mafai44

Members
  • Content count

    12
  • Joined

  • Last visited

About mafai44

  • Rank
    New Member
  1. <p> </p> <div>ComboFix 12-07-30.03 - Mom 07/31/2012 18:44:01.1.4 - x86</div> <div>Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1686 [GMT -4:00]</div> <div>Running from: c:\users\Scott\Downloads\ComboFix.exe</div> <div>AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}</div> <div>SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}</div> <div>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\eb.exe</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\eb.sys</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\energy.drv</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\exec.sys</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\fix.exe</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\grid.drv</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\PE.dll</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\PE.drv</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.exe</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe</div> <div>c:\users\Public\RemoveSGP0.exe</div> <div>c:\windows\system32\drivers\snetcfg.exe</div> <div>c:\windows\system32\ndisapi.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2012-07-31 23:00 . 2012-07-31 23:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Local\temp</div> <div>2012-07-31 23:00 . 2012-07-31 23:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div> <div>2012-07-31 23:00 . 2012-07-31 23:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Courtney\AppData\Local\temp</div> <div>2012-07-31 22:37 . 2012-06-02 22:19<span class="Apple-tab-span" style="white-space:pre"> </span>53784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuauclt.exe</div> <div>2012-07-31 22:37 . 2012-06-02 22:19<span class="Apple-tab-span" style="white-space:pre"> </span>45080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wups2.dll</div> <div>2012-07-31 22:37 . 2012-06-02 22:19<span class="Apple-tab-span" style="white-space:pre"> </span>1933848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaueng.dll</div> <div>2012-07-31 22:37 . 2012-06-02 22:12<span class="Apple-tab-span" style="white-space:pre"> </span>2422272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wucltux.dll</div> <div>2012-07-31 22:36 . 2012-06-02 19:19<span class="Apple-tab-span" style="white-space:pre"> </span>171904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuwebv.dll</div> <div>2012-07-31 22:36 . 2012-06-02 19:12<span class="Apple-tab-span" style="white-space:pre"> </span>33792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapp.exe</div> <div>2012-07-31 12:28 . 2012-07-31 22:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\TDSSKiller_Quarantine</div> <div>2012-07-24 03:02 . 2012-07-24 03:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Defraggler</div> <div>2012-07-24 02:40 . 2012-02-29 15:11<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wmi.dll</div> <div>2012-07-24 02:40 . 2012-02-29 15:11<span class="Apple-tab-span" style="white-space:pre"> </span>172032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div> <div>2012-07-24 02:40 . 2012-02-29 15:09<span class="Apple-tab-span" style="white-space:pre"> </span>157696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\imagehlp.dll</div> <div>2012-07-24 02:40 . 2012-02-29 13:32<span class="Apple-tab-span" style="white-space:pre"> </span>12800<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\fs_rec.sys</div> <div>2012-07-24 02:40 . 2012-03-30 12:39<span class="Apple-tab-span" style="white-space:pre"> </span>905600<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\tcpip.sys</div> <div>2012-07-24 02:39 . 2012-02-01 13:58<span class="Apple-tab-span" style="white-space:pre"> </span>47104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\PDIALOG.exe</div> <div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>936960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Microsoft Shared\ink\journal.dll</div> <div>2012-07-24 02:39 . 2012-02-01 15:11<span class="Apple-tab-span" style="white-space:pre"> </span>1218048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\NBDoc.DLL</div> <div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>983040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\JNTFiltr.dll</div> <div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>964608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\JNWDRV.dll</div> <div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>1404928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll</div> <div>2012-07-24 02:36 . 2012-07-24 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Courtney\AppData\Local\AVG Secure Search</div> <div>2012-07-24 02:36 . 2012-07-24 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Courtney\AppData\Roaming\AVG2012</div> <div>2012-07-23 20:06 . 2012-07-23 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\QuickScan</div> <div>2012-07-23 19:17 . 2011-10-16 16:40<span class="Apple-tab-span" style="white-space:pre"> </span>161736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\14res.dll</div> <div>2012-07-23 18:08 . 2012-07-23 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Local\AVG Secure Search</div> <div>2012-07-23 18:08 . 2012-07-23 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\AVG2012</div> <div>2012-07-23 17:56 . 2012-07-23 17:56<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\SUPERAntiSpyware.com</div> <div>2012-07-23 17:53 . 2012-07-23 17:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\Malwarebytes</div> <div>2012-07-23 17:51 . 2012-07-23 17:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Roaming\AVG2012</div> <div>2012-07-23 17:50 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Local\AVG Secure Search</div> <div>2012-07-23 17:50 . 2012-07-23 17:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVG Secure Search</div> <div>2012-07-23 17:50 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>27496<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgtpx86.sys</div> <div>2012-07-23 17:49 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\AVG Secure Search</div> <div>2012-07-23 17:49 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG Secure Search</div> <div>2012-07-23 17:47 . 2012-07-31 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\AVG</div> <div>2012-07-23 17:47 . 2012-07-23 18:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVG2012</div> <div>2012-07-23 17:47 . 2012-07-23 17:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$AVG</div> <div>2012-07-23 17:46 . 2012-07-23 17:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG</div> <div>2012-07-23 17:41 . 2012-07-31 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\MFAData</div> <div>2012-07-23 17:41 . 2012-07-23 17:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Common Files</div> <div>2012-07-23 17:38 . 2012-07-23 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Roaming\SUPERAntiSpyware.com</div> <div>2012-07-23 17:38 . 2012-07-23 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\SUPERAntiSpyware</div> <div>2012-07-23 17:38 . 2012-07-23 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\SUPERAntiSpyware.com</div> <div>2012-07-23 17:36 . 2012-07-23 17:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Roaming\Malwarebytes</div> <div>2012-07-23 17:35 . 2012-07-23 17:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div> <div>2012-07-23 17:35 . 2012-07-23 17:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div> <div>2012-07-23 17:35 . 2012-07-03 17:46<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-07-23 17:34 . 2012-07-23 17:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CCleaner</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]</div> <div>2012-07-23 17:49<span class="Apple-tab-span" style="white-space:pre"> </span>2086496<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]</div> <div>"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-23 2086496]</div> <div>.</div> <div>[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]</div> <div>[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]</div> <div>[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]</div> <div>"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]</div> <div>"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]</div> <div>"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]</div> <div>"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]</div> <div>"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]</div> <div>"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]</div> <div>"Dell PC TuneUp Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2008-11-18 314224]</div> <div>"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]</div> <div>"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]</div> <div>"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]</div> <div>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]</div> <div>"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]</div> <div>"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]</div> <div>"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-23 1147488]</div> <div>.</div> <div>c:\users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div> <div>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]</div> <div>.</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div> <div>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]</div> <div>.</div> <div>c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div> <div>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]</div> <div>.</div> <div>c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>.</div> <div>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]</div> <div>"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]</div> <div>2011-05-04 17:54<span class="Apple-tab-span" style="white-space:pre"> </span>551296<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\SUPERAntiSpyware\SASWINLO.DLL</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]</div> <div>2008-08-05 12:08<span class="Apple-tab-span" style="white-space:pre"> </span>10536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]</div> <div>"aux2"=wdmaud.drv</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div> <div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]</div> <div>@=""</div> <div>.</div> <div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]</div> <div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk</div> <div>backup=c:\windows\pss\Bluetooth.lnk.CommonStartup</div> <div>backupExtension=.CommonStartup</div> <div>.</div> <div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]</div> <div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</div> <div>backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup</div> <div>backupExtension=.CommonStartup</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]</div> <div>2008-08-14 04:04<span class="Apple-tab-span" style="white-space:pre"> </span>206064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Dell Support Center\bin\sprtcmd.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]</div> <div>2008-03-11 16:44<span class="Apple-tab-span" style="white-space:pre"> </span>16384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Dell Support Center\gs_agent\custom\dsca.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]</div> <div>2011-06-28 11:01<span class="Apple-tab-span" style="white-space:pre"> </span>1195408<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\McAfee.com\Agent\mcagent.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Cfg.exe]</div> <div>2007-08-22 05:39<span class="Apple-tab-span" style="white-space:pre"> </span>28672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\OEM05Cfg.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Mon.exe]</div> <div>2007-08-22 05:39<span class="Apple-tab-span" style="white-space:pre"> </span>36864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\OEM05Mon.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]</div> <div>2009-11-11 04:08<span class="Apple-tab-span" style="white-space:pre"> </span>417792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\QuickTime\QTTask.exe</div> <div>.</div> <div>S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]</div> <div>S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]</div> <div>S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]</div> <div>.</div> <div>.</div> <div>--- Other Services/Drivers In Memory ---</div> <div>.</div> <div>*NewlyCreated* - 07157053</div> <div>*Deregistered* - 07157053</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div> <div>bthsvcs<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>BthServ</div> <div>HPZ12<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>Pml Driver HPZ12 Net Driver HPZ12</div> <div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div> <div>HPService<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>HPSLPSVC</div> <div>LocalServiceAndNoImpersonation<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>FontCache</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-06 22:15]</div> <div>.</div> <div>2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-06 22:15]</div> <div>.</div> <div>2012-07-31 c:\windows\Tasks\User_Feed_Synchronization-{78C0B445-C76B-4AC0-9569-9B08E4A4EF41}.job</div> <div>- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]</div> <div>.</div> <div>2012-03-10 c:\windows\Tasks\User_Feed_Synchronization-{F2A5AD57-D337-4858-8247-926F5611C300}.job</div> <div>- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]</div> <div>.</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uStart Page = hxxp://www.google.com/</div> <div>mStart Page = hxxp://www.yahoo.com</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000</div> <div>IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm</div> <div>IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm</div> <div>LSP: c:\windows\system32\wpclsp.dll</div> <div>Trusted Zone: internet</div> <div>Trusted Zone: mcafee.com</div> <div>TCP: DhcpNameServer = 192.168.1.1 68.237.161.12</div> <div>Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll</div> <div>.</div> <div>.</div> <div>------- File Associations -------</div> <div>.</div> <div>JSEFile=NOTEPAD.EXE %1</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>Toolbar-10 - (no file)</div> <div>WebBrowser-{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - (no file)</div> <div>WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file)</div> <div>WebBrowser-{795828A9-F271-43A8-8536-4484BB991D3D} - (no file)</div> <div>WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file)</div> <div>WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)</div> <div>WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)</div> <div>MSConfigStartUp-FBSSA - c:\program files\SGPSA\ie3sh.exe</div> <div>AddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe</div> <div>.</div> <div>.</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div> <div>Rootkit scan 2012-07-31 19:00</div> <div>Windows 6.0.6002 Service Pack 2 NTFS</div> <div>.</div> <div>scanning hidden processes ... </div> <div>.</div> <div>scanning hidden autostart entries ... </div> <div>.</div> <div>scanning hidden files ... </div> <div>.</div> <div>scan completed successfully</div> <div>hidden files: 0</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>Completion time: 2012-07-31 19:04:03</div> <div>ComboFix-quarantined-files.txt 2012-07-31 23:04</div> <div>.</div> <div>Pre-Run: 463,744,622,592 bytes free</div> <div>Post-Run: 463,880,069,120 bytes free</div> <div>.</div> <div>- - End Of File - - B42BAFBC144B542DDC0A68984F484DEF</div> <div> </div>
  2. <p>Alright, here is combofix log</p> <p> </p> <p> </p> <p> </p> <div>ComboFix 12-07-30.03 - Mom 07/31/2012 18:44:01.1.4 - x86</div> <div>Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1686 [GMT -4:00]</div> <div>Running from: c:\users\Scott\Downloads\ComboFix.exe</div> <div>AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}</div> <div>SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}</div> <div>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\eb.exe</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\eb.sys</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\energy.drv</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\exec.sys</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\fix.exe</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\grid.drv</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\PE.dll</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\PE.drv</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.exe</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe</div> <div>c:\users\Public\RemoveSGP0.exe</div> <div>c:\windows\system32\drivers\snetcfg.exe</div> <div>c:\windows\system32\ndisapi.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2012-07-31 23:00 . 2012-07-31 23:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Local\temp</div> <div>2012-07-31 23:00 . 2012-07-31 23:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div> <div>2012-07-31 23:00 . 2012-07-31 23:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Courtney\AppData\Local\temp</div> <div>2012-07-31 22:37 . 2012-06-02 22:19<span class="Apple-tab-span" style="white-space:pre"> </span>53784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuauclt.exe</div> <div>2012-07-31 22:37 . 2012-06-02 22:19<span class="Apple-tab-span" style="white-space:pre"> </span>45080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wups2.dll</div> <div>2012-07-31 22:37 . 2012-06-02 22:19<span class="Apple-tab-span" style="white-space:pre"> </span>1933848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaueng.dll</div> <div>2012-07-31 22:37 . 2012-06-02 22:12<span class="Apple-tab-span" style="white-space:pre"> </span>2422272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wucltux.dll</div> <div>2012-07-31 22:36 . 2012-06-02 19:19<span class="Apple-tab-span" style="white-space:pre"> </span>171904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuwebv.dll</div> <div>2012-07-31 22:36 . 2012-06-02 19:12<span class="Apple-tab-span" style="white-space:pre"> </span>33792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapp.exe</div> <div>2012-07-31 12:28 . 2012-07-31 22:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\TDSSKiller_Quarantine</div> <div>2012-07-24 03:02 . 2012-07-24 03:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Defraggler</div> <div>2012-07-24 02:40 . 2012-02-29 15:11<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wmi.dll</div> <div>2012-07-24 02:40 . 2012-02-29 15:11<span class="Apple-tab-span" style="white-space:pre"> </span>172032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div> <div>2012-07-24 02:40 . 2012-02-29 15:09<span class="Apple-tab-span" style="white-space:pre"> </span>157696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\imagehlp.dll</div> <div>2012-07-24 02:40 . 2012-02-29 13:32<span class="Apple-tab-span" style="white-space:pre"> </span>12800<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\fs_rec.sys</div> <div>2012-07-24 02:40 . 2012-03-30 12:39<span class="Apple-tab-span" style="white-space:pre"> </span>905600<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\tcpip.sys</div> <div>2012-07-24 02:39 . 2012-02-01 13:58<span class="Apple-tab-span" style="white-space:pre"> </span>47104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\PDIALOG.exe</div> <div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>936960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Microsoft Shared\ink\journal.dll</div> <div>2012-07-24 02:39 . 2012-02-01 15:11<span class="Apple-tab-span" style="white-space:pre"> </span>1218048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\NBDoc.DLL</div> <div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>983040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\JNTFiltr.dll</div> <div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>964608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\JNWDRV.dll</div> <div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>1404928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll</div> <div>2012-07-24 02:36 . 2012-07-24 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Courtney\AppData\Local\AVG Secure Search</div> <div>2012-07-24 02:36 . 2012-07-24 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Courtney\AppData\Roaming\AVG2012</div> <div>2012-07-23 20:06 . 2012-07-23 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\QuickScan</div> <div>2012-07-23 19:17 . 2011-10-16 16:40<span class="Apple-tab-span" style="white-space:pre"> </span>161736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\14res.dll</div> <div>2012-07-23 18:08 . 2012-07-23 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Local\AVG Secure Search</div> <div>2012-07-23 18:08 . 2012-07-23 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\AVG2012</div> <div>2012-07-23 17:56 . 2012-07-23 17:56<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\SUPERAntiSpyware.com</div> <div>2012-07-23 17:53 . 2012-07-23 17:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\Malwarebytes</div> <div>2012-07-23 17:51 . 2012-07-23 17:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Roaming\AVG2012</div> <div>2012-07-23 17:50 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Local\AVG Secure Search</div> <div>2012-07-23 17:50 . 2012-07-23 17:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVG Secure Search</div> <div>2012-07-23 17:50 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>27496<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgtpx86.sys</div> <div>2012-07-23 17:49 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\AVG Secure Search</div> <div>2012-07-23 17:49 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG Secure Search</div> <div>2012-07-23 17:47 . 2012-07-31 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\AVG</div> <div>2012-07-23 17:47 . 2012-07-23 18:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVG2012</div> <div>2012-07-23 17:47 . 2012-07-23 17:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$AVG</div> <div>2012-07-23 17:46 . 2012-07-23 17:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG</div> <div>2012-07-23 17:41 . 2012-07-31 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\MFAData</div> <div>2012-07-23 17:41 . 2012-07-23 17:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Common Files</div> <div>2012-07-23 17:38 . 2012-07-23 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Roaming\SUPERAntiSpyware.com</div> <div>2012-07-23 17:38 . 2012-07-23 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\SUPERAntiSpyware</div> <div>2012-07-23 17:38 . 2012-07-23 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\SUPERAntiSpyware.com</div> <div>2012-07-23 17:36 . 2012-07-23 17:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Roaming\Malwarebytes</div> <div>2012-07-23 17:35 . 2012-07-23 17:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div> <div>2012-07-23 17:35 . 2012-07-23 17:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div> <div>2012-07-23 17:35 . 2012-07-03 17:46<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-07-23 17:34 . 2012-07-23 17:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CCleaner</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]</div> <div>2012-07-23 17:49<span class="Apple-tab-span" style="white-space:pre"> </span>2086496<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]</div> <div>"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-23 2086496]</div> <div>.</div> <div>[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]</div> <div>[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]</div> <div>[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]</div> <div>"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]</div> <div>"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]</div> <div>"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]</div> <div>"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]</div> <div>"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]</div> <div>"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]</div> <div>"Dell PC TuneUp Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2008-11-18 314224]</div> <div>"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]</div> <div>"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]</div> <div>"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]</div> <div>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]</div> <div>"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]</div> <div>"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]</div> <div>"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-23 1147488]</div> <div>.</div> <div>c:\users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div> <div>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]</div> <div>.</div> <div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div> <div>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]</div> <div>.</div> <div>c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div> <div>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]</div> <div>.</div> <div>c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>.</div> <div>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]</div> <div>"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]</div> <div>2011-05-04 17:54<span class="Apple-tab-span" style="white-space:pre"> </span>551296<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\SUPERAntiSpyware\SASWINLO.DLL</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]</div> <div>2008-08-05 12:08<span class="Apple-tab-span" style="white-space:pre"> </span>10536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]</div> <div>"aux2"=wdmaud.drv</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div> <div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]</div> <div>@=""</div> <div>.</div> <div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]</div> <div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk</div> <div>backup=c:\windows\pss\Bluetooth.lnk.CommonStartup</div> <div>backupExtension=.CommonStartup</div> <div>.</div> <div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]</div> <div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</div> <div>backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup</div> <div>backupExtension=.CommonStartup</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]</div> <div>2008-08-14 04:04<span class="Apple-tab-span" style="white-space:pre"> </span>206064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Dell Support Center\bin\sprtcmd.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]</div> <div>2008-03-11 16:44<span class="Apple-tab-span" style="white-space:pre"> </span>16384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Dell Support Center\gs_agent\custom\dsca.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]</div> <div>2011-06-28 11:01<span class="Apple-tab-span" style="white-space:pre"> </span>1195408<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\McAfee.com\Agent\mcagent.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Cfg.exe]</div> <div>2007-08-22 05:39<span class="Apple-tab-span" style="white-space:pre"> </span>28672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\OEM05Cfg.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Mon.exe]</div> <div>2007-08-22 05:39<span class="Apple-tab-span" style="white-space:pre"> </span>36864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\OEM05Mon.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]</div> <div>2009-11-11 04:08<span class="Apple-tab-span" style="white-space:pre"> </span>417792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\QuickTime\QTTask.exe</div> <div>.</div> <div>S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]</div> <div>S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]</div> <div>S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]</div> <div>.</div> <div>.</div> <div>--- Other Services/Drivers In Memory ---</div> <div>.</div> <div>*NewlyCreated* - 07157053</div> <div>*Deregistered* - 07157053</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div> <div>bthsvcs<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>BthServ</div> <div>HPZ12<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>Pml Driver HPZ12 Net Driver HPZ12</div> <div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div> <div>HPService<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>HPSLPSVC</div> <div>LocalServiceAndNoImpersonation<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>FontCache</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-06 22:15]</div> <div>.</div> <div>2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-06 22:15]</div> <div>.</div> <div>2012-07-31 c:\windows\Tasks\User_Feed_Synchronization-{78C0B445-C76B-4AC0-9569-9B08E4A4EF41}.job</div> <div>- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]</div> <div>.</div> <div>2012-03-10 c:\windows\Tasks\User_Feed_Synchronization-{F2A5AD57-D337-4858-8247-926F5611C300}.job</div> <div>- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]</div> <div>.</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uStart Page = hxxp://www.google.com/</div> <div>mStart Page = hxxp://www.yahoo.com</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000</div> <div>IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm</div> <div>IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm</div> <div>LSP: c:\windows\system32\wpclsp.dll</div> <div>Trusted Zone: internet</div> <div>Trusted Zone: mcafee.com</div> <div>TCP: DhcpNameServer = 192.168.1.1 68.237.161.12</div> <div>Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll</div> <div>.</div> <div>.</div> <div>------- File Associations -------</div> <div>.</div> <div>JSEFile=NOTEPAD.EXE %1</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>Toolbar-10 - (no file)</div> <div>WebBrowser-{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - (no file)</div> <div>WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file)</div> <div>WebBrowser-{795828A9-F271-43A8-8536-4484BB991D3D} - (no file)</div> <div>WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file)</div> <div>WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)</div> <div>WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)</div> <div>MSConfigStartUp-FBSSA - c:\program files\SGPSA\ie3sh.exe</div> <div>AddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe</div> <div>.</div> <div>.</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div> <div>Rootkit scan 2012-07-31 19:00</div> <div>Windows 6.0.6002 Service Pack 2 NTFS</div> <div>.</div> <div>scanning hidden processes ... </div> <div>.</div> <div>scanning hidden autostart entries ... </div> <div>.</div> <div>scanning hidden files ... </div> <div>.</div> <div>scan completed successfully</div> <div>hidden files: 0</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>Completion time: 2012-07-31 19:04:03</div> <div>ComboFix-quarantined-files.txt 2012-07-31 23:04</div> <div>.</div> <div>Pre-Run: 463,744,622,592 bytes free</div> <div>Post-Run: 463,880,069,120 bytes free</div> <div>.</div> <div>- - End Of File - - B42BAFBC144B542DDC0A68984F484DEF</div> <div> </div>
  3. Thanks admin I appreciate the useful information. Will def use it!
  4. Alright I have 2 logs here from the same scan so Ill just post both of them. First Log 08:26:04.0689 2972 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 08:26:04.0970 2972 ============================================================ 08:26:04.0970 2972 Current date / time: 2012/07/31 08:26:04.0970 08:26:04.0970 2972 SystemInfo: 08:26:04.0970 2972 08:26:04.0970 2972 OS Version: 6.0.6002 ServicePack: 2.0 08:26:04.0970 2972 Product type: Workstation 08:26:04.0970 2972 ComputerName: MOM-PC 08:26:04.0970 2972 UserName: Mom 08:26:04.0970 2972 Windows directory: C:\Windows 08:26:04.0970 2972 System windows directory: C:\Windows 08:26:04.0970 2972 Processor architecture: Intel x86 08:26:04.0970 2972 Number of processors: 4 08:26:04.0970 2972 Page size: 0x1000 08:26:04.0970 2972 Boot type: Normal boot 08:26:04.0970 2972 ============================================================ 08:26:06.0639 2972 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 08:26:06.0686 2972 ============================================================ 08:26:06.0686 2972 \Device\Harddisk0\DR0: 08:26:06.0686 2972 MBR partitions: 08:26:06.0686 2972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000 08:26:06.0686 2972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x5612A000 08:26:06.0686 2972 ============================================================ 08:26:06.0779 2972 C: <-> \Device\Harddisk0\DR0\Partition1 08:26:06.0857 2972 D: <-> \Device\Harddisk0\DR0\Partition0 08:26:06.0857 2972 ============================================================ 08:26:06.0857 2972 Initialize success 08:26:06.0857 2972 ============================================================ 08:26:09.0104 5920 ============================================================ 08:26:09.0104 5920 Scan started 08:26:09.0104 5920 Mode: Manual; 08:26:09.0104 5920 ============================================================ 08:26:10.0399 5920 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 08:26:10.0399 5920 !SASCORE - ok 08:26:10.0851 5920 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 08:26:10.0851 5920 ACPI - ok 08:26:11.0038 5920 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe 08:26:11.0038 5920 AdobeActiveFileMonitor7.0 - ok 08:26:11.0303 5920 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 08:26:11.0303 5920 adp94xx - ok 08:26:11.0335 5920 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 08:26:11.0350 5920 adpahci - ok 08:26:11.0350 5920 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 08:26:11.0350 5920 adpu160m - ok 08:26:11.0366 5920 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 08:26:11.0381 5920 adpu320 - ok 08:26:11.0397 5920 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 08:26:11.0397 5920 AeLookupSvc - ok 08:26:11.0428 5920 AERTFilters (330a1e4df07c2e29949ed8631cd8828e) C:\Windows\system32\AERTSrv.exe 08:26:11.0428 5920 AERTFilters - ok 08:26:11.0459 5920 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 08:26:11.0475 5920 AFD - ok 08:26:11.0475 5920 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 08:26:11.0491 5920 agp440 - ok 08:26:11.0506 5920 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 08:26:11.0506 5920 aic78xx - ok 08:26:11.0522 5920 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 08:26:11.0522 5920 ALG - ok 08:26:11.0522 5920 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 08:26:11.0522 5920 aliide - ok 08:26:11.0537 5920 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 08:26:11.0537 5920 amdagp - ok 08:26:11.0537 5920 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 08:26:11.0537 5920 amdide - ok 08:26:11.0553 5920 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 08:26:11.0553 5920 AmdK7 - ok 08:26:11.0569 5920 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 08:26:11.0569 5920 AmdK8 - ok 08:26:11.0569 5920 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 08:26:11.0584 5920 Appinfo - ok 08:26:11.0600 5920 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll 08:26:11.0600 5920 AppMgmt - ok 08:26:11.0615 5920 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 08:26:11.0615 5920 arc - ok 08:26:11.0615 5920 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 08:26:11.0615 5920 arcsas - ok 08:26:11.0631 5920 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 08:26:11.0631 5920 AsyncMac - ok 08:26:11.0662 5920 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 08:26:11.0662 5920 atapi - ok 08:26:11.0709 5920 Ati External Event Utility (c797d9ee6aeb9dbc01fc00b14216e02f) C:\Windows\system32\Ati2evxx.exe 08:26:11.0709 5920 Ati External Event Utility - ok 08:26:12.0442 5920 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys 08:26:12.0458 5920 atikmdag - ok 08:26:12.0458 5920 Scan interrupted by user! 08:26:12.0458 5920 Scan interrupted by user! 08:26:12.0458 5920 Scan interrupted by user! 08:26:12.0458 5920 ============================================================ 08:26:12.0458 5920 Scan finished 08:26:12.0458 5920 ============================================================ 08:26:12.0458 6036 Detected object count: 0 08:26:12.0458 6036 Actual detected object count: 0 08:26:15.0437 5520 Deinitialize success Second Log 08:26:37.0153 5544 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 08:26:37.0590 5544 ============================================================ 08:26:37.0590 5544 Current date / time: 2012/07/31 08:26:37.0590 08:26:37.0590 5544 SystemInfo: 08:26:37.0590 5544 08:26:37.0590 5544 OS Version: 6.0.6002 ServicePack: 2.0 08:26:37.0590 5544 Product type: Workstation 08:26:37.0590 5544 ComputerName: MOM-PC 08:26:37.0590 5544 UserName: Mom 08:26:37.0590 5544 Windows directory: C:\Windows 08:26:37.0590 5544 System windows directory: C:\Windows 08:26:37.0590 5544 Processor architecture: Intel x86 08:26:37.0590 5544 Number of processors: 4 08:26:37.0590 5544 Page size: 0x1000 08:26:37.0590 5544 Boot type: Normal boot 08:26:37.0590 5544 ============================================================ 08:26:43.0564 5544 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 08:26:43.0627 5544 ============================================================ 08:26:43.0627 5544 \Device\Harddisk0\DR0: 08:26:43.0658 5544 MBR partitions: 08:26:43.0658 5544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000 08:26:43.0658 5544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x5612A000 08:26:43.0658 5544 ============================================================ 08:26:43.0783 5544 C: <-> \Device\Harddisk0\DR0\Partition1 08:26:43.0876 5544 D: <-> \Device\Harddisk0\DR0\Partition0 08:26:43.0876 5544 ============================================================ 08:26:43.0876 5544 Initialize success 08:26:43.0876 5544 ============================================================ 08:26:54.0812 3352 ============================================================ 08:26:54.0812 3352 Scan started 08:26:54.0812 3352 Mode: Manual; SigCheck; TDLFS; 08:26:54.0812 3352 ============================================================ 08:26:55.0514 3352 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 08:26:55.0639 3352 !SASCORE - ok 08:26:55.0717 3352 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 08:26:55.0748 3352 ACPI - ok 08:26:55.0935 3352 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe 08:26:55.0951 3352 AdobeActiveFileMonitor7.0 - ok 08:26:56.0076 3352 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 08:26:56.0091 3352 adp94xx - ok 08:26:56.0138 3352 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 08:26:56.0154 3352 adpahci - ok 08:26:56.0247 3352 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 08:26:56.0263 3352 adpu160m - ok 08:26:56.0512 3352 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 08:26:56.0528 3352 adpu320 - ok 08:26:56.0544 3352 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 08:26:56.0606 3352 AeLookupSvc - ok 08:26:56.0637 3352 AERTFilters (330a1e4df07c2e29949ed8631cd8828e) C:\Windows\system32\AERTSrv.exe 08:26:56.0653 3352 AERTFilters - ok 08:26:56.0684 3352 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 08:26:56.0715 3352 AFD - ok 08:26:56.0715 3352 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 08:26:56.0731 3352 agp440 - ok 08:26:56.0746 3352 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 08:26:56.0762 3352 aic78xx - ok 08:26:56.0809 3352 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 08:26:56.0840 3352 ALG - ok 08:26:56.0965 3352 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 08:26:56.0980 3352 aliide - ok 08:26:57.0074 3352 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 08:26:57.0074 3352 amdagp - ok 08:26:57.0121 3352 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 08:26:57.0136 3352 amdide - ok 08:26:57.0308 3352 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 08:26:57.0355 3352 AmdK7 - ok 08:26:57.0370 3352 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 08:26:57.0402 3352 AmdK8 - ok 08:26:57.0417 3352 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 08:26:57.0433 3352 Appinfo - ok 08:26:57.0448 3352 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll 08:26:57.0495 3352 AppMgmt - ok 08:26:57.0526 3352 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 08:26:57.0526 3352 arc - ok 08:26:57.0542 3352 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 08:26:57.0558 3352 arcsas - ok 08:26:57.0636 3352 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 08:26:57.0667 3352 AsyncMac - ok 08:26:57.0682 3352 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 08:26:57.0698 3352 atapi - ok 08:26:57.0745 3352 Ati External Event Utility (c797d9ee6aeb9dbc01fc00b14216e02f) C:\Windows\system32\Ati2evxx.exe 08:26:57.0760 3352 Ati External Event Utility - ok 08:26:57.0963 3352 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys 08:26:58.0041 3352 atikmdag - ok 08:26:58.0119 3352 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 08:26:58.0150 3352 AudioEndpointBuilder - ok 08:26:58.0150 3352 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 08:26:58.0182 3352 Audiosrv - ok 08:26:59.0040 3352 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe 08:26:59.0211 3352 AVGIDSAgent - ok 08:26:59.0430 3352 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys 08:26:59.0648 3352 AVGIDSDriver - ok 08:26:59.0679 3352 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys 08:26:59.0695 3352 AVGIDSFilter - ok 08:26:59.0773 3352 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys 08:26:59.0788 3352 AVGIDSHX - ok 08:26:59.0835 3352 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys 08:26:59.0835 3352 AVGIDSShim - ok 08:26:59.0898 3352 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys 08:26:59.0913 3352 Avgldx86 - ok 08:26:59.0991 3352 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys 08:27:00.0007 3352 Avgmfx86 - ok 08:27:00.0132 3352 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys 08:27:00.0147 3352 Avgrkx86 - ok 08:27:00.0303 3352 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys 08:27:00.0319 3352 Avgtdix - ok 08:27:00.0350 3352 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\Windows\system32\drivers\avgtpx86.sys 08:27:00.0366 3352 avgtp - ok 08:27:00.0490 3352 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 08:27:00.0506 3352 avgwd - ok 08:27:00.0646 3352 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys 08:27:00.0724 3352 BCM43XX - ok 08:27:00.0740 3352 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 08:27:00.0771 3352 Beep - ok 08:27:00.0818 3352 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 08:27:00.0865 3352 BFE - ok 08:27:00.0927 3352 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 08:27:00.0990 3352 BITS - ok 08:27:01.0021 3352 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 08:27:01.0068 3352 blbdrive - ok 08:27:01.0130 3352 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe 08:27:01.0146 3352 Bonjour Service - ok 08:27:01.0239 3352 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 08:27:01.0270 3352 bowser - ok 08:27:01.0317 3352 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 08:27:01.0348 3352 BrFiltLo - ok 08:27:01.0380 3352 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 08:27:01.0395 3352 BrFiltUp - ok 08:27:01.0458 3352 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 08:27:01.0489 3352 Browser - ok 08:27:01.0567 3352 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 08:27:01.0770 3352 Brserid - ok 08:27:01.0785 3352 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 08:27:01.0816 3352 BrSerWdm - ok 08:27:01.0832 3352 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 08:27:01.0879 3352 BrUsbMdm - ok 08:27:01.0910 3352 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 08:27:01.0957 3352 BrUsbSer - ok 08:27:02.0019 3352 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 08:27:02.0050 3352 BthEnum - ok 08:27:02.0066 3352 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys 08:27:02.0082 3352 BTHMODEM - ok 08:27:02.0113 3352 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 08:27:02.0144 3352 BthPan - ok 08:27:02.0175 3352 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys 08:27:02.0238 3352 BTHPORT - ok 08:27:02.0253 3352 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll 08:27:02.0269 3352 BthServ - ok 08:27:02.0300 3352 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys 08:27:02.0347 3352 BTHUSB - ok 08:27:02.0362 3352 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys 08:27:02.0378 3352 btwaudio - ok 08:27:02.0456 3352 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys 08:27:02.0472 3352 btwavdt - ok 08:27:02.0628 3352 btwdins (cb3eba480beb1855fb63cdba5e406712) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 08:27:02.0659 3352 btwdins - ok 08:27:02.0690 3352 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys 08:27:02.0706 3352 btwrchid - ok 08:27:02.0721 3352 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 08:27:02.0752 3352 cdfs - ok 08:27:02.0784 3352 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 08:27:02.0815 3352 cdrom - ok 08:27:02.0830 3352 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 08:27:02.0862 3352 CertPropSvc - ok 08:27:02.0893 3352 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys 08:27:02.0908 3352 cfwids - ok 08:27:02.0924 3352 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 08:27:02.0955 3352 circlass - ok 08:27:03.0252 3352 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 08:27:03.0267 3352 CLFS - ok 08:27:03.0361 3352 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:27:03.0376 3352 clr_optimization_v2.0.50727_32 - ok 08:27:03.0423 3352 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 08:27:03.0439 3352 cmdide - ok 08:27:03.0501 3352 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys 08:27:03.0517 3352 Compbatt - ok 08:27:03.0517 3352 COMSysApp - ok 08:27:03.0548 3352 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 08:27:03.0564 3352 crcdisk - ok 08:27:03.0642 3352 Creative Labs Licensing Service (0c629820aad9c90e456b221c94d640ca) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe 08:27:03.0642 3352 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - warning 08:27:03.0642 3352 Creative Labs Licensing Service - detected UnsignedFile.Multi.Generic (1) 08:27:03.0720 3352 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\Windows\system32\CTsvcCDA.exe 08:27:03.0735 3352 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning 08:27:03.0735 3352 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1) 08:27:03.0798 3352 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 08:27:03.0844 3352 Crusoe - ok 08:27:03.0860 3352 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 08:27:03.0891 3352 CryptSvc - ok 08:27:03.0907 3352 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys 08:27:03.0938 3352 CSC - ok 08:27:04.0375 3352 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll 08:27:04.0406 3352 CscService - ok 08:27:04.0484 3352 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 08:27:04.0515 3352 DcomLaunch - ok 08:27:04.0656 3352 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 08:27:04.0671 3352 DfsC - ok 08:27:04.0765 3352 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 08:27:04.0843 3352 DFSR - ok 08:27:04.0905 3352 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 08:27:04.0936 3352 Dhcp - ok 08:27:05.0077 3352 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 08:27:05.0092 3352 disk - ok 08:27:05.0124 3352 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 08:27:05.0155 3352 Dnscache - ok 08:27:05.0451 3352 DockLoginService (13511564cac5a005255765e322c16967) C:\Program Files\Dell\DellDock\DockLogin.exe 08:27:05.0467 3352 DockLoginService - ok 08:27:05.0560 3352 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 08:27:05.0576 3352 dot3svc - ok 08:27:05.0654 3352 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 08:27:05.0685 3352 Dot4 - ok 08:27:05.0701 3352 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 08:27:05.0716 3352 Dot4Print - ok 08:27:05.0826 3352 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 08:27:05.0857 3352 dot4usb - ok 08:27:05.0872 3352 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 08:27:05.0904 3352 DPS - ok 08:27:05.0935 3352 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 08:27:05.0966 3352 drmkaud - ok 08:27:06.0013 3352 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 08:27:06.0028 3352 DXGKrnl - ok 08:27:06.0200 3352 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys 08:27:06.0216 3352 e1express - ok 08:27:06.0262 3352 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 08:27:06.0294 3352 E1G60 - ok 08:27:06.0325 3352 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 08:27:06.0356 3352 EapHost - ok 08:27:06.0652 3352 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 08:27:06.0668 3352 Ecache - ok 08:27:06.0918 3352 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 08:27:06.0933 3352 ehRecvr - ok 08:27:06.0949 3352 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 08:27:06.0964 3352 ehSched - ok 08:27:07.0011 3352 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 08:27:07.0074 3352 ehstart - ok 08:27:07.0120 3352 ElRawDisk (dc8fcbd7e98fe7be4e7ca9780835fab7) C:\Windows\system32\drivers\elrawdsk.sys 08:27:07.0136 3352 ElRawDisk ( UnsignedFile.Multi.Generic ) - warning 08:27:07.0136 3352 ElRawDisk - detected UnsignedFile.Multi.Generic (1) 08:27:07.0152 3352 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 08:27:07.0183 3352 elxstor - ok 08:27:07.0214 3352 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 08:27:07.0276 3352 EMDMgmt - ok 08:27:07.0292 3352 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 08:27:07.0323 3352 ErrDev - ok 08:27:07.0354 3352 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 08:27:07.0386 3352 EventSystem - ok 08:27:07.0448 3352 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 08:27:07.0479 3352 exfat - ok 08:27:07.0651 3352 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 08:27:07.0698 3352 fastfat - ok 08:27:07.0900 3352 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe 08:27:07.0963 3352 Fax - ok 08:27:08.0010 3352 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 08:27:08.0056 3352 fdc - ok 08:27:08.0088 3352 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 08:27:08.0119 3352 fdPHost - ok 08:27:08.0119 3352 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 08:27:08.0181 3352 FDResPub - ok 08:27:08.0197 3352 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 08:27:08.0212 3352 FileInfo - ok 08:27:08.0244 3352 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 08:27:08.0275 3352 Filetrace - ok 08:27:08.0368 3352 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 08:27:08.0415 3352 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 08:27:08.0415 3352 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 08:27:08.0493 3352 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 08:27:08.0540 3352 flpydisk - ok 08:27:08.0602 3352 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 08:27:08.0618 3352 FltMgr - ok 08:27:08.0774 3352 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 08:27:08.0821 3352 FontCache - ok 08:27:08.0930 3352 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 08:27:08.0946 3352 FontCache3.0.0.0 - ok 08:27:08.0992 3352 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 08:27:09.0070 3352 Fs_Rec - ok 08:27:09.0117 3352 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys 08:27:09.0133 3352 fvevol - ok 08:27:09.0211 3352 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 08:27:09.0226 3352 gagp30kx - ok 08:27:09.0367 3352 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe 08:27:09.0382 3352 GoToAssist - ok 08:27:09.0445 3352 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 08:27:09.0507 3352 gpsvc - ok 08:27:09.0726 3352 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 08:27:09.0741 3352 gupdate - ok 08:27:09.0741 3352 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 08:27:09.0757 3352 gupdatem - ok 08:27:09.0788 3352 gusvc - ok 08:27:09.0866 3352 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 08:27:09.0928 3352 HDAudBus - ok 08:27:09.0975 3352 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 08:27:10.0006 3352 HidBth - ok 08:27:10.0100 3352 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 08:27:10.0131 3352 HidIr - ok 08:27:10.0178 3352 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 08:27:10.0209 3352 hidserv - ok 08:27:10.0225 3352 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 08:27:10.0256 3352 HidUsb - ok 08:27:10.0256 3352 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 08:27:10.0287 3352 hkmsvc - ok 08:27:10.0303 3352 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 08:27:10.0318 3352 HpCISSs - ok 08:27:10.0365 3352 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 08:27:10.0381 3352 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 08:27:10.0381 3352 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 08:27:10.0396 3352 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 08:27:10.0396 3352 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 08:27:10.0396 3352 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 08:27:10.0443 3352 HPSLPSVC (75f122cdca3c71bd09089f2ca824b796) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 08:27:10.0459 3352 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 08:27:10.0459 3352 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 08:27:10.0630 3352 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 08:27:10.0708 3352 HTTP - ok 08:27:10.0755 3352 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 08:27:10.0771 3352 i2omp - ok 08:27:10.0802 3352 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 08:27:10.0833 3352 i8042prt - ok 08:27:10.0880 3352 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys 08:27:10.0896 3352 iaStor - ok 08:27:10.0927 3352 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 08:27:10.0958 3352 iaStorV - ok 08:27:11.0052 3352 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 08:27:11.0130 3352 IDriverT ( UnsignedFile.Multi.Generic ) - warning 08:27:11.0130 3352 IDriverT - detected UnsignedFile.Multi.Generic (1) 08:27:11.0192 3352 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 08:27:11.0223 3352 idsvc - ok 08:27:11.0239 3352 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 08:27:11.0254 3352 iirsp - ok 08:27:11.0301 3352 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 08:27:11.0364 3352 IKEEXT - ok 08:27:11.0442 3352 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys 08:27:11.0488 3352 IntcAzAudAddService - ok 08:27:11.0707 3352 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys 08:27:11.0722 3352 intelide - ok 08:27:11.0785 3352 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 08:27:11.0832 3352 intelppm - ok 08:27:12.0081 3352 ioloFileInfoList (091d8a24bc424e643428e8fc1e17f744) C:\Program Files\iolo\common\lib\ioloServiceManager.exe 08:27:12.0097 3352 ioloFileInfoList - ok 08:27:12.0112 3352 ioloSystemService (091d8a24bc424e643428e8fc1e17f744) C:\Program Files\iolo\common\lib\ioloServiceManager.exe 08:27:12.0128 3352 ioloSystemService - ok 08:27:12.0175 3352 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 08:27:12.0206 3352 IPBusEnum - ok 08:27:12.0222 3352 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:27:12.0253 3352 IpFilterDriver - ok 08:27:12.0284 3352 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 08:27:12.0315 3352 iphlpsvc - ok 08:27:12.0315 3352 IpInIp - ok 08:27:12.0346 3352 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 08:27:12.0378 3352 IPMIDRV - ok 08:27:12.0393 3352 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 08:27:12.0424 3352 IPNAT - ok 08:27:12.0424 3352 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 08:27:12.0456 3352 IRENUM - ok 08:27:12.0565 3352 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 08:27:12.0580 3352 isapnp - ok 08:27:12.0658 3352 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 08:27:12.0674 3352 iScsiPrt - ok 08:27:12.0908 3352 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 08:27:12.0924 3352 iteatapi - ok 08:27:12.0955 3352 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 08:27:12.0970 3352 iteraid - ok 08:27:13.0002 3352 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 08:27:13.0017 3352 kbdclass - ok 08:27:13.0033 3352 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 08:27:13.0064 3352 kbdhid - ok 08:27:13.0158 3352 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 08:27:13.0173 3352 KeyIso - ok 08:27:13.0204 3352 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 08:27:13.0220 3352 KSecDD - ok 08:27:13.0267 3352 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 08:27:13.0298 3352 KtmRm - ok 08:27:13.0329 3352 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 08:27:13.0345 3352 LanmanServer - ok 08:27:13.0392 3352 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 08:27:13.0423 3352 LanmanWorkstation - ok 08:27:13.0454 3352 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 08:27:13.0501 3352 lltdio - ok 08:27:13.0516 3352 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 08:27:13.0548 3352 lltdsvc - ok 08:27:13.0563 3352 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 08:27:13.0610 3352 lmhosts - ok 08:27:13.0626 3352 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 08:27:13.0641 3352 LSI_FC - ok 08:27:13.0657 3352 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 08:27:13.0672 3352 LSI_SAS - ok 08:27:13.0688 3352 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 08:27:13.0704 3352 LSI_SCSI - ok 08:27:13.0719 3352 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 08:27:13.0735 3352 luafv - ok 08:27:13.0750 3352 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys 08:27:13.0782 3352 MBAMProtector - ok 08:27:14.0062 3352 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 08:27:14.0094 3352 MBAMService - ok 08:27:14.0218 3352 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe 08:27:14.0234 3352 McciCMService ( UnsignedFile.Multi.Generic ) - warning 08:27:14.0234 3352 McciCMService - detected UnsignedFile.Multi.Generic (1) 08:27:14.0390 3352 mcmscsvc (b26a3ea976e6fd5c03c65f6e5824ad7c) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 08:27:14.0406 3352 mcmscsvc - ok 08:27:14.0421 3352 McNASvc (b26a3ea976e6fd5c03c65f6e5824ad7c) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 08:27:14.0437 3352 McNASvc - ok 08:27:14.0468 3352 McShield (f2861f8954d464f84c407a06a8d41d2f) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 08:27:14.0484 3352 McShield - ok 08:27:14.0889 3352 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 08:27:14.0905 3352 Mcx2Svc - ok 08:27:14.0936 3352 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 08:27:14.0952 3352 megasas - ok 08:27:15.0123 3352 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 08:27:15.0139 3352 MegaSR - ok 08:27:15.0217 3352 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys 08:27:15.0232 3352 mfeapfk - ok 08:27:15.0264 3352 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys 08:27:15.0279 3352 mfeavfk - ok 08:27:15.0310 3352 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys 08:27:15.0310 3352 mfebopk - ok 08:27:15.0342 3352 mfefire (a6dcd516f8c9e1dd3eac10ba97ea42c1) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 08:27:15.0357 3352 mfefire - ok 08:27:15.0388 3352 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys 08:27:15.0404 3352 mfefirek - ok 08:27:15.0466 3352 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys 08:27:15.0482 3352 mfehidk - ok 08:27:15.0529 3352 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys 08:27:15.0529 3352 mfenlfk - ok 08:27:15.0576 3352 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys 08:27:15.0576 3352 mferkdet - ok 08:27:15.0591 3352 mfevtp (822bd7b6a2214ef6db595579b583a4d3) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe 08:27:15.0607 3352 mfevtp - ok 08:27:15.0622 3352 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys 08:27:15.0638 3352 mfewfpk - ok 08:27:15.0763 3352 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 08:27:15.0810 3352 MMCSS - ok 08:27:15.0997 3352 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 08:27:16.0044 3352 Modem - ok 08:27:16.0059 3352 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 08:27:16.0090 3352 monitor - ok 08:27:16.0106 3352 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 08:27:16.0122 3352 mouclass - ok 08:27:16.0137 3352 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 08:27:16.0215 3352 mouhid - ok 08:27:16.0231 3352 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 08:27:16.0246 3352 MountMgr - ok 08:27:16.0434 3352 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 08:27:16.0434 3352 mpio - ok 08:27:16.0558 3352 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 08:27:16.0605 3352 mpsdrv - ok 08:27:16.0636 3352 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 08:27:16.0683 3352 MpsSvc - ok 08:27:16.0699 3352 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 08:27:16.0714 3352 Mraid35x - ok 08:27:16.0746 3352 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 08:27:16.0761 3352 MREMP50 ( UnsignedFile.Multi.Generic ) - warning 08:27:16.0761 3352 MREMP50 - detected UnsignedFile.Multi.Generic (1) 08:27:16.0777 3352 MREMP50a64 - ok 08:27:16.0777 3352 MREMPR5 - ok 08:27:16.0777 3352 MRENDIS5 - ok 08:27:16.0792 3352 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 08:27:16.0808 3352 MRESP50 ( UnsignedFile.Multi.Generic ) - warning 08:27:16.0808 3352 MRESP50 - detected UnsignedFile.Multi.Generic (1) 08:27:16.0808 3352 MRESP50a64 - ok 08:27:16.0855 3352 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 08:27:16.0870 3352 MRxDAV - ok 08:27:17.0214 3352 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:27:17.0260 3352 mrxsmb - ok 08:27:17.0292 3352 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:27:17.0323 3352 mrxsmb10 - ok 08:27:17.0401 3352 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:27:17.0416 3352 mrxsmb20 - ok 08:27:17.0432 3352 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 08:27:17.0448 3352 msahci - ok 08:27:17.0682 3352 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 08:27:17.0697 3352 msdsm - ok 08:27:17.0884 3352 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 08:27:17.0931 3352 MSDTC - ok 08:27:17.0947 3352 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 08:27:17.0978 3352 Msfs - ok 08:27:17.0994 3352 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 08:27:18.0009 3352 msisadrv - ok 08:27:18.0025 3352 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 08:27:18.0056 3352 MSiSCSI - ok 08:27:18.0072 3352 msiserver - ok 08:27:18.0072 3352 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 08:27:18.0103 3352 MSKSSRV - ok 08:27:18.0118 3352 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 08:27:18.0150 3352 MSPCLOCK - ok 08:27:18.0212 3352 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 08:27:18.0274 3352 MSPQM - ok 08:27:18.0306 3352 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 08:27:18.0321 3352 MsRPC - ok 08:27:18.0477 3352 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 08:27:18.0493 3352 mssmbios - ok 08:27:18.0524 3352 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 08:27:18.0555 3352 MSTEE - ok 08:27:18.0571 3352 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 08:27:18.0586 3352 Mup - ok 08:27:19.0008 3352 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 08:27:19.0039 3352 napagent - ok 08:27:19.0054 3352 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 08:27:19.0101 3352 NativeWifiP - ok 08:27:19.0148 3352 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 08:27:19.0164 3352 NDIS - ok 08:27:19.0257 3352 Ndisrd (4598df84a3694dd693ea453645f1b3c8) C:\Windows\system32\DRIVERS\ndisrd.sys 08:27:19.0257 3352 Ndisrd ( UnsignedFile.Multi.Generic ) - warning 08:27:19.0257 3352 Ndisrd - detected UnsignedFile.Multi.Generic (1) 08:27:19.0257 3352 NdisrdMP (4598df84a3694dd693ea453645f1b3c8) C:\Windows\system32\DRIVERS\ndisrd.sys 08:27:19.0273 3352 NdisrdMP ( UnsignedFile.Multi.Generic ) - warning 08:27:19.0273 3352 NdisrdMP - detected UnsignedFile.Multi.Generic (1) 08:27:19.0304 3352 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 08:27:19.0335 3352 NdisTapi - ok 08:27:19.0491 3352 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 08:27:19.0507 3352 Ndisuio - ok 08:27:19.0554 3352 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 08:27:19.0569 3352 NdisWan - ok 08:27:19.0569 3352 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 08:27:19.0600 3352 NDProxy - ok 08:27:19.0647 3352 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll 08:27:19.0663 3352 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 08:27:19.0663 3352 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 08:27:19.0663 3352 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 08:27:19.0694 3352 NetBIOS - ok 08:27:19.0944 3352 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 08:27:19.0975 3352 netbt - ok 08:27:19.0990 3352 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 08:27:20.0006 3352 Netlogon - ok 08:27:20.0037 3352 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 08:27:20.0068 3352 Netman - ok 08:27:20.0084 3352 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 08:27:20.0115 3352 netprofm - ok 08:27:20.0256 3352 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 08:27:20.0271 3352 NetTcpPortSharing - ok 08:27:20.0302 3352 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 08:27:20.0318 3352 nfrd960 - ok 08:27:20.0334 3352 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 08:27:20.0365 3352 NlaSvc - ok 08:27:20.0380 3352 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 08:27:20.0412 3352 Npfs - ok 08:27:20.0427 3352 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 08:27:20.0458 3352 nsi - ok 08:27:20.0458 3352 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 08:27:20.0490 3352 nsiproxy - ok 08:27:20.0724 3352 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 08:27:20.0755 3352 Ntfs - ok 08:27:20.0770 3352 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 08:27:20.0817 3352 ntrigdigi - ok 08:27:20.0833 3352 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 08:27:20.0864 3352 Null - ok 08:27:20.0880 3352 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 08:27:20.0895 3352 nvraid - ok 08:27:20.0911 3352 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 08:27:20.0926 3352 nvstor - ok 08:27:20.0942 3352 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 08:27:20.0958 3352 nv_agp - ok 08:27:20.0973 3352 NwlnkFlt - ok 08:27:20.0973 3352 NwlnkFwd - ok 08:27:21.0207 3352 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 08:27:21.0223 3352 odserv - ok 08:27:21.0441 3352 OEM05Afx (58f478fd0115012ceec75fb73628901c) C:\Windows\system32\Drivers\OEM05Afx.sys 08:27:21.0472 3352 OEM05Afx - ok 08:27:21.0504 3352 OEM05Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM05Vfx.sys 08:27:21.0519 3352 OEM05Vfx - ok 08:27:21.0691 3352 OEM05Vid (3c60c2022cb93073da2574da90c962c2) C:\Windows\system32\DRIVERS\OEM05Vid.sys 08:27:21.0706 3352 OEM05Vid - ok 08:27:21.0722 3352 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 08:27:21.0753 3352 ohci1394 - ok 08:27:21.0784 3352 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:27:21.0784 3352 ose - ok 08:27:21.0862 3352 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 08:27:21.0909 3352 p2pimsvc - ok 08:27:21.0925 3352 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 08:27:21.0940 3352 p2psvc - ok 08:27:21.0987 3352 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 08:27:22.0034 3352 Parport - ok 08:27:22.0050 3352 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys 08:27:22.0065 3352 partmgr - ok 08:27:22.0096 3352 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 08:27:22.0128 3352 Parvdm - ok 08:27:22.0174 3352 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 08:27:22.0190 3352 PcaSvc - ok 08:27:22.0424 3352 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 08:27:22.0440 3352 pci - ok 08:27:22.0502 3352 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 08:27:22.0518 3352 pciide - ok 08:27:22.0549 3352 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 08:27:22.0564 3352 pcmcia - ok 08:27:22.0658 3352 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 08:27:22.0752 3352 PEAUTH - ok 08:27:22.0923 3352 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 08:27:23.0017 3352 pla - ok 08:27:23.0516 3352 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 08:27:23.0547 3352 PlugPlay - ok 08:27:23.0688 3352 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll 08:27:23.0719 3352 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 08:27:23.0719 3352 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 08:27:24.0452 3352 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 08:27:24.0592 3352 PNRPAutoReg - ok 08:27:24.0592 3352 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 08:27:24.0655 3352 PNRPsvc - ok 08:27:25.0825 3352 Point32 (437827d69040c0c2565d47b024ed5372) C:\Windows\system32\DRIVERS\point32k.sys 08:27:25.0950 3352 Point32 - ok 08:27:28.0664 3352 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 08:27:28.0929 3352 PolicyAgent - ok 08:27:29.0163 3352 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 08:27:29.0257 3352 PptpMiniport - ok 08:27:29.0413 3352 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 08:27:29.0475 3352 Processor - ok 08:27:29.0522 3352 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 08:27:29.0538 3352 ProfSvc - ok 08:27:29.0584 3352 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 08:27:29.0600 3352 ProtectedStorage - ok 08:27:29.0772 3352 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 08:27:29.0803 3352 PSched - ok 08:27:29.0896 3352 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys 08:27:29.0912 3352 PxHelp20 - ok 08:27:30.0208 3352 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 08:27:30.0240 3352 ql2300 - ok 08:27:30.0364 3352 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 08:27:30.0380 3352 ql40xx - ok 08:27:31.0113 3352 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 08:27:31.0176 3352 QWAVE - ok 08:27:31.0191 3352 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 08:27:31.0207 3352 QWAVEdrv - ok 08:27:31.0534 3352 R300 (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys 08:27:31.0644 3352 R300 - ok 08:27:32.0112 3352 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 08:27:32.0143 3352 RasAcd - ok 08:27:32.0158 3352 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 08:27:32.0190 3352 RasAuto - ok 08:27:32.0221 3352 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:27:32.0236 3352 Rasl2tp - ok 08:27:32.0517 3352 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 08:27:32.0533 3352 RasMan - ok 08:27:32.0580 3352 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 08:27:32.0595 3352 RasPppoe - ok 08:27:32.0689 3352 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 08:27:32.0736 3352 RasSstp - ok 08:27:32.0782 3352 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 08:27:32.0814 3352 rdbss - ok 08:27:32.0829 3352 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:27:32.0845 3352 RDPCDD - ok 08:27:33.0079 3352 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys 08:27:33.0094 3352 rdpdr - ok 08:27:33.0126 3352 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 08:27:33.0172 3352 RDPENCDD - ok 08:27:33.0250 3352 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 08:27:33.0282 3352 RDPWD - ok 08:27:33.0328 3352 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 08:27:33.0360 3352 RemoteAccess - ok 08:27:33.0547 3352 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 08:27:33.0594 3352 RemoteRegistry - ok 08:27:33.0625 3352 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 08:27:33.0656 3352 RFCOMM - ok 08:27:33.0687 3352 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys 08:27:33.0703 3352 RimUsb - ok 08:27:33.0796 3352 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 08:27:33.0812 3352 RpcLocator - ok 08:27:34.0233 3352 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 08:27:34.0264 3352 RpcSs - ok 08:27:34.0342 3352 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 08:27:34.0374 3352 rspndr - ok 08:27:34.0452 3352 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 08:27:34.0467 3352 SamSs - ok 08:27:34.0654 3352 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 08:27:34.0670 3352 SASDIFSV - ok 08:27:34.0701 3352 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 08:27:34.0717 3352 SASKUTIL - ok 08:27:34.0857 3352 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 08:27:34.0873 3352 sbp2port - ok 08:27:34.0935 3352 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 08:27:34.0966 3352 SCardSvr - ok 08:27:35.0029 3352 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 08:27:35.0091 3352 Schedule - ok 08:27:35.0107 3352 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 08:27:35.0122 3352 SCPolicySvc - ok 08:27:35.0154 3352 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 08:27:35.0169 3352 SDRSVC - ok 08:27:35.0200 3352 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 08:27:35.0232 3352 secdrv - ok 08:27:35.0247 3352 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 08:27:35.0278 3352 seclogon - ok 08:27:35.0310 3352 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 08:27:35.0341 3352 SENS - ok 08:27:35.0372 3352 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 08:27:35.0403 3352 Serenum - ok 08:27:35.0481 3352 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 08:27:35.0512 3352 Serial - ok 08:27:35.0528 3352 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 08:27:35.0559 3352 sermouse - ok 08:27:35.0606 3352 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 08:27:35.0622 3352 SessionEnv - ok 08:27:35.0746 3352 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 08:27:35.0793 3352 sffdisk - ok 08:27:35.0793 3352 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 08:27:35.0824 3352 sffp_mmc - ok 08:27:35.0840 3352 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 08:27:35.0871 3352 sffp_sd - ok 08:27:35.0871 3352 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 08:27:35.0934 3352 sfloppy - ok 08:27:36.0043 3352 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 08:27:36.0074 3352 SharedAccess - ok 08:27:36.0105 3352 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 08:27:36.0121 3352 ShellHWDetection - ok 08:27:36.0136 3352 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 08:27:36.0152 3352 sisagp - ok 08:27:36.0168 3352 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 08:27:36.0199 3352 SiSRaid2 - ok 08:27:36.0214 3352 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 08:27:36.0230 3352 SiSRaid4 - ok 08:27:37.0837 3352 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 08:27:37.0915 3352 slsvc - ok 08:27:38.0008 3352 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 08:27:38.0040 3352 SLUINotify - ok 08:27:38.0071 3352 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 08:27:38.0118 3352 Smb - ok 08:27:38.0149 3352 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 08:27:38.0164 3352 SNMPTRAP - ok 08:27:38.0180 3352 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 08:27:38.0196 3352 spldr - ok 08:27:38.0242 3352 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 08:27:38.0258 3352 Spooler - ok 08:27:38.0336 3352 sprtsvc_dellsupportcenter - ok 08:27:38.0445 3352 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 08:27:38.0508 3352 srv - ok 08:27:38.0539 3352 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 08:27:38.0586 3352 srv2 - ok 08:27:38.0648 3352 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 08:27:38.0664 3352 srvnet - ok 08:27:38.0679 3352 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 08:27:38.0710 3352 SSDPSRV - ok 08:27:38.0726 3352 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 08:27:38.0742 3352 SstpSvc - ok 08:27:38.0788 3352 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys 08:27:38.0804 3352 StillCam - ok 08:27:38.0851 3352 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 08:27:38.0898 3352 stisvc - ok 08:27:38.0913 3352 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 08:27:38.0929 3352 swenum - ok 08:27:38.0960 3352 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 08:27:38.0991 3352 swprv - ok 08:27:39.0007 3352 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 08:27:39.0022 3352 Symc8xx - ok 08:27:39.0022 3352 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 08:27:39.0038 3352 Sym_hi - ok 08:27:39.0054 3352 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 08:27:39.0069 3352 Sym_u3 - ok 08:27:39.0100 3352 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 08:27:39.0132 3352 SysMain - ok 08:27:39.0163 3352 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 08:27:39.0178 3352 TabletInputService - ok 08:27:39.0194 3352 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 08:27:39.0225 3352 TapiSrv - ok 08:27:39.0303 3352 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 08:27:39.0350 3352 TBS - ok 08:27:39.0553 3352 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys 08:27:39.0600 3352 Tcpip - ok 08:27:39.0600 3352 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys 08:27:39.0631 3352 Tcpip6 - ok 08:27:39.0756 3352 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 08:27:39.0771 3352 tcpipreg - ok 08:27:39.0802 3352 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 08:27:39.0834 3352 TDPIPE - ok 08:27:39.0849 3352 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 08:27:39.0880 3352 TDTCP - ok 08:27:39.0912 3352 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 08:27:39.0927 3352 tdx - ok 08:27:39.0958 3352 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 08:27:39.0974 3352 TermDD - ok 08:27:40.0005 3352 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 08:27:40.0052 3352 TermService - ok 08:27:40.0114 3352 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 08:27:40.0130 3352 Themes - ok 08:27:40.0177 3352 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 08:27:40.0208 3352 THREADORDER - ok 08:27:40.0270 3352 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 08:27:40.0317 3352 TrkWks - ok 08:27:40.0364 3352 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 08:27:40.0380 3352 TrustedInstaller - ok 08:27:40.0395 3352 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:27:40.0442 3352 tssecsrv - ok 08:27:40.0458 3352 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 08:27:40.0473 3352 tunmp - ok 08:27:40.0536 3352 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 08:27:40.0551 3352 tunnel - ok 08:27:40.0567 3352 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 08:27:40.0582 3352 uagp35 - ok 08:27:40.0614 3352 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 08:27:40.0629 3352 udfs - ok 08:27:40.0692 3352 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 08:27:40.0723 3352 UI0Detect - ok 08:27:40.0754 3352 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 08:27:40.0770 3352 uliagpkx - ok 08:27:40.0801 3352 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 08:27:40.0816 3352 uliahci - ok 08:27:40.0832 3352 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 08:27:40.0848 3352 UlSata - ok 08:27:40.0863 3352 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 08:27:40.0879 3352 ulsata2 - ok 08:27:40.0879 3352 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 08:27:40.0910 3352 umbus - ok 08:27:40.0957 3352 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll 08:27:40.0972 3352 UmRdpService - ok 08:27:40.0988 3352 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 08:27:41.0019 3352 upnphost - ok 08:27:41.0035 3352 USBAAPL - ok 08:27:41.0066 3352 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 08:27:41.0082 3352 usbaudio - ok 08:27:41.0128 3352 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys 08:27:41.0144 3352 usbbus - ok 08:27:41.0191 3352 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 08:27:41.0238 3352 usbccgp - ok 08:27:41.0269 3352 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 08:27:41.0316 3352 usbcir - ok 08:27:41.0378 3352 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys 08:27:41.0409 3352 UsbDiag - ok 08:27:41.0425 3352 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 08:27:41.0456 3352 usbehci - ok 08:27:41.0628 3352 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 08:27:41.0659 3352 usbhub - ok 08:27:41.0706 3352 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys 08:27:41.0721 3352 USBModem - ok 08:27:41.0737 3352 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 08:27:41.0784 3352 usbohci - ok 08:27:41.0799 3352 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 08:27:41.0815 3352 usbprint - ok 08:27:41.0846 3352 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 08:27:41.0862 3352 usbscan - ok 08:27:41.0877 3352 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:27:41.0908 3352 USBSTOR - ok 08:27:41.0924 3352 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 08:27:41.0940 3352 usbuhci - ok 08:27:41.0955 3352 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 08:27:41.0986 3352 UxSms - ok 08:27:42.0049 3352 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 08:27:42.0127 3352 vds - ok 08:27:42.0158 3352 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 08:27:42.0189 3352 vga - ok 08:27:42.0205 3352 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 08:27:42.0236 3352 VgaSave - ok 08:27:42.0252 3352 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 08:27:42.0267 3352 viaagp - ok 08:27:42.0283 3352 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 08:27:42.0298 3352 ViaC7 - ok 08:27:42.0314 3352 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 08:27:42.0330 3352 viaide - ok 08:27:42.0330 3352 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 08:27:42.0345 3352 volmgr - ok 08:27:42.0595 3352 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 08:27:42.0610 3352 volmgrx - ok 08:27:42.0688 3352 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 08:27:42.0704 3352 volsnap - ok 08:27:42.0844 3352 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 08:27:42.0860 3352 vsmraid - ok 08:27:43.0328 3352 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 08:27:43.0390 3352 VSS - ok 08:27:43.0609 3352 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe 08:27:43.0624 3352 vToolbarUpdater12.1.5 - ok 08:27:43.0952 3352 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 08:27:43.0999 3352 W32Time - ok 08:27:44.0030 3352 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 08:27:44.0077 3352 WacomPen - ok 08:27:44.0139 3352 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 08:27:44.0170 3352 Wanarp - ok 08:27:44.0170 3352 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 08:27:44.0202 3352 Wanarpv6 - ok 08:27:44.0248 3352 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe 08:27:44.0295 3352 wbengine - ok 08:27:44.0311 3352 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 08:27:44.0342 3352 wcncsvc - ok 08:27:44.0358 3352 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 08:27:44.0389 3352 WcsPlugInService - ok 08:27:44.0420 3352 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 08:27:44.0436 3352 Wd - ok 08:27:44.0467 3352 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 08:27:44.0482 3352 Wdf01000 - ok 08:27:44.0514 3352 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 08:27:44.0545 3352 WdiServiceHost - ok 08:27:44.0560 3352 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 08:27:44.0576 3352 WdiSystemHost - ok 08:27:44.0794 3352 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 08:27:44.0810 3352 WebClient - ok 08:27:44.0857 3352 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 08:27:44.0872 3352 Wecsvc - ok 08:27:44.0888 3352 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 08:27:44.0966 3352 wercplsupport - ok 08:27:44.0997 3352 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 08:27:45.0028 3352 WerSvc - ok 08:27:45.0231 3352 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 08:27:45.0247 3352 WinDefend - ok 08:27:45.0262 3352 WinHttpAutoProxySvc - ok 08:27:45.0325 3352 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 08:27:45.0340 3352 Winmgmt - ok 08:27:45.0933 3352 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 08:27:45.0964 3352 WinRM - ok 08:27:46.0292 3352 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 08:27:46.0323 3352 Wlansvc - ok 08:27:46.0323 3352 wltrysvc - ok 08:27:46.0386 3352 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 08:27:46.0401 3352 WmiAcpi - ok 08:27:46.0542 3352 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 08:27:46.0635 3352 wmiApSrv - ok 08:27:46.0713 3352 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 08:27:46.0760 3352 WMPNetworkSvc - ok 08:27:46.0776 3352 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 08:27:46.0791 3352 WPCSvc - ok 08:27:46.0838 3352 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 08:27:46.0869 3352 WPDBusEnum - ok 08:27:46.0916 3352 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 08:27:46.0932 3352 WpdUsb - ok 08:27:46.0947 3352 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 08:27:46.0978 3352 ws2ifsl - ok 08:27:46.0994 3352 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll 08:27:47.0025 3352 wscsvc - ok 08:27:47.0056 3352 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys 08:27:47.0088 3352 WSDPrintDevice - ok 08:27:47.0088 3352 WSearch - ok 08:27:47.0587 3352 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 08:27:47.0634 3352 wuauserv - ok 08:27:47.0790 3352 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 08:27:47.0821 3352 WUDFRd - ok 08:27:47.0930 3352 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 08:27:47.0961 3352 wudfsvc - ok 08:27:48.0024 3352 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0 08:27:48.0086 3352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 08:27:48.0086 3352 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 08:27:48.0445 3352 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 08:27:48.0445 3352 \Device\Harddisk0\DR0 - detected TDSS File System (1) 08:27:48.0460 3352 Boot (0x1200) (fd2efe5de9480c4fdf2818f4c3af49a1) \Device\Harddisk0\DR0\Partition0 08:27:48.0460 3352 \Device\Harddisk0\DR0\Partition0 - ok 08:27:48.0476 3352 Boot (0x1200) (2e54b5aa3831a4198cd1ecbd2e7c07b3) \Device\Harddisk0\DR0\Partition1 08:27:48.0476 3352 \Device\Harddisk0\DR0\Partition1 - ok 08:27:48.0476 3352 ============================================================ 08:27:48.0476 3352 Scan finished 08:27:48.0476 3352 ============================================================ 08:27:48.0492 4248 Detected object count: 17 08:27:48.0492 4248 Actual detected object count: 17 08:28:21.0109 4248 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0109 4248 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0109 4248 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0109 4248 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0109 4248 ElRawDisk ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0109 4248 ElRawDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0109 4248 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0109 4248 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0109 4248 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0109 4248 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0109 4248 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0109 4248 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0114 4248 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0114 4248 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0114 4248 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0114 4248 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0114 4248 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0114 4248 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0114 4248 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0114 4248 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0114 4248 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0114 4248 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0119 4248 Ndisrd ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0119 4248 Ndisrd ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0119 4248 NdisrdMP ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0119 4248 NdisrdMP ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0119 4248 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0119 4248 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:21.0119 4248 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 08:28:21.0119 4248 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:28:25.0104 4248 \Device\Harddisk0\DR0\# - copied to quarantine 08:28:25.0104 4248 \Device\Harddisk0\DR0 - copied to quarantine 08:28:25.0239 4248 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 08:28:25.0264 4248 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 08:28:25.0289 4248 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 08:28:25.0304 4248 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 08:28:25.0314 4248 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 08:28:25.0359 4248 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 08:28:25.0399 4248 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 08:28:25.0404 4248 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 08:28:25.0419 4248 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 08:28:25.0424 4248 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 08:28:25.0454 4248 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 08:28:25.0484 4248 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 08:28:25.0554 4248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 08:28:25.0569 4248 \Device\Harddisk0\DR0 - ok 08:28:25.0589 4248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 08:28:25.0594 4248 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 08:28:25.0594 4248 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 08:28:30.0994 2260 Deinitialize success
  5. Oh and I also defrag and do a disk cleanup if that helps
  6. Hi everyone, I am looking for guides that can help me clean out my PC. I usually run ccleaner and clean out the registry and wipe out the C drive , then I just remove and uninstall some junk in the programs cpanel, then I scan with malwarebytes and super free anti spyware. I was wondering if anyone can help me and give me a more advanced tutorial or anything to guide me to really get all the junk and clean out a computer other than reformatting. Thank you!
  7. Alright here you go. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-30 12:20:06 ----------------------------- 12:20:06.880 OS Version: Windows 6.0.6002 Service Pack 2 12:20:06.880 Number of processors: 4 586 0xF0B 12:20:06.883 ComputerName: MOM-PC UserName: Mom 12:20:10.369 Initialize success 12:20:32.985 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 12:20:32.988 Disk 0 Vendor: Hitachi_HDS721075KLA330 GK8OA97A Size: 715404MB BusType: 3 12:20:32.995 Disk 0 MBR read successfully 12:20:32.998 Disk 0 MBR scan 12:20:33.001 Disk 0 TDL4@MBR code has been found 12:20:33.003 Disk 0 Windows VISTA default MBR code found via API 12:20:33.006 Disk 0 MBR hidden 12:20:33.009 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63 12:20:33.031 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640 12:20:33.044 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 705108 MB offset 21084160 12:20:33.048 Disk 0 MBR [TDL4] **ROOTKIT** 12:20:33.052 Disk 0 trace - called modules: 12:20:33.057 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8a3f049f]<< 12:20:33.061 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89587ac8] 12:20:33.067 3 CLASSPNP.SYS[8dc3d8b3] -> nt!IofCallDriver -> [0x87f3b918] 12:20:33.073 5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> [0x8897f528] 12:20:33.078 \Driver\atapi[0x8a283650] -> IRP_MJ_CREATE -> 0x8a3f049f 12:20:33.083 Scan finished successfully 12:20:57.838 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat" 12:20:57.842 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-30 18:34:40 ----------------------------- 18:34:40.228 OS Version: Windows 6.0.6002 Service Pack 2 18:34:40.228 Number of processors: 4 586 0xF0B 18:34:40.228 ComputerName: MOM-PC UserName: Mom 18:34:43.145 Initialize success 18:34:52.574 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 18:34:52.574 Disk 0 Vendor: Hitachi_HDS721075KLA330 GK8OA97A Size: 715404MB BusType: 3 18:34:52.589 Disk 0 MBR read successfully 18:34:52.589 Disk 0 MBR scan 18:34:52.589 Disk 0 TDL4@MBR code has been found 18:34:52.605 Disk 0 Windows VISTA default MBR code found via API 18:34:52.605 Disk 0 MBR hidden 18:34:52.605 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63 18:34:52.620 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640 18:34:52.636 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 705108 MB offset 21084160 18:34:52.636 Disk 0 MBR [TDL4] **ROOTKIT** 18:34:52.636 Disk 0 trace - called modules: 18:34:52.636 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8a52b49f]<< 18:34:52.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x895ec7a8] 18:34:52.652 3 CLASSPNP.SYS[8de128b3] -> nt!IofCallDriver -> [0x88981378] 18:34:52.652 5 acpi.sys[8589d6bc] -> nt!IofCallDriver -> [0x88983528] 18:34:52.652 \Driver\atapi[0x8a2fdf38] -> IRP_MJ_CREATE -> 0x8a52b49f 18:34:52.667 Scan finished successfully 18:35:57.860 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat" 18:35:57.875 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-30 18:34:40 ----------------------------- 18:34:40.228 OS Version: Windows 6.0.6002 Service Pack 2 18:34:40.228 Number of processors: 4 586 0xF0B 18:34:40.228 ComputerName: MOM-PC UserName: Mom 18:34:43.145 Initialize success 18:34:52.574 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 18:34:52.574 Disk 0 Vendor: Hitachi_HDS721075KLA330 GK8OA97A Size: 715404MB BusType: 3 18:34:52.589 Disk 0 MBR read successfully 18:34:52.589 Disk 0 MBR scan 18:34:52.589 Disk 0 TDL4@MBR code has been found 18:34:52.605 Disk 0 Windows VISTA default MBR code found via API 18:34:52.605 Disk 0 MBR hidden 18:34:52.605 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63 18:34:52.620 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640 18:34:52.636 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 705108 MB offset 21084160 18:34:52.636 Disk 0 MBR [TDL4] **ROOTKIT** 18:34:52.636 Disk 0 trace - called modules: 18:34:52.636 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8a52b49f]<< 18:34:52.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x895ec7a8] 18:34:52.652 3 CLASSPNP.SYS[8de128b3] -> nt!IofCallDriver -> [0x88981378] 18:34:52.652 5 acpi.sys[8589d6bc] -> nt!IofCallDriver -> [0x88983528] 18:34:52.652 \Driver\atapi[0x8a2fdf38] -> IRP_MJ_CREATE -> 0x8a52b49f 18:34:52.667 Scan finished successfully 18:35:57.860 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat" 18:35:57.875 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt" 18:37:29.250 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat" 18:37:29.255 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"
  8. Sorry here is the malwarebytes log.. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.30.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19154 Scott :: MOM-PC [limited] Protection: Enabled 7/30/2012 11:55:30 AM mbam-log-2012-07-30 (11-55-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 145136 Time elapsed: 5 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot. HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot. HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot. HKCR\FunWebProductsInstaller.Start.1 (PUP.MyWebSearch) -> Delete on reboot. HKCR\FunWebProductsInstaller.Start (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Delete on reboot. HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Delete on reboot. Folders Detected: 1 C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Delete on reboot. Files Detected: 2 C:\Program Files\14res.dll (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\14res.dll (Spyware.OnlineGames) -> Delete on reboot. (end) Here is aswMBR log 2012/07/30 11:54:58 -0400 MOM-PC Scott MESSAGE Starting protection 2012/07/30 11:55:00 -0400 MOM-PC Scott MESSAGE Protection started successfully 2012/07/30 11:55:03 -0400 MOM-PC Scott MESSAGE Starting IP protection 2012/07/30 11:55:05 -0400 MOM-PC Scott MESSAGE IP Protection started successfully 2012/07/30 12:01:15 -0400 MOM-PC Scott IP-BLOCK 89.114.9.95 (Type: outgoing, Port: 49203, Process: svchost.exe)
  9. Here is malwarebyes anti-malware log 2012/07/30 11:54:58 -0400 MOM-PC Scott MESSAGE Starting protection 2012/07/30 11:55:00 -0400 MOM-PC Scott MESSAGE Protection started successfully 2012/07/30 11:55:03 -0400 MOM-PC Scott MESSAGE Starting IP protection 2012/07/30 11:55:05 -0400 MOM-PC Scott MESSAGE IP Protection started successfully 2012/07/30 12:01:15 -0400 MOM-PC Scott IP-BLOCK 89.114.9.95 (Type: outgoing, Port: 49203, Process: svchost.exe) Here is aswMBR log 2012/07/30 11:54:58 -0400 MOM-PC Scott MESSAGE Starting protection 2012/07/30 11:55:00 -0400 MOM-PC Scott MESSAGE Protection started successfully 2012/07/30 11:55:03 -0400 MOM-PC Scott MESSAGE Starting IP protection 2012/07/30 11:55:05 -0400 MOM-PC Scott MESSAGE IP Protection started successfully 2012/07/30 12:01:15 -0400 MOM-PC Scott IP-BLOCK 89.114.9.95 (Type: outgoing, Port: 49203, Process: svchost.exe)
  10. Ok, here is the DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19154 Run by Mom at 1:10:08 on 2012-07-28 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1464 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Windows\system32\AERTSrv.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\Windows\system32\CTsvcCDA.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Dell\DellDock\DellDock.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\iolo\Common\Lib\ioloLManager.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Windows\System32\wpcumi.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\System32\mobsync.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uSearch Page = uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080805 uSearch Bar = mStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com uInternet Settings,ProxyOverride = *.local mSearchAssistant = uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: !{a0154e07-2b48-475c-a82a-80efd84ea33e} - No File TB: !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll TB: {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File TB: {22E03916-85C5-44B0-8DC9-1830C11238D9} - No File TB: {795828A9-F271-43A8-8536-4484BB991D3D} - No File TB: {B80F591E-FE9A-46CF-A13E-180377240586} - No File TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r mRun: [updReg] c:\windows\UpdReg.EXE mRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [Dell PC TuneUp Startup] "c:\program files\iolo\common\lib\ioloLManager.exe" mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq StartupFolder: c:\users\mom\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe StartupFolder: c:\users\mom\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: c:\windows\system32\wpclsp.dll Trusted Zone: internet Trusted Zone: mcafee.com DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 TCP: Interfaces\{1F40D72F-E160-4BFB-ACFD-F812B5C74653} : DhcpNameServer = 192.168.1.1 68.237.161.12 TCP: Interfaces\{A2173ABC-AB11-4F61-9CE6-D714A827CF9A} : DhcpNameServer = 192.168.1.1 192.168.2.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-6 387480] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-7-23 27496] R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-8-5 12800] R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-6 64584] R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-6 165032] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312] R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288] R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-8-5 596336] R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-8-5 596336] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-23 655944] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-6 171168] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-6 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-6 141792] R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\common files\avg secure search\vtoolbarupdater\12.1.5\ToolbarUpdater.exe [2012-7-23 830048] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-23 22344] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-6 153280] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-6 52320] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-6 314088] R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2009-8-27 22016] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-6 136176] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-6 56064] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-6 136176] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-6 84488] S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2009-8-27 22016] S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-8-5 141376] S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-8-5 7424] S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-8-5 235616] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 regfile=NOTEPAD.EXE %1 scrfile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2012-07-24 03:02:30 -------- d-----w- c:\program files\Defraggler 2012-07-24 02:40:35 5120 ----a-w- c:\windows\system32\wmi.dll 2012-07-24 02:40:35 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-07-24 02:40:35 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-07-24 02:40:35 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-07-24 02:40:00 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-07-24 02:39:31 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe 2012-07-24 02:39:30 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2012-07-24 02:39:29 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll 2012-07-24 02:39:29 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll 2012-07-24 02:39:29 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll 2012-07-24 02:39:29 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL 2012-07-24 02:31:44 -------- d-----w- c:\windows\pss 2012-07-23 19:20:36 -------- d-----w- c:\windows\system32\appmgmt 2012-07-23 19:17:03 161736 ----a-w- c:\program files\14res.dll 2012-07-23 17:51:24 -------- d-----w- c:\users\mom\appdata\roaming\AVG2012 2012-07-23 17:50:22 -------- d-----w- c:\users\mom\appdata\local\AVG Secure Search 2012-07-23 17:50:16 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-23 17:50:00 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-07-23 17:49:57 -------- d-----w- c:\program files\common files\AVG Secure Search 2012-07-23 17:49:55 -------- d-----w- c:\program files\AVG Secure Search 2012-07-23 17:47:13 -------- d--h--w- C:\$AVG 2012-07-23 17:47:13 -------- d-----w- c:\windows\system32\drivers\AVG 2012-07-23 17:47:13 -------- d-----w- c:\programdata\AVG2012 2012-07-23 17:46:46 -------- d-----w- c:\program files\AVG 2012-07-23 17:41:32 -------- d--h--w- c:\programdata\Common Files 2012-07-23 17:41:32 -------- d-----w- c:\programdata\MFAData 2012-07-23 17:38:59 -------- d-----w- c:\users\mom\appdata\roaming\SUPERAntiSpyware.com 2012-07-23 17:38:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-07-23 17:38:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-07-23 17:36:05 -------- d-----w- c:\users\mom\appdata\roaming\Malwarebytes 2012-07-23 17:35:58 -------- d-----w- c:\programdata\Malwarebytes 2012-07-23 17:35:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-23 17:35:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-23 17:34:21 -------- d-----w- c:\program files\CCleaner . ==================== Find3M ==================== . . ============= FINISH: 1:10:58.62 =============== here is the Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Ultimate Boot Device: \Device\HarddiskVolume3 Install Date: 8/5/2008 3:33:29 AM System Uptime: 7/27/2012 11:41:38 PM (2 hours ago) . Motherboard: Dell Inc. | | 0FM586 Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 689 GiB total, 384.262 GiB free. D: is FIXED (NTFS) - 10 GiB total, 5.303 GiB free. E: is CDROM () F: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: HP Officejet J6400 Device ID: ROOT\IMAGE\0000 Manufacturer: Hewlett-Packard Name: HP Officejet J6400 PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet J6400 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet J6400 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318} Description: Officejet J6400 series Device ID: ROOT\PRINTER\0000 Manufacturer: HP Name: Officejet J6400 series PNP Device ID: ROOT\PRINTER\0000 Service: . ==== System Restore Points =================== . RP1331: 2/2/2012 12:00:07 AM - Scheduled Checkpoint RP1332: 2/3/2012 12:00:07 AM - Scheduled Checkpoint RP1333: 2/4/2012 12:00:09 AM - Scheduled Checkpoint RP1334: 2/5/2012 12:00:07 AM - Scheduled Checkpoint RP1335: 2/6/2012 7:22:55 PM - Scheduled Checkpoint RP1336: 2/7/2012 5:42:31 PM - Scheduled Checkpoint RP1337: 2/9/2012 6:21:55 PM - Scheduled Checkpoint RP1338: 2/11/2012 5:59:30 PM - Scheduled Checkpoint RP1339: 2/13/2012 12:00:07 AM - Scheduled Checkpoint RP1340: 2/14/2012 12:00:09 AM - Scheduled Checkpoint RP1341: 2/15/2012 12:00:09 AM - Scheduled Checkpoint RP1342: 2/16/2012 12:00:07 AM - Scheduled Checkpoint RP1343: 2/17/2012 12:00:08 AM - Scheduled Checkpoint RP1344: 2/19/2012 12:00:08 AM - Scheduled Checkpoint RP1345: 2/20/2012 12:00:08 AM - Scheduled Checkpoint RP1346: 2/21/2012 12:00:17 AM - Scheduled Checkpoint RP1347: 2/22/2012 12:00:08 AM - Scheduled Checkpoint RP1348: 2/23/2012 6:02:11 PM - Scheduled Checkpoint RP1349: 2/24/2012 7:45:21 PM - Installed Wizard101 RP1350: 2/27/2012 5:25:37 PM - Scheduled Checkpoint RP1351: 2/29/2012 12:00:04 AM - Scheduled Checkpoint RP1352: 3/1/2012 12:00:06 AM - Scheduled Checkpoint RP1353: 3/2/2012 12:00:05 AM - Scheduled Checkpoint RP1354: 3/3/2012 12:00:05 AM - Scheduled Checkpoint RP1355: 3/4/2012 12:00:05 AM - Scheduled Checkpoint RP1356: 3/5/2012 12:00:08 AM - Scheduled Checkpoint RP1357: 3/6/2012 3:39:03 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer 3ivx MPEG-4 5.0.3 (remove only) 6400_Help Adobe Acrobat 5.0 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Photoshop Elements 7.0 Adobe Reader 8.1.0 Adobe Shockwave Player 11.6 Advanced Audio FX Engine Advanced Video FX Engine Apple Software Update ATI Catalyst Control Center AVG 2012 Bonjour bpd_scan BPDSoftware BPDSoftware_Ini Browser Address Error Redirector BufferChm Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Spanish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help English CCC Help French CCC Help German CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Polish CCC Help Portuguese CCC Help Spanish CCC Help Thai CCC Help Turkish CCleaner Creative MediaSource 5 CustomerResearchQFolder Defraggler Dell-eBay Dell Best of Web Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell PC TuneUp Dell Support Center (Support Software) Dell Webcam Center Dell Webcam Manager Dell Wireless WLAN Card Destination Component DeviceDiscovery DeviceManagementQFolder DocProc DocProcQFolder EDocs eSupportQFolder Fax FoxTab FLV Player Google Chrome Google Toolbar for Internet Explorer Google Update Helper GoToAssist 8.0.0.514 GPBaseService Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Participation Program 10.0 HP Imaging Device Functions 10.0 HP Officejet J6400 Series HP Photosmart Essential 2.5 HP Photosmart Essential 3.5 HP Smart Web Printing HP Solution Center 10.0 HP Update HPProductAssistant HPSSupply Intel® PRO Network Connections 12.1.11.0 J6400 Java 6 Update 5 Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch McAfee SecurityCenter Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft IntelliPoint 6.2 Microsoft IntelliType Pro 6.2 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Monitor Webcam (SP2208WFP) Driver (1.00.08.0720) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Plugin 1.0 NetDeviceManager OCR Software by I.R.I.S. 10.0 Palm Desktop Pando Media Booster ProductContext PSSWCORE QualXServ Service Agreement QuickTime Realtek High Definition Audio Driver Roblox for Mom Scan Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB973704) Security Update for Microsoft Office Excel 2007 (KB973593) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Shop for HP Supplies Skins SmartWebPrintingOC SolutionCenter Sound Blaster Audigy ADVANCED MB Status SUPERAntiSpyware Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 (KB974561) Update for Microsoft Office Word 2007 Help (KB963665) Verizon Broadband Toolbar Verizon Help and Support Tool VideoToolkit01 WebReg WIDCOMM Bluetooth Software 6.0.1.4300 . ==== Event Viewer Messages From Past Week ======== . 7/27/2012 11:44:11 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 7/26/2012 9:36:32 PM, Error: Service Control Manager [7038] - The TapiSrv service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 7/26/2012 9:36:32 PM, Error: Service Control Manager [7038] - The SstpSvc service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 7/26/2012 9:36:32 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service did not start due to a logon failure. 7/26/2012 9:36:32 PM, Error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The service did not start due to a logon failure. 7/26/2012 9:36:32 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The service did not start due to a logon failure. 7/26/2012 9:36:32 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 2147943515. 7/26/2012 9:36:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service. 7/26/2012 9:35:58 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. 7/26/2012 7:33:54 PM, Error: EventLog [6008] - The previous system shutdown at 7:31:34 PM on 7/26/2012 was unexpected. 7/25/2012 9:22:57 PM, Error: EventLog [6008] - The previous system shutdown at 9:21:12 PM on 7/25/2012 was unexpected. 7/25/2012 9:09:37 PM, Error: EventLog [6008] - The previous system shutdown at 9:07:27 PM on 7/25/2012 was unexpected. 7/25/2012 6:31:52 PM, Error: EventLog [6008] - The previous system shutdown at 6:29:46 PM on 7/25/2012 was unexpected. 7/25/2012 4:30:08 PM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error. 7/24/2012 8:35:13 PM, Error: EventLog [6008] - The previous system shutdown at 8:30:06 PM on 7/24/2012 was unexpected. 7/24/2012 10:02:16 PM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/23/2012 4:01:59 PM, Error: EventLog [6008] - The previous system shutdown at 3:47:05 PM on 7/23/2012 was unexpected. 7/23/2012 3:59:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect. 7/23/2012 3:59:50 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/23/2012 3:48:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 7/23/2012 3:22:36 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/23/2012 2:48:21 PM, Error: EventLog [6008] - The previous system shutdown at 2:46:08 PM on 7/23/2012 was unexpected. 7/23/2012 2:22:01 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.9. The computer with the IP address 192.168.1.6 did not allow the name to be claimed by this computer. 7/23/2012 2:21:20 PM, Error: EventLog [6008] - The previous system shutdown at 2:18:29 PM on 7/23/2012 was unexpected. 7/23/2012 2:14:13 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance. 7/23/2012 2:13:50 PM, Error: EventLog [6008] - The previous system shutdown at 2:12:09 PM on 7/23/2012 was unexpected. 7/23/2012 2:11:03 PM, Error: Service Control Manager [7034] - The GamingWonderland Service service terminated unexpectedly. It has done this 1 time(s). 7/23/2012 2:08:31 PM, Error: Service Control Manager [7034] - The Guffins Service service terminated unexpectedly. It has done this 1 time(s). 7/23/2012 2:04:29 PM, Error: EventLog [6008] - The previous system shutdown at 1:59:16 PM on 7/23/2012 was unexpected. 7/23/2012 10:47:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596880). 7/23/2012 10:47:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Excel 2007 (KB2597161). 7/23/2012 10:47:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2553090). 7/23/2012 10:47:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2604111). 7/23/2012 10:46:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office PowerPoint 2007 (KB2596764). 7/23/2012 10:42:13 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2007 System (KB2539530). 7/23/2012 10:40:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office OneNote 2007 (KB980729). 7/23/2012 10:40:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2598041). 7/23/2012 10:40:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2007 System (KB2508958). 7/23/2012 10:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Word 2007 (KB2596917). 7/23/2012 10:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows Vista (KB2679255). 7/23/2012 10:40:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2553089). 7/23/2012 10:39:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB2288621). 7/23/2012 10:39:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2657424). 7/23/2012 10:38:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Microsoft Office File Validation Add-in. 7/23/2012 10:38:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office InfoPath 2007 (KB979441). 7/23/2012 10:38:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596672). 7/23/2012 10:37:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office PowerPoint 2007 (KB2596912). 7/23/2012 10:37:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596871). 7/23/2012 10:37:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB976321). 7/23/2012 10:37:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2597969). 7/23/2012 10:36:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596785). 7/23/2012 10:34:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2597162). 7/23/2012 10:33:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2288931). 7/23/2012 10:33:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2584063). 7/23/2012 10:33:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2636927). 7/23/2012 10:32:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596792). 7/23/2012 1:53:08 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. . ==== End Of File ===========================
  11. Also, every time I run malwarebytes I get the same 7 "objects detected" and I remove them and then I run it again and they are still being detected. The vendor name is all the same : PUP.MyWebSearch 6 / 7 are in the registry key and 1 is in the file. Not sure if this has something to do with the above but just letting you know.
  12. Was helping my friend out by cleaning up his computer a little bit and I ran malwarebytes and found a few trojan viruses and thought I was good, every hour or so I get this message popping up "Malwarebytes Successfully blocked access to a potentially malicious website" Process: svchost.exe Was wondering if anyone can help me solve this. I would greatly appreciate it. Anything that I need to do or run let me know.