 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
Bellz666
Junior Member
Joined: 07 Aug 2004
Last Visit: 22 May 2012
Posts: 40
Location: NY
|
 Posted: Sat May 19, 2012 4:48 pm Post subject: Help! Looks like a malware party on my computer |
 |
|
My mother in law was housesitting and my machine has a number of bad looking items. There's weird iminent and AVG toolbars on all browsers, and PC Optimizer Pro when I start up. All homepages have been hijacked and a number of weird desktop icons now. I think I removed most, but need help.
DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19222 BrowserJavaVersion: 10.1.0
Run by Jenifer at 20:38:31 on 2012-05-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1021.244 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\aol\1192316997\ee\aolsoftware.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\dlbxcoms.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051&xicid=acm50mtmhpbanner042112
uWindow Title = Internet Explorer provided by Dell
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.1.3\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.1.3\coIEPlg.dll
TB: {37153479-1976-43C3-A1EE-557513977B64} - No File
TB: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [HostManager] c:\program files\common files\aol\1192316997\ee\AOLSoftware.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\jenifer\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74CA0F74-C0DF-43E1-BF1C-7FB9EF7453F0} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jenifer\appdata\roaming\mozilla\firefox\profiles\qyzuvwei.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coffplgn_2011_7_1_3\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\jenifer\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf.dll
FF - component: c:\users\jenifer\appdata\roaming\mozilla\firefox\profiles\qyzuvwei.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\couponalert_2pei\installr\1.bin\NP2pEISb.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502010.003\symds.sys [2012-4-3 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502010.003\symefa.sys [2012-4-3 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-10 821880]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120518.001\IDSvix86.sys [2012-5-18 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502010.003\ironx86.sys [2012-4-3 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502010.003\symtdiv.sys [2012-4-3 331384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-6 106104]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-3-2 21504]
.
=============== Created Last 30 ================
.
2012-05-19 21:36:23 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-15 20:10:48 -------- d-----w- c:\programdata\PC Optimizer Pro
2012-05-15 20:05:09 -------- d-----w- c:\programdata\WeCareReminder
2012-05-15 20:00:22 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-05-15 19:44:35 -------- d-----w- c:\users\jenifer\appdata\roaming\Systweak
2012-05-15 19:44:19 17280 ----a-w- c:\windows\system32\roboot.exe
2012-05-15 17:17:28 -------- d-----w- c:\users\jenifer\appdata\local\PhoenixViewer
2012-05-13 01:28:35 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-13 01:28:35 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 01:28:34 2044928 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-05-19 22:15:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-02 04:13:58 37376 ----a-w- c:\windows\system32\libusb0.dll
2012-03-02 04:13:58 21504 ----a-w- c:\windows\system32\drivers\libusb0.sys
2012-03-01 14:46:01 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-01 14:46:01 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:08:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-29 13:44:50 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-29 13:41:40 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 11:30:48 916992 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 11:25:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 11:25:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 11:25:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-02-28 11:25:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-28 10:07:57 385024 ----a-w- c:\windows\system32\html.iec
2012-02-28 08:12:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-28 08:08:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 20:41:57.04 ===============
Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/6/2007 3:12:42 PM
System Uptime: 5/19/2012 8:23:15 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 1998/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 147.988 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.121 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
3ivx MPEG-4 5.0.3 (remove only)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AIM 6
AOL Install
AOL Mail and AIM Gadget
AOL Toolbar
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Banctec Service Agreement
Citrix Presentation Server Web Client for Win32
Conexant D850 PCI V.92 Modem
Dell DataSafe Online
Dell Photo AIO Printer 962
Dell Support Center
Dell System Customization Wizard
DellSupport
Digital Line Detect
Download Updater (AOL LLC)
EarthLink Setup Files
FlipShare
Games, Music, & Photos Launcher
Google Desktop
Google Toolbar for Internet Explorer
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PRO Network Connections 12.1.11.0
Internet Service Offers Launcher
Java Auto Updater
Java(TM) 7 Update 1
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox 6.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NetWaiting
Norton 360
NVIDIA Display Control Panel
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PowerISO
Product Documentation Launcher
PVSonyDll
QuickBooks
QuickBooks Premier: Accountant Edition 2007
QuickBooks Premier: Accountant Edition 2011
QuickBooks Product Listing Service
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
RTC Client API v1.2
ScrewDrivers Client v4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
SupportSoft Assisted Service
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnyiper
TurboTax 2011 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
Viewpoint Media Player
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
5/19/2012 8:24:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.
5/19/2012 5:37:42 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
5/19/2012 5:28:44 PM, Error: EventLog [6008] - The previous system shutdown at 5:25:05 PM on 5/19/2012 was unexpected.
5/19/2012 12:05:33 PM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
5/16/2012 12:52:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
5/16/2012 12:52:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
5/13/2012 3:36:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
5/13/2012 3:36:17 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/13/2012 3:06:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/12/2012 8:42:00 PM, Error: EventLog [6008] - The previous system shutdown at 10:00:45 PM on 5/10/2012 was unexpected.
.
==== End Of File =========================== |
|
| Back to top |
|
 |
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Sun May 20, 2012 2:43 am Post subject: |
|
|
Hi and welcome back to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.
Before we start please note the following important guidelines. - If you don't know or understand something, please don't hesitate to ask.
- Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
- Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
Remember, absence of symptoms does not mean the infection is all gone.
- Please DO NOT run any other tools or scans whilst I am helping you.
- Please DO NOT install any other software (or hardware) during the cleaning process.
- Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
- Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
- Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
| Quote: |
| Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. |
Because of this, I advise you to backup any personal files and folders before you start
Please download Rkill from one of the following links and save to your Desktop:
One, Two,Three or Four
- Right click on Rkill and select " Run as administrator " to run it.
- A command window will open then disappear upon completion, this is normal.
- When finished, Notepad will open with a log called, "rkill.log".
- Please copy and paste the contents of the rkill.log in your next reply.
- The file is automatically saved... located at C:\rkill.log.
- Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue.
Next.
As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:
- Launch the application, Check for Updates >> Perform Quick Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
- When completed, a log will open in Notepad. please copy and paste the log into your next reply.
- The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Next.
Please download OTL by Old Timer and save it to your Desktop.
- Right click on OTL.exe And select Run as administrator to run it.
- Under Output, ensure that Standard Output is selected.
- Under Extra Registry section, select Use SafeList.
- Click the Scan All Users checkbox.
- Click on Run Scan at the top left hand corner.
- When done, two Notepad files will open.
- OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
- Please post the contents of these 2 Notepad files in your next reply.
Logs/Information to Post in your Next Reply
- rkill.log.
- Malwarebytes log.
- OTL.txt and Extra.txt contents.
_________________
Admin/Teacher at Malware Removal University
Member of...
 |
|
| Back to top |
|
|
Bellz666
Junior Member
Joined: 07 Aug 2004
Last Visit: 22 May 2012
Posts: 40
Location: NY
|
| Posted: Sun May 20, 2012 4:56 am Post subject: |
|
|
Thank you for your help Cypher, it is highly appreciated. Regarding OTL, there was not a minimized Extras log.
***RKill***
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 05/20/2012 at 8:33:42.
Operating System: Windows Vista (TM) Home Premium
Processes terminated by Rkill or while it was running:
Rkill completed on 05/20/2012 at 8:33:50.
***MBAM Log***
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.20.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19222
Jenifer :: JENIFER-PC [administrator]
5/20/2012 8:35:09 AM
mbam-log-2012-05-20 (08-35-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197002
Time elapsed: 7 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
***OTL.txt***
OTL logfile created on: 5/20/2012 8:48:25 AM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jenifer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.45 Mb Total Physical Memory | 317.74 Mb Available Physical Memory | 31.11% Memory free
2.26 Gb Paging File | 0.99 Gb Available in Paging File | 43.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 147.57 Gb Free Space | 66.24% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.12 Gb Free Space | 61.21% Space Free | Partition Type: NTFS
Drive E: | 1.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: JENIFER-PC | User Name: Jenifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/20 08:47:36 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jenifer\Desktop\OTL.exe
PRC - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/02 00:34:12 | 005,842,776 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccsvchst.exe
PRC - [2010/09/30 17:51:58 | 001,156,384 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/09/30 17:51:04 | 001,178,400 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/09/17 17:04:30 | 001,251,840 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1192316997\ee\aolsoftware.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/02/28 18:43:30 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbxcoms.exe
PRC - [2007/02/28 18:43:12 | 000,435,696 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/13 04:07:03 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
MOD - [2012/05/13 04:06:34 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\24556241d64589a6b95b7eaa7432295b\System.Web.Services.ni.dll
MOD - [2012/05/13 04:06:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/13 04:04:36 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/13 04:04:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0ed12b32a03191e6415e12a061aeef5e\System.Windows.Forms.ni.dll
MOD - [2012/05/13 04:03:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c653820b5a3858c99eb5e524b1a71440\System.Drawing.ni.dll
MOD - [2012/05/13 04:03:05 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\394d5ed87a7b0b708fab0743fd8090bc\PresentationFramework.ni.dll
MOD - [2012/05/13 04:00:52 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\fceb709882e8d154c13f111689746c17\PresentationCore.ni.dll
MOD - [2012/05/13 04:00:31 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/13 04:00:12 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/13 03:59:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/09/02 00:34:12 | 000,083,800 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll
MOD - [2010/09/30 17:51:32 | 000,124,704 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll
MOD - [2010/09/30 17:51:30 | 000,020,256 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.DLL
MOD - [2010/09/30 17:51:22 | 000,041,248 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll
MOD - [2010/09/30 17:51:12 | 000,175,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2010/09/30 17:51:10 | 000,337,184 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll
MOD - [2010/09/30 17:51:10 | 000,268,064 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/01/22 02:18:02 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 962\dlbxcfg.dll
MOD - [2005/09/20 07:40:30 | 000,122,880 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 962\dlbxdrec.dll
MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/05/19 18:15:57 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe -- (N360)
SRV - [2010/09/30 11:52:42 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/09/17 17:04:30 | 001,251,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/28 18:43:30 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbxcoms.exe -- (dlbx_device)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Jenifer\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/05/16 00:41:41 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120519.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 00:41:39 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120519.009\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/27 20:18:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120518.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/04/02 19:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/03/02 00:13:58 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2012/02/03 23:17:55 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 23:17:55 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/21 09:07:59 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symds.sys -- (SymDS)
DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\ironx86.sys -- (SymIRON)
DRV - [2010/03/24 05:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/06 20:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&query={SearchTerms}&invocationType=tb50-ie-holiday-chromesbox-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKLM\..\SearchScopes\{B596CC8A-7FD5-4B3A-BF84-20AA753A7016}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&query={SearchTerms}&invocationType=tb50-ie-holiday-chromesbox-en-us
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=BE5B373001CB2E883CFFE10B&install_time=2010-07-28T19:13:15Z&src_id=11582&camp_id=1341&tb_version=2.5.12000.509
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={6D75358C-3CEC-41FE-BE66-D9ACE831B1E7}&mid=664e505d962447d0bd28d14acce4e9e6-ad24e0ce8ff10ec73a1bf3eb0f7dea06d888aef2&lang=en&ds=ft011&pr=sa&d=2012-05-17 08:46:40&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Coupons.com Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll (CouponAlert)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/07 04:36:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_7_5 [2012/05/19 20:26:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/19 20:08:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/19 20:08:53 | 000,000,000 | ---D | M]
[2011/05/25 18:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenifer\AppData\Roaming\Mozilla\Extensions
[2012/05/15 16:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\extensions
[2011/06/26 17:30:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/15 16:11:49 | 000,000,000 | ---D | M] (CompTool0234 Community Toolbar) -- C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2012/03/29 23:30:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/15 16:04:51 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/05/15 16:10:45 | 000,000,000 | ---D | M] (Coupon Alert) -- C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\extensions\2pffxtbr@CouponAlert_2p.com
[2012/05/15 16:11:38 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\extensions\crossriderapp2258@crossrider.com
[2012/05/15 16:05:14 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\extensions\wecarereminder@bryan
[2011/09/07 15:29:12 | 000,000,925 | ---- | M] () -- C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\searchplugins\conduit.xml
[2011/08/21 20:15:43 | 000,002,469 | ---- | M] () -- C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\searchplugins\safesearch.xml
[2012/05/19 20:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/29 12:26:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2012/02/07 04:36:00 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2011/05/25 18:15:10 | 000,000,000 | ---D | M] (Play Pickle TextLinks) -- C:\USERS\JENIFER\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@PLPICKLE.COM
[2011/08/30 18:59:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/02 10:07:49 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/10/29 12:25:34 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/17 08:45:55 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/08/30 15:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
========== Chrome ==========
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DLBXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
O4 - HKLM..\Run: [dlbxmon.exe] C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1192316997\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4260644106-4270336358-253422960-1000..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74CA0F74-C0DF-43E1-BF1C-7FB9EF7453F0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/08/25 00:47:38 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF ]
O32 - AutoRun File - [1998/06/23 17:42:24 | 000,000,063 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{9c016c5e-743f-11dc-91c5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c016c5e-743f-11dc-91c5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe -- [1999/04/23 02:21:06 | 000,036,864 | R--- | M] (Peter Harrison trading as Timeless)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/20 08:47:36 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Jenifer\Desktop\OTL.exe
[2012/05/19 20:37:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jenifer\Desktop\dds.com
[2012/05/19 20:36:26 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jenifer\Desktop\dds.scr
[2012/05/19 20:17:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/19 17:36:23 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/15 16:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2012/05/15 16:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/05/15 16:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2012/05/15 15:44:35 | 000,000,000 | ---D | C] -- C:\Users\Jenifer\AppData\Roaming\Systweak
[2012/05/15 15:44:19 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012/05/15 13:17:28 | 000,000,000 | ---D | C] -- C:\Users\Jenifer\AppData\Roaming\SecondLife
[2012/05/15 13:17:28 | 000,000,000 | ---D | C] -- C:\Users\Jenifer\AppData\Local\PhoenixViewer
[2012/05/12 21:29:37 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/12 21:29:37 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/12 21:29:36 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/12 21:29:36 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/12 21:29:36 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/12 21:28:35 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/12 21:28:35 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/12 21:28:34 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
========== Files - Modified Within 30 Days ==========
[2012/05/20 08:47:36 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jenifer\Desktop\OTL.exe
[2012/05/20 08:31:08 | 001,012,656 | ---- | M] () -- C:\Users\Jenifer\Desktop\rkill.exe
[2012/05/20 08:25:28 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 08:25:28 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 08:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/20 05:11:33 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{975D7660-6180-49FC-8C95-866AC307F44C}.job
[2012/05/19 20:37:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jenifer\Desktop\dds.com
[2012/05/19 20:37:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jenifer\Desktop\dds.scr
[2012/05/19 20:23:55 | 000,035,853 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/05/19 20:23:54 | 000,035,853 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/05/19 20:23:46 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/05/19 20:23:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/19 20:23:36 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/19 18:15:55 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/19 18:15:55 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/19 17:51:16 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/15 16:00:44 | 000,001,687 | ---- | M] () -- C:\Users\Jenifer\Desktop\Free Games!!.lnk
[2012/05/15 16:00:38 | 000,001,697 | ---- | M] () -- C:\Users\Jenifer\Desktop\Free Dolphin Screensaver.lnk
[2012/05/15 16:00:35 | 000,001,697 | ---- | M] () -- C:\Users\Jenifer\Desktop\Free Music Downloads.lnk
[2012/05/13 03:56:00 | 000,434,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/13 03:27:07 | 000,612,592 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/13 03:27:07 | 000,107,654 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/12 23:08:19 | 000,002,569 | ---- | M] () -- C:\Users\Jenifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/04/29 09:04:35 | 000,001,356 | ---- | M] () -- C:\Users\Jenifer\AppData\Local\d3d9caps.dat
[2012/04/27 22:56:07 | 000,577,726 | ---- | M] () -- C:\Users\Jenifer\Desktop\TurboTax_Print_Preview_04-27-2012T22.54.54.222.pdf
[2012/04/27 22:45:16 | 000,002,611 | ---- | M] () -- C:\Users\Jenifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/04/27 22:38:53 | 000,653,755 | ---- | M] () -- C:\Users\Jenifer\Desktop\TurboTax_Print_Preview_04-27-2012T22.37.15.861.pdf
[2012/04/27 21:19:27 | 000,000,451 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/04/27 17:48:49 | 000,251,043 | ---- | M] () -- C:\Users\Jenifer\Desktop\JP CHAP 8 PROB 62 4562.pdf
[2012/04/27 17:46:07 | 000,177,914 | ---- | M] () -- C:\Users\Jenifer\Desktop\JP CHAP 8 PROB 62 1040.pdf
[2012/04/27 17:44:55 | 000,161,742 | ---- | M] () -- C:\Users\Jenifer\Desktop\JP CHAP 8 PROB 62 SE TAX.pdf
[2012/04/27 17:41:19 | 000,233,324 | ---- | M] () -- C:\Users\Jenifer\Desktop\JP CHAP 8 PROB 62 SCHED C.pdf
[2012/04/27 17:37:47 | 000,116,379 | ---- | M] () -- C:\Users\Jenifer\Desktop\JP CHAP 8 PROB 62 SCHED B.pdf
[2012/04/27 17:33:47 | 000,111,686 | ---- | M] () -- C:\Users\Jenifer\Desktop\JP CHAP 8 PROB 62 SCHED A.pdf
[2012/04/27 17:09:58 | 000,255,548 | ---- | M] () -- C:\Users\Jenifer\Desktop\JENIFER PACE CHAP 7 PROB 60 4684.pdf
[2012/04/27 17:05:09 | 000,092,481 | ---- | M] () -- C:\Users\Jenifer\Desktop\JENIFER PACE CHAP. 7 PROB 60 SCHED D.pdf
[2012/04/27 17:02:02 | 000,234,157 | ---- | M] () -- C:\Users\Jenifer\Desktop\jenifer pace chapter 7 prob 60 sched C.pdf
[2012/04/27 16:56:40 | 000,109,861 | ---- | M] () -- C:\Users\Jenifer\Desktop\jenifer pace chappter 7 prob 60 -sched A.pdf
[2012/04/27 16:53:37 | 000,180,204 | ---- | M] () -- C:\Users\Jenifer\Desktop\jenifer pace chappter 7 prob 60 -1040.pdf
========== Files Created - No Company Name ==========
[2012/05/20 08:31:07 | 001,012,656 | ---- | C] () -- C:\Users\Jenifer\Desktop\rkill.exe
[2012/05/19 17:36:27 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/15 16:10:52 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/05/15 16:00:32 | 000,001,697 | ---- | C] () -- C:\Users\Jenifer\Desktop\Free Music Downloads.lnk
[2012/05/15 16:00:32 | 000,001,697 | ---- | C] () -- C:\Users\Jenifer\Desktop\Free Dolphin Screensaver.lnk
[2012/05/15 16:00:32 | 000,001,687 | ---- | C] () -- C:\Users\Jenifer\Desktop\Free Games!!.lnk
[2012/04/27 22:56:06 | 000,577,726 | ---- | C] () -- C:\Users\Jenifer\Desktop\TurboTax_Print_Preview_04-27-2012T22.54.54.222.pdf
[2012/04/27 22:38:52 | 000,653,755 | ---- | C] () -- C:\Users\Jenifer\Desktop\TurboTax_Print_Preview_04-27-2012T22.37.15.861.pdf
[2012/04/27 17:48:49 | 000,251,043 | ---- | C] () -- C:\Users\Jenifer\Desktop\JP CHAP 8 PROB 62 4562.pdf
[2012/04/27 17:44:55 | 000,161,742 | ---- | C] () -- C:\Users\Jenifer\Desktop\JP CHAP 8 PROB 62 SE TAX.pdf
[2012/04/27 17:41:19 | 000,233,324 | ---- | C] () -- C:\Users\Jenifer\Desktop\JP CHAP 8 PROB 62 SCHED C.pdf
[2012/04/27 17:37:47 | 000,116,379 | ---- | C] () -- C:\Users\Jenifer\Desktop\JP CHAP 8 PROB 62 SCHED B.pdf
[2012/04/27 17:33:47 | 000,111,686 | ---- | C] () -- C:\Users\Jenifer\Desktop\JP CHAP 8 PROB 62 SCHED A.pdf
[2012/04/27 17:32:20 | 000,177,914 | ---- | C] () -- C:\Users\Jenifer\Desktop\JP CHAP 8 PROB 62 1040.pdf
[2012/04/27 17:09:58 | 000,255,548 | ---- | C] () -- C:\Users\Jenifer\Desktop\JENIFER PACE CHAP 7 PROB 60 4684.pdf
[2012/04/27 17:05:09 | 000,092,481 | ---- | C] () -- C:\Users\Jenifer\Desktop\JENIFER PACE CHAP. 7 PROB 60 SCHED D.pdf
[2012/04/27 17:02:01 | 000,234,157 | ---- | C] () -- C:\Users\Jenifer\Desktop\jenifer pace chapter 7 prob 60 sched C.pdf
[2012/04/27 16:56:40 | 000,109,861 | ---- | C] () -- C:\Users\Jenifer\Desktop\jenifer pace chappter 7 prob 60 -sched A.pdf
[2012/04/27 16:53:36 | 000,180,204 | ---- | C] () -- C:\Users\Jenifer\Desktop\jenifer pace chappter 7 prob 60 -1040.pdf
[2012/04/08 20:06:30 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/07/09 07:51:43 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/05/12 14:32:43 | 000,001,940 | ---- | C] () -- C:\Users\Jenifer\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/16 18:57:17 | 000,035,853 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/16 18:57:17 | 000,035,853 | ---- | C] () -- C:\ProgramData\nvModes.001
< End of report > |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Sun May 20, 2012 7:16 am Post subject: |
|
|
Hi Bellz666,
| Quote: |
| Thank you for your help Cypher |
You're welcome.
We need to run an OTL Fix
- Rught-click OTL.exe and select " Run as administrator " to run it.
- Copy and Paste the following code into the
 textbox. Do not include the word Code
| Code: |
:processes
killallprocesses
:otl
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Coupons.com Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q="
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll (CouponAlert)
O4 - HKLM..\Run: [] File not found
O15 - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-4260644106-4270336358-253422960-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/08/25 00:47:38 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF ]
O32 - AutoRun File - [1998/06/23 17:42:24 | 000,000,063 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{9c016c5e-743f-11dc-91c5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c016c5e-743f-11dc-91c5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe -- [1999/04/23 02:21:06 | 000,036,864 | R--- | M] (Peter Harrison trading as Timeless)
:files
c:\programdata\PC Optimizer Pro
C:\Windows\tasks\PC Optimizer Pro startups.job
ipconfig /flushdns /c
:commands
[emptytemp]
[clearallrestorepoints]
|
Then click the Run Fix button at the top.
Click  .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
Next.
Please download TDSSKiller.exe and save it to your Desktop.
- Right click on TDSSKiller.exe and select " Run as administrator " to run it.
- Click on Start Scan, the scan will run.
- When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
- Now click on Report to open the log file created by TDSSKiller in your root directory C:\
- To find the log go to Start > Computer > C:
- Post the contents of that log in your next reply please.
- DO NOT TRY TO FIX ANYTHING AT THIS POINT
Logs/Information to Post in your Next Reply
- OTL Fix log.
- TDSSKiller log.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
Bellz666
Junior Member
Joined: 07 Aug 2004
Last Visit: 22 May 2012
Posts: 40
Location: NY
|
| Posted: Sun May 20, 2012 7:40 am Post subject: |
|
|
I completed the most recent steps and then found the OTL Extras log from earlier. Not sure you still need it, but I'll post it.
The OTL log after the script is below. TDSSKiller found no entries and I'm posting the log in a seperate post due to space.
***Extras***
OTL Extras logfile created on: 10/29/2011 8:26:46 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jenifer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.45 Mb Total Physical Memory | 201.96 Mb Available Physical Memory | 19.77% Memory free
2.26 Gb Paging File | 0.89 Gb Available in Paging File | 39.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 149.93 Gb Free Space | 67.30% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.12 Gb Free Space | 61.21% Space Free | Partition Type: NTFS
Drive F: | 7.65 Gb Total Space | 5.91 Gb Free Space | 77.29% Space Free | Partition Type: FAT32
Computer Name: JENIFER-PC | User Name: Jenifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B4140E17-3416-4490-B795-5B1160897976}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E7E0F7-7B86-40C8-99CC-7F1E18EAD287}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{0A06219B-F9FD-40C7-BE5E-C8D10B161DED}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 962\dlbxmon.exe |
"{13564929-4EAE-49EB-B2C0-B72513F77492}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{1BC77ED0-3053-4E15-8428-F2F6B00D1F81}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2DC3CCD7-B1C3-45B9-81C0-75D29A177B3D}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{2E8766DF-0C91-44F6-918E-E22001E53DB5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{353C8B9B-30A1-4ACF-9092-CE6C7FCC05BD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{3FD7EAD9-0B6D-4AEC-A646-D8CF673A1ECF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1192316997\ee\aolsoftware.exe |
"{4C66E404-19CA-4AC1-B3F0-DD69E3D99D9B}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 962\dlbxaiox.exe |
"{4E645A47-4022-4DD2-AA52-B3479B1F15DB}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 962\dlbxmon.exe |
"{59863D62-0CA2-49D4-8C6B-124B9E37EFA3}" = protocol=17 | dir=in | app=c:\windows\system32\dlbxcoms.exe |
"{5B0C09F7-0CFE-4D45-8041-EFCA1A1CB41C}" = protocol=6 | dir=in | app=c:\windows\system32\dlbxcoms.exe |
"{6DE29077-3DC2-46A9-8A7F-A3F8A7ADB275}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8491DC07-F4CD-423D-BFCF-E88D9E24B2CA}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 962\dlbxaiox.exe |
"{85A1EB4B-F987-4FDA-8D4A-A4BB5FF082E4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{934AA2C2-E1C9-4737-8F3A-4A30D58EBA76}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{A73E1B23-A821-47E8-93F6-8A678447BA57}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{AE51DF4C-03C7-4078-877C-196147890F6F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B45F7AD2-05A4-44A7-94CA-BEE27F48066E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbxpswx.exe |
"{B5F339CA-36EF-478A-9A2A-93F2A7C6D4FD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BC129D41-3BCB-443B-B6A0-96E7CC942FC0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{C8C5A519-6D6A-42D5-91B2-D12FF1BCD36E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{D07C0EDC-A7A9-4C18-815B-2A1192F17B4C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1192316997\ee\aolsoftware.exe |
"{D7665B77-AC5E-4DE0-9C5A-F78238EAF62D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DD862167-BF6B-4161-98A1-56A269EE75C1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbxpswx.exe |
"{E4B4D955-8CB4-49A6-B6DD-0FAD02E0D1C9}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{F0EDD2F1-34D6-4A1F-BA73-C273BA116027}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{F1A7987E-6E8B-4B46-BE41-27D8B3B101E6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11E0AC7D-6823-4F67-865F-EE1C13D28C38}" = QuickBooks Premier: Accountant Edition 2011
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7E545666-F423-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier: Accountant Edition 2007
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_6" = AIM 6
"AOL Toolbar" = AOL Toolbar 5.0
"AOL Toolbar 5.0" =
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Photo AIO Printer 962" = Dell Photo AIO Printer 962
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Desktop" = Google Desktop
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"N360" = Norton 360
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"ScrewDrivers Client v4" = ScrewDrivers Client v4
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/3/2008 8:27:23 AM | Computer Name = Jenifer-PC | Source = Application Error | ID = 1000
Description = Faulting application aolphx.exe, version 10.0.0.1, time stamp 0x47237491,
faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d, exception
code 0xc0000005, fault offset 0x000bf285, process id 0x1450, application start time
0x01c955427da11140.
Error - 12/5/2008 1:20:16 PM | Computer Name = Jenifer-PC | Source = Application Hang | ID = 1002
Description = The program AcroRd32.exe version 8.1.0.137 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1670 Start Time: 01c956fdafb92980 Termination Time: 50
Error - 12/14/2008 4:37:32 PM | Computer Name = Jenifer-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1750 Start Time: 01c95e280bd5c332 Termination Time: 57
Error - 12/15/2008 8:37:08 AM | Computer Name = Jenifer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/17/2008 8:36:19 PM | Computer Name = Jenifer-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 15d4 Start Time: 01c960a85cbab550 Termination Time: 0
Error - 12/26/2008 8:49:45 AM | Computer Name = Jenifer-PC | Source = Application Hang | ID = 1002
Description = The program waol.exe version 9.5.0.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 38cc Start Time: 01c966984a2b1f60 Termination Time: 78
Error - 12/26/2008 8:57:39 AM | Computer Name = Jenifer-PC | Source = Application Error | ID = 1000
Description = Faulting application aolphx.exe, version 10.0.0.1, time stamp 0x47237491,
faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d, exception
code 0xc0000005, fault offset 0x000bf285, process id 0x1a9c, application start time
0x01c967598814d250.
Error - 12/26/2008 1:22:09 PM | Computer Name = Jenifer-PC | Source = Application Error | ID = 1000
Description = Faulting application aolphx.exe, version 10.0.0.1, time stamp 0x47237491,
faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d, exception
code 0xc0000005, fault offset 0x000bf285, process id 0x1418, application start time
0x01c9677e7b78cb80.
Error - 1/29/2009 11:44:23 AM | Computer Name = Jenifer-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 738 Start Time: 01c982272f58f281 Termination Time: 156
Error - 3/17/2009 7:10:17 PM | Computer Name = Jenifer-PC | Source = Application Hang | ID = 1002
Description = The program waol.exe version 9.5.0.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 10f4 Start Time: 01c9a70b8f5ea080 Termination Time: 76
[ ODiag Events ]
Error - 1/20/2008 10:21:43 PM | Computer Name = Jenifer-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A
[ OSession Events ]
Error - 1/20/2008 10:21:42 PM | Computer Name = Jenifer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 10/16/2011 12:56:35 PM | Computer Name = Jenifer-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:52:43 PM on 10/16/2011 was unexpected.
Error - 10/16/2011 12:57:52 PM | Computer Name = Jenifer-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 10/16/2011 1:03:49 PM | Computer Name = Jenifer-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 10/16/2011 2:07:59 PM | Computer Name = Jenifer-PC | Source = DCOM | ID = 10005
Description =
Error - 10/16/2011 2:07:59 PM | Computer Name = Jenifer-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 10/16/2011 2:07:59 PM | Computer Name = Jenifer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/22/2011 4:10:45 PM | Computer Name = Jenifer-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:55:05 AM on 10/22/2011 was unexpected.
Error - 10/24/2011 8:23:01 PM | Computer Name = Jenifer-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 10/24/2011 8:23:01 PM | Computer Name = Jenifer-PC | Source = DCOM | ID = 10005
Description =
Error - 10/24/2011 8:23:01 PM | Computer Name = Jenifer-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
***OTL Log after running script***
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry value HKEY_USERS\S-1-5-21-4260644106-4270336358-253422960-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37153479-1976-43c3-a1ee-557513977b64} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ not found.
HKEY_USERS\S-1-5-21-4260644106-4270336358-253422960-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4260644106-4270336358-253422960-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-4260644106-4270336358-253422960-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Coupons.com Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Coupons.com Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin\ deleted successfully.
C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4260644106-4270336358-253422960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4260644106-4270336358-253422960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4260644106-4270336358-253422960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
C:\autoexec.bat moved successfully.
File not found.
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c016c5e-743f-11dc-91c5-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c016c5e-743f-11dc-91c5-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c016c5e-743f-11dc-91c5-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c016c5e-743f-11dc-91c5-806e6f6e6963}\ not found.
File move failed. E:\autorun\autorun.exe scheduled to be moved on reboot.
========== FILES ==========
c:\programdata\PC Optimizer Pro\LOGS folder moved successfully.
c:\programdata\PC Optimizer Pro folder moved successfully.
C:\Windows\tasks\PC Optimizer Pro startups.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jenifer\Desktop\cmd.bat deleted successfully.
C:\Users\Jenifer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jenifer
->Temp folder emptied: 132121 bytes
->Temporary Internet Files folder emptied: 7843712 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49476708 bytes
->Flash cache emptied: 28801 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 480 bytes
RecycleBin emptied: 18421141 bytes
Total Files Cleaned = 72.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.43.0 log created on 05202012_112359
Files\Folders moved on Reboot...
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. E:\autorun\autorun.exe scheduled to be moved on reboot.
File\Folder C:\Users\Jenifer\AppData\Local\Temp\~DF6D0C.tmp not found!
File\Folder C:\Users\Jenifer\AppData\Local\Temp\~DF6DFA.tmp not found!
File\Folder C:\Users\Jenifer\AppData\Local\Temp\~DF6EDE.tmp not found!
File\Folder C:\Users\Jenifer\AppData\Local\Temp\~DF6F06.tmp not found!
File\Folder C:\Users\Jenifer\AppData\Local\Temp\~DF7077.tmp not found!
File\Folder C:\Users\Jenifer\AppData\Local\Temp\~DF7085.tmp not found!
C:\Users\Jenifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H58GKA1I\viewtopic[1].htm moved successfully.
Registry entries deleted on Reboot... |
|
| Back to top |
|
|
Bellz666
Junior Member
Joined: 07 Aug 2004
Last Visit: 22 May 2012
Posts: 40
Location: NY
|
| Posted: Sun May 20, 2012 7:42 am Post subject: |
|
|
***TDSSKiller Report***
11:35:09.0401 5388 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
11:35:11.0320 5388 ============================================================
11:35:11.0320 5388 Current date / time: 2012/05/20 11:35:11.0320
11:35:11.0320 5388 SystemInfo:
11:35:11.0320 5388
11:35:11.0320 5388 OS Version: 6.0.6002 ServicePack: 2.0
11:35:11.0320 5388 Product type: Workstation
11:35:11.0320 5388 ComputerName: JENIFER-PC
11:35:11.0320 5388 UserName: Jenifer
11:35:11.0320 5388 Windows directory: C:\Windows
11:35:11.0320 5388 System windows directory: C:\Windows
11:35:11.0320 5388 Processor architecture: Intel x86
11:35:11.0320 5388 Number of processors: 2
11:35:11.0320 5388 Page size: 0x1000
11:35:11.0320 5388 Boot type: Normal boot
11:35:11.0320 5388 ============================================================
11:35:15.0251 5388 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:35:15.0267 5388 ============================================================
11:35:15.0267 5388 \Device\Harddisk0\DR0:
11:35:15.0267 5388 MBR partitions:
11:35:15.0267 5388 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
11:35:15.0267 5388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x1BD8D000
11:35:15.0267 5388 ============================================================
11:35:15.0360 5388 C: <-> \Device\Harddisk0\DR0\Partition1
11:35:15.0423 5388 D: <-> \Device\Harddisk0\DR0\Partition0
11:35:15.0438 5388 ============================================================
11:35:15.0438 5388 Initialize success
11:35:15.0438 5388 ============================================================
11:35:30.0773 5568 ============================================================
11:35:30.0773 5568 Scan started
11:35:30.0773 5568 Mode: Manual;
11:35:30.0773 5568 ============================================================
11:35:32.0692 5568 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:35:32.0692 5568 ACPI - ok
11:35:33.0035 5568 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:35:33.0051 5568 AdobeARMservice - ok
11:35:33.0160 5568 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:35:33.0160 5568 AdobeFlashPlayerUpdateSvc - ok
11:35:33.0300 5568 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
11:35:33.0347 5568 adp94xx - ok
11:35:33.0394 5568 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
11:35:33.0425 5568 adpahci - ok
11:35:33.0456 5568 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
11:35:33.0456 5568 adpu160m - ok
11:35:33.0472 5568 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
11:35:33.0472 5568 adpu320 - ok
11:35:33.0487 5568 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:35:33.0487 5568 AeLookupSvc - ok
11:35:33.0612 5568 AERTFilters (330a1e4df07c2e29949ed8631cd8828e) C:\Windows\system32\AERTSrv.exe
11:35:33.0612 5568 AERTFilters - ok
11:35:33.0643 5568 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:35:33.0659 5568 AFD - ok
11:35:33.0690 5568 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
11:35:33.0690 5568 agp440 - ok
11:35:33.0706 5568 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:35:33.0721 5568 aic78xx - ok
11:35:33.0753 5568 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:35:33.0753 5568 ALG - ok
11:35:33.0768 5568 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
11:35:33.0768 5568 aliide - ok
11:35:33.0799 5568 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
11:35:33.0799 5568 amdagp - ok
11:35:33.0815 5568 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
11:35:33.0815 5568 amdide - ok
11:35:33.0940 5568 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
11:35:33.0940 5568 AmdK7 - ok
11:35:33.0971 5568 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
11:35:33.0987 5568 AmdK8 - ok
11:35:34.0111 5568 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
11:35:34.0111 5568 AOL ACS - ok
11:35:34.0143 5568 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:35:34.0143 5568 Appinfo - ok
11:35:34.0158 5568 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
11:35:34.0158 5568 arc - ok
11:35:34.0174 5568 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
11:35:34.0189 5568 arcsas - ok
11:35:34.0314 5568 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:35:34.0345 5568 AsyncMac - ok
11:35:34.0392 5568 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:35:34.0392 5568 atapi - ok
11:35:34.0564 5568 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:35:34.0579 5568 AudioEndpointBuilder - ok
11:35:34.0579 5568 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:35:34.0579 5568 Audiosrv - ok
11:35:34.0626 5568 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:35:34.0657 5568 Beep - ok
11:35:34.0704 5568 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
11:35:34.0720 5568 BFE - ok
11:35:35.0016 5568 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx86.sys
11:35:35.0032 5568 BHDrvx86 - ok
11:35:35.0219 5568 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
11:35:35.0219 5568 BITS - ok
11:35:35.0375 5568 blbdrive - ok
11:35:35.0406 5568 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:35:35.0422 5568 bowser - ok
11:35:35.0453 5568 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:35:35.0453 5568 BrFiltLo - ok
11:35:35.0453 5568 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:35:35.0453 5568 BrFiltUp - ok
11:35:35.0484 5568 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:35:35.0484 5568 Browser - ok
11:35:35.0500 5568 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:35:35.0515 5568 Brserid - ok
11:35:35.0531 5568 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:35:35.0531 5568 BrSerWdm - ok
11:35:35.0547 5568 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:35:35.0547 5568 BrUsbMdm - ok
11:35:35.0562 5568 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:35:35.0578 5568 BrUsbSer - ok
11:35:35.0734 5568 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:35:35.0734 5568 BTHMODEM - ok
11:35:35.0796 5568 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:35:35.0796 5568 cdfs - ok
11:35:35.0843 5568 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:35:35.0843 5568 cdrom - ok
11:35:35.0859 5568 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:35:35.0859 5568 CertPropSvc - ok
11:35:36.0108 5568 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
11:35:36.0124 5568 circlass - ok
11:35:36.0155 5568 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:35:36.0155 5568 CLFS - ok
11:35:36.0358 5568 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:35:36.0358 5568 clr_optimization_v2.0.50727_32 - ok
11:35:36.0436 5568 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:35:36.0467 5568 clr_optimization_v4.0.30319_32 - ok
11:35:36.0483 5568 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
11:35:36.0483 5568 cmdide - ok
11:35:36.0514 5568 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
11:35:36.0514 5568 Compbatt - ok
11:35:36.0514 5568 COMSysApp - ok
11:35:36.0561 5568 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
11:35:36.0561 5568 crcdisk - ok
11:35:36.0748 5568 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
11:35:36.0748 5568 Crusoe - ok
11:35:36.0795 5568 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
11:35:36.0795 5568 CryptSvc - ok
11:35:37.0091 5568 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:35:37.0091 5568 DcomLaunch - ok
11:35:37.0169 5568 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:35:37.0185 5568 DfsC - ok
11:35:37.0637 5568 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
11:35:37.0887 5568 DFSR - ok
11:35:38.0183 5568 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
11:35:38.0183 5568 Dhcp - ok
11:35:38.0277 5568 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:35:38.0308 5568 disk - ok
11:35:38.0308 5568 dlbx_device - ok
11:35:38.0355 5568 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
11:35:38.0355 5568 Dnscache - ok
11:35:38.0417 5568 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
11:35:38.0433 5568 dot3svc - ok
11:35:38.0448 5568 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:35:38.0464 5568 DPS - ok
11:35:38.0511 5568 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:35:38.0511 5568 drmkaud - ok
11:35:38.0667 5568 DSBrokerService (245f62a2aa67f4a61f10174bf1017327) C:\Program Files\DellSupport\brkrsvc.exe
11:35:38.0667 5568 DSBrokerService - ok
11:35:38.0698 5568 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
11:35:38.0713 5568 DSproct - ok
11:35:38.0729 5568 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
11:35:38.0729 5568 dsunidrv - ok
11:35:38.0854 5568 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:35:38.0854 5568 DXGKrnl - ok
11:35:38.0916 5568 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
11:35:38.0916 5568 e1express - ok
11:35:39.0088 5568 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:35:39.0088 5568 E1G60 - ok
11:35:39.0150 5568 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:35:39.0150 5568 EapHost - ok
11:35:39.0228 5568 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:35:39.0228 5568 Ecache - ok
11:35:39.0587 5568 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:35:39.0587 5568 eeCtrl - ok
11:35:39.0805 5568 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
11:35:39.0805 5568 ehRecvr - ok
11:35:39.0852 5568 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
11:35:39.0868 5568 ehSched - ok
11:35:39.0915 5568 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
11:35:39.0930 5568 ehstart - ok
11:35:39.0993 5568 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
11:35:39.0993 5568 elxstor - ok
11:35:40.0071 5568 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
11:35:40.0086 5568 EMDMgmt - ok
11:35:40.0164 5568 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:35:40.0164 5568 EraserUtilRebootDrv - ok
11:35:40.0211 5568 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
11:35:40.0211 5568 EventSystem - ok
11:35:40.0367 5568 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:35:40.0383 5568 exfat - ok
11:35:40.0539 5568 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:35:40.0539 5568 fastfat - ok
11:35:40.0570 5568 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:35:40.0585 5568 fdc - ok
11:35:40.0632 5568 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:35:40.0632 5568 fdPHost - ok
11:35:40.0648 5568 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:35:40.0648 5568 FDResPub - ok
11:35:40.0882 5568 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:35:41.0241 5568 FileInfo - ok
11:35:41.0506 5568 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:35:41.0537 5568 Filetrace - ok
11:35:41.0693 5568 FlipShare Service (072e7fe333bb59ace1bd7cb9c93fc5d9) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
11:35:41.0709 5568 FlipShare Service - ok
11:35:41.0755 5568 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
11:35:41.0787 5568 flpydisk - ok
11:35:41.0818 5568 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:35:41.0818 5568 FltMgr - ok
11:35:41.0911 5568 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
11:35:41.0927 5568 FontCache - ok
11:35:42.0052 5568 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:35:42.0052 5568 FontCache3.0.0.0 - ok
11:35:42.0114 5568 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
11:35:42.0145 5568 Fs_Rec - ok
11:35:42.0239 5568 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
11:35:42.0239 5568 gagp30kx - ok
11:35:42.0301 5568 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:35:42.0333 5568 GEARAspiWDM - ok
11:35:42.0707 5568 GoogleDesktopManager (5b393073c7c3e5d1701f70680e65965d) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
11:35:42.0785 5568 GoogleDesktopManager - ok
11:35:43.0003 5568 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
11:35:43.0003 5568 gpsvc - ok
11:35:43.0097 5568 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:35:43.0097 5568 HDAudBus - ok
11:35:43.0222 5568 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:35:43.0237 5568 HidBth - ok
11:35:43.0253 5568 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:35:43.0253 5568 HidIr - ok
11:35:43.0284 5568 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
11:35:43.0347 5568 hidserv - ok
11:35:43.0378 5568 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
11:35:43.0378 5568 HidUsb - ok
11:35:43.0393 5568 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:35:43.0409 5568 hkmsvc - ok
11:35:43.0471 5568 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
11:35:43.0471 5568 HpCISSs - ok
11:35:43.0721 5568 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:35:43.0752 5568 HSF_DPV - ok
11:35:43.0768 5568 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
11:35:43.0768 5568 HSXHWBS2 - ok
11:35:43.0908 5568 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:35:43.0924 5568 HTTP - ok
11:35:43.0971 5568 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
11:35:43.0971 5568 i2omp - ok
11:35:44.0002 5568 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:35:44.0017 5568 i8042prt - ok
11:35:44.0329 5568 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
11:35:44.0361 5568 iaStor - ok
11:35:44.0641 5568 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
11:35:44.0641 5568 iaStorV - ok
11:35:44.0735 5568 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:35:44.0735 5568 IDriverT - ok
11:35:44.0891 5568 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:35:44.0907 5568 idsvc - ok
11:35:45.0203 5568 IDSVix86 (f9069ce7a7b9f9ba75d009b0ce3d7601) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120518.001\IDSvix86.sys
11:35:45.0203 5568 IDSVix86 - ok
11:35:45.0593 5568 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:35:45.0593 5568 iirsp - ok
11:35:45.0655 5568 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
11:35:45.0671 5568 IKEEXT - ok
11:35:45.0936 5568 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
11:35:46.0045 5568 IntcAzAudAddService - ok
11:35:46.0389 5568 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
11:35:46.0389 5568 intelide - ok
11:35:46.0420 5568 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:35:46.0420 5568 intelppm - ok
11:35:46.0747 5568 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
11:35:46.0747 5568 IntuitUpdateServiceV4 - ok
11:35:46.0981 5568 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:35:46.0997 5568 IPBusEnum - ok
11:35:47.0075 5568 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:35:47.0091 5568 IpFilterDriver - ok
11:35:47.0122 5568 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
11:35:47.0122 5568 iphlpsvc - ok
11:35:47.0122 5568 IpInIp - ok
11:35:47.0200 5568 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
11:35:47.0200 5568 IPMIDRV - ok
11:35:47.0247 5568 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:35:47.0247 5568 IPNAT - ok
11:35:47.0278 5568 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:35:47.0293 5568 IRENUM - ok
11:35:47.0309 5568 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
11:35:47.0309 5568 isapnp - ok
11:35:47.0481 5568 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:35:47.0481 5568 iScsiPrt - ok
11:35:47.0527 5568 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:35:47.0527 5568 iteatapi - ok
11:35:47.0543 5568 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:35:47.0543 5568 iteraid - ok
11:35:47.0590 5568 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:35:47.0590 5568 kbdclass - ok
11:35:47.0605 5568 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
11:35:47.0605 5568 kbdhid - ok
11:35:47.0621 5568 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:35:47.0621 5568 KeyIso - ok
11:35:47.0746 5568 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
11:35:47.0761 5568 KSecDD - ok
11:35:47.0933 5568 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:35:47.0949 5568 KtmRm - ok
11:35:47.0995 5568 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
11:35:47.0995 5568 LanmanServer - ok
11:35:48.0245 5568 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
11:35:48.0245 5568 LanmanWorkstation - ok
11:35:48.0307 5568 libusb0 (b280c4608ac389da9515a35ac4cab0fd) C:\Windows\system32\drivers\libusb0.sys
11:35:48.0307 5568 libusb0 - ok
11:35:48.0354 5568 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:35:48.0354 5568 lltdio - ok
11:35:48.0385 5568 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:35:48.0385 5568 lltdsvc - ok
11:35:48.0432 5568 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:35:48.0432 5568 lmhosts - ok
11:35:48.0541 5568 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
11:35:48.0541 5568 LSI_FC - ok
11:35:48.0573 5568 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
11:35:48.0573 5568 LSI_SAS - ok
11:35:48.0619 5568 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
11:35:48.0619 5568 LSI_SCSI - ok
11:35:48.0666 5568 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:35:48.0666 5568 luafv - ok
11:35:48.0807 5568 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
11:35:48.0822 5568 Mcx2Svc - ok
11:35:48.0838 5568 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:35:48.0838 5568 mdmxsdk - ok
11:35:48.0869 5568 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
11:35:48.0869 5568 megasas - ok
11:35:48.0963 5568 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:35:48.0963 5568 Microsoft Office Groove Audit Service - ok
11:35:49.0009 5568 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:35:49.0009 5568 MMCSS - ok
11:35:49.0025 5568 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:35:49.0025 5568 Modem - ok
11:35:49.0056 5568 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:35:49.0056 5568 monitor - ok
11:35:49.0087 5568 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:35:49.0087 5568 mouclass - ok
11:35:49.0103 5568 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
11:35:49.0119 5568 mouhid - ok
11:35:49.0134 5568 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:35:49.0134 5568 MountMgr - ok
11:35:49.0165 5568 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
11:35:49.0165 5568 mpio - ok
11:35:49.0197 5568 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:35:49.0197 5568 mpsdrv - ok
11:35:49.0259 5568 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
11:35:49.0259 5568 MpsSvc - ok
11:35:49.0290 5568 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:35:49.0290 5568 Mraid35x - ok
11:35:49.0337 5568 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:35:49.0337 5568 MRxDAV - ok
11:35:49.0415 5568 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:35:49.0415 5568 mrxsmb - ok
11:35:49.0431 5568 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:35:49.0431 5568 mrxsmb10 - ok
11:35:49.0462 5568 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:35:49.0462 5568 mrxsmb20 - ok
11:35:49.0477 5568 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
11:35:49.0493 5568 msahci - ok
11:35:49.0524 5568 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
11:35:49.0524 5568 msdsm - ok
11:35:49.0555 5568 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:35:49.0587 5568 MSDTC - ok
11:35:49.0633 5568 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:35:49.0665 5568 Msfs - ok
11:35:49.0680 5568 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:35:49.0711 5568 msisadrv - ok
11:35:49.0758 5568 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:35:49.0789 5568 MSiSCSI - ok
11:35:49.0789 5568 msiserver - ok
11:35:49.0852 5568 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:35:49.0852 5568 MSKSSRV - ok
11:35:49.0883 5568 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:35:49.0883 5568 MSPCLOCK - ok
11:35:49.0899 5568 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:35:49.0930 5568 MSPQM - ok
11:35:50.0117 5568 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:35:50.0117 5568 MsRPC - ok
11:35:50.0164 5568 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:35:50.0164 5568 mssmbios - ok
11:35:50.0211 5568 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:35:50.0226 5568 MSTEE - ok
11:35:50.0257 5568 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:35:50.0289 5568 Mup - ok
11:35:50.0445 5568 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
11:35:50.0445 5568 N360 - ok
11:35:50.0507 5568 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
11:35:50.0507 5568 napagent - ok
11:35:50.0554 5568 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:35:50.0585 5568 NativeWifiP - ok
11:35:50.0788 5568 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120519.009\NAVENG.SYS
11:35:50.0788 5568 NAVENG - ok
11:35:50.0928 5568 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120519.009\NAVEX15.SYS
11:35:50.0944 5568 NAVEX15 - ok
11:35:51.0225 5568 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:35:51.0225 5568 NDIS - ok
11:35:51.0256 5568 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:35:51.0256 5568 NdisTapi - ok
11:35:51.0287 5568 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:35:51.0287 5568 Ndisuio - ok
11:35:51.0318 5568 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:35:51.0318 5568 NdisWan - ok
11:35:51.0349 5568 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:35:51.0365 5568 NDProxy - ok
11:35:51.0381 5568 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:35:51.0381 5568 NetBIOS - ok
11:35:51.0412 5568 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:35:51.0412 5568 netbt - ok
11:35:51.0474 5568 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:35:51.0474 5568 Netlogon - ok
11:35:51.0505 5568 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:35:51.0505 5568 Netman - ok
11:35:51.0537 5568 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:35:51.0552 5568 netprofm - ok
11:35:51.0849 5568 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:35:51.0864 5568 NetTcpPortSharing - ok
11:35:51.0895 5568 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:35:51.0911 5568 nfrd960 - ok
11:35:51.0958 5568 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:35:51.0958 5568 NlaSvc - ok
11:35:52.0114 5568 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:35:52.0129 5568 Npfs - ok
11:35:52.0161 5568 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:35:52.0161 5568 nsi - ok
11:35:52.0239 5568 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:35:52.0270 5568 nsiproxy - ok
11:35:52.0644 5568 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:35:52.0660 5568 Ntfs - ok
11:35:52.0675 5568 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:35:52.0707 5568 ntrigdigi - ok
11:35:52.0753 5568 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:35:52.0847 5568 Null - ok
11:35:54.0501 5568 nvlddmkm (55526cd7b311236aab3f73434cbc651e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:35:54.0844 5568 nvlddmkm - ok
11:35:55.0015 5568 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
11:35:55.0015 5568 nvraid - ok
11:35:55.0047 5568 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
11:35:55.0047 5568 nvstor - ok
11:35:55.0093 5568 nvsvc (0316b676a0f4768dbc8a191f65b4a066) C:\Windows\system32\nvvsvc.exe
11:35:55.0203 5568 nvsvc - ok
11:35:55.0421 5568 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
11:35:55.0421 5568 nv_agp - ok
11:35:55.0421 5568 NwlnkFlt - ok
11:35:55.0421 5568 NwlnkFwd - ok
11:35:55.0577 5568 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:35:55.0593 5568 odserv - ok
11:35:55.0780 5568 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:35:55.0811 5568 ohci1394 - ok
11:35:55.0858 5568 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:35:55.0873 5568 ose - ok
11:35:55.0936 5568 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:35:55.0936 5568 p2pimsvc - ok
11:35:55.0951 5568 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:35:55.0951 5568 p2psvc - ok
11:35:56.0045 5568 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:35:56.0045 5568 Parport - ok
11:35:56.0076 5568 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
11:35:56.0076 5568 partmgr - ok
11:35:56.0092 5568 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:35:56.0092 5568 Parvdm - ok
11:35:56.0123 5568 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:35:56.0123 5568 PcaSvc - ok
11:35:56.0248 5568 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:35:56.0279 5568 pci - ok
11:35:56.0295 5568 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
11:35:56.0295 5568 pciide - ok
11:35:56.0341 5568 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:35:56.0341 5568 pcmcia - ok
11:35:56.0419 5568 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:35:56.0419 5568 PEAUTH - ok
11:35:56.0591 5568 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:35:56.0622 5568 pla - ok
11:35:56.0887 5568 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
11:35:56.0887 5568 PlugPlay - ok
11:35:56.0934 5568 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:35:56.0950 5568 PNRPAutoReg - ok
11:35:56.0950 5568 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:35:56.0950 5568 PNRPsvc - ok
11:35:57.0059 5568 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
11:35:57.0075 5568 PolicyAgent - ok
11:35:57.0340 5568 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:35:57.0418 5568 PptpMiniport - ok
11:35:57.0621 5568 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
11:35:57.0621 5568 Processor - ok
11:35:57.0745 5568 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
11:35:57.0745 5568 ProfSvc - ok
11:35:57.0777 5568 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:35:57.0792 5568 ProtectedStorage - ok
11:35:57.0808 5568 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:35:57.0808 5568 PSched - ok
11:35:57.0839 5568 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
11:35:57.0870 5568 PxHelp20 - ok
11:35:57.0995 5568 QBCFMonitorService (56a6210aca051227eafeefa628bb5a9b) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:35:58.0026 5568 QBCFMonitorService - ok
11:35:58.0057 5568 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:35:58.0057 5568 QBFCService - ok
11:35:58.0245 5568 QBVSS (d4ff4102640685c69bdc63f1674ce724) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
11:35:58.0291 5568 QBVSS - ok
11:35:58.0619 5568 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
11:35:58.0650 5568 ql2300 - ok
11:35:58.0681 5568 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:35:58.0681 5568 ql40xx - ok
11:35:58.0744 5568 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:35:58.0744 5568 QWAVE - ok
11:35:58.0775 5568 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:35:58.0775 5568 QWAVEdrv - ok
11:35:58.0869 5568 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
11:35:58.0900 5568 R300 - ok
11:35:59.0134 5568 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:35:59.0134 5568 RasAcd - ok
11:35:59.0165 5568 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:35:59.0165 5568 RasAuto - ok
11:35:59.0196 5568 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:35:59.0196 5568 Rasl2tp - ok
11:35:59.0243 5568 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
11:35:59.0243 5568 RasMan - ok
11:35:59.0274 5568 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:35:59.0290 5568 RasPppoe - ok
11:35:59.0321 5568 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:35:59.0337 5568 RasSstp - ok
11:35:59.0383 5568 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:35:59.0383 5568 rdbss - ok
11:35:59.0477 5568 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:35:59.0477 5568 RDPCDD - ok
11:35:59.0617 5568 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
11:35:59.0633 5568 rdpdr - ok
11:35:59.0680 5568 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:35:59.0680 5568 RDPENCDD - ok
11:35:59.0711 5568 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
11:35:59.0711 5568 RDPWD - ok
11:35:59.0742 5568 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:35:59.0773 5568 RemoteAccess - ok
11:35:59.0805 5568 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
11:35:59.0820 5568 RemoteRegistry - ok
11:36:00.0039 5568 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
11:36:00.0039 5568 RoxMediaDB9 - ok
11:36:00.0257 5568 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
11:36:00.0273 5568 RoxWatch9 - ok
11:36:00.0304 5568 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:36:00.0319 5568 RpcLocator - ok
11:36:00.0507 5568 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:36:00.0507 5568 RpcSs - ok
11:36:00.0678 5568 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:36:00.0678 5568 rspndr - ok
11:36:00.0709 5568 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:36:00.0725 5568 SamSs - ok
11:36:00.0772 5568 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:36:00.0772 5568 sbp2port - ok
11:36:00.0803 5568 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
11:36:00.0819 5568 SCardSvr - ok
11:36:00.0834 5568 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\Windows\system32\drivers\SCDEmu.sys
11:36:00.0850 5568 SCDEmu - ok
11:36:00.0912 5568 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
11:36:00.0928 5568 Schedule - ok
11:36:00.0943 5568 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:36:01.0037 5568 SCPolicySvc - ok
11:36:01.0084 5568 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:36:01.0084 5568 SDRSVC - ok
11:36:01.0084 5568 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:36:01.0099 5568 secdrv - ok
11:36:01.0115 5568 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:36:01.0131 5568 seclogon - ok
11:36:01.0146 5568 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
11:36:01.0146 5568 SENS - ok
11:36:01.0177 5568 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:36:01.0177 5568 Serenum - ok
11:36:01.0209 5568 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:36:01.0209 5568 Serial - ok
11:36:01.0287 5568 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:36:01.0333 5568 sermouse - ok
11:36:01.0380 5568 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:36:01.0380 5568 SessionEnv - ok
11:36:01.0411 5568 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
11:36:01.0411 5568 sffdisk - ok
11:36:01.0443 5568 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
11:36:01.0443 5568 sffp_mmc - ok
11:36:01.0474 5568 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
11:36:01.0474 5568 sffp_sd - ok
11:36:01.0505 5568 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:36:01.0505 5568 sfloppy - ok
11:36:01.0536 5568 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:36:01.0536 5568 SharedAccess - ok
11:36:01.0630 5568 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
11:36:01.0630 5568 ShellHWDetection - ok
11:36:01.0677 5568 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
11:36:01.0692 5568 sisagp - ok
11:36:01.0708 5568 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
11:36:01.0708 5568 SiSRaid2 - ok
11:36:01.0739 5568 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
11:36:01.0739 5568 SiSRaid4 - ok
11:36:01.0989 5568 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
11:36:02.0098 5568 slsvc - ok
11:36:02.0425 5568 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
11:36:02.0441 5568 SLUINotify - ok
11:36:02.0737 5568 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:36:02.0737 5568 Smb - ok
11:36:02.0784 5568 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:36:02.0784 5568 SNMPTRAP - ok
11:36:02.0815 5568 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:36:02.0831 5568 spldr - ok
11:36:02.0862 5568 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
11:36:02.0878 5568 Spooler - ok
11:36:03.0096 5568 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502010.003\SRTSP.SYS
11:36:03.0096 5568 SRTSP - ok
11:36:03.0190 5568 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502010.003\SRTSPX.SYS
11:36:03.0190 5568 SRTSPX - ok
11:36:03.0237 5568 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:36:03.0237 5568 srv - ok
11:36:03.0283 5568 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:36:03.0283 5568 srv2 - ok
11:36:03.0330 5568 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:36:03.0330 5568 srvnet - ok
11:36:03.0361 5568 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:36:03.0377 5568 SSDPSRV - ok
11:36:03.0408 5568 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:36:03.0424 5568 SstpSvc - ok
11:36:03.0471 5568 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
11:36:03.0471 5568 stisvc - ok
11:36:03.0627 5568 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:36:03.0642 5568 stllssvr - ok
11:36:03.0673 5568 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:36:03.0673 5568 swenum - ok
11:36:03.0705 5568 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
11:36:03.0720 5568 swprv - ok
11:36:03.0751 5568 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:36:03.0751 5568 Symc8xx - ok
11:36:03.0954 5568 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502010.003\SYMDS.SYS
11:36:03.0985 5568 SymDS - ok
11:36:04.0079 5568 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502010.003\SYMEFA.SYS
11:36:04.0110 5568 SymEFA - ok
11:36:04.0141 5568 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
11:36:04.0173 5568 SymEvent - ok
11:36:04.0173 5568 SYMFW - ok
11:36:04.0235 5568 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502010.003\Ironx86.SYS
11:36:04.0235 5568 SymIRON - ok
11:36:04.0251 5568 SYMNDISV - ok
11:36:04.0999 5568 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502010.003\SYMTDIV.SYS
11:36:05.0015 5568 SYMTDIv - ok
11:36:05.0093 5568 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:36:05.0093 5568 Sym_hi - ok
11:36:05.0140 5568 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:36:05.0155 5568 Sym_u3 - ok
11:36:05.0202 5568 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
11:36:05.0218 5568 SysMain - ok
11:36:05.0249 5568 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:36:05.0249 5568 TabletInputService - ok
11:36:05.0296 5568 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
11:36:05.0296 5568 TapiSrv - ok
11:36:05.0358 5568 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:36:05.0358 5568 TBS - ok
11:36:05.0592 5568 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
11:36:05.0623 5568 Tcpip - ok
11:36:05.0639 5568 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
11:36:05.0639 5568 Tcpip6 - ok
11:36:05.0701 5568 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
11:36:05.0701 5568 tcpipreg - ok
11:36:05.0733 5568 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:36:05.0748 5568 TDPIPE - ok
11:36:05.0779 5568 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:36:05.0779 5568 TDTCP - ok
11:36:05.0935 5568 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:36:05.0935 5568 tdx - ok
11:36:05.0951 5568 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:36:05.0967 5568 TermDD - ok
11:36:06.0107 5568 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
11:36:06.0107 5568 TermService - ok
11:36:06.0185 5568 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
11:36:06.0185 5568 Themes - ok
11:36:06.0279 5568 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:36:06.0279 5568 THREADORDER - ok
11:36:06.0310 5568 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:36:06.0388 5568 TrkWks - ok
11:36:06.0450 5568 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
11:36:06.0450 5568 TrustedInstaller - ok
11:36:06.0528 5568 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:36:06.0544 5568 tssecsrv - ok
11:36:06.0559 5568 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:36:06.0559 5568 tunmp - ok
11:36:06.0591 5568 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:36:06.0591 5568 tunnel - ok
11:36:06.0622 5568 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
11:36:06.0622 5568 uagp35 - ok
11:36:06.0669 5568 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:36:06.0669 5568 udfs - ok
11:36:06.0715 5568 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:36:06.0731 5568 UI0Detect - ok
11:36:06.0762 5568 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
11:36:06.0762 5568 uliagpkx - ok
11:36:06.0793 5568 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
11:36:06.0809 5568 uliahci - ok
11:36:06.0856 5568 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:36:06.0903 5568 UlSata - ok
11:36:06.0949 5568 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:36:06.0949 5568 ulsata2 - ok
11:36:06.0981 5568 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:36:07.0012 5568 umbus - ok
11:36:07.0105 5568 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:36:07.0121 5568 upnphost - ok
11:36:07.0183 5568 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:36:07.0183 5568 usbccgp - ok
11:36:07.0293 5568 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:36:07.0293 5568 usbcir - ok
11:36:07.0324 5568 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:36:07.0324 5568 usbehci - ok
11:36:07.0449 5568 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:36:07.0449 5568 usbhub - ok
11:36:07.0511 5568 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:36:07.0511 5568 usbohci - ok
11:36:07.0542 5568 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:36:07.0542 5568 usbprint - ok
11:36:07.0573 5568 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:36:07.0605 5568 usbscan - ok
11:36:07.0636 5568 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:36:07.0636 5568 USBSTOR - ok
11:36:07.0745 5568 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:36:07.0792 5568 usbuhci - ok
11:36:07.0823 5568 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
11:36:07.0823 5568 UxSms - ok
11:36:07.0870 5568 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
11:36:07.0885 5568 vds - ok
11:36:07.0948 5568 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
11:36:07.0948 5568 vga - ok
11:36:08.0057 5568 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:36:08.0057 5568 VgaSave - ok
11:36:08.0104 5568 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
11:36:08.0119 5568 viaagp - ok
11:36:08.0151 5568 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
11:36:08.0151 5568 ViaC7 - ok
11:36:08.0197 5568 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
11:36:08.0197 5568 viaide - ok
11:36:08.0322 5568 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
11:36:08.0322 5568 Viewpoint Manager Service - ok
11:36:08.0353 5568 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:36:08.0353 5568 volmgr - ok
11:36:08.0385 5568 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:36:08.0400 5568 volmgrx - ok
11:36:08.0447 5568 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:36:08.0478 5568 volsnap - ok
11:36:08.0572 5568 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
11:36:08.0572 5568 vsmraid - ok
11:36:08.0821 5568 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
11:36:08.0931 5568 VSS - ok
11:36:09.0102 5568 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
11:36:09.0102 5568 W32Time - ok
11:36:09.0196 5568 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:36:09.0196 5568 WacomPen - ok
11:36:09.0227 5568 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:36:09.0227 5568 Wanarp - ok
11:36:09.0227 5568 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:36:09.0243 5568 Wanarpv6 - ok
11:36:09.0305 5568 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
11:36:09.0321 5568 wanatw - ok
11:36:09.0367 5568 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
11:36:09.0383 5568 wcncsvc - ok
11:36:09.0477 5568 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:36:09.0492 5568 WcsPlugInService - ok
11:36:09.0555 5568 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
11:36:09.0555 5568 Wd - ok
11:36:09.0648 5568 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:36:09.0648 5568 Wdf01000 - ok
11:36:09.0742 5568 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:36:09.0789 5568 WdiServiceHost - ok
11:36:09.0804 5568 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:36:09.0804 5568 WdiSystemHost - ok
11:36:09.0976 5568 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
11:36:09.0976 5568 WebClient - ok
11:36:10.0038 5568 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
11:36:10.0038 5568 Wecsvc - ok
11:36:10.0132 5568 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:36:10.0132 5568 wercplsupport - ok
11:36:10.0210 5568 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
11:36:10.0210 5568 WerSvc - ok
11:36:10.0335 5568 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:36:10.0350 5568 winachsf - ok
11:36:10.0475 5568 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
11:36:10.0491 5568 WinDefend - ok
11:36:10.0522 5568 WinHttpAutoProxySvc - ok
11:36:10.0569 5568 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
11:36:10.0569 5568 Winmgmt - ok
11:36:10.0818 5568 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
11:36:10.0912 5568 WinRM - ok
11:36:10.0990 5568 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
11:36:11.0037 5568 Wlansvc - ok
11:36:11.0208 5568 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
11:36:11.0208 5568 WmiAcpi - ok
11:36:11.0286 5568 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
11:36:11.0286 5568 wmiApSrv - ok
11:36:11.0505 5568 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:36:11.0520 5568 WMPNetworkSvc - ok
11:36:11.0567 5568 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
11:36:11.0567 5568 WPCSvc - ok
11:36:11.0645 5568 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
11:36:11.0645 5568 WPDBusEnum - ok
11:36:11.0707 5568 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
11:36:11.0707 5568 WpdUsb - ok
11:36:11.0910 5568 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:36:11.0941 5568 WPFFontCache_v0400 - ok
11:36:11.0988 5568 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:36:11.0988 5568 ws2ifsl - ok
11:36:12.0019 5568 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
11:36:12.0019 5568 wscsvc - ok
11:36:12.0035 5568 WSearch - ok
11:36:12.0160 5568 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
11:36:12.0222 5568 wuauserv - ok
11:36:12.0971 5568 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:36:12.0971 5568 WUDFRd - ok
11:36:13.0033 5568 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:36:13.0049 5568 wudfsvc - ok
11:36:13.0096 5568 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
11:36:13.0096 5568 XAudio - ok
11:36:13.0127 5568 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
11:36:13.0127 5568 XAudioService - ok
11:36:13.0189 5568 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:36:14.0219 5568 \Device\Harddisk0\DR0 - ok
11:36:14.0250 5568 Boot (0x1200) (2970990653884b56bd0ca5531903c016) \Device\Harddisk0\DR0\Partition0
11:36:14.0266 5568 \Device\Harddisk0\DR0\Partition0 - ok
11:36:14.0281 5568 Boot (0x1200) (e347a634364097cb77a5905d86316e22) \Device\Harddisk0\DR0\Partition1
11:36:14.0281 5568 \Device\Harddisk0\DR0\Partition1 - ok
11:36:14.0281 5568 ============================================================
11:36:14.0281 5568 Scan finished
11:36:14.0281 5568 ============================================================
11:36:14.0297 5560 Detected object count: 0
11:36:14.0297 5560 Actual detected object count: 0 |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Sun May 20, 2012 7:52 am Post subject: |
|
|
Hi Bellz666,
How is your computer running now, any problems?
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
Bellz666
Junior Member
Joined: 07 Aug 2004
Last Visit: 22 May 2012
Posts: 40
Location: NY
|
| Posted: Sun May 20, 2012 7:58 am Post subject: |
|
|
| Looking much better. I still have the funky desktop icons, is it safe to remove them now? Also, I still have the toolbars from Iminent and "I want this" on my Firefox browser, I have removed them vie the extensions tab, should this be sufficient? |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Sun May 20, 2012 8:07 am Post subject: |
|
|
Hi Bellz666,
| Quote: |
| Looking much better. I still have the funky desktop icons, is it safe to remove them now? |
Yes just delete any desktop icons you don't recognise.
| Quote: |
| Also, I still have the toolbars from Iminent and "I want this" on my Firefox browser, I have removed them vie the extensions tab, should this be sufficient? |
No problem we can take care of those, do the following then give me one more update on your computers performance.
- Rught-click OTL.exe and select " Run as administrator " to run it.
- Copy and Paste the following code into the textbox. Do not include the word Code
| Code: |
:processes
killallprocesses
:otl
[2012/05/15 16:04:51 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/05/15 16:11:38 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\extensions\crossriderapp2258@crossrider.com
:files
ipconfig /flushdns /c
:commands
[emptytemp]
[clearallrestorepoints]
|
Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
Bellz666
Junior Member
Joined: 07 Aug 2004
Last Visit: 22 May 2012
Posts: 40
Location: NY
|
| Posted: Sun May 20, 2012 8:18 am Post subject: |
|
|
Looking really good, no more pop ups, no more toolbars, no more sluggish browsing. Here's the log:
All processes killed
========== PROCESSES ==========
========== OTL ==========
Folder C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\ not found.
Folder C:\Users\Jenifer\AppData\Roaming\Mozilla\Firefox\Profiles\qyzuvwei.default\extensions\crossriderapp2258@crossrider.com\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jenifer\Desktop\cmd.bat deleted successfully.
C:\Users\Jenifer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jenifer
->Temp folder emptied: 82155 bytes
->Temporary Internet Files folder emptied: 2293476 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22818655 bytes
->Flash cache emptied: 470 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 24.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.43.0 log created on 05202012_120952
Files\Folders moved on Reboot...
File\Folder C:\Users\Jenifer\AppData\Local\Temp\~DF7C09.tmp not found!
File\Folder C:\Users\Jenifer\AppData\Local\Temp\~DF7C18.tmp not found!
File\Folder C:\Users\Jenifer\AppData\Local\Temp\~DFFEE1.tmp not found!
File\Folder C:\Users\Jenifer\AppData\Local\Temp\~DFFEFB.tmp not found!
Registry entries deleted on Reboot... |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Sun May 20, 2012 8:59 am Post subject: |
|
|
Hi Bellz666,
| Quote: |
| Looking really good, no more pop ups, no more toolbars, no more sluggish browsing. |
Excellent 
I need you to run one more scan for me, just to make sure we got everything.
ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- First please Disable any Antivirus you have active, as shown in This topic.
- Note: Don't forget to re-enable it after the scan.
- Next hold down Control then click on the following link to open a new window to ESET online scannner
- Select the option YES, I accept the Terms of Use then click on Start.
| Quote: |
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. |
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on Start.
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on Finish.
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
Bellz666
Junior Member
Joined: 07 Aug 2004
Last Visit: 22 May 2012
Posts: 40
Location: NY
|
| Posted: Sun May 20, 2012 2:06 pm Post subject: |
|
|
Ok, it found 6 threats, here's the report:
***ESET***
C:\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll Win32/Toolbar.MyWebSearch application
C:\Users\Jenifer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\chrome\pptextlinks.jar Win32/Adware.Gamevance.Gen application
C:\Users\Jenifer\Downloads\kobo desktop setup(1).exe Win32/Soft32Downloader application
C:\Users\Jenifer\Downloads\kobo desktop setup.exe Win32/Soft32Downloader application
C:\_OTL\MovedFiles\05202012_112359\C_Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll Win32/Toolbar.MyWebSearch application |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Mon May 21, 2012 1:04 am Post subject: |
|
|
Hi Bellz666,
Just a couple of things to deal with, then if no further problems you should be good to go.
Run this fix please then give me an update on how your computer is performing.
- Right-click OTL.exe and select " Run as administrator " to run it.
- Copy and Paste the following code into the textbox. Do not include the word Code
| Code: |
:processes
killallprocesses
:files
C:\Program Files\CouponAlert_2pEI
C:\Users\Jenifer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\chrome\pptextlinks.jar
C:\Users\Jenifer\Downloads\kobo desktop setup(1).exe
C:\Users\Jenifer\Downloads\kobo desktop setup.exe
ipconfig /flushdns /c
:commands
[emptytemp]
[clearallrestorepoints]
|
Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
Bellz666
Junior Member
Joined: 07 Aug 2004
Last Visit: 22 May 2012
Posts: 40
Location: NY
|
| Posted: Mon May 21, 2012 3:02 pm Post subject: |
|
|
Hi Cypher,
Things look good, thanks so much for all you did. Going to donate to the site shortly.
-Rob
Latest log:
All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Program Files\CouponAlert_2pEI\Installr\1.bin\chrome folder moved successfully.
C:\Program Files\CouponAlert_2pEI\Installr\1.bin folder moved successfully.
C:\Program Files\CouponAlert_2pEI\Installr folder moved successfully.
C:\Program Files\CouponAlert_2pEI folder moved successfully.
C:\Users\Jenifer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\chrome\pptextlinks.jar moved successfully.
C:\Users\Jenifer\Downloads\kobo desktop setup(1).exe moved successfully.
C:\Users\Jenifer\Downloads\kobo desktop setup.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jenifer\Desktop\cmd.bat deleted successfully.
C:\Users\Jenifer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jenifer
->Temp folder emptied: 821 bytes
->Temporary Internet Files folder emptied: 14624930 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6654801 bytes
->Flash cache emptied: 634 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16073198 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 36.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.43.0 log created on 05212012_181633
Files\Folders moved on Reboot...
Registry entries deleted on Reboot... |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Tue May 22, 2012 1:39 am Post subject: |
|
|
Hi Bellz666,
| Quote: |
| thanks so much for all you did. |
No problem it's my pleasure.
| Quote: |
| Going to donate to the site shortly. |
Thank you, all donations are greatly appreciated.
Your latest set of logs appear to be clean 
This is my general post for when your logs show no more signs of malware.
Clean up with OTL
- Right-click OTL.exe and select " Run as administrator " to run it.
- This will remove some of the tools we used to clean your pc.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CleanUp! button
- Say Yes to the prompt and then allow the program to reboot your computer.
You can now delete any tools/logs we used if they remain on your Desktop.
Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check
Visit Microsoft often to get the latest updates for your computer
You can do that HERE
Read some information HERE On how to prevent Malware
I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Wed May 23, 2012 1:49 am Post subject: |
|
|
| Quote: |
As your issues appear to be resolved, this topic is now closed.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations |
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
