MSTEE - ok 17:03:31.0179 7564 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 17:03:31.0186 7564 MTConfig - ok 17:03:31.0190 7564 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 17:03:31.0197 7564 Mup - ok 17:03:31.0214 7564 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 17:03:31.0238 7564 napagent - ok 17:03:31.0251 7564 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 17:03:31.0263 7564 NativeWifiP - ok 17:03:31.0277 7564 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe 17:03:31.0283 7564 NAV - ok 17:03:31.0295 7564 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120507.038\ENG64.SYS 17:03:31.0300 7564 NAVENG - ok 17:03:31.0362 7564 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120507.038\EX64.SYS 17:03:31.0385 7564 NAVEX15 - ok 17:03:31.0439 7564 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys 17:03:31.0455 7564 NDIS - ok 17:03:31.0459 7564 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 17:03:31.0480 7564 NdisCap - ok 17:03:31.0483 7564 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 17:03:31.0503 7564 NdisTapi - ok 17:03:31.0508 7564 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 17:03:31.0528 7564 Ndisuio - ok 17:03:31.0538 7564 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 17:03:31.0559 7564 NdisWan - ok 17:03:31.0565 7564 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 17:03:31.0585 7564 NDProxy - ok 17:03:31.0589 7564 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 17:03:31.0609 7564 NetBIOS - ok 17:03:31.0621 7564 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 17:03:31.0643 7564 NetBT - ok 17:03:31.0647 7564 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:03:31.0654 7564 Netlogon - ok 17:03:31.0670 7564 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 17:03:31.0693 7564 Netman - ok 17:03:31.0707 7564 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:03:31.0713 7564 NetMsmqActivator - ok 17:03:31.0716 7564 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:03:31.0722 7564 NetPipeActivator - ok 17:03:31.0739 7564 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 17:03:31.0763 7564 netprofm - ok 17:03:31.0766 7564 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:03:31.0772 7564 NetTcpActivator - ok 17:03:31.0775 7564 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:03:31.0781 7564 NetTcpPortSharing - ok 17:03:31.0787 7564 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 17:03:31.0794 7564 nfrd960 - ok 17:03:31.0806 7564 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 17:03:31.0828 7564 NlaSvc - ok 17:03:31.0910 7564 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe 17:03:31.0940 7564 NOBU - ok 17:03:32.0106 7564 Norton Ghost (a1787754952a0b700e386dc7c5fa5726) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe 17:03:32.0153 7564 Norton Ghost - ok 17:03:32.0182 7564 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 17:03:32.0203 7564 Npfs - ok 17:03:32.0207 7564 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 17:03:32.0228 7564 nsi - ok 17:03:32.0232 7564 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 17:03:32.0252 7564 nsiproxy - ok 17:03:32.0262 7564 NSL (e127420b7feb65c7f279eaac183bbc0e) C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe 17:03:32.0268 7564 NSL - ok 17:03:32.0320 7564 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 17:03:32.0341 7564 Ntfs - ok 17:03:32.0369 7564 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 17:03:32.0389 7564 Null - ok 17:03:32.0396 7564 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys 17:03:32.0402 7564 nusb3hub - ok 17:03:32.0412 7564 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys 17:03:32.0419 7564 nusb3xhc - ok 17:03:32.0430 7564 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 17:03:32.0437 7564 nvraid - ok 17:03:32.0447 7564 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 17:03:32.0454 7564 nvstor - ok 17:03:32.0466 7564 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 17:03:32.0474 7564 nv_agp - ok 17:03:32.0480 7564 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 17:03:32.0487 7564 ohci1394 - ok 17:03:32.0499 7564 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:03:32.0505 7564 ose - ok 17:03:32.0655 7564 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:03:32.0706 7564 osppsvc - ok 17:03:32.0745 7564 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 17:03:32.0754 7564 p2pimsvc - ok 17:03:32.0772 7564 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 17:03:32.0782 7564 p2psvc - ok 17:03:32.0790 7564 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 17:03:32.0798 7564 Parport - ok 17:03:32.0804 7564 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 17:03:32.0810 7564 partmgr - ok 17:03:32.0816 7564 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys 17:03:32.0822 7564 pbfilter - ok 17:03:32.0832 7564 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 17:03:32.0843 7564 PcaSvc - ok 17:03:32.0854 7564 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 17:03:32.0862 7564 pci - ok 17:03:32.0865 7564 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 17:03:32.0872 7564 pciide - ok 17:03:32.0881 7564 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 17:03:32.0889 7564 pcmcia - ok 17:03:32.0894 7564 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 17:03:32.0900 7564 pcw - ok 17:03:32.0916 7564 PDFProFiltSrv (34e3696102334ce84367336e309f1a0d) C:\Program Files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe 17:03:32.0921 7564 PDFProFiltSrv - ok 17:03:32.0944 7564 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 17:03:32.0968 7564 PEAUTH - ok 17:03:32.0991 7564 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 17:03:32.0999 7564 PerfHost - ok 17:03:33.0047 7564 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 17:03:33.0076 7564 pla - ok 17:03:33.0093 7564 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 17:03:33.0103 7564 PlugPlay - ok 17:03:33.0124 7564 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\Windows\SysWOW64\drivers\pmemnt.sys 17:03:33.0126 7564 PMEM ( UnsignedFile.Multi.Generic ) - warning 17:03:33.0126 7564 PMEM - detected UnsignedFile.Multi.Generic (1) 17:03:33.0132 7564 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys 17:03:33.0138 7564 pmxdrv - ok 17:03:33.0141 7564 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 17:03:33.0148 7564 PNRPAutoReg - ok 17:03:33.0162 7564 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 17:03:33.0171 7564 PNRPsvc - ok 17:03:33.0188 7564 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 17:03:33.0211 7564 PolicyAgent - ok 17:03:33.0222 7564 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 17:03:33.0244 7564 Power - ok 17:03:33.0296 7564 PowerAlert Agent (9e5361639c74eb9cc1b656f73af8e21f) C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe 17:03:33.0315 7564 PowerAlert Agent - ok 17:03:33.0347 7564 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 17:03:33.0368 7564 PptpMiniport - ok 17:03:33.0374 7564 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 17:03:33.0381 7564 Processor - ok 17:03:33.0392 7564 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 17:03:33.0413 7564 ProfSvc - ok 17:03:33.0418 7564 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:03:33.0425 7564 ProtectedStorage - ok 17:03:33.0432 7564 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 17:03:33.0453 7564 Psched - ok 17:03:33.0498 7564 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 17:03:33.0519 7564 ql2300 - ok 17:03:33.0551 7564 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 17:03:33.0559 7564 ql40xx - ok 17:03:33.0573 7564 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 17:03:33.0585 7564 QWAVE - ok 17:03:33.0590 7564 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 17:03:33.0600 7564 QWAVEdrv - ok 17:03:33.0603 7564 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 17:03:33.0624 7564 RasAcd - ok 17:03:33.0630 7564 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 17:03:33.0650 7564 RasAgileVpn - ok 17:03:33.0659 7564 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 17:03:33.0681 7564 RasAuto - ok 17:03:33.0690 7564 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:03:33.0711 7564 Rasl2tp - ok 17:03:33.0729 7564 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 17:03:33.0754 7564 RasMan - ok 17:03:33.0760 7564 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 17:03:33.0781 7564 RasPppoe - ok 17:03:33.0788 7564 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 17:03:33.0808 7564 RasSstp - ok 17:03:33.0823 7564 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 17:03:33.0845 7564 rdbss - ok 17:03:33.0849 7564 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 17:03:33.0858 7564 rdpbus - ok 17:03:33.0861 7564 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:03:33.0881 7564 RDPCDD - ok 17:03:33.0886 7564 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 17:03:33.0907 7564 RDPENCDD - ok 17:03:33.0913 7564 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 17:03:33.0933 7564 RDPREFMP - ok 17:03:33.0946 7564 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 17:03:33.0954 7564 RDPWD - ok 17:03:33.0964 7564 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 17:03:33.0972 7564 rdyboost - ok 17:03:33.0980 7564 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 17:03:34.0002 7564 RemoteAccess - ok 17:03:34.0010 7564 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 17:03:34.0032 7564 RemoteRegistry - ok 17:03:34.0042 7564 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 17:03:34.0051 7564 RFCOMM - ok 17:03:34.0057 7564 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 17:03:34.0079 7564 RpcEptMapper - ok 17:03:34.0082 7564 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 17:03:34.0090 7564 RpcLocator - ok 17:03:34.0108 7564 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 17:03:34.0133 7564 RpcSs - ok 17:03:34.0139 7564 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 17:03:34.0160 7564 rspndr - ok 17:03:34.0164 7564 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:03:34.0171 7564 SamSs - ok 17:03:34.0178 7564 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 17:03:34.0185 7564 sbp2port - ok 17:03:34.0196 7564 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 17:03:34.0219 7564 SCardSvr - ok 17:03:34.0223 7564 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 17:03:34.0243 7564 scfilter - ok 17:03:34.0282 7564 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 17:03:34.0310 7564 Schedule - ok 17:03:34.0317 7564 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 17:03:34.0337 7564 SCPolicySvc - ok 17:03:34.0340 7564 SDdriver - ok 17:03:34.0352 7564 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 17:03:34.0360 7564 SDRSVC - ok 17:03:34.0364 7564 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 17:03:34.0385 7564 secdrv - ok 17:03:34.0389 7564 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 17:03:34.0410 7564 seclogon - ok 17:03:34.0416 7564 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 17:03:34.0438 7564 SENS - ok 17:03:34.0442 7564 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 17:03:34.0450 7564 SensrSvc - ok 17:03:34.0453 7564 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 17:03:34.0461 7564 Serenum - ok 17:03:34.0467 7564 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 17:03:34.0475 7564 Serial - ok 17:03:34.0479 7564 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 17:03:34.0486 7564 sermouse - ok 17:03:34.0502 7564 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 17:03:34.0523 7564 SessionEnv - ok 17:03:34.0527 7564 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 17:03:34.0535 7564 sffdisk - ok 17:03:34.0539 7564 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 17:03:34.0547 7564 sffp_mmc - ok 17:03:34.0551 7564 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 17:03:34.0560 7564 sffp_sd - ok 17:03:34.0563 7564 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 17:03:34.0571 7564 sfloppy - ok 17:03:34.0627 7564 SftService (1968e6ebbeecf61d5f7d8603467e2ad0) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 17:03:34.0647 7564 SftService - ok 17:03:34.0684 7564 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 17:03:34.0707 7564 SharedAccess - ok 17:03:34.0724 7564 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 17:03:34.0747 7564 ShellHWDetection - ok 17:03:34.0751 7564 simptcp (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe 17:03:34.0759 7564 simptcp - ok 17:03:34.0769 7564 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 17:03:34.0775 7564 SiSRaid2 - ok 17:03:34.0782 7564 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 17:03:34.0788 7564 SiSRaid4 - ok 17:03:34.0796 7564 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 17:03:34.0817 7564 Smb - ok 17:03:34.0825 7564 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 17:03:34.0833 7564 SNMPTRAP - ok 17:03:34.0837 7564 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 17:03:34.0844 7564 spldr - ok 17:03:34.0864 7564 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 17:03:34.0888 7564 Spooler - ok 17:03:34.0994 7564 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 17:03:35.0038 7564 sppsvc - ok 17:03:35.0065 7564 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 17:03:35.0087 7564 sppuinotify - ok 17:03:35.0116 7564 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NAVx64\1307000.009\SRTSP64.SYS 17:03:35.0127 7564 SRTSP - ok 17:03:35.0132 7564 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307000.009\SRTSPX64.SYS 17:03:35.0137 7564 SRTSPX - ok 17:03:35.0153 7564 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 17:03:35.0163 7564 srv - ok 17:03:35.0181 7564 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 17:03:35.0190 7564 srv2 - ok 17:03:35.0200 7564 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 17:03:35.0207 7564 srvnet - ok 17:03:35.0218 7564 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 17:03:35.0241 7564 SSDPSRV - ok 17:03:35.0248 7564 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 17:03:35.0270 7564 SstpSvc - ok 17:03:35.0274 7564 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 17:03:35.0281 7564 stexstor - ok 17:03:35.0299 7564 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 17:03:35.0313 7564 stisvc - ok 17:03:35.0317 7564 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 17:03:35.0324 7564 swenum - ok 17:03:35.0342 7564 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 17:03:35.0366 7564 swprv - ok 17:03:35.0370 7564 Symantec SymSnap VSS Provider - ok 17:03:35.0389 7564 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS 17:03:35.0398 7564 SymDS - ok 17:03:35.0433 7564 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS 17:03:35.0448 7564 SymEFA - ok 17:03:35.0459 7564 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 17:03:35.0465 7564 SymEvent - ok 17:03:35.0474 7564 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS 17:03:35.0480 7564 SymIRON - ok 17:03:35.0495 7564 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS 17:03:35.0503 7564 SymNetS - ok 17:03:35.0514 7564 symsnap (2d9b2746f7dea46d1572b84a06311566) C:\Windows\system32\DRIVERS\symsnap.sys 17:03:35.0520 7564 symsnap - ok 17:03:35.0608 7564 SymSnapService (ea1a479651ca2e0409c29d586c91901d) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe 17:03:35.0639 7564 SymSnapService - ok 17:03:35.0714 7564 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 17:03:35.0737 7564 SysMain - ok 17:03:35.0764 7564 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 17:03:35.0776 7564 TabletInputService - ok 17:03:35.0791 7564 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 17:03:35.0814 7564 TapiSrv - ok 17:03:35.0820 7564 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 17:03:35.0842 7564 TBS - ok 17:03:35.0904 7564 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 17:03:35.0928 7564 Tcpip - ok 17:03:36.0053 7564 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 17:03:36.0077 7564 TCPIP6 - ok 17:03:36.0109 7564 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 17:03:36.0129 7564 tcpipreg - ok 17:03:36.0135 7564 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 17:03:36.0142 7564 TDPIPE - ok 17:03:36.0147 7564 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 17:03:36.0154 7564 TDTCP - ok 17:03:36.0163 7564 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 17:03:36.0184 7564 tdx - ok 17:03:36.0189 7564 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 17:03:36.0196 7564 TermDD - ok 17:03:36.0219 7564 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 17:03:36.0244 7564 TermService - ok 17:03:36.0250 7564 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 17:03:36.0261 7564 Themes - ok 17:03:36.0267 7564 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 17:03:36.0288 7564 THREADORDER - ok 17:03:36.0326 7564 TivoBeacon2 (4de3faee834e9ef5151a71866f6db55d) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe 17:03:36.0341 7564 TivoBeacon2 - ok 17:03:36.0349 7564 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 17:03:36.0372 7564 TrkWks - ok 17:03:36.0387 7564 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys 17:03:36.0395 7564 truecrypt - ok 17:03:36.0405 7564 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 17:03:36.0426 7564 TrustedInstaller - ok 17:03:36.0434 7564 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:03:36.0454 7564 tssecsrv - ok 17:03:36.0461 7564 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 17:03:36.0468 7564 TsUsbFlt - ok 17:03:36.0472 7564 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 17:03:36.0479 7564 TsUsbGD - ok 17:03:36.0486 7564 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 17:03:36.0506 7564 tunnel - ok 17:03:36.0513 7564 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 17:03:36.0519 7564 uagp35 - ok 17:03:36.0533 7564 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 17:03:36.0555 7564 udfs - ok 17:03:36.0565 7564 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 17:03:36.0573 7564 UI0Detect - ok 17:03:36.0580 7564 UimBus (6d5e0269f2b97011800b788accf2eaf6) C:\Windows\system32\DRIVERS\uimx64.sys 17:03:36.0586 7564 UimBus - ok 17:03:36.0612 7564 Uim_IM (a30ac921d38e6f3eacff0d0ff5510f1a) C:\Windows\system32\Drivers\Uim_IMx64.sys 17:03:36.0623 7564 Uim_IM - ok 17:03:36.0639 7564 Uim_VIM (5525963e10cca6c8551b986a2cf39c59) C:\Windows\system32\Drivers\uim_vimx64.sys 17:03:36.0648 7564 Uim_VIM - ok 17:03:36.0655 7564 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 17:03:36.0661 7564 uliagpkx - ok 17:03:36.0667 7564 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 17:03:36.0674 7564 umbus - ok 17:03:36.0678 7564 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 17:03:36.0685 7564 UmPass - ok 17:03:36.0701 7564 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 17:03:36.0725 7564 upnphost - ok 17:03:36.0730 7564 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 17:03:36.0736 7564 USBAAPL64 - ok 17:03:36.0745 7564 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 17:03:36.0755 7564 usbaudio - ok 17:03:36.0762 7564 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys 17:03:36.0770 7564 usbccgp - ok 17:03:36.0778 7564 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 17:03:36.0787 7564 usbcir - ok 17:03:36.0793 7564 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 17:03:36.0799 7564 usbehci - ok 17:03:36.0813 7564 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys 17:03:36.0822 7564 usbhub - ok 17:03:36.0827 7564 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 17:03:36.0834 7564 usbohci - ok 17:03:36.0838 7564 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 17:03:36.0847 7564 usbprint - ok 17:03:36.0852 7564 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 17:03:36.0861 7564 usbscan - ok 17:03:36.0867 7564 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:03:36.0874 7564 USBSTOR - ok 17:03:36.0879 7564 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 17:03:36.0886 7564 usbuhci - ok 17:03:36.0891 7564 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 17:03:36.0913 7564 UxSms - ok 17:03:36.0920 7564 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:03:36.0927 7564 VaultSvc - ok 17:03:36.0932 7564 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 17:03:36.0938 7564 vdrvroot - ok 17:03:36.0957 7564 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 17:03:36.0982 7564 vds - ok 17:03:36.0987 7564 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 17:03:36.0996 7564 vga - ok 17:03:37.0000 7564 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 17:03:37.0021 7564 VgaSave - ok 17:03:37.0032 7564 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 17:03:37.0040 7564 vhdmp - ok 17:03:37.0044 7564 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 17:03:37.0050 7564 viaide - ok 17:03:37.0057 7564 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 17:03:37.0064 7564 volmgr - ok 17:03:37.0081 7564 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 17:03:37.0091 7564 volmgrx - ok 17:03:37.0104 7564 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 17:03:37.0113 7564 volsnap - ok 17:03:37.0118 7564 VProEventMonitor (8b7454930230db4bc4ba35a467be09aa) C:\Windows\system32\DRIVERS\vproeventmonitor.sys 17:03:37.0123 7564 VProEventMonitor - ok 17:03:37.0133 7564 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 17:03:37.0140 7564 vsmraid - ok 17:03:37.0184 7564 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 17:03:37.0216 7564 VSS - ok 17:03:37.0244 7564 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 17:03:37.0253 7564 vwifibus - ok 17:03:37.0259 7564 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 17:03:37.0269 7564 vwififlt - ok 17:03:37.0273 7564 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 17:03:37.0283 7564 vwifimp - ok 17:03:37.0300 7564 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 17:03:37.0324 7564 W32Time - ok 17:03:37.0331 7564 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 17:03:37.0338 7564 WacomPen - ok 17:03:37.0345 7564 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:03:37.0366 7564 WANARP - ok 17:03:37.0369 7564 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:03:37.0389 7564 Wanarpv6 - ok 17:03:37.0433 7564 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 17:03:37.0450 7564 WatAdminSvc - ok 17:03:37.0496 7564 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 17:03:37.0514 7564 wbengine - ok 17:03:37.0547 7564 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 17:03:37.0559 7564 WbioSrvc - ok 17:03:37.0573 7564 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 17:03:37.0586 7564 wcncsvc - ok 17:03:37.0592 7564 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 17:03:37.0600 7564 WcsPlugInService - ok 17:03:37.0608 7564 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 17:03:37.0614 7564 Wd - ok 17:03:37.0636 7564 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 17:03:37.0648 7564 Wdf01000 - ok 17:03:37.0656 7564 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 17:03:37.0667 7564 WdiServiceHost - ok 17:03:37.0670 7564 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 17:03:37.0681 7564 WdiSystemHost - ok 17:03:37.0693 7564 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 17:03:37.0705 7564 WebClient - ok 17:03:37.0718 7564 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 17:03:37.0741 7564 Wecsvc - ok 17:03:37.0749 7564 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 17:03:37.0771 7564 wercplsupport - ok 17:03:37.0777 7564 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 17:03:37.0799 7564 WerSvc - ok 17:03:37.0806 7564 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 17:03:37.0826 7564 WfpLwf - ok 17:03:37.0836 7564 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys 17:03:37.0844 7564 WimFltr - ok 17:03:37.0848 7564 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 17:03:37.0854 7564 WIMMount - ok 17:03:37.0860 7564 WinDefend - ok 17:03:37.0868 7564 WinHttpAutoProxySvc - ok 17:03:37.0884 7564 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 17:03:37.0906 7564 Winmgmt - ok 17:03:37.0965 7564 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 17:03:37.0999 7564 WinRM - ok 17:03:38.0033 7564 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 17:03:38.0042 7564 WinUsb - ok 17:03:38.0072 7564 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 17:03:38.0089 7564 Wlansvc - ok 17:03:38.0097 7564 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 17:03:38.0102 7564 wlcrasvc - ok 17:03:38.0170 7564 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:03:38.0196 7564 wlidsvc - ok 17:03:38.0204 7564 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE 17:03:38.0207 7564 wltrysvc ( UnsignedFile.Multi.Generic ) - warning 17:03:38.0207 7564 wltrysvc - detected UnsignedFile.Multi.Generic (1) 17:03:38.0233 7564 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 17:03:38.0240 7564 WmiAcpi - ok 17:03:38.0255 7564 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 17:03:38.0264 7564 wmiApSrv - ok 17:03:38.0269 7564 WMPNetworkSvc - ok 17:03:38.0274 7564 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 17:03:38.0282 7564 WPCSvc - ok 17:03:38.0291 7564 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 17:03:38.0300 7564 WPDBusEnum - ok 17:03:38.0305 7564 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 17:03:38.0325 7564 ws2ifsl - ok 17:03:38.0333 7564 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 17:03:38.0344 7564 wscsvc - ok 17:03:38.0348 7564 WSearch - ok 17:03:38.0416 7564 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 17:03:38.0454 7564 wuauserv - ok 17:03:38.0486 7564 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 17:03:38.0506 7564 WudfPf - ok 17:03:38.0519 7564 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:03:38.0540 7564 WUDFRd - ok 17:03:38.0547 7564 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 17:03:38.0569 7564 wudfsvc - ok 17:03:38.0581 7564 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 17:03:38.0592 7564 WwanSvc - ok 17:03:38.0603 7564 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys 17:03:38.0609 7564 xusb21 - ok 17:03:38.0631 7564 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 17:03:38.0640 7564 YahooAUService - ok 17:03:38.0652 7564 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 17:03:38.0665 7564 \Device\Harddisk0\DR0 - ok 17:03:38.0667 7564 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1 17:03:38.0783 7564 \Device\Harddisk1\DR1 - ok 17:03:38.0809 7564 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2 17:03:38.0861 7564 \Device\Harddisk2\DR2 - ok 17:03:39.0428 7564 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk3\DR3 17:03:40.0693 7564 \Device\Harddisk3\DR3 - ok 17:03:40.0697 7564 Boot (0x1200) (75833aeeba04646fccb6700a44f57a1f) \Device\Harddisk0\DR0\Partition0 17:03:40.0698 7564 \Device\Harddisk0\DR0\Partition0 - ok 17:03:40.0727 7564 Boot (0x1200) (4887e986014c0fe7eb50f1cc7aaa3be9) \Device\Harddisk1\DR1\Partition0 17:03:40.0729 7564 \Device\Harddisk1\DR1\Partition0 - ok 17:03:40.0731 7564 Boot (0x1200) (c9448b3045b38628cdd9b2e772bf1384) \Device\Harddisk1\DR1\Partition1 17:03:40.0732 7564 \Device\Harddisk1\DR1\Partition1 - ok 17:03:40.0734 7564 Boot (0x1200) (62327f75a9ee1cd1472e9d15b1f7a9b4) \Device\Harddisk2\DR2\Partition0 17:03:40.0735 7564 \Device\Harddisk2\DR2\Partition0 - ok 17:03:40.0736 7564 Boot (0x1200) (5f46207087cef4d3d76391100c3dec7c) \Device\Harddisk3\DR3\Partition0 17:03:40.0737 7564 \Device\Harddisk3\DR3\Partition0 - ok 17:03:40.0738 7564 ============================================================ 17:03:40.0738 7564 Scan finished 17:03:40.0738 7564 ============================================================ 17:03:40.0742 4812 Detected object count: 8 17:03:40.0742 4812 Actual detected object count: 8 17:03:44.0320 4812 AGCoreService ( UnsignedFile.Multi.Generic ) - skipped by user 17:03:44.0320 4812 AGCoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:03:44.0320 4812 awhost32 ( UnsignedFile.Multi.Generic ) - skipped by user 17:03:44.0320 4812 awhost32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:03:44.0321 4812 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user 17:03:44.0321 4812 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:03:44.0325 4812 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user 17:03:44.0325 4812 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:03:44.0326 4812 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user 17:03:44.0326 4812 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:03:44.0326 4812 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 17:03:44.0326 4812 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:03:44.0327 4812 PMEM ( UnsignedFile.Multi.Generic ) - skipped by user 17:03:44.0327 4812 PMEM ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:03:44.0327 4812 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:03:44.0327 4812 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
  12. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.08.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 lmf1 :: LMF-DELL [administrator] Protection: Enabled 05/08/12 04:57:04 PM mbam-log-2012-05-08 (16-57-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230616 Time elapsed: 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  13. what was found? did i miss in your response?
  14. Can't seem to ditch the damn thing. Help is greatly appreciated. Attach.txt DDS.txt