20 replies to this topic

[alazuria]

Norton Securit Suite alerted me to the Zeroaccess!inf trojan that it was trying to block, but failed. Since then, I've been hit with other rootkits, trojans, malware, spyware, trackware, etc.

I can't boot up my computer normally, so I am stuck in Safe Mode with Networking. The attach file option is disabled for me, so I'll have to paste them. Sorry.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by sheila at 0:54:37 on 2012-08-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.2543 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\explorer.exe
"C:\Windows\System32\svchost.exe" -k LocalServiceDns
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll
mURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll
mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Messenger Plus! Community SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Messenger Plus! Community Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Akamai NetSession Interface] "c:\users\sheila\appdata\local\akamai\netsession_win.exe"
uRun: [Google Update] "c:\users\sheila\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [AirMac Base Station Agent] "c:\program files\airmac\APAgent.exe"
mRun: [MyFunCards_5m Browser Plugin Loader] c:\progra~1\myfunc~2\bar\1.bin\5mbrmon.exe
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [Aeria Ignite] "c:\program files\aeria games\ignite\aeriaignite.exe" silent
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
mRun: [PC Pitstop PC Matic Reminder] c:\program files\pcpitstop\pc matic\Reminder-PCMatic.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\sheila\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4AA34806-31D2-46B3-BB14-BF33709D5CA6} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sheila\appdata\roaming\mozilla\firefox\profiles\iyyvcftz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bd45d6b46-cdab-4304-9d2e-f564c2d1295c%7D&mid=49203be05ad843ac95931df41e95a489-1a71e38da43c7be14eed47335abb07994792215d&ds=AVG&v=12.1.0.21&lang=en&pr=fr&d=2012-08-04%2000%3A10%3A39&sap=ku&q=
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.1.5\npsitesafety.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\sheila\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\sheila\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\sheila\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.defaultEngine - yahoo
FF - user.js: browser.search.defaultenginename - yahoo
FF - user.js: browser.search.selectedEngine - Yahoo
FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=
FF - user.js: browser.search.param.yahoo-fr - chrf-protectff
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.funmoods.instlDay - 15486
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.incredibar_i.instlDay - 15507
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05:08
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6
FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
.
FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf
FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube
.
FF - user.js: extensions.autoDisableScopes - 14
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-4 27496]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-23 309848]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120803.002\IDSvix86.sys [2012-8-3 382624]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-16 331384]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2011-9-6 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-23 19544]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-23 54104]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-23 42184]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dldn_device;dldn_device;c:\windows\system32\dldncoms.exe -service --> c:\windows\system32\dldncoms.exe -service [?]
S2 dldnCATSCustConnectService;dldnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldnserv.exe [2008-3-4 99568]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-3-31 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-4 655944]
S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-9-6 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.12.27\ccSvcHst.exe [2011-9-6 126392]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-7-11 763840]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\common files\avg secure search\vtoolbarupdater\12.1.5\ToolbarUpdater.exe [2012-8-4 830048]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\extensionupdaterservice.exe --> c:\program files\web assistant\ExtensionUpdaterService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-26 250056]
S3 apf001;apf001;c:\windows\system32\apf001.sys [2012-1-20 10872]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-16 482176]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-3 106656]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-4 22344]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-5 40776]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-4-2 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-4-2 280096]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-8-4 77312]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2010-4-9 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2010-4-9 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2010-4-9 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2010-4-9 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2010-4-9 118800]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-23 785304]
S4 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-16 1668344]
S4 MyFunCards_5mService;MyFunCardsService;c:\progra~1\myfunc~2\bar\1.bin\5mbarsvc.exe [2012-4-4 42528]
.
=============== Created Last 30 ================
.
2012-08-05 04:33:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-05 00:27:41 -------- d-----w- c:\program files\PCPitstop
2012-08-05 00:11:33 -------- d-----w- c:\programdata\Sophos
2012-08-05 00:10:23 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-08-05 00:09:58 -------- d-----w- c:\program files\Sophos
2012-08-04 23:47:47 -------- d-----w- c:\users\sheila\appdata\roaming\Malwarebytes
2012-08-04 23:47:40 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 23:47:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 23:47:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 12:03:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconF7A21AF7.exe
2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconD7F16134.exe
2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconCF33A0CE.exe
2012-08-04 08:57:26 -------- d-----w- C:\sh4ldr
2012-08-04 08:57:26 -------- d-----w- c:\program files\Enigma Software Group
2012-08-04 08:56:54 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-04 08:51:09 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-08-04 08:51:09 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-08-04 08:51:09 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-08-04 08:51:09 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-08-04 08:51:09 118240 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-08-04 08:51:08 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-08-04 05:28:02 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-04 05:28:02 278528 ----a-w- c:\windows\system32\schannel.dll
2012-08-04 05:28:02 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-04 04:32:03 -------- d-----w- c:\users\sheila\appdata\roaming\AVG2012
2012-08-04 04:10:30 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-04 04:09:29 -------- d-----w- c:\program files\AVG Secure Search
2012-08-04 04:04:37 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-04 03:41:43 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-04 03:40:33 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{39b4c142-238b-4852-bcd4-4593264c2630}\mpengine.dll
2012-08-04 03:40:33 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-04 03:40:33 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-04 02:36:49 -------- d-----w- c:\programdata\DriverGenius
2012-08-04 02:36:14 -------- d-----w- c:\program files\Driver-Soft
2012-08-03 08:22:11 -------- d-----w- c:\windows\system32\wbem\repository
2012-08-03 08:20:33 -------- d-----w- c:\windows\Registration
2012-08-03 06:43:36 -------- d-----w- c:\users\sheila\appdata\roaming\iolo
2012-08-03 06:43:36 -------- d-----w- c:\programdata\iolo
2012-08-03 06:29:10 -------- d-----w- c:\users\sheila\appdata\roaming\Qwiklinx
2012-08-03 06:29:10 -------- d-----w- c:\program files\Qwiklinx
2012-08-03 06:28:15 -------- d-----w- c:\program files\Shop to Win 36
2012-08-03 06:28:14 -------- d-----w- c:\program files\BabylonToolbar
2012-08-03 06:28:04 -------- d-----w- c:\users\sheila\appdata\local\Wajam
2012-08-03 06:27:54 -------- d-----w- c:\users\sheila\appdata\roaming\RadarSync
2012-08-03 06:27:54 -------- d-----w- c:\program files\Wajam
2012-08-03 06:19:46 -------- d-----w- c:\program files\Driver Checker
2012-08-03 05:03:44 -------- d-----w- c:\users\sheila\appdata\local\ElevatedDiagnostics
2012-08-03 04:53:29 -------- d-----w- c:\programdata\RegAce
2012-08-03 04:53:16 -------- d-----w- c:\users\sheila\appdata\local\APN
2012-08-03 04:41:55 -------- d-----w- c:\program files\Fix RegCleaner
2012-08-01 22:48:29 -------- d-----w- c:\windows\system32\%APPDATA%
2012-07-31 21:54:39 -------- d-----w- c:\users\sheila\appdata\local\AVG Secure Search
2012-07-31 21:54:23 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-31 21:54:10 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-31 21:53:24 -------- d--h--w- C:\$AVG
2012-07-31 21:53:23 -------- d-----w- c:\programdata\AVG2012
2012-07-31 21:52:51 -------- d-----w- c:\program files\AVG
2012-07-31 21:50:58 -------- d-----w- c:\programdata\MFAData
2012-07-31 20:44:51 -------- d-----w- c:\program files\Promosoft Corporation
2012-07-31 20:36:05 -------- d-----w- c:\users\sheila\appdata\roaming\YourFileDownloader
2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\SpeedyPC Software
2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\DriverCure
2012-07-31 20:20:42 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-07-31 20:20:41 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-31 20:20:41 -------- d-----w- c:\program files\SpeedyPC Software
2012-07-31 09:51:40 -------- d-----w- c:\users\sheila\appdata\roaming\IObit
2012-07-31 09:44:28 -------- d-----w- c:\users\sheila\appdata\local\Promosoft Corporation
2012-07-16 19:51:23 331384 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys
2012-07-16 19:51:23 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys
2012-07-16 19:51:22 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys
2012-07-16 19:51:22 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys
2012-07-16 19:51:22 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys
2012-07-16 19:51:22 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys
2012-07-16 19:51:21 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys
2012-07-16 19:50:31 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003
2012-07-13 11:00:08 192592 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-07-13 11:00:08 114144 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-07-13 11:00:07 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-07-13 11:00:07 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-07-12 08:57:30 -------- d-----w- c:\program files\x86
2012-07-12 08:55:18 -------- d-----w- c:\program files\OApps
2012-07-12 08:55:15 -------- d-----w- c:\program files\TorrentSearch
2012-07-12 08:54:49 -------- d-----w- c:\users\sheila\Xoliul Shader
2012-07-12 08:54:00 -------- d-----w- c:\program files\intellidownload
2012-07-10 17:37:14 184886 ----a-w- C:\torrent.exe
2012-07-10 13:04:40 -------- d-----w- c:\users\sheila\appdata\local\Aeria Games
2012-07-10 13:03:31 -------- d-----w- c:\programdata\Aeria Games
2012-07-10 12:49:28 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-07-10 12:49:22 -------- d-----w- c:\program files\Aeria Games
2012-07-10 08:46:47 -------- d-----w- C:\New Folder
.
==================== Find3M ====================
.
2012-08-04 07:20:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 07:20:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-18 00:39:20 16304 ------w- c:\windows\system32\apl003.sys
.
============= FINISH: 0:57:53.47 ===============

Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0005
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0005
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0006
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0006
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description:
Device ID: ROOT\*6TO4MP\0009
Manufacturer:
Name:
PNP Device ID: ROOT\*6TO4MP\0009
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0019
Manufacturer: Microsoft
Name: isatap.{4AA34806-31D2-46B3-BB14-BF33709D5CA6}
PNP Device ID: ROOT\*ISATAP\0019
Service: tunnel
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Aeria Ignite
AirMac
Akamai NetSession Interface
Anti-phishing Domain Advisor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Software
avast! Free Antivirus
AVerMedia HC82 Express-Card Hybrid Analog
AVerMedia MCE Encoder 3.2.1.62
AVG 2012
Bonjour
Broadcom Gigabit NetLink Controller
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Comcast High-Speed Internet Install Wizard
CyberLink DVD Suite
Dell 5530 Wireless Broadband Package
Dell Driver Download Manager
Dell Support Center (Support Software)
Dell V105
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
Desktop Doctor
Digsby
Ditto 3.17.0.17
Driver Genius Professional Edition
DriverBoost
EdenEternal
eReg
Foxit Reader 5.1
fTalk
Funmoods Web Search
Game Booster 3
GIMP 2.6.11
Google Chrome
Google SketchUp 8
Google Update Helper
Grand Fantasia
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IDT Audio
Integrated Webcam Driver (1.06.03.0309)
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
IObit Toolbar v5.6
iPhone Configuration Utility
ITECIR Driver
Java Auto Updater
Java™ 6 Update 31
JISHOP 6.1
Live! Cam Avatar Creator
Logitech SetPoint 6.30
Macromedia Fireworks MX 2004
Malwarebytes Anti-Malware version 1.62.0.1300
Messenger Plus! 5
Messenger Plus! Community Smartbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MobileMe Control Panel
Mozilla Firefox 15.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
Norton PC Checkup
Norton Security Scan
Norton Security Suite
NVIDIA PhysX
Paint.NET v3.5.10
Pando Media Booster
PANTECH PC USB Modem Software
PC Matic 1.1.0.48
PC Pitstop Exterminate2 2.0
PC Pitstop Info Center 1.0.0.13
Process Tamer 2.11.01
QuickTime
RICOH Media Driver ver.2.07.01.04
RICOH R5U8xx Media Driver ver.3.62.02
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
Smilebox
Sophos Virus Removal Tool
SpyHunter
SUPERAntiSpyware Free Edition
swMSM
System Requirements Lab for Intel
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoFileDownload
Web Assistant 2.0.0.460
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (12/18/2007 5.0.0004.6)
Windows Live Mesh ActiveX Control for Remote Connections
WinRAR 4.00 (32-bit)
Wizard101
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
8/5/2012 12:32:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}
8/5/2012 12:31:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/5/2012 12:31:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
8/5/2012 12:31:05 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/5/2012 12:31:05 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/5/2012 12:31:05 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/5/2012 12:30:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/5/2012 12:30:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/5/2012 12:30:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/5/2012 12:29:53 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
8/5/2012 12:29:05 AM, Error: EventLog [6008] - The previous system shutdown at 12:27:10 AM on 8/5/2012 was unexpected.
8/5/2012 12:16:48 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/5/2012 12:16:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldnCATSCustConnectService service to connect.
8/5/2012 12:16:48 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/5/2012 12:16:48 AM, Error: Service Control Manager [7000] - The dldnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2012 9:14:49 AM, Error: EventLog [6008] - The previous system shutdown at 9:12:37 AM on 8/4/2012 was unexpected.
8/4/2012 9:09:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6
8/4/2012 9:07:37 AM, Error: EventLog [6008] - The previous system shutdown at 9:04:13 AM on 8/4/2012 was unexpected.
8/4/2012 8:27:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/4/2012 5:06:52 AM, Error: EventLog [6008] - The previous system shutdown at 5:05:10 AM on 8/4/2012 was unexpected.
8/4/2012 5:01:09 AM, Error: EventLog [6008] - The previous system shutdown at 4:59:15 AM on 8/4/2012 was unexpected.
8/4/2012 4:45:14 AM, Error: EventLog [6008] - The previous system shutdown at 4:42:50 AM on 8/4/2012 was unexpected.
8/4/2012 2:59:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/4/2012 2:54:18 AM, Error: EventLog [6008] - The previous system shutdown at 2:52:55 AM on 8/4/2012 was unexpected.
8/4/2012 2:44:26 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
8/4/2012 2:43:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
8/4/2012 2:43:16 AM, Error: Service Control Manager [7023] -
8/4/2012 2:38:43 AM, Error: EventLog [6008] - The previous system shutdown at 2:35:32 AM on 8/4/2012 was unexpected.
8/4/2012 2:30:32 AM, Error: EventLog [6008] - The previous system shutdown at 2:24:16 AM on 8/4/2012 was unexpected.
8/4/2012 2:04:51 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2656409).
8/4/2012 2:04:39 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2656409 (Security Update) into Staging(Staging) state
8/4/2012 2:04:39 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2656409 (Security Update) into Resolved(Resolved) state
8/4/2012 10:01:48 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
8/4/2012 10:01:48 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2012 10:01:48 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2012 10:01:48 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/3/2012 9:38:26 AM, Error: EventLog [6008] - The previous system shutdown at 9:35:42 AM on 8/3/2012 was unexpected.
8/3/2012 9:33:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
8/3/2012 9:33:08 AM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/3/2012 9:28:41 AM, Error: EventLog [6008] - The previous system shutdown at 9:26:27 AM on 8/3/2012 was unexpected.
8/3/2012 9:01:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6
8/3/2012 8:59:30 PM, Error: EventLog [6008] - The previous system shutdown at 8:57:28 PM on 8/3/2012 was unexpected.
8/3/2012 6:52:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
8/3/2012 6:52:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
8/3/2012 6:34:05 AM, Error: EventLog [6008] - The previous system shutdown at 6:32:06 AM on 8/3/2012 was unexpected.
8/3/2012 6:30:06 AM, Error: EventLog [6008] - The previous system shutdown at 6:26:46 AM on 8/3/2012 was unexpected.
8/3/2012 5:56:54 AM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed
8/3/2012 5:07:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/3/2012 3:32:52 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0021707F1DF2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/3/2012 3:20:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86
8/3/2012 3:16:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/3/2012 3:15:44 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi BHDrvx86 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr SRTSPX SymIRON SYMTDIv tdx Wanarpv6
8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2012 3:15:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/3/2012 3:15:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/3/2012 2:09:52 AM, Error: EventLog [6008] - The previous system shutdown at 2:07:20 AM on 8/3/2012 was unexpected.
8/3/2012 2:04:13 AM, Error: EventLog [6008] - The previous system shutdown at 2:02:02 AM on 8/3/2012 was unexpected.
8/3/2012 2:01:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
8/3/2012 2:00:53 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0021707F1DF2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
8/3/2012 11:43:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
8/3/2012 11:43:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
8/3/2012 11:43:53 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
8/3/2012 11:34:32 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/3/2012 11:30:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
8/3/2012 1:57:20 AM, Error: Service Control Manager [7022] - The Windows Audio service hung on starting.
8/3/2012 1:57:20 AM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
8/2/2012 5:51:49 PM, Error: EventLog [6008] - The previous system shutdown at 5:49:52 PM on 8/2/2012 was unexpected.
7/31/2012 5:51:52 AM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/31/2012 5:29:01 AM, Error: EventLog [6008] - The previous system shutdown at 5:27:33 AM on 7/31/2012 was unexpected.
7/31/2012 5:24:47 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0021707F1DF2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/31/2012 5:24:32 AM, Error: EventLog [6008] - The previous system shutdown at 5:21:04 AM on 7/31/2012 was unexpected.
7/31/2012 5:19:09 PM, Error: EventLog [6008] - The previous system shutdown at 5:14:20 PM on 7/31/2012 was unexpected.
7/31/2012 5:14:04 AM, Error: EventLog [6008] - The previous system shutdown at 5:11:19 AM on 7/31/2012 was unexpected.
7/31/2012 5:12:40 PM, Error: EventLog [6008] - The previous system shutdown at 5:08:04 PM on 7/31/2012 was unexpected.
7/31/2012 4:07:56 PM, Error: EventLog [6008] - The previous system shutdown at 4:06:15 PM on 7/31/2012 was unexpected.
7/31/2012 3:35:31 PM, Error: EventLog [6008] - The previous system shutdown at 3:32:48 PM on 7/31/2012 was unexpected.
7/31/2012 3:33:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
7/31/2012 3:33:30 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/30/2012 6:22:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
7/30/2012 6:22:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
7/30/2012 5:01:05 PM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).
7/30/2012 4:59:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton PC Checkup Application Launcher service to connect.
7/30/2012 4:59:54 PM, Error: Service Control Manager [7000] - The Norton PC Checkup Application Launcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/30/2012 4:51:07 PM, Error: EventLog [6008] - The previous system shutdown at 4:48:55 PM on 7/30/2012 was unexpected.
45083044 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6
45083044 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6
45083044 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6
45083044 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6
45083044
.
==== End Of File ===========================

[Maniac]

Hello alazuria and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING


One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
  
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[alazuria]

Ran the TDSSKiller

The post was too large, so I tried splitting it. Hope that's ok

07:10:35.0826 4632 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
07:10:36.0216 4632 ============================================================
07:10:36.0216 4632 Current date / time: 2012/08/05 07:10:36.0216
07:10:36.0216 4632 SystemInfo:
07:10:36.0216 4632
07:10:36.0216 4632 OS Version: 6.0.6002 ServicePack: 2.0
07:10:36.0216 4632 Product type: Workstation
07:10:36.0216 4632 ComputerName: SHEILA-PC
07:10:36.0216 4632 UserName: sheila
07:10:36.0216 4632 Windows directory: C:\Windows
07:10:36.0216 4632 System windows directory: C:\Windows
07:10:36.0216 4632 Processor architecture: Intel x86
07:10:36.0216 4632 Number of processors: 2
07:10:36.0216 4632 Page size: 0x1000
07:10:36.0216 4632 Boot type: Safe boot with network
07:10:36.0216 4632 ============================================================
07:10:37.0667 4632 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:10:37.0667 4632 ============================================================
07:10:37.0667 4632 \Device\Harddisk0\DR0:
07:10:37.0667 4632 MBR partitions:
07:10:37.0667 4632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
07:10:37.0667 4632 ============================================================
07:10:37.0698 4632 C: <-> \Device\Harddisk0\DR0\Partition0
07:10:37.0698 4632 ============================================================
07:10:37.0698 4632 Initialize success
07:10:37.0698 4632 ============================================================
07:10:40.0335 6804 ============================================================
07:10:40.0335 6804 Scan started
07:10:40.0335 6804 Mode: Manual;
07:10:40.0335 6804 ============================================================
07:10:45.0420 6804 45083044 - ok
07:10:45.0514 6804 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
07:10:45.0514 6804 ACPI - ok
07:10:45.0576 6804 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:10:45.0592 6804 AdobeFlashPlayerUpdateSvc - ok
07:10:45.0654 6804 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
07:10:45.0670 6804 adp94xx - ok
07:10:45.0701 6804 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
07:10:45.0701 6804 adpahci - ok
07:10:45.0717 6804 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
07:10:45.0717 6804 adpu160m - ok
07:10:45.0748 6804 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
07:10:45.0748 6804 adpu320 - ok
07:10:45.0779 6804 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
07:10:45.0795 6804 AeLookupSvc - ok
07:10:45.0888 6804 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
07:10:45.0888 6804 AESTFilters - ok
07:10:45.0951 6804 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
07:10:45.0982 6804 AFD - ok
07:10:46.0013 6804 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
07:10:46.0013 6804 agp440 - ok
07:10:46.0044 6804 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
07:10:46.0044 6804 aic78xx - ok
07:10:46.0076 6804 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
07:10:46.0076 6804 ALG - ok
07:10:46.0107 6804 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
07:10:46.0107 6804 aliide - ok
07:10:46.0122 6804 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
07:10:46.0138 6804 amdagp - ok
07:10:46.0154 6804 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
07:10:46.0154 6804 amdide - ok
07:10:46.0185 6804 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
07:10:46.0185 6804 AmdK7 - ok
07:10:46.0216 6804 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
07:10:46.0216 6804 AmdK8 - ok
07:10:46.0247 6804 apf001 (7b4beb577c5d0171f9b66f390ec29284) C:\Windows\system32\apf001.sys
07:10:46.0247 6804 apf001 - ok
07:10:46.0247 6804 apf003 - ok
07:10:46.0278 6804 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
07:10:46.0278 6804 Appinfo - ok
07:10:46.0388 6804 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:10:46.0388 6804 Apple Mobile Device - ok
07:10:46.0450 6804 Application Updater (f4c5530d92fa7f9a41c19edfc4c51bd4) C:\Program Files\Application Updater\ApplicationUpdater.exe
07:10:46.0481 6804 Application Updater - ok
07:10:46.0512 6804 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
07:10:46.0512 6804 arc - ok
07:10:46.0544 6804 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
07:10:46.0544 6804 arcsas - ok
07:10:46.0700 6804 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
07:10:46.0731 6804 aspnet_state - ok
07:10:46.0746 6804 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
07:10:46.0746 6804 aswFsBlk - ok
07:10:46.0762 6804 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
07:10:46.0762 6804 aswMonFlt - ok
07:10:46.0793 6804 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
07:10:46.0793 6804 aswRdr - ok
07:10:46.0871 6804 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
07:10:46.0887 6804 aswSnx - ok
07:10:46.0965 6804 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
07:10:46.0965 6804 aswSP - ok
07:10:47.0012 6804 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
07:10:47.0012 6804 aswTdi - ok
07:10:47.0027 6804 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
07:10:47.0027 6804 AsyncMac - ok
07:10:47.0058 6804 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
07:10:47.0058 6804 atapi - ok
07:10:47.0090 6804 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys
07:10:47.0105 6804 atksgt - ok
07:10:47.0230 6804 ATService (f0da6cc98afbf6f4f65dbcadbd91bc7c) C:\Program Files\Fingerprint Sensor\AtService.exe
07:10:47.0277 6804 ATService - ok
07:10:47.0417 6804 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\Windows\system32\Drivers\ATSwpWDF.sys
07:10:47.0417 6804 ATSwpWDF - ok
07:10:47.0464 6804 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
07:10:47.0464 6804 AudioEndpointBuilder - ok
07:10:47.0480 6804 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
07:10:47.0480 6804 Audiosrv - ok
07:10:47.0558 6804 avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
07:10:47.0558 6804 avast! Antivirus - ok
07:10:47.0979 6804 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
07:10:48.0197 6804 AVGIDSAgent - ok
07:10:48.0338 6804 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
07:10:48.0338 6804 AVGIDSDriver - ok
07:10:48.0369 6804 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
07:10:48.0369 6804 AVGIDSFilter - ok
07:10:48.0416 6804 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
07:10:48.0416 6804 AVGIDSHX - ok
07:10:48.0447 6804 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
07:10:48.0447 6804 AVGIDSShim - ok
07:10:48.0494 6804 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
07:10:48.0509 6804 Avgldx86 - ok
07:10:48.0525 6804 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
07:10:48.0525 6804 Avgmfx86 - ok
07:10:48.0572 6804 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
07:10:48.0572 6804 Avgrkx86 - ok
07:10:48.0603 6804 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
07:10:48.0603 6804 Avgtdix - ok
07:10:48.0634 6804 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\Windows\system32\drivers\avgtpx86.sys
07:10:48.0634 6804 avgtp - ok
07:10:48.0821 6804 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
07:10:48.0837 6804 avgwd - ok
07:10:48.0852 6804 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
07:10:48.0852 6804 BCM42RLY - ok
07:10:48.0946 6804 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
07:10:48.0977 6804 BCM43XX - ok
07:10:49.0133 6804 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
07:10:49.0133 6804 Beep - ok
07:10:49.0196 6804 Bfel2t0sui (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
07:10:49.0196 6804 Bfel2t0sui - ok
07:10:49.0508 6804 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
07:10:49.0539 6804 BHDrvx86 - ok
07:10:49.0570 6804 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
07:10:49.0570 6804 blbdrive - ok
07:10:49.0664 6804 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
07:10:49.0679 6804 Bonjour Service - ok
07:10:49.0710 6804 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
07:10:49.0710 6804 bowser - ok
07:10:49.0726 6804 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
07:10:49.0726 6804 BrFiltLo - ok
07:10:49.0742 6804 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
07:10:49.0742 6804 BrFiltUp - ok
07:10:49.0773 6804 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
07:10:49.0773 6804 Browser - ok
07:10:49.0788 6804 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
07:10:49.0804 6804 Brserid - ok
07:10:49.0820 6804 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
07:10:49.0820 6804 BrSerWdm - ok
07:10:49.0835 6804 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
07:10:49.0835 6804 BrUsbMdm - ok
07:10:49.0835 6804 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
07:10:49.0851 6804 BrUsbSer - ok
07:10:49.0851 6804 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
07:10:49.0851 6804 BTHMODEM - ok
07:10:49.0866 6804 BVRPMPR5 - ok
07:10:49.0898 6804 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
07:10:49.0898 6804 cdfs - ok
07:10:49.0929 6804 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
07:10:49.0929 6804 cdrom - ok
07:10:49.0944 6804 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
07:10:49.0944 6804 CertPropSvc - ok
07:10:49.0976 6804 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
07:10:49.0976 6804 circlass - ok
07:10:50.0022 6804 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
07:10:50.0038 6804 CLFS - ok
07:10:50.0132 6804 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:10:50.0132 6804 clr_optimization_v2.0.50727_32 - ok
07:10:50.0225 6804 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:10:50.0241 6804 clr_optimization_v4.0.30319_32 - ok
07:10:50.0272 6804 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
07:10:50.0272 6804 CmBatt - ok
07:10:50.0303 6804 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
07:10:50.0303 6804 cmdide - ok
07:10:50.0303 6804 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
07:10:50.0319 6804 Compbatt - ok
07:10:50.0334 6804 COMSysApp - ok
07:10:50.0428 6804 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
07:10:50.0428 6804 crcdisk - ok
07:10:50.0444 6804 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
07:10:50.0444 6804 Crusoe - ok
07:10:50.0475 6804 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
07:10:50.0475 6804 CryptSvc - ok
07:10:50.0537 6804 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
07:10:50.0553 6804 DcomLaunch - ok
07:10:50.0568 6804 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
07:10:50.0584 6804 DfsC - ok
07:10:50.0693 6804 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
07:10:50.0756 6804 DFSR - ok
07:10:50.0880 6804 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
07:10:50.0880 6804 Dhcp - ok
07:10:50.0912 6804 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
07:10:50.0912 6804 disk - ok
07:10:50.0974 6804 dldnCATSCustConnectService (c7f6a4f1f95d22abc6ea9173b2bca545) C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldnserv.exe
07:10:50.0990 6804 dldnCATSCustConnectService - ok
07:10:50.0990 6804 dldn_device - ok
07:10:51.0036 6804 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
07:10:51.0036 6804 Dnscache - ok
07:10:51.0083 6804 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
07:10:51.0083 6804 dot3svc - ok
07:10:51.0114 6804 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
07:10:51.0114 6804 DPS - ok
07:10:51.0146 6804 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
07:10:51.0146 6804 drmkaud - ok
07:10:51.0208 6804 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
07:10:51.0224 6804 DXGKrnl - ok
07:10:51.0255 6804 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
07:10:51.0270 6804 E1G60 - ok
07:10:51.0286 6804 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
07:10:51.0286 6804 EapHost - ok
07:10:51.0333 6804 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
07:10:51.0333 6804 Ecache - ok
07:10:51.0442 6804 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
07:10:51.0473 6804 eeCtrl - ok
07:10:51.0504 6804 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
07:10:51.0520 6804 ehRecvr - ok
07:10:51.0551 6804 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
07:10:51.0551 6804 ehSched - ok
07:10:51.0567 6804 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
07:10:51.0567 6804 ehstart - ok
07:10:51.0614 6804 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
07:10:51.0629 6804 elxstor - ok
07:10:51.0676 6804 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
07:10:51.0707 6804 EMDMgmt - ok
07:10:51.0816 6804 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:10:51.0816 6804 EraserUtilRebootDrv - ok
07:10:51.0848 6804 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
07:10:51.0848 6804 ErrDev - ok
07:10:51.0926 6804 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
07:10:51.0941 6804 EventSystem - ok
07:10:52.0004 6804 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
07:10:52.0004 6804 exfat - ok
07:10:52.0050 6804 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
07:10:52.0050 6804 fastfat - ok
07:10:52.0082 6804 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
07:10:52.0082 6804 fdc - ok
07:10:52.0113 6804 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
07:10:52.0113 6804 fdPHost - ok
07:10:52.0144 6804 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
07:10:52.0144 6804 FDResPub - ok
07:10:52.0175 6804 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
07:10:52.0175 6804 FileInfo - ok
07:10:52.0206 6804 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
07:10:52.0206 6804 Filetrace - ok
07:10:52.0222 6804 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
07:10:52.0222 6804 flpydisk - ok
07:10:52.0269 6804 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
07:10:52.0269 6804 FltMgr - ok
07:10:52.0331 6804 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
07:10:52.0378 6804 FontCache - ok
07:10:52.0472 6804 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:10:52.0472 6804 FontCache3.0.0.0 - ok
07:10:52.0518 6804 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
07:10:52.0518 6804 Fs_Rec - ok
07:10:52.0550 6804 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
07:10:52.0550 6804 gagp30kx - ok
07:10:52.0565 6804 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:10:52.0565 6804 GEARAspiWDM - ok
07:10:52.0628 6804 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
07:10:52.0643 6804 gpsvc - ok
07:10:52.0752 6804 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
07:10:52.0752 6804 gupdate - ok
07:10:52.0768 6804 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
07:10:52.0768 6804 gupdatem - ok
07:10:52.0799 6804 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
07:10:52.0799 6804 HdAudAddService - ok
07:10:52.0862 6804 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:10:52.0862 6804 HDAudBus - ok
07:10:52.0908 6804 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
07:10:52.0908 6804 HidBth - ok
07:10:52.0940 6804 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
07:10:52.0940 6804 HidIr - ok
07:10:53.0002 6804 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
07:10:53.0002 6804 hidserv - ok
07:10:53.0033 6804 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
07:10:53.0033 6804 HidUsb - ok
07:10:53.0064 6804 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
07:10:53.0064 6804 hkmsvc - ok
07:10:53.0096 6804 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
07:10:53.0096 6804 HpCISSs - ok
07:10:53.0158 6804 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
07:10:53.0158 6804 HTTP - ok
07:10:53.0220 6804 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
07:10:53.0220 6804 i2omp - ok
07:10:53.0252 6804 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
07:10:53.0252 6804 i8042prt - ok
07:10:53.0283 6804 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
07:10:53.0298 6804 iaStorV - ok
07:10:53.0439 6804 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:10:53.0454 6804 idsvc - ok
07:10:53.0798 6804 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120803.002\IDSvix86.sys
07:10:53.0798 6804 IDSVix86 - ok
07:10:54.0094 6804 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
07:10:54.0219 6804 igfx - ok
07:10:54.0344 6804 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
07:10:54.0344 6804 iirsp - ok
07:10:54.0390 6804 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
07:10:54.0406 6804 IKEEXT - ok
07:10:54.0437 6804 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
07:10:54.0437 6804 IntcHdmiAddService - ok
07:10:54.0468 6804 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
07:10:54.0468 6804 intelide - ok
07:10:54.0500 6804 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
07:10:54.0500 6804 intelppm - ok
07:10:54.0531 6804 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
07:10:54.0531 6804 IPBusEnum - ok
07:10:54.0562 6804 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:10:54.0562 6804 IpFilterDriver - ok
07:10:54.0593 6804 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
07:10:54.0593 6804 IPMIDRV - ok
07:10:54.0624 6804 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
07:10:54.0624 6804 IPNAT - ok
07:10:54.0656 6804 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
07:10:54.0656 6804 IRENUM - ok
07:10:54.0687 6804 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
07:10:54.0702 6804 isapnp - ok
07:10:54.0734 6804 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
07:10:54.0734 6804 iScsiPrt - ok
07:10:54.0765 6804 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
07:10:54.0765 6804 iteatapi - ok
07:10:54.0796 6804 itecir (20425664e2e196d339ca877e0387c023) C:\Windows\system32\DRIVERS\itecir.sys
07:10:54.0796 6804 itecir - ok
07:10:54.0827 6804 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
07:10:54.0827 6804 iteraid - ok
07:10:54.0858 6804 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
07:10:54.0858 6804 k57nd60x - ok
07:10:54.0890 6804 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:10:54.0890 6804 kbdclass - ok
07:10:54.0952 6804 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
07:10:54.0952 6804 kbdhid - ok
07:10:55.0014 6804 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:10:55.0014 6804 KeyIso - ok
07:10:55.0061 6804 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
07:10:55.0092 6804 KSecDD - ok
07:10:55.0170 6804 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
07:10:55.0202 6804 KtmRm - ok
07:10:55.0233 6804 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
07:10:55.0233 6804 LanmanServer - ok
07:10:55.0280 6804 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
07:10:55.0280 6804 LanmanWorkstation - ok
07:10:55.0404 6804 LBTServ (9582504591a9f405f7505fefb4f64123) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
07:10:55.0420 6804 LBTServ - ok
07:10:55.0482 6804 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\Windows\system32\DRIVERS\LHidFilt.Sys
07:10:55.0482 6804 LHidFilt - ok
07:10:55.0514 6804 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
07:10:55.0514 6804 lirsgt - ok
07:10:55.0545 6804 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
07:10:55.0545 6804 lltdio - ok
07:10:55.0576 6804 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
07:10:55.0576 6804 lltdsvc - ok
07:10:55.0607 6804 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
07:10:55.0607 6804 lmhosts - ok
07:10:55.0638 6804 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\Windows\system32\DRIVERS\LMouFilt.Sys
07:10:55.0638 6804 LMouFilt - ok
07:10:55.0670 6804 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
07:10:55.0670 6804 LSI_FC - ok
07:10:55.0685 6804 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
07:10:55.0685 6804 LSI_SAS - ok
07:10:55.0716 6804 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
07:10:55.0716 6804 LSI_SCSI - ok
07:10:55.0732 6804 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
07:10:55.0732 6804 luafv - ok
07:10:55.0779 6804 LUsbFilt (95dab70d56bbac7ddb7e6d0017d71369) C:\Windows\system32\Drivers\LUsbFilt.Sys
07:10:55.0779 6804 LUsbFilt - ok
07:10:55.0826 6804 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
07:10:55.0826 6804 Macromedia Licensing Service - ok
07:10:55.0857 6804 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
07:10:55.0872 6804 MBAMProtector - ok
07:10:55.0982 6804 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:10:56.0028 6804 MBAMService - ok
07:10:56.0106 6804 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
07:10:56.0106 6804 MBAMSwissArmy - ok
07:10:56.0138 6804 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
07:10:56.0153 6804 Mcx2Svc - ok
07:10:56.0169 6804 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
07:10:56.0169 6804 megasas - ok
07:10:56.0231 6804 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
07:10:56.0231 6804 MegaSR - ok
07:10:56.0262 6804 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
07:10:56.0262 6804 MMCSS - ok
07:10:56.0278 6804 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
07:10:56.0278 6804 Modem - ok
07:10:56.0325 6804 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
07:10:56.0325 6804 monitor - ok
07:10:56.0340 6804 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
07:10:56.0340 6804 mouclass - ok
07:10:56.0356 6804 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
07:10:56.0356 6804 mouhid - ok
07:10:56.0387 6804 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
07:10:56.0387 6804 MountMgr - ok
07:10:56.0434 6804 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
07:10:56.0450 6804 mpio - ok
07:10:56.0481 6804 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
07:10:56.0481 6804 mpsdrv - ok
07:10:56.0559 6804 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
07:10:56.0559 6804 Mraid35x - ok
07:10:56.0606 6804 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
07:10:56.0606 6804 MRxDAV - ok
07:10:56.0621 6804 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:10:56.0621 6804 mrxsmb - ok
07:10:56.0668 6804 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:10:56.0684 6804 mrxsmb10 - ok
07:10:56.0715 6804 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:10:56.0715 6804 mrxsmb20 - ok
07:10:56.0762 6804 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
07:10:56.0762 6804 msahci - ok
07:10:56.0808 6804 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
07:10:56.0808 6804 msdsm - ok
07:10:56.0855 6804 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
07:10:56.0855 6804 MSDTC - ok
07:10:56.0918 6804 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
07:10:56.0918 6804 Msfs - ok
07:10:56.0949 6804 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
07:10:56.0949 6804 msisadrv - ok
07:10:56.0996 6804 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
07:10:57.0011 6804 MSiSCSI - ok
07:10:57.0027 6804 msiserver - ok
07:10:57.0074 6804 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
07:10:57.0074 6804 MSKSSRV - ok
07:10:57.0105 6804 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
07:10:57.0105 6804 MSPCLOCK - ok
07:10:57.0120 6804 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
07:10:57.0120 6804 MSPQM - ok
07:10:57.0167 6804 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
07:10:57.0183 6804 MsRPC - ok
07:10:57.0230 6804 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
07:10:57.0230 6804 mssmbios - ok
07:10:57.0245 6804 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
07:10:57.0245 6804 MSTEE - ok
07:10:57.0261 6804 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
07:10:57.0261 6804 Mup - ok
07:10:57.0354 6804 MyFunCards_5mService (72f8c1568a56c7059cb1074a7e529dc6) C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe
07:10:57.0354 6804 MyFunCards_5mService - ok
07:10:57.0417 6804 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
07:10:57.0432 6804 N360 - ok
07:10:57.0464 6804 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
07:10:57.0479 6804 napagent - ok
07:10:57.0510 6804 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
07:10:57.0510 6804 NativeWifiP - ok
07:10:57.0807 6804 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120803.020\NAVENG.SYS
07:10:57.0807 6804 NAVENG - ok
07:10:57.0900 6804 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120803.020\NAVEX15.SYS
07:10:57.0947 6804 NAVEX15 - ok
07:10:58.0134 6804 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
07:10:58.0134 6804 NDIS - ok
07:10:58.0181 6804 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
07:10:58.0181 6804 NdisTapi - ok
07:10:58.0212 6804 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
07:10:58.0212 6804 Ndisuio - ok
07:10:58.0259 6804 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:10:58.0259 6804 NdisWan - ok
07:10:58.0275 6804 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
07:10:58.0275 6804 NDProxy - ok
07:10:58.0306 6804 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
07:10:58.0306 6804 NetBIOS - ok
07:10:58.0337 6804 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
07:10:58.0337 6804 netbt - ok
07:10:58.0368 6804 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:10:58.0384 6804 Netlogon - ok
07:10:58.0415 6804 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
07:10:58.0431 6804 Netman - ok
07:10:58.0556 6804 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:10:58.0571 6804 NetMsmqActivator - ok
07:10:58.0618 6804 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:10:58.0618 6804 NetPipeActivator - ok
07:10:58.0680 6804 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
07:10:58.0696 6804 netprofm - ok
07:10:58.0712 6804 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:10:58.0712 6804 NetTcpActivator - ok
07:10:58.0712 6804 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:10:58.0712 6804 NetTcpPortSharing - ok
07:10:58.0743 6804 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
07:10:58.0743 6804 nfrd960 - ok
07:10:58.0774 6804 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
07:10:58.0774 6804 NlaSvc - ok
07:10:58.0914 6804 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
07:10:58.0914 6804 NMIndexingService - ok
07:10:58.0992 6804 Norton PC Checkup Application Launcher - ok
07:10:59.0055 6804 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
07:10:59.0055 6804 Npfs - ok
07:10:59.0086 6804 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
07:10:59.0102 6804 nsi - ok
07:10:59.0117 6804 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
07:10:59.0117 6804 nsiproxy - ok
07:10:59.0242 6804 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
07:10:59.0289 6804 Ntfs - ok
07:10:59.0336 6804 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
07:10:59.0336 6804 ntrigdigi - ok
07:10:59.0367 6804 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
07:10:59.0367 6804 Null - ok
07:10:59.0429 6804 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
07:10:59.0429 6804 nvraid - ok
07:10:59.0445 6804 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
07:10:59.0445 6804 nvstor - ok
07:10:59.0492 6804 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
07:10:59.0492 6804 nv_agp - ok
07:10:59.0554 6804 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys
07:10:59.0570 6804 OA001Ufd - ok
07:10:59.0616 6804 OA001Vid (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys
07:10:59.0616 6804 OA001Vid - ok
07:10:59.0726 6804 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:10:59.0741 6804 odserv - ok
07:10:59.0772 6804 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
07:10:59.0772 6804 ohci1394 - ok
07:10:59.0819 6804 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:10:59.0835 6804 ose - ok
07:10:59.0897 6804 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:10:59.0913 6804 p2pimsvc - ok
07:10:59.0928 6804 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:10:59.0928 6804 p2psvc - ok
07:10:59.0960 6804 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
07:10:59.0960 6804 Parport - ok
07:10:59.0991 6804 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
07:10:59.0991 6804 partmgr - ok
07:11:00.0006 6804 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
07:11:00.0006 6804 Parvdm - ok
07:11:00.0038 6804 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
07:11:00.0038 6804 PcaSvc - ok
07:11:00.0147 6804 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
07:11:00.0147 6804 PCCUJobMgr - ok
07:11:00.0303 6804 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
07:11:00.0381 6804 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
07:11:00.0412 6804 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
07:11:00.0412 6804 pci - ok
07:11:00.0443 6804 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
07:11:00.0443 6804 pciide - ok
07:11:00.0474 6804 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
07:11:00.0474 6804 pcmcia - ok
07:11:00.0537 6804 PCPitstop Scheduling (9c6ae415ec245d7ec696ffd915b41573) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
07:11:00.0537 6804 PCPitstop Scheduling - ok
07:11:00.0615 6804 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
07:11:00.0646 6804 PEAUTH - ok
07:11:00.0818 6804 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
07:11:00.0864 6804 pla - ok
07:11:00.0958 6804 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
07:11:00.0974 6804 PlugPlay - ok
07:11:01.0036 6804 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:11:01.0036 6804 PNRPAutoReg - ok
07:11:01.0052 6804 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:11:01.0052 6804 PNRPsvc - ok
07:11:01.0098 6804 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
07:11:01.0114 6804 PolicyAgent - ok
07:11:01.0161 6804 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
07:11:01.0176 6804 PptpMiniport - ok
07:11:01.0223 6804 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
07:11:01.0223 6804 Processor - ok
07:11:01.0254 6804 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
07:11:01.0270 6804 ProfSvc - ok
07:11:01.0317 6804 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:11:01.0317 6804 ProtectedStorage - ok
07:11:01.0364 6804 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
07:11:01.0364 6804 PSched - ok
07:11:01.0395 6804 PTDMBus (c23d7e6cfdfbdf0139a9315655315fc7) C:\Windows\system32\DRIVERS\PTDMBus.sys
07:11:01.0395 6804 PTDMBus - ok
07:11:01.0442 6804 PTDMMdm (182ed48f0f876e10ed2398fa4cf8e385) C:\Windows\system32\DRIVERS\PTDMMdm.sys
07:11:01.0442 6804 PTDMMdm - ok
07:11:01.0473 6804 PTDMVsp (0f13e2f9c746fa53a0292f6a9b7a34d4) C:\Windows\system32\DRIVERS\PTDMVsp.sys
07:11:01.0473 6804 PTDMVsp - ok
07:11:01.0504 6804 PTDMWFLT (cd358e58e865989667ff3af59a546ece) C:\Windows\system32\DRIVERS\PTDMWFLT.sys
07:11:01.0504 6804 PTDMWFLT - ok
07:11:01.0520 6804 PTDMWWAN (3e1793aea177a1192495d21ff09512bb) C:\Windows\system32\DRIVERS\PTDMWWAN.sys
07:11:01.0520 6804 PTDMWWAN - ok
07:11:01.0629 6804 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
07:11:01.0644 6804 ql2300 - ok
07:11:01.0691 6804 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
07:11:01.0707 6804 ql40xx - ok
07:11:01.0738 6804 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
07:11:01.0754 6804 QWAVE - ok
07:11:01.0769 6804 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
07:11:01.0769 6804 QWAVEdrv - ok
07:11:01.0785 6804 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
07:11:01.0785 6804 RasAcd - ok
07:11:01.0847 6804 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
07:11:01.0847 6804 RasAuto - ok
07:11:01.0863 6804 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:11:01.0878 6804 Rasl2tp - ok
07:11:01.0972 6804 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
07:11:01.0972 6804 RasMan - ok
07:11:02.0003 6804 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
07:11:02.0003 6804 RasPppoe - ok
07:11:02.0034 6804 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
07:11:02.0034 6804 RasSstp - ok
07:11:02.0066 6804 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
07:11:02.0081 6804 rdbss - ok
07:11:02.0112 6804 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:11:02.0112 6804 RDPCDD - ok
07:11:02.0159 6804 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
07:11:02.0175 6804 rdpdr - ok
07:11:02.0206 6804 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
07:11:02.0206 6804 RDPENCDD - ok
07:11:02.0237 6804 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
07:11:02.0237 6804 RDPWD - ok
07:11:02.0315 6804 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
07:11:02.0315 6804 RemoteAccess - ok
07:11:02.0346 6804 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
07:11:02.0362 6804 RemoteRegistry - ok
07:11:02.0393 6804 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys
07:11:02.0393 6804 rimmptsk - ok
07:11:02.0409 6804 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\Windows\system32\DRIVERS\rimsptsk.sys
07:11:02.0409 6804 rimsptsk - ok
07:11:02.0424 6804 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\Windows\system32\DRIVERS\rixdptsk.sys
07:11:02.0424 6804 rismxdp - ok
07:11:02.0440 6804 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
07:11:02.0440 6804 RpcLocator - ok
07:11:02.0502 6804 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
07:11:02.0518 6804 RpcSs - ok
07:11:02.0534 6804 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
07:11:02.0549 6804 rspndr - ok
07:11:02.0580 6804 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:11:02.0580 6804 SamSs - ok
07:11:02.0627 6804 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:11:02.0627 6804 SASDIFSV - ok
07:11:02.0658 6804 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
07:11:02.0658 6804 SASENUM - ok
07:11:02.0674 6804 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
07:11:02.0674 6804 SASKUTIL - ok
07:11:02.0705 6804 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
07:11:02.0705 6804 sbp2port - ok
07:11:02.0736 6804 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
07:11:02.0752 6804 SCardSvr - ok
07:11:02.0814 6804 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
07:11:02.0830 6804 Schedule - ok
07:11:02.0861 6804 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
07:11:02.0861 6804 SCPolicySvc - ok
07:11:02.0892 6804 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
07:11:02.0892 6804 sdbus - ok
07:11:02.0924 6804 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
07:11:02.0924 6804 SDRSVC - ok
07:11:02.0955 6804 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:11:02.0955 6804 secdrv - ok
07:11:02.0986 6804 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
07:11:02.0986 6804 seclogon - ok
07:11:03.0002 6804 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
07:11:03.0002 6804 SENS - ok
07:11:03.0017 6804 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
07:11:03.0017 6804 Serenum - ok
07:11:03.0048 6804 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
07:11:03.0048 6804 Serial - ok
07:11:03.0080 6804 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
07:11:03.0080 6804 sermouse - ok
07:11:03.0142 6804 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
07:11:03.0142 6804 SessionEnv - ok
07:11:03.0173 6804 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
07:11:03.0173 6804 sffdisk - ok
07:11:03.0189 6804 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
07:11:03.0189 6804 sffp_mmc - ok
07:11:03.0189 6804 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
07:11:03.0204 6804 sffp_sd - ok
07:11:03.0236 6804 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
07:11:03.0236 6804 sfloppy - ok
07:11:03.0329 6804 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
07:11:03.0345 6804 ShellHWDetection - ok
07:11:03.0376 6804 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
07:11:03.0392 6804 sisagp - ok
07:11:03.0501 6804 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
07:11:03.0516 6804 SiSRaid2 - ok
07:11:03.0704 6804 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
07:11:03.0735 6804 SiSRaid4 - ok
07:11:04.0140 6804 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
07:11:04.0234 6804 SkypeUpdate - ok
07:11:04.0858 6804 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
07:11:04.0952 6804 slsvc - ok
07:11:05.0076 6804 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
07:11:05.0076 6804 SLUINotify - ok
07:11:05.0154 6804 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
07:11:05.0154 6804 Smb - ok
07:11:05.0186 6804 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
07:11:05.0186 6804 SNMPTRAP - ok
07:11:05.0264 6804 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
07:11:05.0264 6804 spldr - ok
07:11:05.0295 6804 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
07:11:05.0310 6804 Spooler - ok
07:11:05.0435 6804 sprtsvc_ddoctorv2 (c3716ec0d36ad924b6888d794563e647) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
07:11:05.0435 6804 sprtsvc_ddoctorv2 - ok
07:11:05.0544 6804 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
07:11:05.0544 6804 sprtsvc_DellSupportCenter - ok
07:11:05.0669 6804 SpyHunter 4 Service (f9ec94e35f5019a8e82665e1ef4b4d02) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
07:11:05.0732 6804 SpyHunter 4 Service - ok
07:11:05.0919 6804 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS
07:11:05.0934 6804 SRTSP - ok
07:11:05.0981 6804 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS
07:11:05.0981 6804 SRTSPX - ok
07:11:06.0106 6804 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
07:11:06.0122 6804 srv - ok
07:11:06.0153 6804 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
07:11:06.0153 6804 srv2 - ok
07:11:06.0168 6804 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
07:11:06.0184 6804 srvnet - ok
07:11:06.0246 6804 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
07:11:06.0262 6804 SSDPSRV - ok
07:11:06.0309 6804 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
07:11:06.0324 6804 SstpSvc - ok
07:11:06.0480 6804 STacSV (ddeb942850278d67edc108d57f774bf8) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
07:11:06.0496 6804 STacSV - ok
07:11:06.0558 6804 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys
07:11:06.0574 6804 STHDA - ok
07:11:06.0683 6804 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
07:11:06.0699 6804 stisvc - ok
07:11:06.0730 6804 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
07:11:06.0730 6804 swenum - ok
07:11:06.0777 6804 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
07:11:06.0792 6804 swprv - ok
07:11:06.0808 6804 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
07:11:06.0808 6804 Symc8xx - ok
07:11:06.0902 6804 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS
07:11:06.0917 6804 SymDS - ok
07:11:06.0980 6804 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS
07:11:06.0995 6804 SymEFA - ok
07:11:07.0058 6804 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
07:11:07.0073 6804 SymEvent - ok
07:11:07.0198 6804 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS
07:11:07.0198 6804 SymIRON - ok
07:11:07.0245 6804 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS
07:11:07.0307 6804 SYMTDIv - ok
07:11:07.0354 6804 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
07:11:07.0370 6804 Sym_hi - ok
07:11:07.0385 6804 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
07:11:07.0385 6804 Sym_u3 - ok
07:11:07.0463 6804 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
07:11:07.0479 6804 SysMain - ok
07:11:07.0541 6804 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
07:11:07.0541 6804 TabletInputService - ok
07:11:07.0588 6804 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
07:11:07.0604 6804 TapiSrv - ok
07:11:07.0682 6804 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
07:11:07.0682 6804 TBS - ok
07:11:07.0760 6804 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
07:11:07.0775 6804 Tcpip - ok
07:11:07.0791 6804 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
07:11:07.0806 6804 Tcpip6 - ok
07:11:07.0822 6804 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
07:11:07.0822 6804 tcpipreg - ok
07:11:07.0853 6804 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
07:11:07.0853 6804 TDPIPE - ok
07:11:07.0869 6804 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
07:11:07.0869 6804 TDTCP - ok
07:11:07.0916 6804 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
07:11:07.0916 6804 tdx - ok
07:11:07.0947 6804 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
07:11:07.0947 6804 TermDD - ok
07:11:08.0009 6804 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
07:11:08.0025 6804 TermService - ok
07:11:08.0056 6804 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
07:11:08.0072 6804 Themes - ok
07:11:08.0103 6804 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
07:11:08.0103 6804 THREADORDER - ok
07:11:08.0134 6804 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
07:11:08.0134 6804 TrkWks - ok
07:11:08.0196 6804 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
07:11:08.0196 6804 TrustedInstaller - ok
07:11:08.0274 6804 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:11:08.0274 6804 tssecsrv - ok
07:11:08.0290 6804 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
07:11:08.0290 6804 tunmp - ok
07:11:08.0337 6804 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
07:11:08.0337 6804 tunnel - ok
07:11:08.0368 6804 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
07:11:08.0368 6804 uagp35 - ok
07:11:08.0399 6804 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
07:11:08.0399 6804 udfs - ok
07:11:08.0446 6804 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
07:11:08.0446 6804 UI0Detect - ok
07:11:08.0493 6804 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
07:11:08.0493 6804 uliagpkx - ok
07:11:08.0524 6804 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
07:11:08.0524 6804 uliahci - ok
07:11:08.0555 6804 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
07:11:08.0555 6804 UlSata - ok
07:11:08.0571 6804 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
07:11:08.0571 6804 ulsata2 - ok
07:11:08.0602 6804 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
07:11:08.0602 6804 umbus - ok
07:11:08.0618 6804 Scan interrupted by user!
07:11:08.0618 6804 Scan interrupted by user!
07:11:08.0618 6804 Scan interrupted by user!
07:11:08.0618 6804 ============================================================
07:11:08.0618 6804 Scan finished
07:11:08.0618 6804 ============================================================
07:11:08.0618 5784 Detected object count: 0
07:11:08.0618 5784 Actual detected object count: 0
07:11:14.0592 7976 ============================================================
07:11:14.0592 7976 Scan started
07:11:14.0592 7976 Mode: Manual; SigCheck; TDLFS;
07:11:14.0592 7976 ============================================================
07:11:14.0826 7976 45083044 - ok
07:11:14.0873 7976 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
07:11:15.0029 7976 ACPI - ok
07:11:15.0076 7976 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:11:15.0092 7976 AdobeFlashPlayerUpdateSvc - ok
07:11:15.0138 7976 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
07:11:15.0154 7976 adp94xx - ok
07:11:15.0201 7976 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
07:11:15.0216 7976 adpahci - ok
07:11:15.0248 7976 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
07:11:15.0263 7976 adpu160m - ok
07:11:15.0294 7976 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
07:11:15.0310 7976 adpu320 - ok
07:11:15.0341 7976 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
07:11:15.0575 7976 AeLookupSvc - ok
07:11:15.0669 7976 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
07:11:15.0762 7976 AESTFilters - ok
07:11:15.0809 7976 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
07:11:15.0887 7976 AFD - ok
07:11:15.0903 7976 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
07:11:15.0918 7976 agp440 - ok
07:11:15.0965 7976 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
07:11:15.0981 7976 aic78xx - ok
07:11:15.0996 7976 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
07:11:16.0121 7976 ALG - ok
07:11:16.0137 7976 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
07:11:16.0152 7976 aliide - ok
07:11:16.0168 7976 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
07:11:16.0184 7976 amdagp - ok
07:11:16.0199 7976 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
07:11:16.0215 7976 amdide - ok
07:11:16.0230 7976 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
07:11:16.0308 7976 AmdK7 - ok
07:11:16.0324 7976 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
07:11:16.0402 7976 AmdK8 - ok
07:11:16.0433 7976 apf001 (7b4beb577c5d0171f9b66f390ec29284) C:\Windows\system32\apf001.sys
07:11:16.0511 7976 apf001 - ok
07:11:16.0527 7976 apf003 - ok
07:11:16.0542 7976 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
07:11:16.0636 7976 Appinfo - ok
07:11:16.0730 7976 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:11:16.0730 7976 Apple Mobile Device - ok
07:11:16.0792 7976 Application Updater (f4c5530d92fa7f9a41c19edfc4c51bd4) C:\Program Files\Application Updater\ApplicationUpdater.exe
07:11:16.0823 7976 Application Updater - ok
07:11:16.0870 7976 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
07:11:16.0886 7976 arc - ok
07:11:16.0901 7976 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
07:11:16.0917 7976 arcsas - ok
07:11:17.0057 7976 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
07:11:17.0073 7976 aspnet_state - ok
07:11:17.0104 7976 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
07:11:17.0120 7976 aswFsBlk - ok
07:11:17.0135 7976 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
07:11:17.0151 7976 aswMonFlt - ok
07:11:17.0182 7976 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
07:11:17.0182 7976 aswRdr - ok
07:11:17.0260 7976 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
07:11:17.0276 7976 aswSnx - ok
07:11:17.0338 7976 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
07:11:17.0354 7976 aswSP - ok
07:11:17.0400 7976 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
07:11:17.0416 7976 aswTdi - ok
07:11:17.0447 7976 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
07:11:17.0510 7976 AsyncMac - ok
07:11:17.0541 7976 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
07:11:17.0556 7976 atapi - ok
07:11:17.0603 7976 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys
07:11:17.0619 7976 atksgt - ok
07:11:17.0759 7976 ATService (f0da6cc98afbf6f4f65dbcadbd91bc7c) C:\Program Files\Fingerprint Sensor\AtService.exe
07:11:17.0822 7976 ATService - ok
07:11:17.0962 7976 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\Windows\system32\Drivers\ATSwpWDF.sys
07:11:17.0978 7976 ATSwpWDF - ok
07:11:18.0040 7976 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
07:11:18.0102 7976 AudioEndpointBuilder - ok
07:11:18.0102 7976 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
07:11:18.0134 7976 Audiosrv - ok
07:11:18.0227 7976 avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
07:11:18.0243 7976 avast! Antivirus - ok
07:11:18.0586 7976 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
07:11:18.0836 7976 AVGIDSAgent - ok
07:11:18.0960 7976 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
07:11:18.0976 7976 AVGIDSDriver - ok
07:11:19.0007 7976 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
07:11:19.0023 7976 AVGIDSFilter - ok
07:11:19.0054 7976 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
07:11:19.0070 7976 AVGIDSHX - ok
07:11:19.0101 7976 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
07:11:19.0116 7976 AVGIDSShim - ok
07:11:19.0163 7976 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
07:11:19.0179 7976 Avgldx86 - ok
07:11:19.0210 7976 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
07:11:19.0210 7976 Avgmfx86 - ok
07:11:19.0257 7976 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
07:11:19.0257 7976 Avgrkx86 - ok
07:11:19.0304 7976 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
07:11:19.0319 7976 Avgtdix - ok
07:11:19.0350 7976 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\Windows\system32\drivers\avgtpx86.sys
07:11:19.0366 7976 avgtp - ok
07:11:19.0553 7976 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
07:11:19.0569 7976 avgwd - ok
07:11:19.0584 7976 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
07:11:19.0600 7976 BCM42RLY - ok
07:11:19.0694 7976 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
07:11:19.0725 7976 BCM43XX - ok
07:11:19.0834 7976 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
07:11:19.0912 7976 Beep - ok
07:11:19.0959 7976 Bfel2t0sui (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
07:11:19.0974 7976 Bfel2t0sui - ok
07:11:20.0318 7976 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
07:11:20.0349 7976 BHDrvx86 - ok
07:11:20.0396 7976 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
07:11:20.0442 7976 blbdrive - ok
07:11:20.0552 7976 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
07:11:20.0567 7976 Bonjour Service - ok
07:11:20.0630 7976 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
07:11:20.0708 7976 bowser - ok
07:11:20.0723 7976 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
07:11:20.0770 7976 BrFiltLo - ok
07:11:20.0786 7976 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
07:11:20.0817 7976 BrFiltUp - ok
07:11:20.0910 7976 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
07:11:20.0973 7976 Browser - ok
07:11:20.0988 7976 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
07:11:21.0176 7976 Brserid - ok
07:11:21.0207 7976 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
07:11:21.0269 7976 BrSerWdm - ok
07:11:21.0285 7976 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

[alazuria]

07:11:21.0378 7976 BrUsbMdm - ok
07:11:21.0394 7976 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
07:11:21.0488 7976 BrUsbSer - ok
07:11:21.0519 7976 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
07:11:21.0597 7976 BTHMODEM - ok
07:11:21.0597 7976 BVRPMPR5 - ok
07:11:21.0644 7976 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
07:11:21.0690 7976 cdfs - ok
07:11:21.0722 7976 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
07:11:21.0768 7976 cdrom - ok
07:11:21.0815 7976 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
07:11:21.0862 7976 CertPropSvc - ok
07:11:21.0893 7976 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
07:11:21.0956 7976 circlass - ok
07:11:22.0002 7976 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
07:11:22.0018 7976 CLFS - ok
07:11:22.0112 7976 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:11:22.0127 7976 clr_optimization_v2.0.50727_32 - ok
07:11:22.0221 7976 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:11:22.0236 7976 clr_optimization_v4.0.30319_32 - ok
07:11:22.0268 7976 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
07:11:22.0314 7976 CmBatt - ok
07:11:22.0392 7976 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
07:11:22.0408 7976 cmdide - ok
07:11:22.0439 7976 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
07:11:22.0455 7976 Compbatt - ok
07:11:22.0455 7976 COMSysApp - ok
07:11:22.0470 7976 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
07:11:22.0486 7976 crcdisk - ok
07:11:22.0502 7976 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
07:11:22.0533 7976 Crusoe - ok
07:11:22.0564 7976 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
07:11:22.0611 7976 CryptSvc - ok
07:11:22.0689 7976 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
07:11:22.0767 7976 DcomLaunch - ok
07:11:22.0814 7976 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
07:11:22.0892 7976 DfsC - ok
07:11:23.0048 7976 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
07:11:23.0188 7976 DFSR - ok
07:11:23.0313 7976 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
07:11:23.0375 7976 Dhcp - ok
07:11:23.0438 7976 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
07:11:23.0453 7976 disk - ok
07:11:23.0516 7976 dldnCATSCustConnectService (c7f6a4f1f95d22abc6ea9173b2bca545) C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldnserv.exe
07:11:23.0531 7976 dldnCATSCustConnectService - ok
07:11:23.0531 7976 dldn_device - ok
07:11:23.0562 7976 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
07:11:23.0609 7976 Dnscache - ok
07:11:23.0656 7976 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
07:11:23.0672 7976 dot3svc - ok
07:11:23.0687 7976 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
07:11:23.0718 7976 DPS - ok
07:11:23.0750 7976 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
07:11:23.0796 7976 drmkaud - ok
07:11:23.0859 7976 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
07:11:23.0890 7976 DXGKrnl - ok
07:11:23.0952 7976 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
07:11:24.0030 7976 E1G60 - ok
07:11:24.0062 7976 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
07:11:24.0093 7976 EapHost - ok
07:11:24.0124 7976 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
07:11:24.0140 7976 Ecache - ok
07:11:24.0249 7976 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
07:11:24.0264 7976 eeCtrl - ok
07:11:24.0327 7976 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
07:11:24.0358 7976 ehRecvr - ok
07:11:24.0436 7976 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
07:11:24.0483 7976 ehSched - ok
07:11:24.0530 7976 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
07:11:24.0576 7976 ehstart - ok
07:11:24.0654 7976 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
07:11:24.0686 7976 elxstor - ok
07:11:24.0779 7976 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
07:11:24.0888 7976 EMDMgmt - ok
07:11:24.0998 7976 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:11:24.0998 7976 EraserUtilRebootDrv - ok
07:11:25.0029 7976 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
07:11:25.0076 7976 ErrDev - ok
07:11:25.0138 7976 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
07:11:25.0185 7976 EventSystem - ok
07:11:25.0232 7976 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
07:11:25.0310 7976 exfat - ok
07:11:25.0356 7976 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
07:11:25.0388 7976 fastfat - ok
07:11:25.0434 7976 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
07:11:25.0481 7976 fdc - ok
07:11:25.0512 7976 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
07:11:25.0575 7976 fdPHost - ok
07:11:25.0606 7976 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
07:11:25.0668 7976 FDResPub - ok
07:11:25.0700 7976 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
07:11:25.0715 7976 FileInfo - ok
07:11:25.0746 7976 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
07:11:25.0778 7976 Filetrace - ok
07:11:25.0793 7976 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
07:11:25.0856 7976 flpydisk - ok
07:11:25.0887 7976 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
07:11:25.0902 7976 FltMgr - ok
07:11:25.0980 7976 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
07:11:26.0090 7976 FontCache - ok
07:11:26.0199 7976 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:11:26.0214 7976 FontCache3.0.0.0 - ok
07:11:26.0246 7976 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
07:11:26.0308 7976 Fs_Rec - ok
07:11:26.0355 7976 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
07:11:26.0370 7976 gagp30kx - ok
07:11:26.0433 7976 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:11:26.0433 7976 GEARAspiWDM - ok
07:11:26.0495 7976 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
07:11:26.0573 7976 gpsvc - ok
07:11:26.0698 7976 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
07:11:26.0714 7976 gupdate - ok
07:11:26.0714 7976 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
07:11:26.0729 7976 gupdatem - ok
07:11:26.0760 7976 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
07:11:26.0792 7976 HdAudAddService - ok
07:11:26.0854 7976 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:11:26.0885 7976 HDAudBus - ok
07:11:26.0948 7976 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
07:11:27.0026 7976 HidBth - ok
07:11:27.0057 7976 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
07:11:27.0072 7976 HidIr - ok
07:11:27.0104 7976 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
07:11:27.0135 7976 hidserv - ok
07:11:27.0166 7976 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
07:11:27.0213 7976 HidUsb - ok
07:11:27.0260 7976 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
07:11:27.0306 7976 hkmsvc - ok
07:11:27.0338 7976 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
07:11:27.0353 7976 HpCISSs - ok
07:11:27.0416 7976 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
07:11:27.0462 7976 HTTP - ok
07:11:27.0494 7976 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
07:11:27.0509 7976 i2omp - ok
07:11:27.0540 7976 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
07:11:27.0587 7976 i8042prt - ok
07:11:27.0650 7976 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
07:11:27.0665 7976 iaStorV - ok
07:11:27.0806 7976 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:11:27.0837 7976 idsvc - ok
07:11:28.0196 7976 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120803.002\IDSvix86.sys
07:11:28.0211 7976 IDSVix86 - ok
07:11:28.0508 7976 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
07:11:28.0757 7976 igfx - ok
07:11:28.0882 7976 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
07:11:28.0898 7976 iirsp - ok
07:11:28.0944 7976 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
07:11:29.0007 7976 IKEEXT - ok
07:11:29.0054 7976 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
07:11:29.0100 7976 IntcHdmiAddService - ok
07:11:29.0132 7976 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
07:11:29.0147 7976 intelide - ok
07:11:29.0178 7976 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
07:11:29.0225 7976 intelppm - ok
07:11:29.0256 7976 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
07:11:29.0288 7976 IPBusEnum - ok
07:11:29.0319 7976 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:11:29.0366 7976 IpFilterDriver - ok
07:11:29.0397 7976 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
07:11:29.0428 7976 IPMIDRV - ok
07:11:29.0459 7976 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
07:11:29.0506 7976 IPNAT - ok
07:11:29.0615 7976 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
07:11:29.0678 7976 IRENUM - ok
07:11:29.0724 7976 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
07:11:29.0740 7976 isapnp - ok
07:11:29.0787 7976 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
07:11:29.0802 7976 iScsiPrt - ok
07:11:29.0834 7976 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
07:11:29.0849 7976 iteatapi - ok
07:11:29.0896 7976 itecir (20425664e2e196d339ca877e0387c023) C:\Windows\system32\DRIVERS\itecir.sys
07:11:29.0912 7976 itecir - ok
07:11:29.0943 7976 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
07:11:29.0958 7976 iteraid - ok
07:11:30.0005 7976 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
07:11:30.0083 7976 k57nd60x - ok
07:11:30.0114 7976 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:11:30.0130 7976 kbdclass - ok
07:11:30.0161 7976 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
07:11:30.0208 7976 kbdhid - ok
07:11:30.0255 7976 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:11:30.0348 7976 KeyIso - ok
07:11:30.0395 7976 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
07:11:30.0411 7976 KSecDD - ok
07:11:30.0489 7976 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
07:11:30.0551 7976 KtmRm - ok
07:11:30.0614 7976 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
07:11:30.0645 7976 LanmanServer - ok
07:11:30.0676 7976 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
07:11:30.0723 7976 LanmanWorkstation - ok
07:11:30.0863 7976 LBTServ (9582504591a9f405f7505fefb4f64123) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
07:11:30.0879 7976 LBTServ - ok
07:11:30.0941 7976 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\Windows\system32\DRIVERS\LHidFilt.Sys
07:11:30.0941 7976 LHidFilt - ok
07:11:30.0972 7976 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
07:11:30.0988 7976 lirsgt - ok
07:11:31.0035 7976 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
07:11:31.0082 7976 lltdio - ok
07:11:31.0128 7976 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
07:11:31.0191 7976 lltdsvc - ok
07:11:31.0222 7976 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
07:11:31.0300 7976 lmhosts - ok
07:11:31.0316 7976 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\Windows\system32\DRIVERS\LMouFilt.Sys
07:11:31.0331 7976 LMouFilt - ok
07:11:31.0378 7976 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
07:11:31.0394 7976 LSI_FC - ok
07:11:31.0394 7976 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
07:11:31.0409 7976 LSI_SAS - ok
07:11:31.0456 7976 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
07:11:31.0472 7976 LSI_SCSI - ok
07:11:31.0518 7976 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
07:11:31.0550 7976 luafv - ok
07:11:31.0596 7976 LUsbFilt (95dab70d56bbac7ddb7e6d0017d71369) C:\Windows\system32\Drivers\LUsbFilt.Sys
07:11:31.0612 7976 LUsbFilt - ok
07:11:31.0674 7976 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
07:11:31.0690 7976 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning
07:11:31.0690 7976 Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)
07:11:31.0752 7976 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
07:11:31.0768 7976 MBAMProtector - ok
07:11:31.0893 7976 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:11:31.0924 7976 MBAMService - ok
07:11:31.0986 7976 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
07:11:31.0986 7976 MBAMSwissArmy - ok
07:11:32.0018 7976 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
07:11:32.0064 7976 Mcx2Svc - ok
07:11:32.0096 7976 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
07:11:32.0111 7976 megasas - ok
07:11:32.0158 7976 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
07:11:32.0174 7976 MegaSR - ok
07:11:32.0205 7976 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
07:11:32.0267 7976 MMCSS - ok
07:11:32.0283 7976 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
07:11:32.0330 7976 Modem - ok
07:11:32.0361 7976 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
07:11:32.0408 7976 monitor - ok
07:11:32.0423 7976 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
07:11:32.0439 7976 mouclass - ok
07:11:32.0454 7976 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
07:11:32.0501 7976 mouhid - ok
07:11:32.0532 7976 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
07:11:32.0548 7976 MountMgr - ok
07:11:32.0595 7976 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
07:11:32.0610 7976 mpio - ok
07:11:32.0642 7976 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
07:11:32.0688 7976 mpsdrv - ok
07:11:32.0735 7976 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
07:11:32.0751 7976 Mraid35x - ok
07:11:32.0798 7976 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
07:11:32.0829 7976 MRxDAV - ok
07:11:32.0844 7976 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:11:32.0907 7976 mrxsmb - ok
07:11:32.0954 7976 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:11:32.0985 7976 mrxsmb10 - ok
07:11:33.0016 7976 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:11:33.0047 7976 mrxsmb20 - ok
07:11:33.0078 7976 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
07:11:33.0094 7976 msahci - ok
07:11:33.0156 7976 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
07:11:33.0188 7976 msdsm - ok
07:11:33.0234 7976 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
07:11:33.0266 7976 MSDTC - ok
07:11:33.0297 7976 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
07:11:33.0344 7976 Msfs - ok
07:11:33.0375 7976 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
07:11:33.0390 7976 msisadrv - ok
07:11:33.0422 7976 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
07:11:33.0484 7976 MSiSCSI - ok
07:11:33.0484 7976 msiserver - ok
07:11:33.0515 7976 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
07:11:33.0546 7976 MSKSSRV - ok
07:11:33.0546 7976 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
07:11:33.0593 7976 MSPCLOCK - ok
07:11:33.0624 7976 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
07:11:33.0702 7976 MSPQM - ok
07:11:33.0734 7976 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
07:11:33.0765 7976 MsRPC - ok
07:11:33.0796 7976 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
07:11:33.0812 7976 mssmbios - ok
07:11:33.0812 7976 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
07:11:33.0874 7976 MSTEE - ok
07:11:33.0905 7976 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
07:11:33.0921 7976 Mup - ok
07:11:33.0983 7976 MyFunCards_5mService (72f8c1568a56c7059cb1074a7e529dc6) C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe
07:11:34.0014 7976 MyFunCards_5mService - ok
07:11:34.0108 7976 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
07:11:34.0124 7976 N360 - ok
07:11:34.0170 7976 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
07:11:34.0217 7976 napagent - ok
07:11:34.0264 7976 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
07:11:34.0295 7976 NativeWifiP - ok
07:11:34.0545 7976 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120803.020\NAVENG.SYS
07:11:34.0560 7976 NAVENG - ok
07:11:34.0654 7976 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120803.020\NAVEX15.SYS
07:11:34.0779 7976 NAVEX15 - ok
07:11:34.0982 7976 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
07:11:34.0997 7976 NDIS - ok
07:11:35.0060 7976 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
07:11:35.0091 7976 NdisTapi - ok
07:11:35.0138 7976 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
07:11:35.0184 7976 Ndisuio - ok
07:11:35.0278 7976 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:11:35.0325 7976 NdisWan - ok
07:11:35.0340 7976 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
07:11:35.0372 7976 NDProxy - ok
07:11:35.0403 7976 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
07:11:35.0450 7976 NetBIOS - ok
07:11:35.0496 7976 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
07:11:35.0543 7976 netbt - ok
07:11:35.0574 7976 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:11:35.0590 7976 Netlogon - ok
07:11:35.0637 7976 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
07:11:35.0699 7976 Netman - ok
07:11:35.0808 7976 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:11:35.0824 7976 NetMsmqActivator - ok
07:11:35.0824 7976 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:11:35.0840 7976 NetPipeActivator - ok
07:11:35.0886 7976 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
07:11:35.0933 7976 netprofm - ok
07:11:35.0933 7976 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:11:35.0949 7976 NetTcpActivator - ok
07:11:35.0949 7976 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:11:35.0964 7976 NetTcpPortSharing - ok
07:11:35.0996 7976 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
07:11:36.0011 7976 nfrd960 - ok
07:11:36.0042 7976 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
07:11:36.0089 7976 NlaSvc - ok
07:11:36.0245 7976 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
07:11:36.0261 7976 NMIndexingService - ok
07:11:36.0323 7976 Norton PC Checkup Application Launcher - ok
07:11:36.0370 7976 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
07:11:36.0417 7976 Npfs - ok
07:11:36.0448 7976 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
07:11:36.0495 7976 nsi - ok
07:11:36.0526 7976 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
07:11:36.0557 7976 nsiproxy - ok
07:11:36.0635 7976 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
07:11:36.0682 7976 Ntfs - ok
07:11:36.0760 7976 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
07:11:36.0822 7976 ntrigdigi - ok
07:11:36.0854 7976 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
07:11:36.0900 7976 Null - ok
07:11:36.0932 7976 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
07:11:36.0947 7976 nvraid - ok
07:11:36.0978 7976 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
07:11:36.0994 7976 nvstor - ok
07:11:37.0025 7976 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
07:11:37.0041 7976 nv_agp - ok
07:11:37.0072 7976 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys
07:11:37.0103 7976 OA001Ufd - ok
07:11:37.0150 7976 OA001Vid (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys
07:11:37.0181 7976 OA001Vid - ok
07:11:37.0290 7976 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:11:37.0322 7976 odserv - ok
07:11:37.0384 7976 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
07:11:37.0415 7976 ohci1394 - ok
07:11:37.0478 7976 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:11:37.0478 7976 ose - ok
07:11:37.0556 7976 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:11:37.0665 7976 p2pimsvc - ok
07:11:37.0665 7976 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:11:37.0696 7976 p2psvc - ok
07:11:37.0774 7976 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
07:11:37.0852 7976 Parport - ok
07:11:37.0914 7976 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
07:11:37.0930 7976 partmgr - ok
07:11:37.0946 7976 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
07:11:38.0008 7976 Parvdm - ok
07:11:38.0039 7976 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
07:11:38.0117 7976 PcaSvc - ok
07:11:38.0242 7976 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
07:11:38.0258 7976 PCCUJobMgr - ok
07:11:38.0382 7976 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
07:11:38.0398 7976 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
07:11:38.0445 7976 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
07:11:38.0460 7976 pci - ok
07:11:38.0492 7976 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
07:11:38.0507 7976 pciide - ok
07:11:38.0554 7976 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
07:11:38.0570 7976 pcmcia - ok
07:11:38.0632 7976 PCPitstop Scheduling (9c6ae415ec245d7ec696ffd915b41573) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
07:11:38.0663 7976 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - warning
07:11:38.0663 7976 PCPitstop Scheduling - detected UnsignedFile.Multi.Generic (1)
07:11:38.0726 7976 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
07:11:38.0850 7976 PEAUTH - ok
07:11:38.0991 7976 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
07:11:39.0100 7976 pla - ok
07:11:39.0225 7976 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
07:11:39.0256 7976 PlugPlay - ok
07:11:39.0303 7976 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:11:39.0334 7976 PNRPAutoReg - ok
07:11:39.0350 7976 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:11:39.0381 7976 PNRPsvc - ok
07:11:39.0428 7976 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
07:11:39.0490 7976 PolicyAgent - ok
07:11:39.0568 7976 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
07:11:39.0630 7976 PptpMiniport - ok
07:11:39.0677 7976 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
07:11:39.0740 7976 Processor - ok
07:11:39.0786 7976 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
07:11:39.0833 7976 ProfSvc - ok
07:11:39.0896 7976 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:11:39.0911 7976 ProtectedStorage - ok
07:11:39.0958 7976 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
07:11:39.0989 7976 PSched - ok
07:11:40.0020 7976 PTDMBus (c23d7e6cfdfbdf0139a9315655315fc7) C:\Windows\system32\DRIVERS\PTDMBus.sys
07:11:40.0036 7976 PTDMBus - ok
07:11:40.0083 7976 PTDMMdm (182ed48f0f876e10ed2398fa4cf8e385) C:\Windows\system32\DRIVERS\PTDMMdm.sys
07:11:40.0098 7976 PTDMMdm - ok
07:11:40.0161 7976 PTDMVsp (0f13e2f9c746fa53a0292f6a9b7a34d4) C:\Windows\system32\DRIVERS\PTDMVsp.sys
07:11:40.0176 7976 PTDMVsp - ok
07:11:40.0208 7976 PTDMWFLT (cd358e58e865989667ff3af59a546ece) C:\Windows\system32\DRIVERS\PTDMWFLT.sys
07:11:40.0208 7976 PTDMWFLT - ok
07:11:40.0239 7976 PTDMWWAN (3e1793aea177a1192495d21ff09512bb) C:\Windows\system32\DRIVERS\PTDMWWAN.sys
07:11:40.0239 7976 PTDMWWAN - ok
07:11:40.0317 7976 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
07:11:40.0364 7976 ql2300 - ok
07:11:40.0426 7976 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
07:11:40.0442 7976 ql40xx - ok
07:11:40.0488 7976 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
07:11:40.0535 7976 QWAVE - ok
07:11:40.0551 7976 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
07:11:40.0582 7976 QWAVEdrv - ok
07:11:40.0629 7976 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
07:11:40.0676 7976 RasAcd - ok
07:11:40.0691 7976 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
07:11:40.0754 7976 RasAuto - ok
07:11:40.0785 7976 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:11:40.0816 7976 Rasl2tp - ok
07:11:40.0847 7976 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
07:11:40.0878 7976 RasMan - ok
07:11:40.0910 7976 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
07:11:40.0956 7976 RasPppoe - ok
07:11:41.0003 7976 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
07:11:41.0019 7976 RasSstp - ok
07:11:41.0050 7976 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
07:11:41.0097 7976 rdbss - ok
07:11:41.0128 7976 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:11:41.0175 7976 RDPCDD - ok
07:11:41.0237 7976 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
07:11:41.0268 7976 rdpdr - ok
07:11:41.0300 7976 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
07:11:41.0346 7976 RDPENCDD - ok
07:11:41.0378 7976 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
07:11:41.0409 7976 RDPWD - ok
07:11:41.0440 7976 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
07:11:41.0471 7976 RemoteAccess - ok
07:11:41.0502 7976 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
07:11:41.0534 7976 RemoteRegistry - ok
07:11:41.0565 7976 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys
07:11:41.0627 7976 rimmptsk - ok
07:11:41.0658 7976 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\Windows\system32\DRIVERS\rimsptsk.sys
07:11:41.0690 7976 rimsptsk - ok
07:11:41.0705 7976 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\Windows\system32\DRIVERS\rixdptsk.sys
07:11:41.0736 7976 rismxdp - ok
07:11:41.0736 7976 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
07:11:41.0768 7976 RpcLocator - ok
07:11:41.0830 7976 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
07:11:41.0877 7976 RpcSs - ok
07:11:41.0924 7976 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
07:11:41.0955 7976 rspndr - ok
07:11:41.0986 7976 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:11:42.0002 7976 SamSs - ok
07:11:42.0048 7976 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:11:42.0064 7976 SASDIFSV - ok
07:11:42.0080 7976 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
07:11:42.0095 7976 SASENUM - ok
07:11:42.0111 7976 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
07:11:42.0126 7976 SASKUTIL - ok
07:11:42.0158 7976 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
07:11:42.0173 7976 sbp2port - ok
07:11:42.0204 7976 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
07:11:42.0251 7976 SCardSvr - ok
07:11:42.0314 7976 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
07:11:42.0345 7976 Schedule - ok
07:11:42.0376 7976 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
07:11:42.0392 7976 SCPolicySvc - ok
07:11:42.0470 7976 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
07:11:42.0516 7976 sdbus - ok
07:11:42.0548 7976 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
07:11:42.0610 7976 SDRSVC - ok
07:11:42.0626 7976 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:11:42.0688 7976 secdrv - ok
07:11:42.0719 7976 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
07:11:42.0766 7976 seclogon - ok
07:11:42.0797 7976 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
07:11:42.0860 7976 SENS - ok
07:11:42.0875 7976 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
07:11:42.0953 7976 Serenum - ok
07:11:42.0984 7976 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
07:11:43.0047 7976 Serial - ok
07:11:43.0094 7976 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
07:11:43.0109 7976 sermouse - ok
07:11:43.0156 7976 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
07:11:43.0187 7976 SessionEnv - ok
07:11:43.0203 7976 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
07:11:43.0250 7976 sffdisk - ok
07:11:43.0281 7976 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
07:11:43.0343 7976 sffp_mmc - ok
07:11:43.0359 7976 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
07:11:43.0406 7976 sffp_sd - ok
07:11:43.0437 7976 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
07:11:43.0499 7976 sfloppy - ok
07:11:43.0546 7976 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
07:11:43.0593 7976 ShellHWDetection - ok
07:11:43.0624 7976 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
07:11:43.0640 7976 sisagp - ok
07:11:43.0671 7976 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
07:11:43.0686 7976 SiSRaid2 - ok
07:11:43.0702 7976 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
07:11:43.0718 7976 SiSRaid4 - ok
07:11:43.0842 7976 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
07:11:43.0858 7976 SkypeUpdate - ok
07:11:44.0014 7976 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
07:11:44.0170 7976 slsvc - ok
07:11:44.0264 7976 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
07:11:44.0326 7976 SLUINotify - ok
07:11:44.0357 7976 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
07:11:44.0404 7976 Smb - ok
07:11:44.0435 7976 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
07:11:44.0451 7976 SNMPTRAP - ok
07:11:44.0482 7976 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
07:11:44.0498 7976 spldr - ok
07:11:44.0529 7976 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
07:11:44.0622 7976 Spooler - ok
07:11:44.0747 7976 sprtsvc_ddoctorv2 (c3716ec0d36ad924b6888d794563e647) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
07:11:44.0763 7976 sprtsvc_ddoctorv2 - ok
07:11:44.0872 7976 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
07:11:44.0888 7976 sprtsvc_DellSupportCenter - ok
07:11:45.0012 7976 SpyHunter 4 Service (f9ec94e35f5019a8e82665e1ef4b4d02) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
07:11:45.0028 7976 SpyHunter 4 Service - ok
07:11:45.0278 7976 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS
07:11:45.0293 7976 SRTSP - ok
07:11:45.0387 7976 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS
07:11:45.0387 7976 SRTSPX - ok
07:11:45.0449 7976 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
07:11:45.0512 7976 srv - ok
07:11:45.0543 7976 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
07:11:45.0590 7976 srv2 - ok
07:11:45.0636 7976 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
07:11:45.0668 7976 srvnet - ok
07:11:45.0730 7976 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
07:11:45.0792 7976 SSDPSRV - ok
07:11:45.0824 7976 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
07:11:45.0870 7976 SstpSvc - ok
07:11:45.0980 7976 STacSV (ddeb942850278d67edc108d57f774bf8) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
07:11:45.0995 7976 STacSV - ok
07:11:46.0073 7976 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys
07:11:46.0120 7976 STHDA - ok
07:11:46.0167 7976 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
07:11:46.0229 7976 stisvc - ok
07:11:46.0260 7976 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
07:11:46.0276 7976 swenum - ok
07:11:46.0307 7976 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
07:11:46.0370 7976 swprv - ok
07:11:46.0401 7976 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
07:11:46.0416 7976 Symc8xx - ok
07:11:46.0510 7976 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS
07:11:46.0526 7976 SymDS - ok
07:11:46.0604 7976 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS
07:11:46.0619 7976 SymEFA - ok
07:11:46.0682 7976 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
07:11:46.0697 7976 SymEvent - ok
07:11:46.0744 7976 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS
07:11:46.0760 7976 SymIRON - ok
07:11:46.0791 7976 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS
07:11:46.0822 7976 SYMTDIv - ok
07:11:46.0853 7976 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
07:11:46.0869 7976 Sym_hi - ok
07:11:46.0900 7976 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
07:11:46.0916 7976 Sym_u3 - ok
07:11:46.0962 7976 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
07:11:47.0040 7976 SysMain - ok
07:11:47.0072 7976 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
07:11:47.0134 7976 TabletInputService - ok
07:11:47.0165 7976 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
07:11:47.0212 7976 TapiSrv - ok
07:11:47.0259 7976 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
07:11:47.0290 7976 TBS - ok
07:11:47.0368 7976 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
07:11:47.0399 7976 Tcpip - ok
07:11:47.0415 7976 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
07:11:47.0462 7976 Tcpip6 - ok
07:11:47.0493 7976 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
07:11:47.0540 7976 tcpipreg - ok
07:11:47.0571 7976 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
07:11:47.0602 7976 TDPIPE - ok
07:11:47.0618 7976 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
07:11:47.0649 7976 TDTCP - ok
07:11:47.0696 7976 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
07:11:47.0742 7976 tdx - ok
07:11:47.0789 7976 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
07:11:47.0805 7976 TermDD - ok
07:11:47.0852 7976 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
07:11:47.0898 7976 TermService - ok
07:11:47.0945 7976 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
07:11:47.0976 7976 Themes - ok
07:11:47.0992 7976 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
07:11:48.0023 7976 THREADORDER - ok
07:11:48.0054 7976 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
07:11:48.0101 7976 TrkWks - ok
07:11:48.0148 7976 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
07:11:48.0179 7976 TrustedInstaller - ok
07:11:48.0210 7976 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:11:48.0257 7976 tssecsrv - ok
07:11:48.0304 7976 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
07:11:48.0335 7976 tunmp - ok
07:11:48.0382 7976 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
07:11:48.0398 7976 tunnel - ok
07:11:48.0444 7976 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
07:11:48.0460 7976 uagp35 - ok
07:11:48.0507 7976 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
07:11:48.0522 7976 udfs - ok
07:11:48.0554 7976 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
07:11:48.0600 7976 UI0Detect - ok
07:11:48.0616 7976 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
07:11:48.0632 7976 uliagpkx - ok
07:11:48.0663 7976 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
07:11:48.0678 7976 uliahci - ok
07:11:48.0756 7976 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
07:11:48.0772 7976 UlSata - ok
07:11:48.0788 7976 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
07:11:48.0803 7976 ulsata2 - ok
07:11:48.0819 7976 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
07:11:48.0850 7976 umbus - ok
07:11:48.0897 7976 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
07:11:48.0944 7976 upnphost - ok
07:11:48.0990 7976 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
07:11:49.0037 7976 usbaudio - ok
07:11:49.0053 7976 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
07:11:49.0100 7976 usbccgp - ok
07:11:49.0131 7976 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
07:11:49.0209 7976 usbcir - ok
07:11:49.0256 7976 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
07:11:49.0271 7976 usbehci - ok
07:11:49.0302 7976 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
07:11:49.0334 7976 usbhub - ok
07:11:49.0365 7976 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
07:11:49.0412 7976 usbohci - ok
07:11:49.0443 7976 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
07:11:49.0474 7976 usbprint - ok
07:11:49.0505 7976 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
07:11:49.0521 7976 usbscan - ok
07:11:49.0552 7976 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:11:49.0599 7976 USBSTOR - ok
07:11:49.0630 7976 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
07:11:49.0677 7976 usbuhci - ok
07:11:49.0724 7976 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
07:11:49.0755 7976 usbvideo - ok
07:11:49.0786 7976 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
07:11:49.0817 7976 UxSms - ok
07:11:49.0880 7976 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
07:11:49.0942 7976 vds - ok
07:11:50.0004 7976 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
07:11:50.0036 7976 vga - ok
07:11:50.0067 7976 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
07:11:50.0098 7976 VgaSave - ok
07:11:50.0129 7976 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
07:11:50.0145 7976 viaagp - ok
07:11:50.0176 7976 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
07:11:50.0238 7976 ViaC7 - ok
07:11:50.0254 7976 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
07:11:50.0270 7976 viaide - ok
07:11:50.0285 7976 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
07:11:50.0301 7976 volmgr - ok
07:11:50.0348 7976 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
07:11:50.0379 7976 volmgrx - ok
07:11:50.0410 7976 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
07:11:50.0441 7976 volsnap - ok
07:11:50.0488 7976 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
07:11:50.0504 7976 vsmraid - ok
07:11:50.0582 7976 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
07:11:50.0691 7976 VSS - ok
07:11:50.0862 7976 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
07:11:50.0925 7976 vToolbarUpdater12.1.5 - ok
07:11:51.0034 7976 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
07:11:51.0065 7976 W32Time - ok
07:11:51.0096 7976 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
07:11:51.0174 7976 WacomPen - ok
07:11:51.0190 7976 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:11:51.0221 7976 Wanarp - ok
07:11:51.0221 7976 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:11:51.0252 7976 Wanarpv6 - ok
07:11:51.0284 7976 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
07:11:51.0330 7976 wcncsvc - ok
07:11:51.0362 7976 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
07:11:51.0408 7976 WcsPlugInService - ok
07:11:51.0455 7976 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
07:11:51.0471 7976 Wd - ok
07:11:51.0533 7976 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
07:11:51.0564 7976 Wdf01000 - ok
07:11:51.0627 7976 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
07:11:51.0674 7976 WdiServiceHost - ok
07:11:51.0689 7976 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
07:11:51.0720 7976 WdiSystemHost - ok
07:11:51.0783 7976 Web Assistant Updater - ok
07:11:51.0830 7976 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
07:11:51.0892 7976 WebClient - ok
07:11:51.0954 7976 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
07:11:52.0001 7976 Wecsvc - ok
07:11:52.0064 7976 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
07:11:52.0110 7976 wercplsupport - ok
07:11:52.0173 7976 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
07:11:52.0204 7976 WerSvc - ok
07:11:52.0266 7976 WinHttpAutoProxySvc - ok
07:11:52.0329 7976 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
07:11:52.0360 7976 Winmgmt - ok
07:11:52.0469 7976 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
07:11:52.0547 7976 WinRM - ok
07:11:52.0672 7976 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
07:11:52.0734 7976 Wlansvc - ok
07:11:52.0750 7976 wltrysvc - ok
07:11:52.0859 7976 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:11:52.0890 7976 WmiAcpi - ok
07:11:52.0968 7976 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
07:11:53.0000 7976 wmiApSrv - ok
07:11:53.0124 7976 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
07:11:53.0249 7976 WMPNetworkSvc - ok
07:11:53.0280 7976 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
07:11:53.0343 7976 WPCSvc - ok
07:11:53.0390 7976 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
07:11:53.0468 7976 WPDBusEnum - ok
07:11:53.0561 7976 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
07:11:53.0592 7976 WpdUsb - ok
07:11:53.0764 7976 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:11:53.0826 7976 WPFFontCache_v0400 - ok
07:11:53.0858 7976 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
07:11:53.0889 7976 ws2ifsl - ok
07:11:53.0920 7976 WSearch - ok
07:11:53.0967 7976 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:11:53.0998 7976 WUDFRd - ok
07:11:54.0029 7976 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
07:11:54.0076 7976 wudfsvc - ok
07:11:54.0170 7976 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
07:11:54.0216 7976 YahooAUService - ok
07:11:54.0310 7976 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
07:11:54.0372 7976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
07:11:54.0372 7976 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
07:11:54.0450 7976 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:11:54.0450 7976 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:11:54.0450 7976 Boot (0x1200) (93322fbb338e540af0d387ac2e1329db) \Device\Harddisk0\DR0\Partition0
07:11:54.0450 7976 \Device\Harddisk0\DR0\Partition0 - ok
07:11:54.0466 7976 ============================================================
07:11:54.0466 7976 Scan finished
07:11:54.0466 7976 ============================================================
07:11:54.0513 6448 Detected object count: 4
07:11:54.0513 6448 Actual detected object count: 4
07:18:30.0311 6448 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
07:18:30.0311 6448 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:18:30.0311 6448 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - skipped by user
07:18:30.0311 6448 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:18:33.0012 6448 \Device\Harddisk0\DR0\# - copied to quarantine
07:18:33.0012 6448 \Device\Harddisk0\DR0 - copied to quarantine
07:18:38.0814 6448 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
07:18:42.0164 6448 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
07:18:42.0427 6448 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
07:18:43.0352 6448 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
07:18:44.0141 6448 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
07:18:46.0779 6448 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
07:18:48.0766 6448 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
07:18:48.0821 6448 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
07:18:48.0877 6448 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
07:18:49.0266 6448 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
07:18:49.0532 6448 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
07:18:49.0755 6448 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
07:18:49.0807 6448 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
07:18:49.0866 6448 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
07:18:50.0170 6448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
07:18:50.0212 6448 \Device\Harddisk0\DR0 - ok
07:18:50.0261 6448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
07:18:50.0261 6448 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:18:50.0261 6448 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
07:18:58.0502 7252 Deinitialize success

[Maniac]

Do you have access to Normal mode now?

[alazuria]

I did for a few minutes, but the desktop wouldn't load, the toolbar didn't pop up, even when opening up Task Manager and typing in 'explorer.exe' to get it to respond. I'm still stuck in safe mode, but loading user accounts is running much faster.

[Maniac]

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

07:18:50.0261 6448 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:18:50.0261 6448 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please download unhide.exe from here and save it to your Desktop. Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run. When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt .


Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

• unhide log
  
• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log

[alazuria]

AVG and Norton Security Suite kept requesting neccessary actions for some infected files. I'll attach those logs later if you need them.

DDS Log
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by sheila at 22:09:14 on 2012-08-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1947 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Game Booster 3\gbtray.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dldncoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\AirMac\APAgent.exe
C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe
C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\sheila\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Users\sheila\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Users\sheila\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll
mURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll
mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Messenger Plus! Community SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Messenger Plus! Community Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Akamai NetSession Interface] "c:\users\sheila\appdata\local\akamai\netsession_win.exe"
uRun: [Google Update] "c:\users\sheila\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [AirMac Base Station Agent] "c:\program files\airmac\APAgent.exe"
mRun: [MyFunCards_5m Browser Plugin Loader] c:\progra~1\myfunc~2\bar\1.bin\5mbrmon.exe
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [Aeria Ignite] "c:\program files\aeria games\ignite\aeriaignite.exe" silent
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
mRun: [PC Pitstop PC Matic Reminder] c:\program files\pcpitstop\pc matic\Reminder-PCMatic.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\sheila\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4AA34806-31D2-46B3-BB14-BF33709D5CA6} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sheila\appdata\roaming\mozilla\firefox\profiles\iyyvcftz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bd45d6b46-cdab-4304-9d2e-f564c2d1295c%7D&mid=49203be05ad843ac95931df41e95a489-1a71e38da43c7be14eed47335abb07994792215d&ds=AVG&v=12.1.0.21&lang=en&pr=fr&d=2012-08-04%2000%3A10%3A39&sap=ku&q=
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.1.5\npsitesafety.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\sheila\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\sheila\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\sheila\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.defaultEngine - yahoo
FF - user.js: browser.search.defaultenginename - yahoo
FF - user.js: browser.search.selectedEngine - Yahoo
FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=
FF - user.js: browser.search.param.yahoo-fr - chrf-protectff
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.funmoods.instlDay - 15486
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.incredibar_i.instlDay - 15507
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05:08
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6
FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
.
FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf
FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube
.
FF - user.js: extensions.autoDisableScopes - 14
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-23 309848]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-4 27496]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120803.002\IDSvix86.sys [2012-8-3 382624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-16 331384]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2011-9-6 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-23 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-23 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-23 42184]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 dldn_device;dldn_device;c:\windows\system32\dldncoms.exe -service --> c:\windows\system32\dldncoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-3-31 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-4 655944]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-9-6 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.12.27\ccSvcHst.exe [2011-9-6 126392]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-7-11 763840]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\common files\avg secure search\vtoolbarupdater\12.1.5\ToolbarUpdater.exe [2012-8-4 830048]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-16 482176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-3 106656]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-4 22344]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-4-2 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-4-2 280096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 dldnCATSCustConnectService;dldnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldnserv.exe [2008-3-4 99568]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\extensionupdaterservice.exe --> c:\program files\web assistant\ExtensionUpdaterService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-26 250056]
S3 apf001;apf001;c:\windows\system32\apf001.sys [2012-1-20 10872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2010-4-9 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2010-4-9 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2010-4-9 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2010-4-9 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2010-4-9 118800]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-23 785304]
S4 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-16 1668344]
S4 MyFunCards_5mService;MyFunCardsService;c:\progra~1\myfunc~2\bar\1.bin\5mbarsvc.exe [2012-4-4 42528]
.
=============== Created Last 30 ================
.
2012-08-05 00:27:41 -------- d-----w- c:\program files\PCPitstop
2012-08-05 00:11:33 -------- d-----w- c:\programdata\Sophos
2012-08-05 00:10:23 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-08-05 00:09:58 -------- d-----w- c:\program files\Sophos
2012-08-04 23:47:47 -------- d-----w- c:\users\sheila\appdata\roaming\Malwarebytes
2012-08-04 23:47:40 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 23:47:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 23:47:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 12:03:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconF7A21AF7.exe
2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconD7F16134.exe
2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconCF33A0CE.exe
2012-08-04 08:57:26 -------- d-----w- C:\sh4ldr
2012-08-04 08:57:26 -------- d-----w- c:\program files\Enigma Software Group
2012-08-04 08:56:54 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-04 08:51:09 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-08-04 08:51:09 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-08-04 08:51:09 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-08-04 08:51:09 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-08-04 08:51:09 118240 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-08-04 08:51:08 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-08-04 05:28:02 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-04 05:28:02 278528 ----a-w- c:\windows\system32\schannel.dll
2012-08-04 05:28:02 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-04 04:32:03 -------- d-----w- c:\users\sheila\appdata\roaming\AVG2012
2012-08-04 04:10:30 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-04 04:09:29 -------- d-----w- c:\program files\AVG Secure Search
2012-08-04 04:04:37 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-04 03:41:43 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-04 03:40:33 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{39b4c142-238b-4852-bcd4-4593264c2630}\mpengine.dll
2012-08-04 03:40:33 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-04 03:40:33 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-04 02:36:49 -------- d-----w- c:\programdata\DriverGenius
2012-08-04 02:36:14 -------- d-----w- c:\program files\Driver-Soft
2012-08-03 08:22:11 -------- d-----w- c:\windows\system32\wbem\repository
2012-08-03 08:20:33 -------- d-----w- c:\windows\Registration
2012-08-03 06:43:36 -------- d-----w- c:\users\sheila\appdata\roaming\iolo
2012-08-03 06:43:36 -------- d-----w- c:\programdata\iolo
2012-08-03 06:29:10 -------- d-----w- c:\users\sheila\appdata\roaming\Qwiklinx
2012-08-03 06:29:10 -------- d-----w- c:\program files\Qwiklinx
2012-08-03 06:28:15 -------- d-----w- c:\program files\Shop to Win 36
2012-08-03 06:28:14 -------- d-----w- c:\program files\BabylonToolbar
2012-08-03 06:28:04 -------- d-----w- c:\users\sheila\appdata\local\Wajam
2012-08-03 06:27:54 -------- d-----w- c:\users\sheila\appdata\roaming\RadarSync
2012-08-03 06:27:54 -------- d-----w- c:\program files\Wajam
2012-08-03 06:19:46 -------- d-----w- c:\program files\Driver Checker
2012-08-03 05:03:44 -------- d-----w- c:\users\sheila\appdata\local\ElevatedDiagnostics
2012-08-03 04:53:29 -------- d-----w- c:\programdata\RegAce
2012-08-03 04:53:16 -------- d-----w- c:\users\sheila\appdata\local\APN
2012-08-03 04:41:55 -------- d-----w- c:\program files\Fix RegCleaner
2012-08-01 22:48:29 -------- d-----w- c:\windows\system32\%APPDATA%
2012-07-31 21:54:39 -------- d-----w- c:\users\sheila\appdata\local\AVG Secure Search
2012-07-31 21:54:23 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-31 21:54:10 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-31 21:53:24 -------- d-----w- C:\$AVG
2012-07-31 21:53:23 -------- d-----w- c:\programdata\AVG2012
2012-07-31 21:52:51 -------- d-----w- c:\program files\AVG
2012-07-31 21:50:58 -------- d-----w- c:\programdata\MFAData
2012-07-31 20:44:51 -------- d-----w- c:\program files\Promosoft Corporation
2012-07-31 20:36:05 -------- d-----w- c:\users\sheila\appdata\roaming\YourFileDownloader
2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\SpeedyPC Software
2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\DriverCure
2012-07-31 20:20:42 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-07-31 20:20:41 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-31 20:20:41 -------- d-----w- c:\program files\SpeedyPC Software
2012-07-31 09:51:40 -------- d-----w- c:\users\sheila\appdata\roaming\IObit
2012-07-31 09:44:28 -------- d-----w- c:\users\sheila\appdata\local\Promosoft Corporation
2012-07-16 19:51:23 331384 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys
2012-07-16 19:51:23 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys
2012-07-16 19:51:22 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys
2012-07-16 19:51:22 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys
2012-07-16 19:51:22 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys
2012-07-16 19:51:22 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys
2012-07-16 19:51:21 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys
2012-07-16 19:50:31 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003
2012-07-13 11:00:08 192592 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-07-13 11:00:08 114144 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-07-13 11:00:07 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-07-13 11:00:07 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-07-12 08:57:30 -------- d-----w- c:\program files\x86
2012-07-12 08:55:18 -------- d-----w- c:\program files\OApps
2012-07-12 08:55:15 -------- d-----w- c:\program files\TorrentSearch
2012-07-12 08:54:49 -------- d-----w- c:\users\sheila\Xoliul Shader
2012-07-12 08:54:00 -------- d-----w- c:\program files\intellidownload
2012-07-10 17:37:14 184886 ----a-w- C:\torrent.exe
2012-07-10 13:04:40 -------- d-----w- c:\users\sheila\appdata\local\Aeria Games
2012-07-10 13:03:31 -------- d-----w- c:\programdata\Aeria Games
2012-07-10 12:49:28 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-07-10 12:49:22 -------- d-----w- c:\program files\Aeria Games
2012-07-10 08:46:47 -------- d-----w- C:\New Folder
.
==================== Find3M ====================
.
2012-08-04 07:20:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 07:20:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-18 00:39:20 16304 ------w- c:\windows\system32\apl003.sys
.
============= FINISH: 22:15:47.28 ===============

unhide file

Processing the C:\ drive
Finished processing the C:\ drive. 244116 files processed.

The C:\Users\sheila\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingc...opic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/05/2012 09:43:46 AM
Execution time: 0 hours(s), 13 minute(s), and 51 seconds(s)
Database version: v2012.08.05.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
sheila :: SHEILA-PC [administrator]

Protection: Enabled

8/5/2012 8:46:27 PM
mbam-log-2012-08-05 (20-46-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208933
Time elapsed: 28 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyFunCards_5m (Adware.MyFunCards) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Data: C:\Program Files\HBLite\bin\11.0.181.0\firefox\extensions -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\Users\sheila\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\sheila\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

(end)

[Maniac]

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[alazuria]

ComboFix 12-08-05.02 - sheila 08/06/2012 6:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1751 [GMT -4:00]
Running from: c:\users\sheila\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\intellidownload\gunzip.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\Shop to Win
c:\program files\Shop to Win\Test.htm
c:\program files\Shop to Win\TestFeeds\DisableStatus.xml
c:\program files\Shop to Win\TestFeeds\DisableStatusDirection.xml
c:\program files\Shop to Win\TestFeeds\GenericPopup.xml
c:\program files\Shop to Win\TestFeeds\MainStatus.xml
c:\program files\Shop to Win\TestFeeds\ShoppingConfirmation.xml
c:\program files\Shop to Win\unins000.dat
c:\program files\Web Assistant\ExTEnsion32.dll
c:\programdata\ntuser.dat
c:\users\sheila\15.jpg
c:\users\sheila\20091011223157.jpg
c:\users\sheila\20091229225621.jpg
c:\users\sheila\201072410563468337.jpg
c:\users\sheila\3676907620771746162 (1).jpg
c:\users\sheila\3676907620771746162.jpg
c:\users\sheila\b5cb0b1d78ecb9d6a8b4c3227586adec.jpg
c:\users\sheila\be82c034cf25c914338fa3cf87005d24-d3cyctl.jpg
c:\users\sheila\Documents\~WRL0003.tmp
c:\users\sheila\Documents\~WRL0004.tmp
c:\users\sheila\Documents\~WRL0005.tmp
c:\users\sheila\Documents\~WRL0221.tmp
c:\users\sheila\Documents\~WRL0598.tmp
c:\users\sheila\Documents\~WRL3164.tmp
c:\users\sheila\Documents\~WRL3197.tmp
c:\users\sheila\Documents\~WRL3668.tmp
c:\users\sheila\Documents\~WRL4096.tmp
c:\users\sheila\Documents\ShopToWin
c:\users\sheila\fullclient_april25.exe
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
Infected copy of c:\windows\System32\services.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 11:25 . 2012-08-06 12:21 -------- d-----w- c:\users\sheila\AppData\Local\temp
2012-08-06 11:25 . 2012-08-06 11:25 -------- d-----w- c:\users\Samantha\AppData\Local\temp
2012-08-06 11:25 . 2012-08-06 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 00:27 . 2012-08-05 13:51 -------- d-----w- c:\program files\PCPitstop
2012-08-05 00:11 . 2012-08-05 00:11 -------- d-----w- c:\programdata\Sophos
2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-05 00:09 . 2012-08-05 00:09 -------- d-----w- c:\program files\Sophos
2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\users\sheila\AppData\Roaming\Malwarebytes
2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 23:47 . 2012-08-04 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 23:47 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 12:03 . 2012-08-05 13:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- C:\sh4ldr
2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- c:\program files\Enigma Software Group
2012-08-04 08:56 . 2012-08-04 08:57 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-04 08:51 . 2012-08-04 08:51 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-08-04 08:51 . 2012-08-04 08:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-08-04 08:51 . 2012-08-04 08:51 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-08-04 08:51 . 2012-08-04 08:51 118240 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-08-04 08:51 . 2012-08-04 08:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-08-04 05:28 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-04 04:32 . 2012-08-04 04:32 -------- d-----w- c:\users\sheila\AppData\Roaming\AVG2012
2012-08-04 02:36 . 2012-08-04 02:37 -------- d-----w- c:\programdata\DriverGenius
2012-08-04 02:36 . 2012-08-04 02:36 -------- d-----w- c:\program files\Driver-Soft
2012-08-03 08:22 . 2012-08-06 12:18 -------- d-----w- c:\windows\system32\wbem\repository
2012-08-03 07:25 . 2012-08-03 07:26 -------- d-----w- c:\users\Samantha\AppData\Roaming\Skype
2012-08-03 07:21 . 2012-08-03 07:21 -------- d-----w- c:\users\Samantha\AppData\Local\Mozilla
2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\programdata\iolo
2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\sheila\AppData\Roaming\iolo
2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\users\sheila\AppData\Roaming\Qwiklinx
2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\Qwiklinx
2012-08-03 06:28 . 2012-08-03 06:29 -------- d-----w- c:\program files\Shop to Win 36
2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\program files\BabylonToolbar
2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\users\sheila\AppData\Local\Wajam
2012-08-03 06:27 . 2012-08-03 06:28 -------- d-----w- c:\program files\Wajam
2012-08-03 06:27 . 2012-08-03 06:27 -------- d-----w- c:\users\sheila\AppData\Roaming\RadarSync
2012-08-03 06:19 . 2012-08-03 06:20 -------- d-----w- c:\program files\Driver Checker
2012-08-03 06:07 . 2012-08-03 07:27 -------- d-----w- c:\users\Samantha\AppData\Local\PMB Files
2012-08-03 05:03 . 2012-08-03 05:03 -------- d-----w- c:\users\sheila\AppData\Local\ElevatedDiagnostics
2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\programdata\RegAce
2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\users\sheila\AppData\Local\APN
2012-08-03 04:41 . 2012-08-03 04:49 -------- d-----w- c:\program files\Fix RegCleaner
2012-08-01 22:48 . 2012-08-01 22:48 -------- d-----w- c:\windows\system32\%APPDATA%
2012-08-01 00:31 . 2012-08-01 00:31 -------- d-----w- c:\programdata\Macrovision
2012-07-31 21:53 . 2012-07-31 21:53 -------- d-----w- C:\$AVG
2012-07-31 21:53 . 2012-08-06 12:16 -------- d-----w- c:\programdata\AVG2012
2012-07-31 21:52 . 2012-07-31 21:52 -------- d-----w- c:\program files\AVG
2012-07-31 21:50 . 2012-08-06 10:28 -------- d-----w- c:\programdata\MFAData
2012-07-31 20:44 . 2012-07-31 20:44 -------- d-----w- c:\program files\Promosoft Corporation
2012-07-31 20:36 . 2012-07-31 20:36 -------- d-----w- c:\users\sheila\AppData\Roaming\YourFileDownloader
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\SpeedyPC Software
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\DriverCure
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\SpeedyPC Software
2012-07-31 09:51 . 2012-07-31 09:51 -------- d-----w- c:\users\sheila\AppData\Roaming\IObit
2012-07-31 09:44 . 2012-07-31 09:44 -------- d-----w- c:\users\sheila\AppData\Local\Promosoft Corporation
2012-07-16 19:50 . 2012-08-03 08:10 -------- d-----w- c:\windows\system32\drivers\N360\0502020.003
2012-07-13 11:00 . 2012-08-04 08:51 192592 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-13 11:00 . 2012-08-04 08:51 114144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-07-13 11:00 . 2012-08-04 08:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-13 11:00 . 2012-08-04 08:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-12 08:57 . 2012-07-12 08:57 -------- d-----w- c:\program files\x86
2012-07-12 08:55 . 2012-08-05 14:02 -------- d-----w- c:\program files\OApps
2012-07-12 08:55 . 2012-08-03 08:09 -------- d-----w- c:\program files\TorrentSearch
2012-07-12 08:54 . 2012-07-12 08:54 -------- d-----w- c:\users\sheila\Xoliul Shader
2012-07-12 08:54 . 2012-08-06 11:21 -------- d-----w- c:\program files\intellidownload
2012-07-10 17:37 . 2012-07-10 17:37 184886 ----a-w- C:\torrent.exe
2012-07-10 13:04 . 2012-07-10 13:04 -------- d-----w- c:\users\sheila\AppData\Local\Aeria Games
2012-07-10 13:03 . 2012-07-10 13:03 -------- d-----w- c:\programdata\Aeria Games
2012-07-10 12:49 . 2012-07-25 18:26 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-07-10 12:49 . 2012-08-03 08:09 -------- d-----w- c:\program files\Aeria Games
2012-07-10 08:46 . 2012-08-03 08:09 -------- d-----w- C:\New Folder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 07:20 . 2012-06-27 03:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 07:20 . 2012-06-27 03:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 23:59 . 2012-06-19 23:59 18944 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2012-06-05 16:47 . 2012-08-04 06:19 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-08-06 10:25 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-08-04 03:41 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-08-04 03:41 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-08-04 03:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-08-04 03:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-08-04 03:41 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-08-04 03:41 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-08-04 03:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-08-04 03:40 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-08-04 03:40 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-08-04 05:28 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-08-04 05:28 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25 . 2010-04-02 13:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-18 00:39 . 2012-05-18 00:39 16304 ------w- c:\windows\system32\apl003.sys
2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\sheila\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
"AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360]
"MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-04-05 30096]
"Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816]
"PC Pitstop PC Matic Reminder"="c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe" [2012-05-16 325320]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2011-07-04 11:43 3493720 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-11-17 11:29 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-06-03 19:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnamon]
2008-03-17 21:29 16624 ----a-w- c:\program files\Dell V105\dldnamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnmon.exe]
2008-03-17 21:29 668912 ----a-w- c:\program files\Dell V105\dldnmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-03-31 15:13 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-06-16 02:13 116648 ----atw- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 17:57 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 17:57 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 17:57 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
2009-06-19 16:25 4825976 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2012-05-15 14:06 325448 ----a-w- c:\users\sheila\AppData\Roaming\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-10-07 02:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2010-03-31 15:05 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R0 45083044;45083044;c:\windows\system32\drivers\07025176.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:20]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000Core.job
- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000UA.job
- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13]
.
2012-07-16 c:\windows\Tasks\Norton Security Scan for sheila.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-16 04:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/
mStart Page = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=
FF - user.js: browser.search.defaultEngine - yahoo
FF - user.js: browser.search.defaultenginename - yahoo
FF - user.js: browser.search.selectedEngine - Yahoo
FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=
FF - user.js: browser.search.param.yahoo-fr - chrf-protectff
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.funmoods.instlDay - 15486
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.incredibar_i.instlDay - 15507
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6
FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf
FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
SafeBoot-45083044.sys
SafeBoot-56671536.sys
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ComcastAntispyClient - c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
MSConfigStartUp-DailyBibleGuideIE Browser Plugin Loader - c:\progra~1\DAILYB~2\bar\1.bin\elbrmon.exe
MSConfigStartUp-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
AddRemove-ComcastHSI - c:\program files\support.com\uninstall\chsi_uninstaller.exe
AddRemove-Funmoods Web Search - c:\progra~1\Funmoods\1.5.23.22\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-06 08:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,
99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56,
ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d2,77,
68,82,e9,5d,3d,9d,e9,17,af,ad,b0,e5,ab
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d1,03,ad,e3,bd,33,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1608)
c:\program files\Norton Security Suite\Engine\5.2.2.3\buShell.dll
c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dldncoms.exe
c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\DllHost.exe
c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
c:\program files\IObit\Game Booster 3\gbtray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-08-06 08:29:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 12:29
.
Pre-Run: 193,192,067,072 bytes free
Post-Run: 184,391,561,216 bytes free
.
- - End Of File - - DBE770E42F00C8B85A184816DAA0CCB8

[Maniac]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FireFox::
FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.funmoods.instlDay - 15486
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.incredibar_i.instlDay - 15507
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6
FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf
FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[alazuria]

ComboFix 12-08-05.02 - sheila 08/06/2012 19:27:58.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1930 [GMT -4:00]
Running from: c:\users\sheila\Desktop\ComboFix.exe
Command switches used :: c:\users\sheila\AppData\Roaming\Microsoft\Windows\Recent\CFScript.lnk
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 23:51 . 2012-08-06 23:51 -------- d-----w- c:\users\sheila\AppData\Local\temp
2012-08-06 23:51 . 2012-08-06 23:51 -------- d-----w- c:\users\Samantha\AppData\Local\temp
2012-08-06 23:51 . 2012-08-06 23:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 10:25 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-05 00:27 . 2012-08-05 13:51 -------- d-----w- c:\program files\PCPitstop
2012-08-05 00:11 . 2012-08-05 00:11 -------- d-----w- c:\programdata\Sophos
2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-05 00:09 . 2012-08-05 00:09 -------- d-----w- c:\program files\Sophos
2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\users\sheila\AppData\Roaming\Malwarebytes
2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 23:47 . 2012-08-04 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 23:47 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 12:03 . 2012-08-05 13:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- C:\sh4ldr
2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- c:\program files\Enigma Software Group
2012-08-04 08:56 . 2012-08-04 08:57 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-04 08:51 . 2012-08-04 08:51 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-08-04 08:51 . 2012-08-04 08:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-08-04 08:51 . 2012-08-04 08:51 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-08-04 08:51 . 2012-08-04 08:51 118240 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-08-04 08:51 . 2012-08-04 08:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-08-04 06:19 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-08-04 05:28 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-04 05:28 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-08-04 05:28 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-04 04:32 . 2012-08-04 04:32 -------- d-----w- c:\users\sheila\AppData\Roaming\AVG2012
2012-08-04 03:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-04 03:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-08-04 03:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-04 03:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-04 03:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-08-04 03:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-08-04 03:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-04 03:40 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39B4C142-238B-4852-BCD4-4593264C2630}\mpengine.dll
2012-08-04 03:40 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-04 03:40 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-04 02:36 . 2012-08-04 02:37 -------- d-----w- c:\programdata\DriverGenius
2012-08-04 02:36 . 2012-08-04 02:36 -------- d-----w- c:\program files\Driver-Soft
2012-08-03 08:22 . 2012-08-06 23:08 -------- d-----w- c:\windows\system32\wbem\repository
2012-08-03 07:25 . 2012-08-03 07:26 -------- d-----w- c:\users\Samantha\AppData\Roaming\Skype
2012-08-03 07:21 . 2012-08-03 07:21 -------- d-----w- c:\users\Samantha\AppData\Local\Mozilla
2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\programdata\iolo
2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\sheila\AppData\Roaming\iolo
2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\users\sheila\AppData\Roaming\Qwiklinx
2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\Qwiklinx
2012-08-03 06:28 . 2012-08-03 06:29 -------- d-----w- c:\program files\Shop to Win 36
2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\program files\BabylonToolbar
2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\users\sheila\AppData\Local\Wajam
2012-08-03 06:27 . 2012-08-03 06:28 -------- d-----w- c:\program files\Wajam
2012-08-03 06:27 . 2012-08-03 06:27 -------- d-----w- c:\users\sheila\AppData\Roaming\RadarSync
2012-08-03 06:19 . 2012-08-03 06:20 -------- d-----w- c:\program files\Driver Checker
2012-08-03 06:07 . 2012-08-03 07:27 -------- d-----w- c:\users\Samantha\AppData\Local\PMB Files
2012-08-03 05:03 . 2012-08-03 05:03 -------- d-----w- c:\users\sheila\AppData\Local\ElevatedDiagnostics
2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\programdata\RegAce
2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\users\sheila\AppData\Local\APN
2012-08-03 04:41 . 2012-08-03 04:49 -------- d-----w- c:\program files\Fix RegCleaner
2012-08-01 22:48 . 2012-08-01 22:48 -------- d-----w- c:\windows\system32\%APPDATA%
2012-08-01 00:31 . 2012-08-01 00:31 -------- d-----w- c:\programdata\Macrovision
2012-07-31 21:53 . 2012-07-31 21:53 -------- d-----w- C:\$AVG
2012-07-31 21:53 . 2012-08-06 12:16 -------- d-----w- c:\programdata\AVG2012
2012-07-31 21:52 . 2012-07-31 21:52 -------- d-----w- c:\program files\AVG
2012-07-31 21:50 . 2012-08-06 10:28 -------- d-----w- c:\programdata\MFAData
2012-07-31 20:44 . 2012-07-31 20:44 -------- d-----w- c:\program files\Promosoft Corporation
2012-07-31 20:36 . 2012-07-31 20:36 -------- d-----w- c:\users\sheila\AppData\Roaming\YourFileDownloader
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\SpeedyPC Software
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\DriverCure
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\SpeedyPC Software
2012-07-31 09:51 . 2012-07-31 09:51 -------- d-----w- c:\users\sheila\AppData\Roaming\IObit
2012-07-31 09:44 . 2012-07-31 09:44 -------- d-----w- c:\users\sheila\AppData\Local\Promosoft Corporation
2012-07-16 19:50 . 2012-08-03 08:10 -------- d-----w- c:\windows\system32\drivers\N360\0502020.003
2012-07-13 11:00 . 2012-08-04 08:51 192592 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-13 11:00 . 2012-08-04 08:51 114144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-07-13 11:00 . 2012-08-04 08:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-13 11:00 . 2012-08-04 08:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-12 08:57 . 2012-07-12 08:57 -------- d-----w- c:\program files\x86
2012-07-12 08:55 . 2012-08-05 14:02 -------- d-----w- c:\program files\OApps
2012-07-12 08:55 . 2012-08-03 08:09 -------- d-----w- c:\program files\TorrentSearch
2012-07-12 08:54 . 2012-07-12 08:54 -------- d-----w- c:\users\sheila\Xoliul Shader
2012-07-12 08:54 . 2012-08-06 11:21 -------- d-----w- c:\program files\intellidownload
2012-07-10 17:37 . 2012-07-10 17:37 184886 ----a-w- C:\torrent.exe
2012-07-10 13:04 . 2012-07-10 13:04 -------- d-----w- c:\users\sheila\AppData\Local\Aeria Games
2012-07-10 13:03 . 2012-07-10 13:03 -------- d-----w- c:\programdata\Aeria Games
2012-07-10 12:49 . 2012-07-25 18:26 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-07-10 12:49 . 2012-08-03 08:09 -------- d-----w- c:\program files\Aeria Games
2012-07-10 08:46 . 2012-08-03 08:09 -------- d-----w- C:\New Folder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 07:20 . 2012-06-27 03:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 07:20 . 2012-06-27 03:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 23:59 . 2012-06-19 23:59 18944 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2012-05-31 16:25 . 2010-04-02 13:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-18 00:39 . 2012-05-18 00:39 16304 ------w- c:\windows\system32\apl003.sys
2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\sheila\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
"AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360]
"MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-04-05 30096]
"Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816]
"PC Pitstop PC Matic Reminder"="c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe" [2012-05-16 325320]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2011-07-04 11:43 3493720 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-11-17 11:29 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-06-03 19:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnamon]
2008-03-17 21:29 16624 ----a-w- c:\program files\Dell V105\dldnamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnmon.exe]
2008-03-17 21:29 668912 ----a-w- c:\program files\Dell V105\dldnmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-03-31 15:13 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-06-16 02:13 116648 ----atw- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 17:57 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 17:57 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 17:57 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
2009-06-19 16:25 4825976 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2012-05-15 14:06 325448 ----a-w- c:\users\sheila\AppData\Roaming\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-10-07 02:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2010-03-31 15:05 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R0 45083044;45083044;c:\windows\system32\drivers\07025176.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:20]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000Core.job
- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000UA.job
- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13]
.
2012-07-16 c:\windows\Tasks\Norton Security Scan for sheila.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-16 04:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/
mStart Page = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=
FF - user.js: browser.search.defaultEngine - yahoo
FF - user.js: browser.search.defaultenginename - yahoo
FF - user.js: browser.search.selectedEngine - Yahoo
FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=
FF - user.js: browser.search.param.yahoo-fr - chrf-protectff
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.funmoods.instlDay - 15486
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.incredibar_i.instlDay - 15507
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6
FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf
FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-06 19:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,
99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56,
ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d2,77,
68,82,e9,5d,3d,9d,e9,17,af,ad,b0,e5,ab
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d1,03,ad,e3,bd,33,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5100)
c:\windows\system32\ACTXPRXY.DLL
c:\program files\MyFunCards_5m\bar\1.bin\5mbrstub.dll
c:\windows\system32\mssprxy.dll
.
Completion time: 2012-08-06 20:03:11
ComboFix-quarantined-files.txt 2012-08-07 00:02
ComboFix2.txt 2012-08-06 12:30
.
Pre-Run: 183,398,924,288 bytes free
Post-Run: 182,432,690,176 bytes free
.
- - End Of File - - 00AE72F20A85BCC2EFFEE6594C0D89CD

[Maniac]

Quote

Command switches used :: c:\users\sheila\AppData\Roaming\Microsoft\Windows\Recent\CFScript.lnk

My instructions are to create a new text file, not link file and not here, but on the Desktop. Please follow my instructions strictly.

[alazuria]

Then I'm not sure I understand your instructions. You want me to save it as a .txt file to my desktop then drag it into the ComboFix icon?

[alazuria]

Sorry, your original instructions confused me a bit. I think this is what you meant. My apologies.

ComboFix 12-08-07.02 - sheila 08/07/2012 8:09.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1905 [GMT -4:00]
Running from: c:\users\sheila\Desktop\ComboFix.exe
Command switches used :: c:\users\sheila\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 12:33 . 2012-08-07 12:33 -------- d-----w- c:\users\sheila\AppData\Local\temp
2012-08-07 12:33 . 2012-08-07 12:33 -------- d-----w- c:\users\Samantha\AppData\Local\temp
2012-08-07 12:33 . 2012-08-07 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 10:25 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-05 00:27 . 2012-08-05 13:51 -------- d-----w- c:\program files\PCPitstop
2012-08-05 00:11 . 2012-08-05 00:11 -------- d-----w- c:\programdata\Sophos
2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-05 00:09 . 2012-08-05 00:09 -------- d-----w- c:\program files\Sophos
2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\users\sheila\AppData\Roaming\Malwarebytes
2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 23:47 . 2012-08-04 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 23:47 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 12:03 . 2012-08-05 13:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- C:\sh4ldr
2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- c:\program files\Enigma Software Group
2012-08-04 08:56 . 2012-08-04 08:57 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-04 08:51 . 2012-08-04 08:51 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-08-04 08:51 . 2012-08-04 08:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-08-04 08:51 . 2012-08-04 08:51 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-08-04 08:51 . 2012-08-04 08:51 118240 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-08-04 08:51 . 2012-08-04 08:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-08-04 06:19 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-08-04 05:28 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-04 05:28 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-08-04 05:28 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-04 04:32 . 2012-08-04 04:32 -------- d-----w- c:\users\sheila\AppData\Roaming\AVG2012
2012-08-04 03:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-04 03:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-08-04 03:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-04 03:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-04 03:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-08-04 03:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-08-04 03:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-04 03:40 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39B4C142-238B-4852-BCD4-4593264C2630}\mpengine.dll
2012-08-04 03:40 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-04 03:40 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-04 02:36 . 2012-08-04 02:37 -------- d-----w- c:\programdata\DriverGenius
2012-08-04 02:36 . 2012-08-04 02:36 -------- d-----w- c:\program files\Driver-Soft
2012-08-03 08:22 . 2012-08-06 23:08 -------- d-----w- c:\windows\system32\wbem\repository
2012-08-03 07:25 . 2012-08-03 07:26 -------- d-----w- c:\users\Samantha\AppData\Roaming\Skype
2012-08-03 07:21 . 2012-08-03 07:21 -------- d-----w- c:\users\Samantha\AppData\Local\Mozilla
2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\programdata\iolo
2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\sheila\AppData\Roaming\iolo
2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\users\sheila\AppData\Roaming\Qwiklinx
2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\Qwiklinx
2012-08-03 06:28 . 2012-08-03 06:29 -------- d-----w- c:\program files\Shop to Win 36
2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\program files\BabylonToolbar
2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\users\sheila\AppData\Local\Wajam
2012-08-03 06:27 . 2012-08-03 06:28 -------- d-----w- c:\program files\Wajam
2012-08-03 06:27 . 2012-08-03 06:27 -------- d-----w- c:\users\sheila\AppData\Roaming\RadarSync
2012-08-03 06:19 . 2012-08-03 06:20 -------- d-----w- c:\program files\Driver Checker
2012-08-03 06:07 . 2012-08-03 07:27 -------- d-----w- c:\users\Samantha\AppData\Local\PMB Files
2012-08-03 05:03 . 2012-08-03 05:03 -------- d-----w- c:\users\sheila\AppData\Local\ElevatedDiagnostics
2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\programdata\RegAce
2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\users\sheila\AppData\Local\APN
2012-08-03 04:41 . 2012-08-03 04:49 -------- d-----w- c:\program files\Fix RegCleaner
2012-08-01 22:48 . 2012-08-01 22:48 -------- d-----w- c:\windows\system32\%APPDATA%
2012-08-01 00:31 . 2012-08-01 00:31 -------- d-----w- c:\programdata\Macrovision
2012-07-31 21:53 . 2012-07-31 21:53 -------- d-----w- C:\$AVG
2012-07-31 21:53 . 2012-08-06 12:16 -------- d-----w- c:\programdata\AVG2012
2012-07-31 21:52 . 2012-07-31 21:52 -------- d-----w- c:\program files\AVG
2012-07-31 21:50 . 2012-08-06 10:28 -------- d-----w- c:\programdata\MFAData
2012-07-31 20:44 . 2012-07-31 20:44 -------- d-----w- c:\program files\Promosoft Corporation
2012-07-31 20:36 . 2012-07-31 20:36 -------- d-----w- c:\users\sheila\AppData\Roaming\YourFileDownloader
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\SpeedyPC Software
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\DriverCure
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\SpeedyPC Software
2012-07-31 09:51 . 2012-07-31 09:51 -------- d-----w- c:\users\sheila\AppData\Roaming\IObit
2012-07-31 09:44 . 2012-07-31 09:44 -------- d-----w- c:\users\sheila\AppData\Local\Promosoft Corporation
2012-07-16 19:50 . 2012-08-03 08:10 -------- d-----w- c:\windows\system32\drivers\N360\0502020.003
2012-07-13 11:00 . 2012-08-04 08:51 192592 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-13 11:00 . 2012-08-04 08:51 114144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-07-13 11:00 . 2012-08-04 08:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-13 11:00 . 2012-08-04 08:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-12 08:57 . 2012-07-12 08:57 -------- d-----w- c:\program files\x86
2012-07-12 08:55 . 2012-08-05 14:02 -------- d-----w- c:\program files\OApps
2012-07-12 08:55 . 2012-08-03 08:09 -------- d-----w- c:\program files\TorrentSearch
2012-07-12 08:54 . 2012-07-12 08:54 -------- d-----w- c:\users\sheila\Xoliul Shader
2012-07-12 08:54 . 2012-08-06 11:21 -------- d-----w- c:\program files\intellidownload
2012-07-10 17:37 . 2012-07-10 17:37 184886 ----a-w- C:\torrent.exe
2012-07-10 13:04 . 2012-07-10 13:04 -------- d-----w- c:\users\sheila\AppData\Local\Aeria Games
2012-07-10 13:03 . 2012-07-10 13:03 -------- d-----w- c:\programdata\Aeria Games
2012-07-10 12:49 . 2012-07-25 18:26 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-07-10 12:49 . 2012-08-03 08:09 -------- d-----w- c:\program files\Aeria Games
2012-07-10 08:46 . 2012-08-03 08:09 -------- d-----w- C:\New Folder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 07:20 . 2012-06-27 03:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 07:20 . 2012-06-27 03:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 23:59 . 2012-06-19 23:59 18944 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2012-05-31 16:25 . 2010-04-02 13:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-18 00:39 . 2012-05-18 00:39 16304 ------w- c:\windows\system32\apl003.sys
2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\sheila\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
"AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360]
"MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-04-05 30096]
"Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816]
"PC Pitstop PC Matic Reminder"="c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe" [2012-05-16 325320]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2011-07-04 11:43 3493720 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-11-17 11:29 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-06-03 19:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnamon]
2008-03-17 21:29 16624 ----a-w- c:\program files\Dell V105\dldnamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnmon.exe]
2008-03-17 21:29 668912 ----a-w- c:\program files\Dell V105\dldnmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-03-31 15:13 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-06-16 02:13 116648 ----atw- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 17:57 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 17:57 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 17:57 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
2009-06-19 16:25 4825976 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2012-05-15 14:06 325448 ----a-w- c:\users\sheila\AppData\Roaming\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-10-07 02:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2010-03-31 15:05 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R0 45083044;45083044;c:\windows\system32\drivers\07025176.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:20]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000Core.job
- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000UA.job
- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13]
.
2012-07-16 c:\windows\Tasks\Norton Security Scan for sheila.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-16 04:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/
mStart Page = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=
FF - user.js: browser.search.defaultEngine - yahoo
FF - user.js: browser.search.defaultenginename - yahoo
FF - user.js: browser.search.selectedEngine - Yahoo
FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=
FF - user.js: browser.search.param.yahoo-fr - chrf-protectff
FF - user.js: extensions.autoDisableScopes - 14
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-07 08:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,
99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56,
ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d2,77,
68,82,e9,5d,3d,9d,e9,17,af,ad,b0,e5,ab
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d1,03,ad,e3,bd,33,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2676)
c:\windows\system32\ACTXPRXY.DLL
c:\program files\MyFunCards_5m\bar\1.bin\5mbrstub.dll
c:\program files\Norton Security Suite\Engine\5.2.2.3\ccIPC.dll
c:\program files\Norton Security Suite\Engine\5.2.2.3\ccGEvt.dll
c:\windows\system32\mssprxy.dll
.
Completion time: 2012-08-07 08:39:42
ComboFix-quarantined-files.txt 2012-08-07 12:39
ComboFix2.txt 2012-08-07 00:03
ComboFix3.txt 2012-08-06 12:30
.
Pre-Run: 182,438,207,488 bytes free
Post-Run: 182,392,610,816 bytes free
.
- - End Of File - - B8B179B65D4A03FC56CC13D3F75C7421

[Maniac]

Good, now is much better.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

[alazuria]

This was the only log I found

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

[Maniac]

How are things now?

[alazuria]

Everything is running smoothly. Shut downs, log ins, rebooting the laptop is so much easier and works much faster. It's almost as if the laptop is brand new.

Is there anything else I need to do?

[Maniac]

Yes, please. Final steps:

Please uninstall ComboFix:
www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, uninstall ESET Online Scanner and then manually delete DDS and TDSSKiller.

Some malware prevention tips:
http://forums.malwar...howtopic=104379


Safe surfing!