Jump to content
alazuria

Infected with Zeroaccess!inf trojan

Recommended Posts

Norton Securit Suite alerted me to the Zeroaccess!inf trojan that it was trying to block, but failed. Since then, I've been hit with other rootkits, trojans, malware, spyware, trackware, etc.

I can't boot up my computer normally, so I am stuck in Safe Mode with Networking. The attach file option is disabled for me, so I'll have to paste them. Sorry.

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by sheila at 0:54:37 on 2012-08-05

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.2543 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Windows\explorer.exe

"C:\Windows\System32\svchost.exe" -k LocalServiceDns

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/

uWindow Title = Windows Internet Explorer provided by Comcast

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local;<local>

uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll

uURLSearchHooks: H - No File

uURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll

mURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll

mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: Messenger Plus! Community SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll

BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: Messenger Plus! Community Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll

TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [Akamai NetSession Interface] "c:\users\sheila\appdata\local\akamai\netsession_win.exe"

uRun: [Google Update] "c:\users\sheila\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"

mRun: [AirMac Base Station Agent] "c:\program files\airmac\APAgent.exe"

mRun: [MyFunCards_5m Browser Plugin Loader] c:\progra~1\myfunc~2\bar\1.bin\5mbrmon.exe

mRun: [<NO NAME>]

mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"

mRun: [Aeria Ignite] "c:\program files\aeria games\ignite\aeriaignite.exe" silent

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [info Center] c:\program files\pcpitstop\info center\InfoCenter.exe

mRun: [PC Pitstop PC Matic Reminder] c:\program files\pcpitstop\pc matic\Reminder-PCMatic.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\sheila\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4AA34806-31D2-46B3-BB14-BF33709D5CA6} : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\sheila\appdata\roaming\mozilla\firefox\profiles\iyyvcftz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bd45d6b46-cdab-4304-9d2e-f564c2d1295c%7D&mid=49203be05ad843ac95931df41e95a489-1a71e38da43c7be14eed47335abb07994792215d&ds=AVG&v=12.1.0.21〈=en&pr=fr&d=2012-08-04%2000%3A10%3A39&sap=ku&q=

FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll

FF - plugin: c:\progra~1\meadco~1\npmeadax.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.1.5\npsitesafety.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\users\sheila\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\users\sheila\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\users\sheila\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll

.

---- FIREFOX POLICIES ----

.

FF - user.js: browser.search.defaultEngine - yahoo

FF - user.js: browser.search.defaultenginename - yahoo

FF - user.js: browser.search.selectedEngine - Yahoo

FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=

FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=

FF - user.js: browser.search.param.yahoo-fr - chrf-protectff

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c

FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38:01

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.funmoods.hmpg - false

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341

FF - user.js: extensions.funmoods.dfltSrch - false

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - false

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341

FF - user.js: extensions.funmoods.tlbrSrchUrl -

FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c

FF - user.js: extensions.funmoods.instlDay - 15486

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - axl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - axl

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c

FF - user.js: extensions.incredibar_i.instlDay - 15507

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05:08

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6

FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10665

FF - user.js: extensions.incredibar_i.ppd -

.

FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf

FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube

.

FF - user.js: extensions.autoDisableScopes - 14

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-4 27496]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 441176]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-23 309848]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]

S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]

S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120803.002\IDSvix86.sys [2012-8-3 382624]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-16 331384]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2011-9-6 81920]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-23 19544]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-23 54104]

S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-23 42184]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 dldn_device;dldn_device;c:\windows\system32\dldncoms.exe -service --> c:\windows\system32\dldncoms.exe -service [?]

S2 dldnCATSCustConnectService;dldnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldnserv.exe [2008-3-4 99568]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-3-31 21504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-4 655944]

S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-9-6 135608]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.12.27\ccSvcHst.exe [2011-9-6 126392]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]

S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-7-11 763840]

S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\common files\avg secure search\vtoolbarupdater\12.1.5\ToolbarUpdater.exe [2012-8-4 830048]

S2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\extensionupdaterservice.exe --> c:\program files\web assistant\ExtensionUpdaterService.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-26 250056]

S3 apf001;apf001;c:\windows\system32\apf001.sys [2012-1-20 10872]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-16 482176]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-3 106656]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-4 22344]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-5 40776]

S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-4-2 133632]

S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-4-2 280096]

S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]

S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-8-4 77312]

S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2010-4-9 55056]

S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2010-4-9 160912]

S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2010-4-9 160912]

S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2010-4-9 13456]

S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2010-4-9 118800]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-23 785304]

S4 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-16 1668344]

S4 MyFunCards_5mService;MyFunCardsService;c:\progra~1\myfunc~2\bar\1.bin\5mbarsvc.exe [2012-4-4 42528]

.

=============== Created Last 30 ================

.

2012-08-05 04:33:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-05 00:27:41 -------- d-----w- c:\program files\PCPitstop

2012-08-05 00:11:33 -------- d-----w- c:\programdata\Sophos

2012-08-05 00:10:23 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe

2012-08-05 00:09:58 -------- d-----w- c:\program files\Sophos

2012-08-04 23:47:47 -------- d-----w- c:\users\sheila\appdata\roaming\Malwarebytes

2012-08-04 23:47:40 -------- d-----w- c:\programdata\Malwarebytes

2012-08-04 23:47:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-04 23:47:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-04 12:03:14 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconF7A21AF7.exe

2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconD7F16134.exe

2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconCF33A0CE.exe

2012-08-04 08:57:26 -------- d-----w- C:\sh4ldr

2012-08-04 08:57:26 -------- d-----w- c:\program files\Enigma Software Group

2012-08-04 08:56:54 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP

2012-08-04 08:51:09 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2012-08-04 08:51:09 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2012-08-04 08:51:09 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2012-08-04 08:51:09 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll

2012-08-04 08:51:09 118240 ----a-w- c:\program files\mozilla firefox\crashreporter.exe

2012-08-04 08:51:08 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2012-08-04 05:28:02 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-08-04 05:28:02 278528 ----a-w- c:\windows\system32\schannel.dll

2012-08-04 05:28:02 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-08-04 04:32:03 -------- d-----w- c:\users\sheila\appdata\roaming\AVG2012

2012-08-04 04:10:30 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-08-04 04:09:29 -------- d-----w- c:\program files\AVG Secure Search

2012-08-04 04:04:37 -------- d-----w- c:\windows\system32\drivers\AVG

2012-08-04 03:41:43 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-08-04 03:40:33 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{39b4c142-238b-4852-bcd4-4593264c2630}\mpengine.dll

2012-08-04 03:40:33 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-08-04 03:40:33 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-04 02:36:49 -------- d-----w- c:\programdata\DriverGenius

2012-08-04 02:36:14 -------- d-----w- c:\program files\Driver-Soft

2012-08-03 08:22:11 -------- d-----w- c:\windows\system32\wbem\repository

2012-08-03 08:20:33 -------- d-----w- c:\windows\Registration

2012-08-03 06:43:36 -------- d-----w- c:\users\sheila\appdata\roaming\iolo

2012-08-03 06:43:36 -------- d-----w- c:\programdata\iolo

2012-08-03 06:29:10 -------- d-----w- c:\users\sheila\appdata\roaming\Qwiklinx

2012-08-03 06:29:10 -------- d-----w- c:\program files\Qwiklinx

2012-08-03 06:28:15 -------- d-----w- c:\program files\Shop to Win 36

2012-08-03 06:28:14 -------- d-----w- c:\program files\BabylonToolbar

2012-08-03 06:28:04 -------- d-----w- c:\users\sheila\appdata\local\Wajam

2012-08-03 06:27:54 -------- d-----w- c:\users\sheila\appdata\roaming\RadarSync

2012-08-03 06:27:54 -------- d-----w- c:\program files\Wajam

2012-08-03 06:19:46 -------- d-----w- c:\program files\Driver Checker

2012-08-03 05:03:44 -------- d-----w- c:\users\sheila\appdata\local\ElevatedDiagnostics

2012-08-03 04:53:29 -------- d-----w- c:\programdata\RegAce

2012-08-03 04:53:16 -------- d-----w- c:\users\sheila\appdata\local\APN

2012-08-03 04:41:55 -------- d-----w- c:\program files\Fix RegCleaner

2012-08-01 22:48:29 -------- d-----w- c:\windows\system32\%APPDATA%

2012-07-31 21:54:39 -------- d-----w- c:\users\sheila\appdata\local\AVG Secure Search

2012-07-31 21:54:23 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-31 21:54:10 -------- d-----w- c:\program files\common files\AVG Secure Search

2012-07-31 21:53:24 -------- d--h--w- C:\$AVG

2012-07-31 21:53:23 -------- d-----w- c:\programdata\AVG2012

2012-07-31 21:52:51 -------- d-----w- c:\program files\AVG

2012-07-31 21:50:58 -------- d-----w- c:\programdata\MFAData

2012-07-31 20:44:51 -------- d-----w- c:\program files\Promosoft Corporation

2012-07-31 20:36:05 -------- d-----w- c:\users\sheila\appdata\roaming\YourFileDownloader

2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\SpeedyPC Software

2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\DriverCure

2012-07-31 20:20:42 -------- d-----w- c:\program files\common files\SpeedyPC Software

2012-07-31 20:20:41 -------- d-----w- c:\programdata\SpeedyPC Software

2012-07-31 20:20:41 -------- d-----w- c:\program files\SpeedyPC Software

2012-07-31 09:51:40 -------- d-----w- c:\users\sheila\appdata\roaming\IObit

2012-07-31 09:44:28 -------- d-----w- c:\users\sheila\appdata\local\Promosoft Corporation

2012-07-16 19:51:23 331384 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys

2012-07-16 19:51:23 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys

2012-07-16 19:51:22 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys

2012-07-16 19:51:22 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys

2012-07-16 19:51:22 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys

2012-07-16 19:51:22 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys

2012-07-16 19:51:21 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys

2012-07-16 19:50:31 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003

2012-07-13 11:00:08 192592 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-07-13 11:00:08 114144 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2012-07-13 11:00:07 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2012-07-13 11:00:07 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2012-07-12 08:57:30 -------- d-----w- c:\program files\x86

2012-07-12 08:55:18 -------- d-----w- c:\program files\OApps

2012-07-12 08:55:15 -------- d-----w- c:\program files\TorrentSearch

2012-07-12 08:54:49 -------- d-----w- c:\users\sheila\Xoliul Shader

2012-07-12 08:54:00 -------- d-----w- c:\program files\intellidownload

2012-07-10 17:37:14 184886 ----a-w- C:\torrent.exe

2012-07-10 13:04:40 -------- d-----w- c:\users\sheila\appdata\local\Aeria Games

2012-07-10 13:03:31 -------- d-----w- c:\programdata\Aeria Games

2012-07-10 12:49:28 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2012-07-10 12:49:22 -------- d-----w- c:\program files\Aeria Games

2012-07-10 08:46:47 -------- d-----w- C:\New Folder

.

==================== Find3M ====================

.

2012-08-04 07:20:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-04 07:20:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-18 00:39:20 16304 ------w- c:\windows\system32\apl003.sys

.

============= FINISH: 0:57:53.47 ===============

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0005

Manufacturer: Microsoft

Name: 6TO4 Adapter

PNP Device ID: ROOT\*6TO4MP\0005

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0006

Manufacturer: Microsoft

Name: 6TO4 Adapter

PNP Device ID: ROOT\*6TO4MP\0006

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description:

Device ID: ROOT\*6TO4MP\0009

Manufacturer:

Name:

PNP Device ID: ROOT\*6TO4MP\0009

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0019

Manufacturer: Microsoft

Name: isatap.{4AA34806-31D2-46B3-BB14-BF33709D5CA6}

PNP Device ID: ROOT\*ISATAP\0019

Service: tunnel

.

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}

Description: Consumer IR Devices

Device ID: ROOT\SYSTEM\0001

Manufacturer: Microsoft

Name: Consumer IR Devices

PNP Device ID: ROOT\SYSTEM\0001

Service: circlass

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

ABBYY FineReader 6.0 Sprint

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Shockwave Player 11.6

Advanced Audio FX Engine

Aeria Ignite

AirMac

Akamai NetSession Interface

Anti-phishing Domain Advisor

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AuthenTec Fingerprint Software

avast! Free Antivirus

AVerMedia HC82 Express-Card Hybrid Analog

AVerMedia MCE Encoder 3.2.1.62

AVG 2012

Bonjour

Broadcom Gigabit NetLink Controller

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Comcast High-Speed Internet Install Wizard

CyberLink DVD Suite

Dell 5530 Wireless Broadband Package

Dell Driver Download Manager

Dell Support Center (Support Software)

Dell V105

Dell Video Chat

Dell Webcam Central

Dell Wireless WLAN Card Utility

Desktop Doctor

Digsby

Ditto 3.17.0.17

Driver Genius Professional Edition

DriverBoost

EdenEternal

eReg

Foxit Reader 5.1

fTalk

Funmoods Web Search

Game Booster 3

GIMP 2.6.11

Google Chrome

Google SketchUp 8

Google Update Helper

Grand Fantasia

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

IDT Audio

Integrated Webcam Driver (1.06.03.0309)

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

IObit Toolbar v5.6

iPhone Configuration Utility

ITECIR Driver

Java Auto Updater

Java 6 Update 31

JISHOP 6.1

Live! Cam Avatar Creator

Logitech SetPoint 6.30

Macromedia Fireworks MX 2004

Malwarebytes Anti-Malware version 1.62.0.1300

Messenger Plus! 5

Messenger Plus! Community Smartbar

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft UI Engine

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MobileMe Control Panel

Mozilla Firefox 15.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Essentials

neroxml

Norton PC Checkup

Norton Security Scan

Norton Security Suite

NVIDIA PhysX

Paint.NET v3.5.10

Pando Media Booster

PANTECH PC USB Modem Software

PC Matic 1.1.0.48

PC Pitstop Exterminate2 2.0

PC Pitstop Info Center 1.0.0.13

Process Tamer 2.11.01

QuickTime

RICOH Media Driver ver.2.07.01.04

RICOH R5U8xx Media Driver ver.3.62.02

SeaTools for Windows

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Skype Click to Call

Skype™ 5.10

Smilebox

Sophos Virus Removal Tool

SpyHunter

SUPERAntiSpyware Free Edition

swMSM

System Requirements Lab for Intel

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VideoFileDownload

Web Assistant 2.0.0.460

Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)

Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (12/18/2007 5.0.0004.6)

Windows Live Mesh ActiveX Control for Remote Connections

WinRAR 4.00 (32-bit)

Wizard101

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

Yontoo 1.10.02

.

==== Event Viewer Messages From Past Week ========

.

8/5/2012 12:32:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}

8/5/2012 12:31:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/5/2012 12:31:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:

8/5/2012 12:31:05 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/5/2012 12:31:05 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/5/2012 12:31:05 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/5/2012 12:30:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

8/5/2012 12:30:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/5/2012 12:30:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/5/2012 12:29:53 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21

8/5/2012 12:29:05 AM, Error: EventLog [6008] - The previous system shutdown at 12:27:10 AM on 8/5/2012 was unexpected.

8/5/2012 12:16:48 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/5/2012 12:16:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldnCATSCustConnectService service to connect.

8/5/2012 12:16:48 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/5/2012 12:16:48 AM, Error: Service Control Manager [7000] - The dldnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/4/2012 9:14:49 AM, Error: EventLog [6008] - The previous system shutdown at 9:12:37 AM on 8/4/2012 was unexpected.

8/4/2012 9:09:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6

8/4/2012 9:07:37 AM, Error: EventLog [6008] - The previous system shutdown at 9:04:13 AM on 8/4/2012 was unexpected.

8/4/2012 8:27:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/4/2012 5:06:52 AM, Error: EventLog [6008] - The previous system shutdown at 5:05:10 AM on 8/4/2012 was unexpected.

8/4/2012 5:01:09 AM, Error: EventLog [6008] - The previous system shutdown at 4:59:15 AM on 8/4/2012 was unexpected.

8/4/2012 4:45:14 AM, Error: EventLog [6008] - The previous system shutdown at 4:42:50 AM on 8/4/2012 was unexpected.

8/4/2012 2:59:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

8/4/2012 2:54:18 AM, Error: EventLog [6008] - The previous system shutdown at 2:52:55 AM on 8/4/2012 was unexpected.

8/4/2012 2:44:26 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

8/4/2012 2:43:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

8/4/2012 2:43:16 AM, Error: Service Control Manager [7023] -

8/4/2012 2:38:43 AM, Error: EventLog [6008] - The previous system shutdown at 2:35:32 AM on 8/4/2012 was unexpected.

8/4/2012 2:30:32 AM, Error: EventLog [6008] - The previous system shutdown at 2:24:16 AM on 8/4/2012 was unexpected.

8/4/2012 2:04:51 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2656409).

8/4/2012 2:04:39 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2656409 (Security Update) into Staging(Staging) state

8/4/2012 2:04:39 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2656409 (Security Update) into Resolved(Resolved) state

8/4/2012 10:01:48 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

8/4/2012 10:01:48 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

8/4/2012 10:01:48 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

8/4/2012 10:01:48 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

8/3/2012 9:38:26 AM, Error: EventLog [6008] - The previous system shutdown at 9:35:42 AM on 8/3/2012 was unexpected.

8/3/2012 9:33:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

8/3/2012 9:33:08 AM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/3/2012 9:28:41 AM, Error: EventLog [6008] - The previous system shutdown at 9:26:27 AM on 8/3/2012 was unexpected.

8/3/2012 9:01:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6

8/3/2012 8:59:30 PM, Error: EventLog [6008] - The previous system shutdown at 8:57:28 PM on 8/3/2012 was unexpected.

8/3/2012 6:52:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}

8/3/2012 6:52:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

8/3/2012 6:34:05 AM, Error: EventLog [6008] - The previous system shutdown at 6:32:06 AM on 8/3/2012 was unexpected.

8/3/2012 6:30:06 AM, Error: EventLog [6008] - The previous system shutdown at 6:26:46 AM on 8/3/2012 was unexpected.

8/3/2012 5:56:54 AM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed

8/3/2012 5:07:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

8/3/2012 3:32:52 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0021707F1DF2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

8/3/2012 3:20:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86

8/3/2012 3:16:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 3:15:44 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi BHDrvx86 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr SRTSPX SymIRON SYMTDIv tdx Wanarpv6

8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/3/2012 3:15:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/3/2012 3:15:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/3/2012 2:09:52 AM, Error: EventLog [6008] - The previous system shutdown at 2:07:20 AM on 8/3/2012 was unexpected.

8/3/2012 2:04:13 AM, Error: EventLog [6008] - The previous system shutdown at 2:02:02 AM on 8/3/2012 was unexpected.

8/3/2012 2:01:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

8/3/2012 2:00:53 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0021707F1DF2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state

8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state

8/3/2012 11:43:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

8/3/2012 11:43:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

8/3/2012 11:43:53 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state

8/3/2012 11:34:32 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

8/3/2012 11:30:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

8/3/2012 1:57:20 AM, Error: Service Control Manager [7022] - The Windows Audio service hung on starting.

8/3/2012 1:57:20 AM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.

8/2/2012 5:51:49 PM, Error: EventLog [6008] - The previous system shutdown at 5:49:52 PM on 8/2/2012 was unexpected.

7/31/2012 5:51:52 AM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

7/31/2012 5:29:01 AM, Error: EventLog [6008] - The previous system shutdown at 5:27:33 AM on 7/31/2012 was unexpected.

7/31/2012 5:24:47 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0021707F1DF2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

7/31/2012 5:24:32 AM, Error: EventLog [6008] - The previous system shutdown at 5:21:04 AM on 7/31/2012 was unexpected.

7/31/2012 5:19:09 PM, Error: EventLog [6008] - The previous system shutdown at 5:14:20 PM on 7/31/2012 was unexpected.

7/31/2012 5:14:04 AM, Error: EventLog [6008] - The previous system shutdown at 5:11:19 AM on 7/31/2012 was unexpected.

7/31/2012 5:12:40 PM, Error: EventLog [6008] - The previous system shutdown at 5:08:04 PM on 7/31/2012 was unexpected.

7/31/2012 4:07:56 PM, Error: EventLog [6008] - The previous system shutdown at 4:06:15 PM on 7/31/2012 was unexpected.

7/31/2012 3:35:31 PM, Error: EventLog [6008] - The previous system shutdown at 3:32:48 PM on 7/31/2012 was unexpected.

7/31/2012 3:33:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

7/31/2012 3:33:30 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/30/2012 6:22:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

7/30/2012 6:22:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.

7/30/2012 5:01:05 PM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).

7/30/2012 4:59:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton PC Checkup Application Launcher service to connect.

7/30/2012 4:59:54 PM, Error: Service Control Manager [7000] - The Norton PC Checkup Application Launcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/30/2012 4:51:07 PM, Error: EventLog [6008] - The previous system shutdown at 4:48:55 PM on 7/30/2012 was unexpected.

45083044 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6

45083044 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6

45083044 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6

45083044 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6

45083044

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello alazuria and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Share this post


Link to post
Share on other sites

Ran the TDSSKiller

The post was too large, so I tried splitting it. Hope that's ok

07:10:35.0826 4632 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

07:10:36.0216 4632 ============================================================

07:10:36.0216 4632 Current date / time: 2012/08/05 07:10:36.0216

07:10:36.0216 4632 SystemInfo:

07:10:36.0216 4632

07:10:36.0216 4632 OS Version: 6.0.6002 ServicePack: 2.0

07:10:36.0216 4632 Product type: Workstation

07:10:36.0216 4632 ComputerName: SHEILA-PC

07:10:36.0216 4632 UserName: sheila

07:10:36.0216 4632 Windows directory: C:\Windows

07:10:36.0216 4632 System windows directory: C:\Windows

07:10:36.0216 4632 Processor architecture: Intel x86

07:10:36.0216 4632 Number of processors: 2

07:10:36.0216 4632 Page size: 0x1000

07:10:36.0216 4632 Boot type: Safe boot with network

07:10:36.0216 4632 ============================================================

07:10:37.0667 4632 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

07:10:37.0667 4632 ============================================================

07:10:37.0667 4632 \Device\Harddisk0\DR0:

07:10:37.0667 4632 MBR partitions:

07:10:37.0667 4632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800

07:10:37.0667 4632 ============================================================

07:10:37.0698 4632 C: <-> \Device\Harddisk0\DR0\Partition0

07:10:37.0698 4632 ============================================================

07:10:37.0698 4632 Initialize success

07:10:37.0698 4632 ============================================================

07:10:40.0335 6804 ============================================================

07:10:40.0335 6804 Scan started

07:10:40.0335 6804 Mode: Manual;

07:10:40.0335 6804 ============================================================

07:10:45.0420 6804 45083044 - ok

07:10:45.0514 6804 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

07:10:45.0514 6804 ACPI - ok

07:10:45.0576 6804 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

07:10:45.0592 6804 AdobeFlashPlayerUpdateSvc - ok

07:10:45.0654 6804 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

07:10:45.0670 6804 adp94xx - ok

07:10:45.0701 6804 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

07:10:45.0701 6804 adpahci - ok

07:10:45.0717 6804 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

07:10:45.0717 6804 adpu160m - ok

07:10:45.0748 6804 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

07:10:45.0748 6804 adpu320 - ok

07:10:45.0779 6804 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

07:10:45.0795 6804 AeLookupSvc - ok

07:10:45.0888 6804 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

07:10:45.0888 6804 AESTFilters - ok

07:10:45.0951 6804 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

07:10:45.0982 6804 AFD - ok

07:10:46.0013 6804 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

07:10:46.0013 6804 agp440 - ok

07:10:46.0044 6804 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

07:10:46.0044 6804 aic78xx - ok

07:10:46.0076 6804 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

07:10:46.0076 6804 ALG - ok

07:10:46.0107 6804 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

07:10:46.0107 6804 aliide - ok

07:10:46.0122 6804 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

07:10:46.0138 6804 amdagp - ok

07:10:46.0154 6804 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

07:10:46.0154 6804 amdide - ok

07:10:46.0185 6804 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

07:10:46.0185 6804 AmdK7 - ok

07:10:46.0216 6804 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

07:10:46.0216 6804 AmdK8 - ok

07:10:46.0247 6804 apf001 (7b4beb577c5d0171f9b66f390ec29284) C:\Windows\system32\apf001.sys

07:10:46.0247 6804 apf001 - ok

07:10:46.0247 6804 apf003 - ok

07:10:46.0278 6804 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

07:10:46.0278 6804 Appinfo - ok

07:10:46.0388 6804 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

07:10:46.0388 6804 Apple Mobile Device - ok

07:10:46.0450 6804 Application Updater (f4c5530d92fa7f9a41c19edfc4c51bd4) C:\Program Files\Application Updater\ApplicationUpdater.exe

07:10:46.0481 6804 Application Updater - ok

07:10:46.0512 6804 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

07:10:46.0512 6804 arc - ok

07:10:46.0544 6804 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

07:10:46.0544 6804 arcsas - ok

07:10:46.0700 6804 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

07:10:46.0731 6804 aspnet_state - ok

07:10:46.0746 6804 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys

07:10:46.0746 6804 aswFsBlk - ok

07:10:46.0762 6804 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys

07:10:46.0762 6804 aswMonFlt - ok

07:10:46.0793 6804 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys

07:10:46.0793 6804 aswRdr - ok

07:10:46.0871 6804 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys

07:10:46.0887 6804 aswSnx - ok

07:10:46.0965 6804 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys

07:10:46.0965 6804 aswSP - ok

07:10:47.0012 6804 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys

07:10:47.0012 6804 aswTdi - ok

07:10:47.0027 6804 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

07:10:47.0027 6804 AsyncMac - ok

07:10:47.0058 6804 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

07:10:47.0058 6804 atapi - ok

07:10:47.0090 6804 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys

07:10:47.0105 6804 atksgt - ok

07:10:47.0230 6804 ATService (f0da6cc98afbf6f4f65dbcadbd91bc7c) C:\Program Files\Fingerprint Sensor\AtService.exe

07:10:47.0277 6804 ATService - ok

07:10:47.0417 6804 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\Windows\system32\Drivers\ATSwpWDF.sys

07:10:47.0417 6804 ATSwpWDF - ok

07:10:47.0464 6804 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

07:10:47.0464 6804 AudioEndpointBuilder - ok

07:10:47.0480 6804 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

07:10:47.0480 6804 Audiosrv - ok

07:10:47.0558 6804 avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

07:10:47.0558 6804 avast! Antivirus - ok

07:10:47.0979 6804 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe

07:10:48.0197 6804 AVGIDSAgent - ok

07:10:48.0338 6804 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys

07:10:48.0338 6804 AVGIDSDriver - ok

07:10:48.0369 6804 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys

07:10:48.0369 6804 AVGIDSFilter - ok

07:10:48.0416 6804 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys

07:10:48.0416 6804 AVGIDSHX - ok

07:10:48.0447 6804 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys

07:10:48.0447 6804 AVGIDSShim - ok

07:10:48.0494 6804 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys

07:10:48.0509 6804 Avgldx86 - ok

07:10:48.0525 6804 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys

07:10:48.0525 6804 Avgmfx86 - ok

07:10:48.0572 6804 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys

07:10:48.0572 6804 Avgrkx86 - ok

07:10:48.0603 6804 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys

07:10:48.0603 6804 Avgtdix - ok

07:10:48.0634 6804 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\Windows\system32\drivers\avgtpx86.sys

07:10:48.0634 6804 avgtp - ok

07:10:48.0821 6804 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

07:10:48.0837 6804 avgwd - ok

07:10:48.0852 6804 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys

07:10:48.0852 6804 BCM42RLY - ok

07:10:48.0946 6804 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys

07:10:48.0977 6804 BCM43XX - ok

07:10:49.0133 6804 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

07:10:49.0133 6804 Beep - ok

07:10:49.0196 6804 Bfel2t0sui (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

07:10:49.0196 6804 Bfel2t0sui - ok

07:10:49.0508 6804 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys

07:10:49.0539 6804 BHDrvx86 - ok

07:10:49.0570 6804 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

07:10:49.0570 6804 blbdrive - ok

07:10:49.0664 6804 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe

07:10:49.0679 6804 Bonjour Service - ok

07:10:49.0710 6804 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

07:10:49.0710 6804 bowser - ok

07:10:49.0726 6804 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

07:10:49.0726 6804 BrFiltLo - ok

07:10:49.0742 6804 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

07:10:49.0742 6804 BrFiltUp - ok

07:10:49.0773 6804 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

07:10:49.0773 6804 Browser - ok

07:10:49.0788 6804 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

07:10:49.0804 6804 Brserid - ok

07:10:49.0820 6804 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

07:10:49.0820 6804 BrSerWdm - ok

07:10:49.0835 6804 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

07:10:49.0835 6804 BrUsbMdm - ok

07:10:49.0835 6804 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

07:10:49.0851 6804 BrUsbSer - ok

07:10:49.0851 6804 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

07:10:49.0851 6804 BTHMODEM - ok

07:10:49.0866 6804 BVRPMPR5 - ok

07:10:49.0898 6804 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

07:10:49.0898 6804 cdfs - ok

07:10:49.0929 6804 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

07:10:49.0929 6804 cdrom - ok

07:10:49.0944 6804 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

07:10:49.0944 6804 CertPropSvc - ok

07:10:49.0976 6804 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

07:10:49.0976 6804 circlass - ok

07:10:50.0022 6804 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

07:10:50.0038 6804 CLFS - ok

07:10:50.0132 6804 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:10:50.0132 6804 clr_optimization_v2.0.50727_32 - ok

07:10:50.0225 6804 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

07:10:50.0241 6804 clr_optimization_v4.0.30319_32 - ok

07:10:50.0272 6804 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

07:10:50.0272 6804 CmBatt - ok

07:10:50.0303 6804 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

07:10:50.0303 6804 cmdide - ok

07:10:50.0303 6804 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

07:10:50.0319 6804 Compbatt - ok

07:10:50.0334 6804 COMSysApp - ok

07:10:50.0428 6804 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

07:10:50.0428 6804 crcdisk - ok

07:10:50.0444 6804 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

07:10:50.0444 6804 Crusoe - ok

07:10:50.0475 6804 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

07:10:50.0475 6804 CryptSvc - ok

07:10:50.0537 6804 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

07:10:50.0553 6804 DcomLaunch - ok

07:10:50.0568 6804 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

07:10:50.0584 6804 DfsC - ok

07:10:50.0693 6804 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

07:10:50.0756 6804 DFSR - ok

07:10:50.0880 6804 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

07:10:50.0880 6804 Dhcp - ok

07:10:50.0912 6804 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

07:10:50.0912 6804 disk - ok

07:10:50.0974 6804 dldnCATSCustConnectService (c7f6a4f1f95d22abc6ea9173b2bca545) C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldnserv.exe

07:10:50.0990 6804 dldnCATSCustConnectService - ok

07:10:50.0990 6804 dldn_device - ok

07:10:51.0036 6804 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

07:10:51.0036 6804 Dnscache - ok

07:10:51.0083 6804 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

07:10:51.0083 6804 dot3svc - ok

07:10:51.0114 6804 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

07:10:51.0114 6804 DPS - ok

07:10:51.0146 6804 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

07:10:51.0146 6804 drmkaud - ok

07:10:51.0208 6804 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

07:10:51.0224 6804 DXGKrnl - ok

07:10:51.0255 6804 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

07:10:51.0270 6804 E1G60 - ok

07:10:51.0286 6804 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

07:10:51.0286 6804 EapHost - ok

07:10:51.0333 6804 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

07:10:51.0333 6804 Ecache - ok

07:10:51.0442 6804 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

07:10:51.0473 6804 eeCtrl - ok

07:10:51.0504 6804 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

07:10:51.0520 6804 ehRecvr - ok

07:10:51.0551 6804 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

07:10:51.0551 6804 ehSched - ok

07:10:51.0567 6804 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

07:10:51.0567 6804 ehstart - ok

07:10:51.0614 6804 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

07:10:51.0629 6804 elxstor - ok

07:10:51.0676 6804 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

07:10:51.0707 6804 EMDMgmt - ok

07:10:51.0816 6804 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

07:10:51.0816 6804 EraserUtilRebootDrv - ok

07:10:51.0848 6804 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

07:10:51.0848 6804 ErrDev - ok

07:10:51.0926 6804 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

07:10:51.0941 6804 EventSystem - ok

07:10:52.0004 6804 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

07:10:52.0004 6804 exfat - ok

07:10:52.0050 6804 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

07:10:52.0050 6804 fastfat - ok

07:10:52.0082 6804 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

07:10:52.0082 6804 fdc - ok

07:10:52.0113 6804 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

07:10:52.0113 6804 fdPHost - ok

07:10:52.0144 6804 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

07:10:52.0144 6804 FDResPub - ok

07:10:52.0175 6804 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

07:10:52.0175 6804 FileInfo - ok

07:10:52.0206 6804 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

07:10:52.0206 6804 Filetrace - ok

07:10:52.0222 6804 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

07:10:52.0222 6804 flpydisk - ok

07:10:52.0269 6804 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

07:10:52.0269 6804 FltMgr - ok

07:10:52.0331 6804 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

07:10:52.0378 6804 FontCache - ok

07:10:52.0472 6804 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

07:10:52.0472 6804 FontCache3.0.0.0 - ok

07:10:52.0518 6804 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

07:10:52.0518 6804 Fs_Rec - ok

07:10:52.0550 6804 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

07:10:52.0550 6804 gagp30kx - ok

07:10:52.0565 6804 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

07:10:52.0565 6804 GEARAspiWDM - ok

07:10:52.0628 6804 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

07:10:52.0643 6804 gpsvc - ok

07:10:52.0752 6804 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

07:10:52.0752 6804 gupdate - ok

07:10:52.0768 6804 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

07:10:52.0768 6804 gupdatem - ok

07:10:52.0799 6804 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

07:10:52.0799 6804 HdAudAddService - ok

07:10:52.0862 6804 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

07:10:52.0862 6804 HDAudBus - ok

07:10:52.0908 6804 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

07:10:52.0908 6804 HidBth - ok

07:10:52.0940 6804 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

07:10:52.0940 6804 HidIr - ok

07:10:53.0002 6804 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

07:10:53.0002 6804 hidserv - ok

07:10:53.0033 6804 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

07:10:53.0033 6804 HidUsb - ok

07:10:53.0064 6804 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

07:10:53.0064 6804 hkmsvc - ok

07:10:53.0096 6804 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

07:10:53.0096 6804 HpCISSs - ok

07:10:53.0158 6804 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

07:10:53.0158 6804 HTTP - ok

07:10:53.0220 6804 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

07:10:53.0220 6804 i2omp - ok

07:10:53.0252 6804 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

07:10:53.0252 6804 i8042prt - ok

07:10:53.0283 6804 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

07:10:53.0298 6804 iaStorV - ok

07:10:53.0439 6804 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

07:10:53.0454 6804 idsvc - ok

07:10:53.0798 6804 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120803.002\IDSvix86.sys

07:10:53.0798 6804 IDSVix86 - ok

07:10:54.0094 6804 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys

07:10:54.0219 6804 igfx - ok

07:10:54.0344 6804 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

07:10:54.0344 6804 iirsp - ok

07:10:54.0390 6804 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

07:10:54.0406 6804 IKEEXT - ok

07:10:54.0437 6804 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys

07:10:54.0437 6804 IntcHdmiAddService - ok

07:10:54.0468 6804 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

07:10:54.0468 6804 intelide - ok

07:10:54.0500 6804 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

07:10:54.0500 6804 intelppm - ok

07:10:54.0531 6804 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

07:10:54.0531 6804 IPBusEnum - ok

07:10:54.0562 6804 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

07:10:54.0562 6804 IpFilterDriver - ok

07:10:54.0593 6804 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

07:10:54.0593 6804 IPMIDRV - ok

07:10:54.0624 6804 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

07:10:54.0624 6804 IPNAT - ok

07:10:54.0656 6804 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

07:10:54.0656 6804 IRENUM - ok

07:10:54.0687 6804 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

07:10:54.0702 6804 isapnp - ok

07:10:54.0734 6804 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

07:10:54.0734 6804 iScsiPrt - ok

07:10:54.0765 6804 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

07:10:54.0765 6804 iteatapi - ok

07:10:54.0796 6804 itecir (20425664e2e196d339ca877e0387c023) C:\Windows\system32\DRIVERS\itecir.sys

07:10:54.0796 6804 itecir - ok

07:10:54.0827 6804 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

07:10:54.0827 6804 iteraid - ok

07:10:54.0858 6804 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys

07:10:54.0858 6804 k57nd60x - ok

07:10:54.0890 6804 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

07:10:54.0890 6804 kbdclass - ok

07:10:54.0952 6804 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

07:10:54.0952 6804 kbdhid - ok

07:10:55.0014 6804 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

07:10:55.0014 6804 KeyIso - ok

07:10:55.0061 6804 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys

07:10:55.0092 6804 KSecDD - ok

07:10:55.0170 6804 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

07:10:55.0202 6804 KtmRm - ok

07:10:55.0233 6804 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

07:10:55.0233 6804 LanmanServer - ok

07:10:55.0280 6804 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

07:10:55.0280 6804 LanmanWorkstation - ok

07:10:55.0404 6804 LBTServ (9582504591a9f405f7505fefb4f64123) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

07:10:55.0420 6804 LBTServ - ok

07:10:55.0482 6804 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\Windows\system32\DRIVERS\LHidFilt.Sys

07:10:55.0482 6804 LHidFilt - ok

07:10:55.0514 6804 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys

07:10:55.0514 6804 lirsgt - ok

07:10:55.0545 6804 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

07:10:55.0545 6804 lltdio - ok

07:10:55.0576 6804 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

07:10:55.0576 6804 lltdsvc - ok

07:10:55.0607 6804 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

07:10:55.0607 6804 lmhosts - ok

07:10:55.0638 6804 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\Windows\system32\DRIVERS\LMouFilt.Sys

07:10:55.0638 6804 LMouFilt - ok

07:10:55.0670 6804 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

07:10:55.0670 6804 LSI_FC - ok

07:10:55.0685 6804 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

07:10:55.0685 6804 LSI_SAS - ok

07:10:55.0716 6804 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

07:10:55.0716 6804 LSI_SCSI - ok

07:10:55.0732 6804 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

07:10:55.0732 6804 luafv - ok

07:10:55.0779 6804 LUsbFilt (95dab70d56bbac7ddb7e6d0017d71369) C:\Windows\system32\Drivers\LUsbFilt.Sys

07:10:55.0779 6804 LUsbFilt - ok

07:10:55.0826 6804 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

07:10:55.0826 6804 Macromedia Licensing Service - ok

07:10:55.0857 6804 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys

07:10:55.0872 6804 MBAMProtector - ok

07:10:55.0982 6804 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

07:10:56.0028 6804 MBAMService - ok

07:10:56.0106 6804 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys

07:10:56.0106 6804 MBAMSwissArmy - ok

07:10:56.0138 6804 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

07:10:56.0153 6804 Mcx2Svc - ok

07:10:56.0169 6804 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

07:10:56.0169 6804 megasas - ok

07:10:56.0231 6804 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

07:10:56.0231 6804 MegaSR - ok

07:10:56.0262 6804 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

07:10:56.0262 6804 MMCSS - ok

07:10:56.0278 6804 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

07:10:56.0278 6804 Modem - ok

07:10:56.0325 6804 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

07:10:56.0325 6804 monitor - ok

07:10:56.0340 6804 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

07:10:56.0340 6804 mouclass - ok

07:10:56.0356 6804 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

07:10:56.0356 6804 mouhid - ok

07:10:56.0387 6804 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

07:10:56.0387 6804 MountMgr - ok

07:10:56.0434 6804 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

07:10:56.0450 6804 mpio - ok

07:10:56.0481 6804 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

07:10:56.0481 6804 mpsdrv - ok

07:10:56.0559 6804 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

07:10:56.0559 6804 Mraid35x - ok

07:10:56.0606 6804 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

07:10:56.0606 6804 MRxDAV - ok

07:10:56.0621 6804 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

07:10:56.0621 6804 mrxsmb - ok

07:10:56.0668 6804 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

07:10:56.0684 6804 mrxsmb10 - ok

07:10:56.0715 6804 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

07:10:56.0715 6804 mrxsmb20 - ok

07:10:56.0762 6804 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

07:10:56.0762 6804 msahci - ok

07:10:56.0808 6804 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

07:10:56.0808 6804 msdsm - ok

07:10:56.0855 6804 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

07:10:56.0855 6804 MSDTC - ok

07:10:56.0918 6804 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

07:10:56.0918 6804 Msfs - ok

07:10:56.0949 6804 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

07:10:56.0949 6804 msisadrv - ok

07:10:56.0996 6804 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

07:10:57.0011 6804 MSiSCSI - ok

07:10:57.0027 6804 msiserver - ok

07:10:57.0074 6804 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

07:10:57.0074 6804 MSKSSRV - ok

07:10:57.0105 6804 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

07:10:57.0105 6804 MSPCLOCK - ok

07:10:57.0120 6804 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

07:10:57.0120 6804 MSPQM - ok

07:10:57.0167 6804 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

07:10:57.0183 6804 MsRPC - ok

07:10:57.0230 6804 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

07:10:57.0230 6804 mssmbios - ok

07:10:57.0245 6804 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

07:10:57.0245 6804 MSTEE - ok

07:10:57.0261 6804 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

07:10:57.0261 6804 Mup - ok

07:10:57.0354 6804 MyFunCards_5mService (72f8c1568a56c7059cb1074a7e529dc6) C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe

07:10:57.0354 6804 MyFunCards_5mService - ok

07:10:57.0417 6804 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe

07:10:57.0432 6804 N360 - ok

07:10:57.0464 6804 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

07:10:57.0479 6804 napagent - ok

07:10:57.0510 6804 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

07:10:57.0510 6804 NativeWifiP - ok

07:10:57.0807 6804 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120803.020\NAVENG.SYS

07:10:57.0807 6804 NAVENG - ok

07:10:57.0900 6804 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120803.020\NAVEX15.SYS

07:10:57.0947 6804 NAVEX15 - ok

07:10:58.0134 6804 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

07:10:58.0134 6804 NDIS - ok

07:10:58.0181 6804 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

07:10:58.0181 6804 NdisTapi - ok

07:10:58.0212 6804 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

07:10:58.0212 6804 Ndisuio - ok

07:10:58.0259 6804 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

07:10:58.0259 6804 NdisWan - ok

07:10:58.0275 6804 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

07:10:58.0275 6804 NDProxy - ok

07:10:58.0306 6804 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

07:10:58.0306 6804 NetBIOS - ok

07:10:58.0337 6804 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

07:10:58.0337 6804 netbt - ok

07:10:58.0368 6804 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

07:10:58.0384 6804 Netlogon - ok

07:10:58.0415 6804 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

07:10:58.0431 6804 Netman - ok

07:10:58.0556 6804 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

07:10:58.0571 6804 NetMsmqActivator - ok

07:10:58.0618 6804 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

07:10:58.0618 6804 NetPipeActivator - ok

07:10:58.0680 6804 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

07:10:58.0696 6804 netprofm - ok

07:10:58.0712 6804 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

07:10:58.0712 6804 NetTcpActivator - ok

07:10:58.0712 6804 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

07:10:58.0712 6804 NetTcpPortSharing - ok

07:10:58.0743 6804 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

07:10:58.0743 6804 nfrd960 - ok

07:10:58.0774 6804 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

07:10:58.0774 6804 NlaSvc - ok

07:10:58.0914 6804 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

07:10:58.0914 6804 NMIndexingService - ok

07:10:58.0992 6804 Norton PC Checkup Application Launcher - ok

07:10:59.0055 6804 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

07:10:59.0055 6804 Npfs - ok

07:10:59.0086 6804 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

07:10:59.0102 6804 nsi - ok

07:10:59.0117 6804 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

07:10:59.0117 6804 nsiproxy - ok

07:10:59.0242 6804 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

07:10:59.0289 6804 Ntfs - ok

07:10:59.0336 6804 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

07:10:59.0336 6804 ntrigdigi - ok

07:10:59.0367 6804 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

07:10:59.0367 6804 Null - ok

07:10:59.0429 6804 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

07:10:59.0429 6804 nvraid - ok

07:10:59.0445 6804 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

07:10:59.0445 6804 nvstor - ok

07:10:59.0492 6804 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

07:10:59.0492 6804 nv_agp - ok

07:10:59.0554 6804 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys

07:10:59.0570 6804 OA001Ufd - ok

07:10:59.0616 6804 OA001Vid (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys

07:10:59.0616 6804 OA001Vid - ok

07:10:59.0726 6804 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

07:10:59.0741 6804 odserv - ok

07:10:59.0772 6804 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

07:10:59.0772 6804 ohci1394 - ok

07:10:59.0819 6804 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

07:10:59.0835 6804 ose - ok

07:10:59.0897 6804 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

07:10:59.0913 6804 p2pimsvc - ok

07:10:59.0928 6804 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

07:10:59.0928 6804 p2psvc - ok

07:10:59.0960 6804 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

07:10:59.0960 6804 Parport - ok

07:10:59.0991 6804 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

07:10:59.0991 6804 partmgr - ok

07:11:00.0006 6804 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

07:11:00.0006 6804 Parvdm - ok

07:11:00.0038 6804 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

07:11:00.0038 6804 PcaSvc - ok

07:11:00.0147 6804 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe

07:11:00.0147 6804 PCCUJobMgr - ok

07:11:00.0303 6804 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms

07:11:00.0381 6804 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok

07:11:00.0412 6804 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

07:11:00.0412 6804 pci - ok

07:11:00.0443 6804 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

07:11:00.0443 6804 pciide - ok

07:11:00.0474 6804 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

07:11:00.0474 6804 pcmcia - ok

07:11:00.0537 6804 PCPitstop Scheduling (9c6ae415ec245d7ec696ffd915b41573) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

07:11:00.0537 6804 PCPitstop Scheduling - ok

07:11:00.0615 6804 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

07:11:00.0646 6804 PEAUTH - ok

07:11:00.0818 6804 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

07:11:00.0864 6804 pla - ok

07:11:00.0958 6804 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

07:11:00.0974 6804 PlugPlay - ok

07:11:01.0036 6804 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

07:11:01.0036 6804 PNRPAutoReg - ok

07:11:01.0052 6804 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

07:11:01.0052 6804 PNRPsvc - ok

07:11:01.0098 6804 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

07:11:01.0114 6804 PolicyAgent - ok

07:11:01.0161 6804 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

07:11:01.0176 6804 PptpMiniport - ok

07:11:01.0223 6804 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

07:11:01.0223 6804 Processor - ok

07:11:01.0254 6804 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

07:11:01.0270 6804 ProfSvc - ok

07:11:01.0317 6804 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

07:11:01.0317 6804 ProtectedStorage - ok

07:11:01.0364 6804 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

07:11:01.0364 6804 PSched - ok

07:11:01.0395 6804 PTDMBus (c23d7e6cfdfbdf0139a9315655315fc7) C:\Windows\system32\DRIVERS\PTDMBus.sys

07:11:01.0395 6804 PTDMBus - ok

07:11:01.0442 6804 PTDMMdm (182ed48f0f876e10ed2398fa4cf8e385) C:\Windows\system32\DRIVERS\PTDMMdm.sys

07:11:01.0442 6804 PTDMMdm - ok

07:11:01.0473 6804 PTDMVsp (0f13e2f9c746fa53a0292f6a9b7a34d4) C:\Windows\system32\DRIVERS\PTDMVsp.sys

07:11:01.0473 6804 PTDMVsp - ok

07:11:01.0504 6804 PTDMWFLT (cd358e58e865989667ff3af59a546ece) C:\Windows\system32\DRIVERS\PTDMWFLT.sys

07:11:01.0504 6804 PTDMWFLT - ok

07:11:01.0520 6804 PTDMWWAN (3e1793aea177a1192495d21ff09512bb) C:\Windows\system32\DRIVERS\PTDMWWAN.sys

07:11:01.0520 6804 PTDMWWAN - ok

07:11:01.0629 6804 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

07:11:01.0644 6804 ql2300 - ok

07:11:01.0691 6804 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

07:11:01.0707 6804 ql40xx - ok

07:11:01.0738 6804 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

07:11:01.0754 6804 QWAVE - ok

07:11:01.0769 6804 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

07:11:01.0769 6804 QWAVEdrv - ok

07:11:01.0785 6804 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

07:11:01.0785 6804 RasAcd - ok

07:11:01.0847 6804 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

07:11:01.0847 6804 RasAuto - ok

07:11:01.0863 6804 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

07:11:01.0878 6804 Rasl2tp - ok

07:11:01.0972 6804 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

07:11:01.0972 6804 RasMan - ok

07:11:02.0003 6804 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

07:11:02.0003 6804 RasPppoe - ok

07:11:02.0034 6804 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

07:11:02.0034 6804 RasSstp - ok

07:11:02.0066 6804 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

07:11:02.0081 6804 rdbss - ok

07:11:02.0112 6804 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

07:11:02.0112 6804 RDPCDD - ok

07:11:02.0159 6804 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

07:11:02.0175 6804 rdpdr - ok

07:11:02.0206 6804 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

07:11:02.0206 6804 RDPENCDD - ok

07:11:02.0237 6804 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

07:11:02.0237 6804 RDPWD - ok

07:11:02.0315 6804 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

07:11:02.0315 6804 RemoteAccess - ok

07:11:02.0346 6804 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

07:11:02.0362 6804 RemoteRegistry - ok

07:11:02.0393 6804 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys

07:11:02.0393 6804 rimmptsk - ok

07:11:02.0409 6804 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\Windows\system32\DRIVERS\rimsptsk.sys

07:11:02.0409 6804 rimsptsk - ok

07:11:02.0424 6804 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\Windows\system32\DRIVERS\rixdptsk.sys

07:11:02.0424 6804 rismxdp - ok

07:11:02.0440 6804 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

07:11:02.0440 6804 RpcLocator - ok

07:11:02.0502 6804 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

07:11:02.0518 6804 RpcSs - ok

07:11:02.0534 6804 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

07:11:02.0549 6804 rspndr - ok

07:11:02.0580 6804 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

07:11:02.0580 6804 SamSs - ok

07:11:02.0627 6804 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

07:11:02.0627 6804 SASDIFSV - ok

07:11:02.0658 6804 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

07:11:02.0658 6804 SASENUM - ok

07:11:02.0674 6804 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

07:11:02.0674 6804 SASKUTIL - ok

07:11:02.0705 6804 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

07:11:02.0705 6804 sbp2port - ok

07:11:02.0736 6804 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

07:11:02.0752 6804 SCardSvr - ok

07:11:02.0814 6804 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

07:11:02.0830 6804 Schedule - ok

07:11:02.0861 6804 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

07:11:02.0861 6804 SCPolicySvc - ok

07:11:02.0892 6804 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

07:11:02.0892 6804 sdbus - ok

07:11:02.0924 6804 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

07:11:02.0924 6804 SDRSVC - ok

07:11:02.0955 6804 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

07:11:02.0955 6804 secdrv - ok

07:11:02.0986 6804 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

07:11:02.0986 6804 seclogon - ok

07:11:03.0002 6804 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

07:11:03.0002 6804 SENS - ok

07:11:03.0017 6804 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

07:11:03.0017 6804 Serenum - ok

07:11:03.0048 6804 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

07:11:03.0048 6804 Serial - ok

07:11:03.0080 6804 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

07:11:03.0080 6804 sermouse - ok

07:11:03.0142 6804 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

07:11:03.0142 6804 SessionEnv - ok

07:11:03.0173 6804 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

07:11:03.0173 6804 sffdisk - ok

07:11:03.0189 6804 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

07:11:03.0189 6804 sffp_mmc - ok

07:11:03.0189 6804 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

07:11:03.0204 6804 sffp_sd - ok

07:11:03.0236 6804 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

07:11:03.0236 6804 sfloppy - ok

07:11:03.0329 6804 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

07:11:03.0345 6804 ShellHWDetection - ok

07:11:03.0376 6804 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

07:11:03.0392 6804 sisagp - ok

07:11:03.0501 6804 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

07:11:03.0516 6804 SiSRaid2 - ok

07:11:03.0704 6804 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

07:11:03.0735 6804 SiSRaid4 - ok

07:11:04.0140 6804 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe

07:11:04.0234 6804 SkypeUpdate - ok

07:11:04.0858 6804 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

07:11:04.0952 6804 slsvc - ok

07:11:05.0076 6804 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

07:11:05.0076 6804 SLUINotify - ok

07:11:05.0154 6804 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

07:11:05.0154 6804 Smb - ok

07:11:05.0186 6804 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

07:11:05.0186 6804 SNMPTRAP - ok

07:11:05.0264 6804 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

07:11:05.0264 6804 spldr - ok

07:11:05.0295 6804 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

07:11:05.0310 6804 Spooler - ok

07:11:05.0435 6804 sprtsvc_ddoctorv2 (c3716ec0d36ad924b6888d794563e647) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

07:11:05.0435 6804 sprtsvc_ddoctorv2 - ok

07:11:05.0544 6804 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe

07:11:05.0544 6804 sprtsvc_DellSupportCenter - ok

07:11:05.0669 6804 SpyHunter 4 Service (f9ec94e35f5019a8e82665e1ef4b4d02) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

07:11:05.0732 6804 SpyHunter 4 Service - ok

07:11:05.0919 6804 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS

07:11:05.0934 6804 SRTSP - ok

07:11:05.0981 6804 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS

07:11:05.0981 6804 SRTSPX - ok

07:11:06.0106 6804 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

07:11:06.0122 6804 srv - ok

07:11:06.0153 6804 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

07:11:06.0153 6804 srv2 - ok

07:11:06.0168 6804 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

07:11:06.0184 6804 srvnet - ok

07:11:06.0246 6804 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

07:11:06.0262 6804 SSDPSRV - ok

07:11:06.0309 6804 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

07:11:06.0324 6804 SstpSvc - ok

07:11:06.0480 6804 STacSV (ddeb942850278d67edc108d57f774bf8) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

07:11:06.0496 6804 STacSV - ok

07:11:06.0558 6804 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys

07:11:06.0574 6804 STHDA - ok

07:11:06.0683 6804 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

07:11:06.0699 6804 stisvc - ok

07:11:06.0730 6804 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

07:11:06.0730 6804 swenum - ok

07:11:06.0777 6804 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

07:11:06.0792 6804 swprv - ok

07:11:06.0808 6804 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

07:11:06.0808 6804 Symc8xx - ok

07:11:06.0902 6804 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS

07:11:06.0917 6804 SymDS - ok

07:11:06.0980 6804 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS

07:11:06.0995 6804 SymEFA - ok

07:11:07.0058 6804 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS

07:11:07.0073 6804 SymEvent - ok

07:11:07.0198 6804 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS

07:11:07.0198 6804 SymIRON - ok

07:11:07.0245 6804 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS

07:11:07.0307 6804 SYMTDIv - ok

07:11:07.0354 6804 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

07:11:07.0370 6804 Sym_hi - ok

07:11:07.0385 6804 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

07:11:07.0385 6804 Sym_u3 - ok

07:11:07.0463 6804 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

07:11:07.0479 6804 SysMain - ok

07:11:07.0541 6804 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

07:11:07.0541 6804 TabletInputService - ok

07:11:07.0588 6804 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

07:11:07.0604 6804 TapiSrv - ok

07:11:07.0682 6804 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

07:11:07.0682 6804 TBS - ok

07:11:07.0760 6804 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

07:11:07.0775 6804 Tcpip - ok

07:11:07.0791 6804 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

07:11:07.0806 6804 Tcpip6 - ok

07:11:07.0822 6804 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

07:11:07.0822 6804 tcpipreg - ok

07:11:07.0853 6804 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

07:11:07.0853 6804 TDPIPE - ok

07:11:07.0869 6804 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

07:11:07.0869 6804 TDTCP - ok

07:11:07.0916 6804 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

07:11:07.0916 6804 tdx - ok

07:11:07.0947 6804 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

07:11:07.0947 6804 TermDD - ok

07:11:08.0009 6804 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

07:11:08.0025 6804 TermService - ok

07:11:08.0056 6804 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

07:11:08.0072 6804 Themes - ok

07:11:08.0103 6804 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

07:11:08.0103 6804 THREADORDER - ok

07:11:08.0134 6804 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

07:11:08.0134 6804 TrkWks - ok

07:11:08.0196 6804 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

07:11:08.0196 6804 TrustedInstaller - ok

07:11:08.0274 6804 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

07:11:08.0274 6804 tssecsrv - ok

07:11:08.0290 6804 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

07:11:08.0290 6804 tunmp - ok

07:11:08.0337 6804 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

07:11:08.0337 6804 tunnel - ok

07:11:08.0368 6804 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

07:11:08.0368 6804 uagp35 - ok

07:11:08.0399 6804 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

07:11:08.0399 6804 udfs - ok

07:11:08.0446 6804 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

07:11:08.0446 6804 UI0Detect - ok

07:11:08.0493 6804 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

07:11:08.0493 6804 uliagpkx - ok

07:11:08.0524 6804 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

07:11:08.0524 6804 uliahci - ok

07:11:08.0555 6804 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

07:11:08.0555 6804 UlSata - ok

07:11:08.0571 6804 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

07:11:08.0571 6804 ulsata2 - ok

07:11:08.0602 6804 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

07:11:08.0602 6804 umbus - ok

07:11:08.0618 6804 Scan interrupted by user!

07:11:08.0618 6804 Scan interrupted by user!

07:11:08.0618 6804 Scan interrupted by user!

07:11:08.0618 6804 ============================================================

07:11:08.0618 6804 Scan finished

07:11:08.0618 6804 ============================================================

07:11:08.0618 5784 Detected object count: 0

07:11:08.0618 5784 Actual detected object count: 0

07:11:14.0592 7976 ============================================================

07:11:14.0592 7976 Scan started

07:11:14.0592 7976 Mode: Manual; SigCheck; TDLFS;

07:11:14.0592 7976 ============================================================

07:11:14.0826 7976 45083044 - ok

07:11:14.0873 7976 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

07:11:15.0029 7976 ACPI - ok

07:11:15.0076 7976 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

07:11:15.0092 7976 AdobeFlashPlayerUpdateSvc - ok

07:11:15.0138 7976 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

07:11:15.0154 7976 adp94xx - ok

07:11:15.0201 7976 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

07:11:15.0216 7976 adpahci - ok

07:11:15.0248 7976 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

07:11:15.0263 7976 adpu160m - ok

07:11:15.0294 7976 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

07:11:15.0310 7976 adpu320 - ok

07:11:15.0341 7976 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

07:11:15.0575 7976 AeLookupSvc - ok

07:11:15.0669 7976 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

07:11:15.0762 7976 AESTFilters - ok

07:11:15.0809 7976 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

07:11:15.0887 7976 AFD - ok

07:11:15.0903 7976 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

07:11:15.0918 7976 agp440 - ok

07:11:15.0965 7976 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

07:11:15.0981 7976 aic78xx - ok

07:11:15.0996 7976 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

07:11:16.0121 7976 ALG - ok

07:11:16.0137 7976 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

07:11:16.0152 7976 aliide - ok

07:11:16.0168 7976 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

07:11:16.0184 7976 amdagp - ok

07:11:16.0199 7976 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

07:11:16.0215 7976 amdide - ok

07:11:16.0230 7976 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

07:11:16.0308 7976 AmdK7 - ok

07:11:16.0324 7976 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

07:11:16.0402 7976 AmdK8 - ok

07:11:16.0433 7976 apf001 (7b4beb577c5d0171f9b66f390ec29284) C:\Windows\system32\apf001.sys

07:11:16.0511 7976 apf001 - ok

07:11:16.0527 7976 apf003 - ok

07:11:16.0542 7976 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

07:11:16.0636 7976 Appinfo - ok

07:11:16.0730 7976 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

07:11:16.0730 7976 Apple Mobile Device - ok

07:11:16.0792 7976 Application Updater (f4c5530d92fa7f9a41c19edfc4c51bd4) C:\Program Files\Application Updater\ApplicationUpdater.exe

07:11:16.0823 7976 Application Updater - ok

07:11:16.0870 7976 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

07:11:16.0886 7976 arc - ok

07:11:16.0901 7976 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

07:11:16.0917 7976 arcsas - ok

07:11:17.0057 7976 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

07:11:17.0073 7976 aspnet_state - ok

07:11:17.0104 7976 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys

07:11:17.0120 7976 aswFsBlk - ok

07:11:17.0135 7976 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys

07:11:17.0151 7976 aswMonFlt - ok

07:11:17.0182 7976 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys

07:11:17.0182 7976 aswRdr - ok

07:11:17.0260 7976 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys

07:11:17.0276 7976 aswSnx - ok

07:11:17.0338 7976 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys

07:11:17.0354 7976 aswSP - ok

07:11:17.0400 7976 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys

07:11:17.0416 7976 aswTdi - ok

07:11:17.0447 7976 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

07:11:17.0510 7976 AsyncMac - ok

07:11:17.0541 7976 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

07:11:17.0556 7976 atapi - ok

07:11:17.0603 7976 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys

07:11:17.0619 7976 atksgt - ok

07:11:17.0759 7976 ATService (f0da6cc98afbf6f4f65dbcadbd91bc7c) C:\Program Files\Fingerprint Sensor\AtService.exe

07:11:17.0822 7976 ATService - ok

07:11:17.0962 7976 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\Windows\system32\Drivers\ATSwpWDF.sys

07:11:17.0978 7976 ATSwpWDF - ok

07:11:18.0040 7976 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

07:11:18.0102 7976 AudioEndpointBuilder - ok

07:11:18.0102 7976 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

07:11:18.0134 7976 Audiosrv - ok

07:11:18.0227 7976 avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

07:11:18.0243 7976 avast! Antivirus - ok

07:11:18.0586 7976 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe

07:11:18.0836 7976 AVGIDSAgent - ok

07:11:18.0960 7976 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys

07:11:18.0976 7976 AVGIDSDriver - ok

07:11:19.0007 7976 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys

07:11:19.0023 7976 AVGIDSFilter - ok

07:11:19.0054 7976 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys

07:11:19.0070 7976 AVGIDSHX - ok

07:11:19.0101 7976 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys

07:11:19.0116 7976 AVGIDSShim - ok

07:11:19.0163 7976 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys

07:11:19.0179 7976 Avgldx86 - ok

07:11:19.0210 7976 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys

07:11:19.0210 7976 Avgmfx86 - ok

07:11:19.0257 7976 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys

07:11:19.0257 7976 Avgrkx86 - ok

07:11:19.0304 7976 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys

07:11:19.0319 7976 Avgtdix - ok

07:11:19.0350 7976 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\Windows\system32\drivers\avgtpx86.sys

07:11:19.0366 7976 avgtp - ok

07:11:19.0553 7976 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

07:11:19.0569 7976 avgwd - ok

07:11:19.0584 7976 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys

07:11:19.0600 7976 BCM42RLY - ok

07:11:19.0694 7976 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys

07:11:19.0725 7976 BCM43XX - ok

07:11:19.0834 7976 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

07:11:19.0912 7976 Beep - ok

07:11:19.0959 7976 Bfel2t0sui (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

07:11:19.0974 7976 Bfel2t0sui - ok

07:11:20.0318 7976 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys

07:11:20.0349 7976 BHDrvx86 - ok

07:11:20.0396 7976 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

07:11:20.0442 7976 blbdrive - ok

07:11:20.0552 7976 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe

07:11:20.0567 7976 Bonjour Service - ok

07:11:20.0630 7976 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

07:11:20.0708 7976 bowser - ok

07:11:20.0723 7976 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

07:11:20.0770 7976 BrFiltLo - ok

07:11:20.0786 7976 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

07:11:20.0817 7976 BrFiltUp - ok

07:11:20.0910 7976 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

07:11:20.0973 7976 Browser - ok

07:11:20.0988 7976 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

07:11:21.0176 7976 Brserid - ok

07:11:21.0207 7976 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

07:11:21.0269 7976 BrSerWdm - ok

07:11:21.0285 7976 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

Share this post


Link to post
Share on other sites

07:11:21.0378 7976 BrUsbMdm - ok

07:11:21.0394 7976 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

07:11:21.0488 7976 BrUsbSer - ok

07:11:21.0519 7976 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

07:11:21.0597 7976 BTHMODEM - ok

07:11:21.0597 7976 BVRPMPR5 - ok

07:11:21.0644 7976 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

07:11:21.0690 7976 cdfs - ok

07:11:21.0722 7976 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

07:11:21.0768 7976 cdrom - ok

07:11:21.0815 7976 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

07:11:21.0862 7976 CertPropSvc - ok

07:11:21.0893 7976 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

07:11:21.0956 7976 circlass - ok

07:11:22.0002 7976 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

07:11:22.0018 7976 CLFS - ok

07:11:22.0112 7976 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:11:22.0127 7976 clr_optimization_v2.0.50727_32 - ok

07:11:22.0221 7976 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

07:11:22.0236 7976 clr_optimization_v4.0.30319_32 - ok

07:11:22.0268 7976 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

07:11:22.0314 7976 CmBatt - ok

07:11:22.0392 7976 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

07:11:22.0408 7976 cmdide - ok

07:11:22.0439 7976 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

07:11:22.0455 7976 Compbatt - ok

07:11:22.0455 7976 COMSysApp - ok

07:11:22.0470 7976 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

07:11:22.0486 7976 crcdisk - ok

07:11:22.0502 7976 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

07:11:22.0533 7976 Crusoe - ok

07:11:22.0564 7976 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

07:11:22.0611 7976 CryptSvc - ok

07:11:22.0689 7976 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

07:11:22.0767 7976 DcomLaunch - ok

07:11:22.0814 7976 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

07:11:22.0892 7976 DfsC - ok

07:11:23.0048 7976 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

07:11:23.0188 7976 DFSR - ok

07:11:23.0313 7976 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

07:11:23.0375 7976 Dhcp - ok

07:11:23.0438 7976 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

07:11:23.0453 7976 disk - ok

07:11:23.0516 7976 dldnCATSCustConnectService (c7f6a4f1f95d22abc6ea9173b2bca545) C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldnserv.exe

07:11:23.0531 7976 dldnCATSCustConnectService - ok

07:11:23.0531 7976 dldn_device - ok

07:11:23.0562 7976 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

07:11:23.0609 7976 Dnscache - ok

07:11:23.0656 7976 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

07:11:23.0672 7976 dot3svc - ok

07:11:23.0687 7976 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

07:11:23.0718 7976 DPS - ok

07:11:23.0750 7976 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

07:11:23.0796 7976 drmkaud - ok

07:11:23.0859 7976 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

07:11:23.0890 7976 DXGKrnl - ok

07:11:23.0952 7976 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

07:11:24.0030 7976 E1G60 - ok

07:11:24.0062 7976 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

07:11:24.0093 7976 EapHost - ok

07:11:24.0124 7976 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

07:11:24.0140 7976 Ecache - ok

07:11:24.0249 7976 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

07:11:24.0264 7976 eeCtrl - ok

07:11:24.0327 7976 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

07:11:24.0358 7976 ehRecvr - ok

07:11:24.0436 7976 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

07:11:24.0483 7976 ehSched - ok

07:11:24.0530 7976 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

07:11:24.0576 7976 ehstart - ok

07:11:24.0654 7976 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

07:11:24.0686 7976 elxstor - ok

07:11:24.0779 7976 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

07:11:24.0888 7976 EMDMgmt - ok

07:11:24.0998 7976 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

07:11:24.0998 7976 EraserUtilRebootDrv - ok

07:11:25.0029 7976 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

07:11:25.0076 7976 ErrDev - ok

07:11:25.0138 7976 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

07:11:25.0185 7976 EventSystem - ok

07:11:25.0232 7976 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

07:11:25.0310 7976 exfat - ok

07:11:25.0356 7976 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

07:11:25.0388 7976 fastfat - ok

07:11:25.0434 7976 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

07:11:25.0481 7976 fdc - ok

07:11:25.0512 7976 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

07:11:25.0575 7976 fdPHost - ok

07:11:25.0606 7976 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

07:11:25.0668 7976 FDResPub - ok

07:11:25.0700 7976 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

07:11:25.0715 7976 FileInfo - ok

07:11:25.0746 7976 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

07:11:25.0778 7976 Filetrace - ok

07:11:25.0793 7976 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

07:11:25.0856 7976 flpydisk - ok

07:11:25.0887 7976 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

07:11:25.0902 7976 FltMgr - ok

07:11:25.0980 7976 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

07:11:26.0090 7976 FontCache - ok

07:11:26.0199 7976 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

07:11:26.0214 7976 FontCache3.0.0.0 - ok

07:11:26.0246 7976 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

07:11:26.0308 7976 Fs_Rec - ok

07:11:26.0355 7976 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

07:11:26.0370 7976 gagp30kx - ok

07:11:26.0433 7976 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

07:11:26.0433 7976 GEARAspiWDM - ok

07:11:26.0495 7976 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

07:11:26.0573 7976 gpsvc - ok

07:11:26.0698 7976 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

07:11:26.0714 7976 gupdate - ok

07:11:26.0714 7976 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

07:11:26.0729 7976 gupdatem - ok

07:11:26.0760 7976 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

07:11:26.0792 7976 HdAudAddService - ok

07:11:26.0854 7976 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

07:11:26.0885 7976 HDAudBus - ok

07:11:26.0948 7976 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

07:11:27.0026 7976 HidBth - ok

07:11:27.0057 7976 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

07:11:27.0072 7976 HidIr - ok

07:11:27.0104 7976 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

07:11:27.0135 7976 hidserv - ok

07:11:27.0166 7976 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

07:11:27.0213 7976 HidUsb - ok

07:11:27.0260 7976 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

07:11:27.0306 7976 hkmsvc - ok

07:11:27.0338 7976 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

07:11:27.0353 7976 HpCISSs - ok

07:11:27.0416 7976 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

07:11:27.0462 7976 HTTP - ok

07:11:27.0494 7976 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

07:11:27.0509 7976 i2omp - ok

07:11:27.0540 7976 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

07:11:27.0587 7976 i8042prt - ok

07:11:27.0650 7976 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

07:11:27.0665 7976 iaStorV - ok

07:11:27.0806 7976 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

07:11:27.0837 7976 idsvc - ok

07:11:28.0196 7976 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120803.002\IDSvix86.sys

07:11:28.0211 7976 IDSVix86 - ok

07:11:28.0508 7976 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys

07:11:28.0757 7976 igfx - ok

07:11:28.0882 7976 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

07:11:28.0898 7976 iirsp - ok

07:11:28.0944 7976 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

07:11:29.0007 7976 IKEEXT - ok

07:11:29.0054 7976 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys

07:11:29.0100 7976 IntcHdmiAddService - ok

07:11:29.0132 7976 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

07:11:29.0147 7976 intelide - ok

07:11:29.0178 7976 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

07:11:29.0225 7976 intelppm - ok

07:11:29.0256 7976 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

07:11:29.0288 7976 IPBusEnum - ok

07:11:29.0319 7976 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

07:11:29.0366 7976 IpFilterDriver - ok

07:11:29.0397 7976 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

07:11:29.0428 7976 IPMIDRV - ok

07:11:29.0459 7976 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

07:11:29.0506 7976 IPNAT - ok

07:11:29.0615 7976 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

07:11:29.0678 7976 IRENUM - ok

07:11:29.0724 7976 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

07:11:29.0740 7976 isapnp - ok

07:11:29.0787 7976 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

07:11:29.0802 7976 iScsiPrt - ok

07:11:29.0834 7976 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

07:11:29.0849 7976 iteatapi - ok

07:11:29.0896 7976 itecir (20425664e2e196d339ca877e0387c023) C:\Windows\system32\DRIVERS\itecir.sys

07:11:29.0912 7976 itecir - ok

07:11:29.0943 7976 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

07:11:29.0958 7976 iteraid - ok

07:11:30.0005 7976 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys

07:11:30.0083 7976 k57nd60x - ok

07:11:30.0114 7976 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

07:11:30.0130 7976 kbdclass - ok

07:11:30.0161 7976 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

07:11:30.0208 7976 kbdhid - ok

07:11:30.0255 7976 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

07:11:30.0348 7976 KeyIso - ok

07:11:30.0395 7976 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys

07:11:30.0411 7976 KSecDD - ok

07:11:30.0489 7976 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

07:11:30.0551 7976 KtmRm - ok

07:11:30.0614 7976 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

07:11:30.0645 7976 LanmanServer - ok

07:11:30.0676 7976 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

07:11:30.0723 7976 LanmanWorkstation - ok

07:11:30.0863 7976 LBTServ (9582504591a9f405f7505fefb4f64123) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

07:11:30.0879 7976 LBTServ - ok

07:11:30.0941 7976 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\Windows\system32\DRIVERS\LHidFilt.Sys

07:11:30.0941 7976 LHidFilt - ok

07:11:30.0972 7976 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys

07:11:30.0988 7976 lirsgt - ok

07:11:31.0035 7976 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

07:11:31.0082 7976 lltdio - ok

07:11:31.0128 7976 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

07:11:31.0191 7976 lltdsvc - ok

07:11:31.0222 7976 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

07:11:31.0300 7976 lmhosts - ok

07:11:31.0316 7976 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\Windows\system32\DRIVERS\LMouFilt.Sys

07:11:31.0331 7976 LMouFilt - ok

07:11:31.0378 7976 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

07:11:31.0394 7976 LSI_FC - ok

07:11:31.0394 7976 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

07:11:31.0409 7976 LSI_SAS - ok

07:11:31.0456 7976 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

07:11:31.0472 7976 LSI_SCSI - ok

07:11:31.0518 7976 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

07:11:31.0550 7976 luafv - ok

07:11:31.0596 7976 LUsbFilt (95dab70d56bbac7ddb7e6d0017d71369) C:\Windows\system32\Drivers\LUsbFilt.Sys

07:11:31.0612 7976 LUsbFilt - ok

07:11:31.0674 7976 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

07:11:31.0690 7976 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning

07:11:31.0690 7976 Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)

07:11:31.0752 7976 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys

07:11:31.0768 7976 MBAMProtector - ok

07:11:31.0893 7976 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

07:11:31.0924 7976 MBAMService - ok

07:11:31.0986 7976 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys

07:11:31.0986 7976 MBAMSwissArmy - ok

07:11:32.0018 7976 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

07:11:32.0064 7976 Mcx2Svc - ok

07:11:32.0096 7976 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

07:11:32.0111 7976 megasas - ok

07:11:32.0158 7976 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

07:11:32.0174 7976 MegaSR - ok

07:11:32.0205 7976 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

07:11:32.0267 7976 MMCSS - ok

07:11:32.0283 7976 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

07:11:32.0330 7976 Modem - ok

07:11:32.0361 7976 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

07:11:32.0408 7976 monitor - ok

07:11:32.0423 7976 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

07:11:32.0439 7976 mouclass - ok

07:11:32.0454 7976 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

07:11:32.0501 7976 mouhid - ok

07:11:32.0532 7976 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

07:11:32.0548 7976 MountMgr - ok

07:11:32.0595 7976 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

07:11:32.0610 7976 mpio - ok

07:11:32.0642 7976 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

07:11:32.0688 7976 mpsdrv - ok

07:11:32.0735 7976 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

07:11:32.0751 7976 Mraid35x - ok

07:11:32.0798 7976 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

07:11:32.0829 7976 MRxDAV - ok

07:11:32.0844 7976 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

07:11:32.0907 7976 mrxsmb - ok

07:11:32.0954 7976 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

07:11:32.0985 7976 mrxsmb10 - ok

07:11:33.0016 7976 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

07:11:33.0047 7976 mrxsmb20 - ok

07:11:33.0078 7976 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

07:11:33.0094 7976 msahci - ok

07:11:33.0156 7976 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

07:11:33.0188 7976 msdsm - ok

07:11:33.0234 7976 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

07:11:33.0266 7976 MSDTC - ok

07:11:33.0297 7976 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

07:11:33.0344 7976 Msfs - ok

07:11:33.0375 7976 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

07:11:33.0390 7976 msisadrv - ok

07:11:33.0422 7976 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

07:11:33.0484 7976 MSiSCSI - ok

07:11:33.0484 7976 msiserver - ok

07:11:33.0515 7976 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

07:11:33.0546 7976 MSKSSRV - ok

07:11:33.0546 7976 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

07:11:33.0593 7976 MSPCLOCK - ok

07:11:33.0624 7976 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

07:11:33.0702 7976 MSPQM - ok

07:11:33.0734 7976 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

07:11:33.0765 7976 MsRPC - ok

07:11:33.0796 7976 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

07:11:33.0812 7976 mssmbios - ok

07:11:33.0812 7976 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

07:11:33.0874 7976 MSTEE - ok

07:11:33.0905 7976 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

07:11:33.0921 7976 Mup - ok

07:11:33.0983 7976 MyFunCards_5mService (72f8c1568a56c7059cb1074a7e529dc6) C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe

07:11:34.0014 7976 MyFunCards_5mService - ok

07:11:34.0108 7976 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe

07:11:34.0124 7976 N360 - ok

07:11:34.0170 7976 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

07:11:34.0217 7976 napagent - ok

07:11:34.0264 7976 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

07:11:34.0295 7976 NativeWifiP - ok

07:11:34.0545 7976 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120803.020\NAVENG.SYS

07:11:34.0560 7976 NAVENG - ok

07:11:34.0654 7976 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120803.020\NAVEX15.SYS

07:11:34.0779 7976 NAVEX15 - ok

07:11:34.0982 7976 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

07:11:34.0997 7976 NDIS - ok

07:11:35.0060 7976 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

07:11:35.0091 7976 NdisTapi - ok

07:11:35.0138 7976 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

07:11:35.0184 7976 Ndisuio - ok

07:11:35.0278 7976 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

07:11:35.0325 7976 NdisWan - ok

07:11:35.0340 7976 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

07:11:35.0372 7976 NDProxy - ok

07:11:35.0403 7976 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

07:11:35.0450 7976 NetBIOS - ok

07:11:35.0496 7976 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

07:11:35.0543 7976 netbt - ok

07:11:35.0574 7976 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

07:11:35.0590 7976 Netlogon - ok

07:11:35.0637 7976 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

07:11:35.0699 7976 Netman - ok

07:11:35.0808 7976 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

07:11:35.0824 7976 NetMsmqActivator - ok

07:11:35.0824 7976 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

07:11:35.0840 7976 NetPipeActivator - ok

07:11:35.0886 7976 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

07:11:35.0933 7976 netprofm - ok

07:11:35.0933 7976 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

07:11:35.0949 7976 NetTcpActivator - ok

07:11:35.0949 7976 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

07:11:35.0964 7976 NetTcpPortSharing - ok

07:11:35.0996 7976 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

07:11:36.0011 7976 nfrd960 - ok

07:11:36.0042 7976 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

07:11:36.0089 7976 NlaSvc - ok

07:11:36.0245 7976 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

07:11:36.0261 7976 NMIndexingService - ok

07:11:36.0323 7976 Norton PC Checkup Application Launcher - ok

07:11:36.0370 7976 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

07:11:36.0417 7976 Npfs - ok

07:11:36.0448 7976 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

07:11:36.0495 7976 nsi - ok

07:11:36.0526 7976 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

07:11:36.0557 7976 nsiproxy - ok

07:11:36.0635 7976 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

07:11:36.0682 7976 Ntfs - ok

07:11:36.0760 7976 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

07:11:36.0822 7976 ntrigdigi - ok

07:11:36.0854 7976 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

07:11:36.0900 7976 Null - ok

07:11:36.0932 7976 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

07:11:36.0947 7976 nvraid - ok

07:11:36.0978 7976 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

07:11:36.0994 7976 nvstor - ok

07:11:37.0025 7976 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

07:11:37.0041 7976 nv_agp - ok

07:11:37.0072 7976 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys

07:11:37.0103 7976 OA001Ufd - ok

07:11:37.0150 7976 OA001Vid (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys

07:11:37.0181 7976 OA001Vid - ok

07:11:37.0290 7976 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

07:11:37.0322 7976 odserv - ok

07:11:37.0384 7976 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

07:11:37.0415 7976 ohci1394 - ok

07:11:37.0478 7976 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

07:11:37.0478 7976 ose - ok

07:11:37.0556 7976 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

07:11:37.0665 7976 p2pimsvc - ok

07:11:37.0665 7976 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

07:11:37.0696 7976 p2psvc - ok

07:11:37.0774 7976 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

07:11:37.0852 7976 Parport - ok

07:11:37.0914 7976 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

07:11:37.0930 7976 partmgr - ok

07:11:37.0946 7976 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

07:11:38.0008 7976 Parvdm - ok

07:11:38.0039 7976 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

07:11:38.0117 7976 PcaSvc - ok

07:11:38.0242 7976 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe

07:11:38.0258 7976 PCCUJobMgr - ok

07:11:38.0382 7976 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms

07:11:38.0398 7976 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok

07:11:38.0445 7976 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

07:11:38.0460 7976 pci - ok

07:11:38.0492 7976 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

07:11:38.0507 7976 pciide - ok

07:11:38.0554 7976 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

07:11:38.0570 7976 pcmcia - ok

07:11:38.0632 7976 PCPitstop Scheduling (9c6ae415ec245d7ec696ffd915b41573) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

07:11:38.0663 7976 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - warning

07:11:38.0663 7976 PCPitstop Scheduling - detected UnsignedFile.Multi.Generic (1)

07:11:38.0726 7976 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

07:11:38.0850 7976 PEAUTH - ok

07:11:38.0991 7976 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

07:11:39.0100 7976 pla - ok

07:11:39.0225 7976 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

07:11:39.0256 7976 PlugPlay - ok

07:11:39.0303 7976 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

07:11:39.0334 7976 PNRPAutoReg - ok

07:11:39.0350 7976 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

07:11:39.0381 7976 PNRPsvc - ok

07:11:39.0428 7976 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

07:11:39.0490 7976 PolicyAgent - ok

07:11:39.0568 7976 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

07:11:39.0630 7976 PptpMiniport - ok

07:11:39.0677 7976 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

07:11:39.0740 7976 Processor - ok

07:11:39.0786 7976 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

07:11:39.0833 7976 ProfSvc - ok

07:11:39.0896 7976 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

07:11:39.0911 7976 ProtectedStorage - ok

07:11:39.0958 7976 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

07:11:39.0989 7976 PSched - ok

07:11:40.0020 7976 PTDMBus (c23d7e6cfdfbdf0139a9315655315fc7) C:\Windows\system32\DRIVERS\PTDMBus.sys

07:11:40.0036 7976 PTDMBus - ok

07:11:40.0083 7976 PTDMMdm (182ed48f0f876e10ed2398fa4cf8e385) C:\Windows\system32\DRIVERS\PTDMMdm.sys

07:11:40.0098 7976 PTDMMdm - ok

07:11:40.0161 7976 PTDMVsp (0f13e2f9c746fa53a0292f6a9b7a34d4) C:\Windows\system32\DRIVERS\PTDMVsp.sys

07:11:40.0176 7976 PTDMVsp - ok

07:11:40.0208 7976 PTDMWFLT (cd358e58e865989667ff3af59a546ece) C:\Windows\system32\DRIVERS\PTDMWFLT.sys

07:11:40.0208 7976 PTDMWFLT - ok

07:11:40.0239 7976 PTDMWWAN (3e1793aea177a1192495d21ff09512bb) C:\Windows\system32\DRIVERS\PTDMWWAN.sys

07:11:40.0239 7976 PTDMWWAN - ok

07:11:40.0317 7976 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

07:11:40.0364 7976 ql2300 - ok

07:11:40.0426 7976 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

07:11:40.0442 7976 ql40xx - ok

07:11:40.0488 7976 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

07:11:40.0535 7976 QWAVE - ok

07:11:40.0551 7976 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

07:11:40.0582 7976 QWAVEdrv - ok

07:11:40.0629 7976 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

07:11:40.0676 7976 RasAcd - ok

07:11:40.0691 7976 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

07:11:40.0754 7976 RasAuto - ok

07:11:40.0785 7976 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

07:11:40.0816 7976 Rasl2tp - ok

07:11:40.0847 7976 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

07:11:40.0878 7976 RasMan - ok

07:11:40.0910 7976 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

07:11:40.0956 7976 RasPppoe - ok

07:11:41.0003 7976 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

07:11:41.0019 7976 RasSstp - ok

07:11:41.0050 7976 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

07:11:41.0097 7976 rdbss - ok

07:11:41.0128 7976 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

07:11:41.0175 7976 RDPCDD - ok

07:11:41.0237 7976 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

07:11:41.0268 7976 rdpdr - ok

07:11:41.0300 7976 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

07:11:41.0346 7976 RDPENCDD - ok

07:11:41.0378 7976 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

07:11:41.0409 7976 RDPWD - ok

07:11:41.0440 7976 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

07:11:41.0471 7976 RemoteAccess - ok

07:11:41.0502 7976 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

07:11:41.0534 7976 RemoteRegistry - ok

07:11:41.0565 7976 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys

07:11:41.0627 7976 rimmptsk - ok

07:11:41.0658 7976 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\Windows\system32\DRIVERS\rimsptsk.sys

07:11:41.0690 7976 rimsptsk - ok

07:11:41.0705 7976 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\Windows\system32\DRIVERS\rixdptsk.sys

07:11:41.0736 7976 rismxdp - ok

07:11:41.0736 7976 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

07:11:41.0768 7976 RpcLocator - ok

07:11:41.0830 7976 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

07:11:41.0877 7976 RpcSs - ok

07:11:41.0924 7976 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

07:11:41.0955 7976 rspndr - ok

07:11:41.0986 7976 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

07:11:42.0002 7976 SamSs - ok

07:11:42.0048 7976 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

07:11:42.0064 7976 SASDIFSV - ok

07:11:42.0080 7976 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

07:11:42.0095 7976 SASENUM - ok

07:11:42.0111 7976 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

07:11:42.0126 7976 SASKUTIL - ok

07:11:42.0158 7976 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

07:11:42.0173 7976 sbp2port - ok

07:11:42.0204 7976 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

07:11:42.0251 7976 SCardSvr - ok

07:11:42.0314 7976 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

07:11:42.0345 7976 Schedule - ok

07:11:42.0376 7976 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

07:11:42.0392 7976 SCPolicySvc - ok

07:11:42.0470 7976 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

07:11:42.0516 7976 sdbus - ok

07:11:42.0548 7976 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

07:11:42.0610 7976 SDRSVC - ok

07:11:42.0626 7976 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

07:11:42.0688 7976 secdrv - ok

07:11:42.0719 7976 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

07:11:42.0766 7976 seclogon - ok

07:11:42.0797 7976 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

07:11:42.0860 7976 SENS - ok

07:11:42.0875 7976 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

07:11:42.0953 7976 Serenum - ok

07:11:42.0984 7976 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

07:11:43.0047 7976 Serial - ok

07:11:43.0094 7976 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

07:11:43.0109 7976 sermouse - ok

07:11:43.0156 7976 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

07:11:43.0187 7976 SessionEnv - ok

07:11:43.0203 7976 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

07:11:43.0250 7976 sffdisk - ok

07:11:43.0281 7976 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

07:11:43.0343 7976 sffp_mmc - ok

07:11:43.0359 7976 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

07:11:43.0406 7976 sffp_sd - ok

07:11:43.0437 7976 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

07:11:43.0499 7976 sfloppy - ok

07:11:43.0546 7976 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

07:11:43.0593 7976 ShellHWDetection - ok

07:11:43.0624 7976 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

07:11:43.0640 7976 sisagp - ok

07:11:43.0671 7976 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

07:11:43.0686 7976 SiSRaid2 - ok

07:11:43.0702 7976 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

07:11:43.0718 7976 SiSRaid4 - ok

07:11:43.0842 7976 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe

07:11:43.0858 7976 SkypeUpdate - ok

07:11:44.0014 7976 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

07:11:44.0170 7976 slsvc - ok

07:11:44.0264 7976 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

07:11:44.0326 7976 SLUINotify - ok

07:11:44.0357 7976 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

07:11:44.0404 7976 Smb - ok

07:11:44.0435 7976 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

07:11:44.0451 7976 SNMPTRAP - ok

07:11:44.0482 7976 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

07:11:44.0498 7976 spldr - ok

07:11:44.0529 7976 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

07:11:44.0622 7976 Spooler - ok

07:11:44.0747 7976 sprtsvc_ddoctorv2 (c3716ec0d36ad924b6888d794563e647) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

07:11:44.0763 7976 sprtsvc_ddoctorv2 - ok

07:11:44.0872 7976 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe

07:11:44.0888 7976 sprtsvc_DellSupportCenter - ok

07:11:45.0012 7976 SpyHunter 4 Service (f9ec94e35f5019a8e82665e1ef4b4d02) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

07:11:45.0028 7976 SpyHunter 4 Service - ok

07:11:45.0278 7976 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS

07:11:45.0293 7976 SRTSP - ok

07:11:45.0387 7976 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS

07:11:45.0387 7976 SRTSPX - ok

07:11:45.0449 7976 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

07:11:45.0512 7976 srv - ok

07:11:45.0543 7976 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

07:11:45.0590 7976 srv2 - ok

07:11:45.0636 7976 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

07:11:45.0668 7976 srvnet - ok

07:11:45.0730 7976 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

07:11:45.0792 7976 SSDPSRV - ok

07:11:45.0824 7976 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

07:11:45.0870 7976 SstpSvc - ok

07:11:45.0980 7976 STacSV (ddeb942850278d67edc108d57f774bf8) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

07:11:45.0995 7976 STacSV - ok

07:11:46.0073 7976 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys

07:11:46.0120 7976 STHDA - ok

07:11:46.0167 7976 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

07:11:46.0229 7976 stisvc - ok

07:11:46.0260 7976 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

07:11:46.0276 7976 swenum - ok

07:11:46.0307 7976 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

07:11:46.0370 7976 swprv - ok

07:11:46.0401 7976 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

07:11:46.0416 7976 Symc8xx - ok

07:11:46.0510 7976 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS

07:11:46.0526 7976 SymDS - ok

07:11:46.0604 7976 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS

07:11:46.0619 7976 SymEFA - ok

07:11:46.0682 7976 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS

07:11:46.0697 7976 SymEvent - ok

07:11:46.0744 7976 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS

07:11:46.0760 7976 SymIRON - ok

07:11:46.0791 7976 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS

07:11:46.0822 7976 SYMTDIv - ok

07:11:46.0853 7976 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

07:11:46.0869 7976 Sym_hi - ok

07:11:46.0900 7976 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

07:11:46.0916 7976 Sym_u3 - ok

07:11:46.0962 7976 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

07:11:47.0040 7976 SysMain - ok

07:11:47.0072 7976 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

07:11:47.0134 7976 TabletInputService - ok

07:11:47.0165 7976 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

07:11:47.0212 7976 TapiSrv - ok

07:11:47.0259 7976 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

07:11:47.0290 7976 TBS - ok

07:11:47.0368 7976 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

07:11:47.0399 7976 Tcpip - ok

07:11:47.0415 7976 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

07:11:47.0462 7976 Tcpip6 - ok

07:11:47.0493 7976 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

07:11:47.0540 7976 tcpipreg - ok

07:11:47.0571 7976 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

07:11:47.0602 7976 TDPIPE - ok

07:11:47.0618 7976 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

07:11:47.0649 7976 TDTCP - ok

07:11:47.0696 7976 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

07:11:47.0742 7976 tdx - ok

07:11:47.0789 7976 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

07:11:47.0805 7976 TermDD - ok

07:11:47.0852 7976 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

07:11:47.0898 7976 TermService - ok

07:11:47.0945 7976 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

07:11:47.0976 7976 Themes - ok

07:11:47.0992 7976 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

07:11:48.0023 7976 THREADORDER - ok

07:11:48.0054 7976 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

07:11:48.0101 7976 TrkWks - ok

07:11:48.0148 7976 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

07:11:48.0179 7976 TrustedInstaller - ok

07:11:48.0210 7976 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

07:11:48.0257 7976 tssecsrv - ok

07:11:48.0304 7976 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

07:11:48.0335 7976 tunmp - ok

07:11:48.0382 7976 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

07:11:48.0398 7976 tunnel - ok

07:11:48.0444 7976 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

07:11:48.0460 7976 uagp35 - ok

07:11:48.0507 7976 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

07:11:48.0522 7976 udfs - ok

07:11:48.0554 7976 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

07:11:48.0600 7976 UI0Detect - ok

07:11:48.0616 7976 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

07:11:48.0632 7976 uliagpkx - ok

07:11:48.0663 7976 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

07:11:48.0678 7976 uliahci - ok

07:11:48.0756 7976 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

07:11:48.0772 7976 UlSata - ok

07:11:48.0788 7976 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

07:11:48.0803 7976 ulsata2 - ok

07:11:48.0819 7976 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

07:11:48.0850 7976 umbus - ok

07:11:48.0897 7976 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

07:11:48.0944 7976 upnphost - ok

07:11:48.0990 7976 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

07:11:49.0037 7976 usbaudio - ok

07:11:49.0053 7976 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

07:11:49.0100 7976 usbccgp - ok

07:11:49.0131 7976 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

07:11:49.0209 7976 usbcir - ok

07:11:49.0256 7976 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

07:11:49.0271 7976 usbehci - ok

07:11:49.0302 7976 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

07:11:49.0334 7976 usbhub - ok

07:11:49.0365 7976 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

07:11:49.0412 7976 usbohci - ok

07:11:49.0443 7976 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

07:11:49.0474 7976 usbprint - ok

07:11:49.0505 7976 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

07:11:49.0521 7976 usbscan - ok

07:11:49.0552 7976 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

07:11:49.0599 7976 USBSTOR - ok

07:11:49.0630 7976 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

07:11:49.0677 7976 usbuhci - ok

07:11:49.0724 7976 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

07:11:49.0755 7976 usbvideo - ok

07:11:49.0786 7976 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

07:11:49.0817 7976 UxSms - ok

07:11:49.0880 7976 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

07:11:49.0942 7976 vds - ok

07:11:50.0004 7976 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

07:11:50.0036 7976 vga - ok

07:11:50.0067 7976 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

07:11:50.0098 7976 VgaSave - ok

07:11:50.0129 7976 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

07:11:50.0145 7976 viaagp - ok

07:11:50.0176 7976 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

07:11:50.0238 7976 ViaC7 - ok

07:11:50.0254 7976 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

07:11:50.0270 7976 viaide - ok

07:11:50.0285 7976 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

07:11:50.0301 7976 volmgr - ok

07:11:50.0348 7976 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

07:11:50.0379 7976 volmgrx - ok

07:11:50.0410 7976 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

07:11:50.0441 7976 volsnap - ok

07:11:50.0488 7976 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

07:11:50.0504 7976 vsmraid - ok

07:11:50.0582 7976 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

07:11:50.0691 7976 VSS - ok

07:11:50.0862 7976 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

07:11:50.0925 7976 vToolbarUpdater12.1.5 - ok

07:11:51.0034 7976 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

07:11:51.0065 7976 W32Time - ok

07:11:51.0096 7976 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

07:11:51.0174 7976 WacomPen - ok

07:11:51.0190 7976 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

07:11:51.0221 7976 Wanarp - ok

07:11:51.0221 7976 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

07:11:51.0252 7976 Wanarpv6 - ok

07:11:51.0284 7976 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

07:11:51.0330 7976 wcncsvc - ok

07:11:51.0362 7976 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

07:11:51.0408 7976 WcsPlugInService - ok

07:11:51.0455 7976 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

07:11:51.0471 7976 Wd - ok

07:11:51.0533 7976 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

07:11:51.0564 7976 Wdf01000 - ok

07:11:51.0627 7976 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

07:11:51.0674 7976 WdiServiceHost - ok

07:11:51.0689 7976 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

07:11:51.0720 7976 WdiSystemHost - ok

07:11:51.0783 7976 Web Assistant Updater - ok

07:11:51.0830 7976 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

07:11:51.0892 7976 WebClient - ok

07:11:51.0954 7976 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

07:11:52.0001 7976 Wecsvc - ok

07:11:52.0064 7976 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

07:11:52.0110 7976 wercplsupport - ok

07:11:52.0173 7976 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

07:11:52.0204 7976 WerSvc - ok

07:11:52.0266 7976 WinHttpAutoProxySvc - ok

07:11:52.0329 7976 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

07:11:52.0360 7976 Winmgmt - ok

07:11:52.0469 7976 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

07:11:52.0547 7976 WinRM - ok

07:11:52.0672 7976 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

07:11:52.0734 7976 Wlansvc - ok

07:11:52.0750 7976 wltrysvc - ok

07:11:52.0859 7976 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

07:11:52.0890 7976 WmiAcpi - ok

07:11:52.0968 7976 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

07:11:53.0000 7976 wmiApSrv - ok

07:11:53.0124 7976 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

07:11:53.0249 7976 WMPNetworkSvc - ok

07:11:53.0280 7976 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

07:11:53.0343 7976 WPCSvc - ok

07:11:53.0390 7976 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

07:11:53.0468 7976 WPDBusEnum - ok

07:11:53.0561 7976 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

07:11:53.0592 7976 WpdUsb - ok

07:11:53.0764 7976 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

07:11:53.0826 7976 WPFFontCache_v0400 - ok

07:11:53.0858 7976 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

07:11:53.0889 7976 ws2ifsl - ok

07:11:53.0920 7976 WSearch - ok

07:11:53.0967 7976 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

07:11:53.0998 7976 WUDFRd - ok

07:11:54.0029 7976 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

07:11:54.0076 7976 wudfsvc - ok

07:11:54.0170 7976 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

07:11:54.0216 7976 YahooAUService - ok

07:11:54.0310 7976 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

07:11:54.0372 7976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

07:11:54.0372 7976 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

07:11:54.0450 7976 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

07:11:54.0450 7976 \Device\Harddisk0\DR0 - detected TDSS File System (1)

07:11:54.0450 7976 Boot (0x1200) (93322fbb338e540af0d387ac2e1329db) \Device\Harddisk0\DR0\Partition0

07:11:54.0450 7976 \Device\Harddisk0\DR0\Partition0 - ok

07:11:54.0466 7976 ============================================================

07:11:54.0466 7976 Scan finished

07:11:54.0466 7976 ============================================================

07:11:54.0513 6448 Detected object count: 4

07:11:54.0513 6448 Actual detected object count: 4

07:18:30.0311 6448 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

07:18:30.0311 6448 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:18:30.0311 6448 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - skipped by user

07:18:30.0311 6448 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:18:33.0012 6448 \Device\Harddisk0\DR0\# - copied to quarantine

07:18:33.0012 6448 \Device\Harddisk0\DR0 - copied to quarantine

07:18:38.0814 6448 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

07:18:42.0164 6448 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

07:18:42.0427 6448 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

07:18:43.0352 6448 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

07:18:44.0141 6448 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

07:18:46.0779 6448 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

07:18:48.0766 6448 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

07:18:48.0821 6448 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

07:18:48.0877 6448 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

07:18:49.0266 6448 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

07:18:49.0532 6448 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

07:18:49.0755 6448 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

07:18:49.0807 6448 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

07:18:49.0866 6448 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

07:18:50.0170 6448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

07:18:50.0212 6448 \Device\Harddisk0\DR0 - ok

07:18:50.0261 6448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

07:18:50.0261 6448 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

07:18:50.0261 6448 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

07:18:58.0502 7252 Deinitialize success

Share this post


Link to post
Share on other sites

I did for a few minutes, but the desktop wouldn't load, the toolbar didn't pop up, even when opening up Task Manager and typing in 'explorer.exe' to get it to respond. I'm still stuck in safe mode, but loading user accounts is running much faster.

Share this post


Link to post
Share on other sites

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

07:18:50.0261 6448 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:18:50.0261 6448 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please download unhide.exe from here and save it to your Desktop. Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run. When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt .

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • unhide log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Share this post


Link to post
Share on other sites

AVG and Norton Security Suite kept requesting neccessary actions for some infected files. I'll attach those logs later if you need them.

DDS Log

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by sheila at 22:09:14 on 2012-08-05

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1947 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\bcmwltry.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Game Booster 3\gbtray.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\dldncoms.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe

C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files\AirMac\APAgent.exe

C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe

C:\Program Files\Aeria Games\Ignite\aeriaignite.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\sheila\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Users\sheila\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe

C:\Users\sheila\AppData\Local\Akamai\netsession_win.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/

uWindow Title = Windows Internet Explorer provided by Comcast

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local;<local>

uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll

uURLSearchHooks: H - No File

uURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll

mURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll

mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: Messenger Plus! Community SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll

BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: Messenger Plus! Community Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll

TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [Akamai NetSession Interface] "c:\users\sheila\appdata\local\akamai\netsession_win.exe"

uRun: [Google Update] "c:\users\sheila\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"

mRun: [AirMac Base Station Agent] "c:\program files\airmac\APAgent.exe"

mRun: [MyFunCards_5m Browser Plugin Loader] c:\progra~1\myfunc~2\bar\1.bin\5mbrmon.exe

mRun: [<NO NAME>]

mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"

mRun: [Aeria Ignite] "c:\program files\aeria games\ignite\aeriaignite.exe" silent

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [info Center] c:\program files\pcpitstop\info center\InfoCenter.exe

mRun: [PC Pitstop PC Matic Reminder] c:\program files\pcpitstop\pc matic\Reminder-PCMatic.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\sheila\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4AA34806-31D2-46B3-BB14-BF33709D5CA6} : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\sheila\appdata\roaming\mozilla\firefox\profiles\iyyvcftz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bd45d6b46-cdab-4304-9d2e-f564c2d1295c%7D&mid=49203be05ad843ac95931df41e95a489-1a71e38da43c7be14eed47335abb07994792215d&ds=AVG&v=12.1.0.21〈=en&pr=fr&d=2012-08-04%2000%3A10%3A39&sap=ku&q=

FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll

FF - plugin: c:\progra~1\meadco~1\npmeadax.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.1.5\npsitesafety.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\users\sheila\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\users\sheila\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\users\sheila\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll

.

---- FIREFOX POLICIES ----

.

FF - user.js: browser.search.defaultEngine - yahoo

FF - user.js: browser.search.defaultenginename - yahoo

FF - user.js: browser.search.selectedEngine - Yahoo

FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=

FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=

FF - user.js: browser.search.param.yahoo-fr - chrf-protectff

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c

FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38:01

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.funmoods.hmpg - false

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341

FF - user.js: extensions.funmoods.dfltSrch - false

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - false

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341

FF - user.js: extensions.funmoods.tlbrSrchUrl -

FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c

FF - user.js: extensions.funmoods.instlDay - 15486

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - axl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - axl

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c

FF - user.js: extensions.incredibar_i.instlDay - 15507

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05:08

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6

FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10665

FF - user.js: extensions.incredibar_i.ppd -

.

FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf

FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube

.

FF - user.js: extensions.autoDisableScopes - 14

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-23 309848]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-4 27496]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120803.002\IDSvix86.sys [2012-8-3 382624]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-16 331384]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2011-9-6 81920]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-23 19544]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-23 54104]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-23 42184]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 dldn_device;dldn_device;c:\windows\system32\dldncoms.exe -service --> c:\windows\system32\dldncoms.exe -service [?]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-3-31 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-4 655944]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-9-6 135608]

R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.12.27\ccSvcHst.exe [2011-9-6 126392]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-7-11 763840]

R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\common files\avg secure search\vtoolbarupdater\12.1.5\ToolbarUpdater.exe [2012-8-4 830048]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-16 482176]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-3 106656]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-4 22344]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-4-2 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-4-2 280096]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S2 dldnCATSCustConnectService;dldnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldnserv.exe [2008-3-4 99568]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]

S2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\extensionupdaterservice.exe --> c:\program files\web assistant\ExtensionUpdaterService.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-26 250056]

S3 apf001;apf001;c:\windows\system32\apf001.sys [2012-1-20 10872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664]

S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]

S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2010-4-9 55056]

S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2010-4-9 160912]

S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2010-4-9 160912]

S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2010-4-9 13456]

S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2010-4-9 118800]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]

S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-23 785304]

S4 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-16 1668344]

S4 MyFunCards_5mService;MyFunCardsService;c:\progra~1\myfunc~2\bar\1.bin\5mbarsvc.exe [2012-4-4 42528]

.

=============== Created Last 30 ================

.

2012-08-05 00:27:41 -------- d-----w- c:\program files\PCPitstop

2012-08-05 00:11:33 -------- d-----w- c:\programdata\Sophos

2012-08-05 00:10:23 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe

2012-08-05 00:09:58 -------- d-----w- c:\program files\Sophos

2012-08-04 23:47:47 -------- d-----w- c:\users\sheila\appdata\roaming\Malwarebytes

2012-08-04 23:47:40 -------- d-----w- c:\programdata\Malwarebytes

2012-08-04 23:47:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-04 23:47:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-04 12:03:14 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconF7A21AF7.exe

2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconD7F16134.exe

2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconCF33A0CE.exe

2012-08-04 08:57:26 -------- d-----w- C:\sh4ldr

2012-08-04 08:57:26 -------- d-----w- c:\program files\Enigma Software Group

2012-08-04 08:56:54 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP

2012-08-04 08:51:09 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2012-08-04 08:51:09 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2012-08-04 08:51:09 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2012-08-04 08:51:09 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll

2012-08-04 08:51:09 118240 ----a-w- c:\program files\mozilla firefox\crashreporter.exe

2012-08-04 08:51:08 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2012-08-04 05:28:02 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-08-04 05:28:02 278528 ----a-w- c:\windows\system32\schannel.dll

2012-08-04 05:28:02 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-08-04 04:32:03 -------- d-----w- c:\users\sheila\appdata\roaming\AVG2012

2012-08-04 04:10:30 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-08-04 04:09:29 -------- d-----w- c:\program files\AVG Secure Search

2012-08-04 04:04:37 -------- d-----w- c:\windows\system32\drivers\AVG

2012-08-04 03:41:43 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-08-04 03:40:33 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{39b4c142-238b-4852-bcd4-4593264c2630}\mpengine.dll

2012-08-04 03:40:33 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-08-04 03:40:33 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-04 02:36:49 -------- d-----w- c:\programdata\DriverGenius

2012-08-04 02:36:14 -------- d-----w- c:\program files\Driver-Soft

2012-08-03 08:22:11 -------- d-----w- c:\windows\system32\wbem\repository

2012-08-03 08:20:33 -------- d-----w- c:\windows\Registration

2012-08-03 06:43:36 -------- d-----w- c:\users\sheila\appdata\roaming\iolo

2012-08-03 06:43:36 -------- d-----w- c:\programdata\iolo

2012-08-03 06:29:10 -------- d-----w- c:\users\sheila\appdata\roaming\Qwiklinx

2012-08-03 06:29:10 -------- d-----w- c:\program files\Qwiklinx

2012-08-03 06:28:15 -------- d-----w- c:\program files\Shop to Win 36

2012-08-03 06:28:14 -------- d-----w- c:\program files\BabylonToolbar

2012-08-03 06:28:04 -------- d-----w- c:\users\sheila\appdata\local\Wajam

2012-08-03 06:27:54 -------- d-----w- c:\users\sheila\appdata\roaming\RadarSync

2012-08-03 06:27:54 -------- d-----w- c:\program files\Wajam

2012-08-03 06:19:46 -------- d-----w- c:\program files\Driver Checker

2012-08-03 05:03:44 -------- d-----w- c:\users\sheila\appdata\local\ElevatedDiagnostics

2012-08-03 04:53:29 -------- d-----w- c:\programdata\RegAce

2012-08-03 04:53:16 -------- d-----w- c:\users\sheila\appdata\local\APN

2012-08-03 04:41:55 -------- d-----w- c:\program files\Fix RegCleaner

2012-08-01 22:48:29 -------- d-----w- c:\windows\system32\%APPDATA%

2012-07-31 21:54:39 -------- d-----w- c:\users\sheila\appdata\local\AVG Secure Search

2012-07-31 21:54:23 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-31 21:54:10 -------- d-----w- c:\program files\common files\AVG Secure Search

2012-07-31 21:53:24 -------- d-----w- C:\$AVG

2012-07-31 21:53:23 -------- d-----w- c:\programdata\AVG2012

2012-07-31 21:52:51 -------- d-----w- c:\program files\AVG

2012-07-31 21:50:58 -------- d-----w- c:\programdata\MFAData

2012-07-31 20:44:51 -------- d-----w- c:\program files\Promosoft Corporation

2012-07-31 20:36:05 -------- d-----w- c:\users\sheila\appdata\roaming\YourFileDownloader

2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\SpeedyPC Software

2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\DriverCure

2012-07-31 20:20:42 -------- d-----w- c:\program files\common files\SpeedyPC Software

2012-07-31 20:20:41 -------- d-----w- c:\programdata\SpeedyPC Software

2012-07-31 20:20:41 -------- d-----w- c:\program files\SpeedyPC Software

2012-07-31 09:51:40 -------- d-----w- c:\users\sheila\appdata\roaming\IObit

2012-07-31 09:44:28 -------- d-----w- c:\users\sheila\appdata\local\Promosoft Corporation

2012-07-16 19:51:23 331384 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys

2012-07-16 19:51:23 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys

2012-07-16 19:51:22 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys

2012-07-16 19:51:22 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys

2012-07-16 19:51:22 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys

2012-07-16 19:51:22 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys

2012-07-16 19:51:21 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys

2012-07-16 19:50:31 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003

2012-07-13 11:00:08 192592 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-07-13 11:00:08 114144 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2012-07-13 11:00:07 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2012-07-13 11:00:07 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2012-07-12 08:57:30 -------- d-----w- c:\program files\x86

2012-07-12 08:55:18 -------- d-----w- c:\program files\OApps

2012-07-12 08:55:15 -------- d-----w- c:\program files\TorrentSearch

2012-07-12 08:54:49 -------- d-----w- c:\users\sheila\Xoliul Shader

2012-07-12 08:54:00 -------- d-----w- c:\program files\intellidownload

2012-07-10 17:37:14 184886 ----a-w- C:\torrent.exe

2012-07-10 13:04:40 -------- d-----w- c:\users\sheila\appdata\local\Aeria Games

2012-07-10 13:03:31 -------- d-----w- c:\programdata\Aeria Games

2012-07-10 12:49:28 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2012-07-10 12:49:22 -------- d-----w- c:\program files\Aeria Games

2012-07-10 08:46:47 -------- d-----w- C:\New Folder

.

==================== Find3M ====================

.

2012-08-04 07:20:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-04 07:20:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-18 00:39:20 16304 ------w- c:\windows\system32\apl003.sys

.

============= FINISH: 22:15:47.28 ===============

unhide file

Processing the C:\ drive

Finished processing the C:\ drive. 244116 files processed.

The C:\Users\sheila\AppData\Local\Temp\smtmp\ folder does not exist!!

Unhide cannot restore your missing shortcuts!!

Please see this topic in order to learn how to restore default

Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/05/2012 09:43:46 AM

Execution time: 0 hours(s), 13 minute(s), and 51 seconds(s)

Database version: v2012.08.05.08

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

sheila :: SHEILA-PC [administrator]

Protection: Enabled

8/5/2012 8:46:27 PM

mbam-log-2012-08-05 (20-46-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 208933

Time elapsed: 28 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 9

HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.

HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\MyFunCards_5m (Adware.MyFunCards) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Data: C:\Program Files\HBLite\bin\11.0.181.0\firefox\extensions -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 3

C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 3

C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.

C:\Users\sheila\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\sheila\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

ComboFix 12-08-05.02 - sheila 08/06/2012 6:39.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1751 [GMT -4:00]

Running from: c:\users\sheila\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\intellidownload\gunzip.exe

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbar.dll

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

c:\program files\Shop to Win

c:\program files\Shop to Win\Test.htm

c:\program files\Shop to Win\TestFeeds\DisableStatus.xml

c:\program files\Shop to Win\TestFeeds\DisableStatusDirection.xml

c:\program files\Shop to Win\TestFeeds\GenericPopup.xml

c:\program files\Shop to Win\TestFeeds\MainStatus.xml

c:\program files\Shop to Win\TestFeeds\ShoppingConfirmation.xml

c:\program files\Shop to Win\unins000.dat

c:\program files\Web Assistant\ExTEnsion32.dll

c:\programdata\ntuser.dat

c:\users\sheila\15.jpg

c:\users\sheila\20091011223157.jpg

c:\users\sheila\20091229225621.jpg

c:\users\sheila\201072410563468337.jpg

c:\users\sheila\3676907620771746162 (1).jpg

c:\users\sheila\3676907620771746162.jpg

c:\users\sheila\b5cb0b1d78ecb9d6a8b4c3227586adec.jpg

c:\users\sheila\be82c034cf25c914338fa3cf87005d24-d3cyctl.jpg

c:\users\sheila\Documents\~WRL0003.tmp

c:\users\sheila\Documents\~WRL0004.tmp

c:\users\sheila\Documents\~WRL0005.tmp

c:\users\sheila\Documents\~WRL0221.tmp

c:\users\sheila\Documents\~WRL0598.tmp

c:\users\sheila\Documents\~WRL3164.tmp

c:\users\sheila\Documents\~WRL3197.tmp

c:\users\sheila\Documents\~WRL3668.tmp

c:\users\sheila\Documents\~WRL4096.tmp

c:\users\sheila\Documents\ShopToWin

c:\users\sheila\fullclient_april25.exe

c:\windows\assembly\GAC\Desktop.ini

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

Infected copy of c:\windows\System32\services.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))

.

.

2012-08-06 11:25 . 2012-08-06 12:21 -------- d-----w- c:\users\sheila\AppData\Local\temp

2012-08-06 11:25 . 2012-08-06 11:25 -------- d-----w- c:\users\Samantha\AppData\Local\temp

2012-08-06 11:25 . 2012-08-06 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-05 00:27 . 2012-08-05 13:51 -------- d-----w- c:\program files\PCPitstop

2012-08-05 00:11 . 2012-08-05 00:11 -------- d-----w- c:\programdata\Sophos

2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-08-05 00:09 . 2012-08-05 00:09 -------- d-----w- c:\program files\Sophos

2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\users\sheila\AppData\Roaming\Malwarebytes

2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\programdata\Malwarebytes

2012-08-04 23:47 . 2012-08-04 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-04 23:47 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-04 12:03 . 2012-08-05 13:29 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe

2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe

2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe

2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- C:\sh4ldr

2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- c:\program files\Enigma Software Group

2012-08-04 08:56 . 2012-08-04 08:57 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP

2012-08-04 08:51 . 2012-08-04 08:51 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll

2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-08-04 08:51 . 2012-08-04 08:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2012-08-04 08:51 . 2012-08-04 08:51 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll

2012-08-04 08:51 . 2012-08-04 08:51 118240 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe

2012-08-04 08:51 . 2012-08-04 08:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2012-08-04 05:28 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-08-04 04:32 . 2012-08-04 04:32 -------- d-----w- c:\users\sheila\AppData\Roaming\AVG2012

2012-08-04 02:36 . 2012-08-04 02:37 -------- d-----w- c:\programdata\DriverGenius

2012-08-04 02:36 . 2012-08-04 02:36 -------- d-----w- c:\program files\Driver-Soft

2012-08-03 08:22 . 2012-08-06 12:18 -------- d-----w- c:\windows\system32\wbem\repository

2012-08-03 07:25 . 2012-08-03 07:26 -------- d-----w- c:\users\Samantha\AppData\Roaming\Skype

2012-08-03 07:21 . 2012-08-03 07:21 -------- d-----w- c:\users\Samantha\AppData\Local\Mozilla

2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\programdata\iolo

2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\sheila\AppData\Roaming\iolo

2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\users\sheila\AppData\Roaming\Qwiklinx

2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\Qwiklinx

2012-08-03 06:28 . 2012-08-03 06:29 -------- d-----w- c:\program files\Shop to Win 36

2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\program files\BabylonToolbar

2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\users\sheila\AppData\Local\Wajam

2012-08-03 06:27 . 2012-08-03 06:28 -------- d-----w- c:\program files\Wajam

2012-08-03 06:27 . 2012-08-03 06:27 -------- d-----w- c:\users\sheila\AppData\Roaming\RadarSync

2012-08-03 06:19 . 2012-08-03 06:20 -------- d-----w- c:\program files\Driver Checker

2012-08-03 06:07 . 2012-08-03 07:27 -------- d-----w- c:\users\Samantha\AppData\Local\PMB Files

2012-08-03 05:03 . 2012-08-03 05:03 -------- d-----w- c:\users\sheila\AppData\Local\ElevatedDiagnostics

2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\programdata\RegAce

2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\users\sheila\AppData\Local\APN

2012-08-03 04:41 . 2012-08-03 04:49 -------- d-----w- c:\program files\Fix RegCleaner

2012-08-01 22:48 . 2012-08-01 22:48 -------- d-----w- c:\windows\system32\%APPDATA%

2012-08-01 00:31 . 2012-08-01 00:31 -------- d-----w- c:\programdata\Macrovision

2012-07-31 21:53 . 2012-07-31 21:53 -------- d-----w- C:\$AVG

2012-07-31 21:53 . 2012-08-06 12:16 -------- d-----w- c:\programdata\AVG2012

2012-07-31 21:52 . 2012-07-31 21:52 -------- d-----w- c:\program files\AVG

2012-07-31 21:50 . 2012-08-06 10:28 -------- d-----w- c:\programdata\MFAData

2012-07-31 20:44 . 2012-07-31 20:44 -------- d-----w- c:\program files\Promosoft Corporation

2012-07-31 20:36 . 2012-07-31 20:36 -------- d-----w- c:\users\sheila\AppData\Roaming\YourFileDownloader

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\SpeedyPC Software

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\DriverCure

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\programdata\SpeedyPC Software

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\SpeedyPC Software

2012-07-31 09:51 . 2012-07-31 09:51 -------- d-----w- c:\users\sheila\AppData\Roaming\IObit

2012-07-31 09:44 . 2012-07-31 09:44 -------- d-----w- c:\users\sheila\AppData\Local\Promosoft Corporation

2012-07-16 19:50 . 2012-08-03 08:10 -------- d-----w- c:\windows\system32\drivers\N360\0502020.003

2012-07-13 11:00 . 2012-08-04 08:51 192592 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-07-13 11:00 . 2012-08-04 08:51 114144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-07-13 11:00 . 2012-08-04 08:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-07-13 11:00 . 2012-08-04 08:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-07-12 08:57 . 2012-07-12 08:57 -------- d-----w- c:\program files\x86

2012-07-12 08:55 . 2012-08-05 14:02 -------- d-----w- c:\program files\OApps

2012-07-12 08:55 . 2012-08-03 08:09 -------- d-----w- c:\program files\TorrentSearch

2012-07-12 08:54 . 2012-07-12 08:54 -------- d-----w- c:\users\sheila\Xoliul Shader

2012-07-12 08:54 . 2012-08-06 11:21 -------- d-----w- c:\program files\intellidownload

2012-07-10 17:37 . 2012-07-10 17:37 184886 ----a-w- C:\torrent.exe

2012-07-10 13:04 . 2012-07-10 13:04 -------- d-----w- c:\users\sheila\AppData\Local\Aeria Games

2012-07-10 13:03 . 2012-07-10 13:03 -------- d-----w- c:\programdata\Aeria Games

2012-07-10 12:49 . 2012-07-25 18:26 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2012-07-10 12:49 . 2012-08-03 08:09 -------- d-----w- c:\program files\Aeria Games

2012-07-10 08:46 . 2012-08-03 08:09 -------- d-----w- C:\New Folder

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 07:20 . 2012-06-27 03:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-04 07:20 . 2012-06-27 03:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-19 23:59 . 2012-06-19 23:59 18944 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe

2012-06-05 16:47 . 2012-08-04 06:19 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47 . 2012-08-06 10:25 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-02 22:19 . 2012-08-04 03:41 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-08-04 03:41 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-08-04 03:40 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-08-04 03:40 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-08-04 03:41 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-08-04 03:41 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-08-04 03:40 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-08-04 03:40 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12 . 2012-08-04 03:40 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 00:04 . 2012-08-04 05:28 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03 . 2012-08-04 05:28 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-31 16:25 . 2010-04-02 13:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-18 00:39 . 2012-05-18 00:39 16304 ------w- c:\windows\system32\apl003.sys

2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]

2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\sheila\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]

"AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360]

"MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-04-05 30096]

"Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]

"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816]

"PC Pitstop PC Matic Reminder"="c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe" [2012-05-16 325320]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]

2011-07-04 11:43 3493720 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2008-11-17 11:29 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]

2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]

2008-06-03 19:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnamon]

2008-03-17 21:29 16624 ----a-w- c:\program files\Dell V105\dldnamon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnmon.exe]

2008-03-17 21:29 668912 ----a-w- c:\program files\Dell V105\dldnmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2010-03-31 15:13 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]

2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-06-16 02:13 116648 ----atw- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-02-26 17:57 173592 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-02-26 17:57 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-08-09 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-02-26 17:57 150552 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]

2009-06-19 16:25 4825976 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]

2012-05-15 14:06 325448 ----a-w- c:\users\sheila\AppData\Roaming\Smilebox\SmileboxTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-10-07 02:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2010-03-31 15:05 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

R0 45083044;45083044;c:\windows\system32\drivers\07025176.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:20]

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44]

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44]

.

2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000Core.job

- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13]

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000UA.job

- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13]

.

2012-07-16 c:\windows\Tasks\Norton Security Scan for sheila.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-16 04:51]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/

mStart Page = hxxp://www.yahoo.com

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=

FF - user.js: browser.search.defaultEngine - yahoo

FF - user.js: browser.search.defaultenginename - yahoo

FF - user.js: browser.search.selectedEngine - Yahoo

FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=

FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=

FF - user.js: browser.search.param.yahoo-fr - chrf-protectff

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c

FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.funmoods.hmpg - false

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341

FF - user.js: extensions.funmoods.dfltSrch - false

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - false

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341

FF - user.js: extensions.funmoods.tlbrSrchUrl -

FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c

FF - user.js: extensions.funmoods.instlDay - 15486

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - axl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - axl

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c

FF - user.js: extensions.incredibar_i.instlDay - 15507

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6

FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10665

FF - user.js: extensions.incredibar_i.ppd -

FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf

FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube

FF - user.js: extensions.autoDisableScopes - 14

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

SafeBoot-45083044.sys

SafeBoot-56671536.sys

MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-ComcastAntispyClient - c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe

MSConfigStartUp-DailyBibleGuideIE Browser Plugin Loader - c:\progra~1\DAILYB~2\bar\1.bin\elbrmon.exe

MSConfigStartUp-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

AddRemove-ComcastHSI - c:\program files\support.com\uninstall\chsi_uninstaller.exe

AddRemove-Funmoods Web Search - c:\progra~1\Funmoods\1.5.23.22\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-06 08:19

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCCUJobMgr]

"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]

"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,

99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,

2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,

8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56,

ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,

f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc

"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,

f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95

"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,

93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d2,77,

68,82,e9,5d,3d,9d,e9,17,af,ad,b0,e5,ab

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:d1,03,ad,e3,bd,33,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1608)

c:\program files\Norton Security Suite\Engine\5.2.2.3\buShell.dll

c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\WLANExt.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\dldncoms.exe

c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe

c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe

c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\DllHost.exe

c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe

c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe

c:\program files\IObit\Game Booster 3\gbtray.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-08-06 08:29:59 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-06 12:29

.

Pre-Run: 193,192,067,072 bytes free

Post-Run: 184,391,561,216 bytes free

.

- - End Of File - - DBE770E42F00C8B85A184816DAA0CCB8

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FireFox::
FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.funmoods.instlDay - 15486
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c
FF - user.js: extensions.incredibar_i.instlDay - 15507
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6
FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf
FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

ComboFix 12-08-05.02 - sheila 08/06/2012 19:27:58.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1930 [GMT -4:00]

Running from: c:\users\sheila\Desktop\ComboFix.exe

Command switches used :: c:\users\sheila\AppData\Roaming\Microsoft\Windows\Recent\CFScript.lnk

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))

.

.

2012-08-06 23:51 . 2012-08-06 23:51 -------- d-----w- c:\users\sheila\AppData\Local\temp

2012-08-06 23:51 . 2012-08-06 23:51 -------- d-----w- c:\users\Samantha\AppData\Local\temp

2012-08-06 23:51 . 2012-08-06 23:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-06 10:25 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-08-05 00:27 . 2012-08-05 13:51 -------- d-----w- c:\program files\PCPitstop

2012-08-05 00:11 . 2012-08-05 00:11 -------- d-----w- c:\programdata\Sophos

2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-08-05 00:09 . 2012-08-05 00:09 -------- d-----w- c:\program files\Sophos

2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\users\sheila\AppData\Roaming\Malwarebytes

2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\programdata\Malwarebytes

2012-08-04 23:47 . 2012-08-04 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-04 23:47 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-04 12:03 . 2012-08-05 13:29 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe

2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe

2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe

2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- C:\sh4ldr

2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- c:\program files\Enigma Software Group

2012-08-04 08:56 . 2012-08-04 08:57 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP

2012-08-04 08:51 . 2012-08-04 08:51 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll

2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-08-04 08:51 . 2012-08-04 08:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2012-08-04 08:51 . 2012-08-04 08:51 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll

2012-08-04 08:51 . 2012-08-04 08:51 118240 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe

2012-08-04 08:51 . 2012-08-04 08:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2012-08-04 06:19 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-08-04 05:28 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-08-04 05:28 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll

2012-08-04 05:28 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-08-04 04:32 . 2012-08-04 04:32 -------- d-----w- c:\users\sheila\AppData\Roaming\AVG2012

2012-08-04 03:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-08-04 03:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-08-04 03:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-08-04 03:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-08-04 03:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-08-04 03:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-08-04 03:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-08-04 03:40 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39B4C142-238B-4852-BCD4-4593264C2630}\mpengine.dll

2012-08-04 03:40 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-04 03:40 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-08-04 02:36 . 2012-08-04 02:37 -------- d-----w- c:\programdata\DriverGenius

2012-08-04 02:36 . 2012-08-04 02:36 -------- d-----w- c:\program files\Driver-Soft

2012-08-03 08:22 . 2012-08-06 23:08 -------- d-----w- c:\windows\system32\wbem\repository

2012-08-03 07:25 . 2012-08-03 07:26 -------- d-----w- c:\users\Samantha\AppData\Roaming\Skype

2012-08-03 07:21 . 2012-08-03 07:21 -------- d-----w- c:\users\Samantha\AppData\Local\Mozilla

2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\programdata\iolo

2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\sheila\AppData\Roaming\iolo

2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\users\sheila\AppData\Roaming\Qwiklinx

2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\Qwiklinx

2012-08-03 06:28 . 2012-08-03 06:29 -------- d-----w- c:\program files\Shop to Win 36

2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\program files\BabylonToolbar

2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\users\sheila\AppData\Local\Wajam

2012-08-03 06:27 . 2012-08-03 06:28 -------- d-----w- c:\program files\Wajam

2012-08-03 06:27 . 2012-08-03 06:27 -------- d-----w- c:\users\sheila\AppData\Roaming\RadarSync

2012-08-03 06:19 . 2012-08-03 06:20 -------- d-----w- c:\program files\Driver Checker

2012-08-03 06:07 . 2012-08-03 07:27 -------- d-----w- c:\users\Samantha\AppData\Local\PMB Files

2012-08-03 05:03 . 2012-08-03 05:03 -------- d-----w- c:\users\sheila\AppData\Local\ElevatedDiagnostics

2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\programdata\RegAce

2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\users\sheila\AppData\Local\APN

2012-08-03 04:41 . 2012-08-03 04:49 -------- d-----w- c:\program files\Fix RegCleaner

2012-08-01 22:48 . 2012-08-01 22:48 -------- d-----w- c:\windows\system32\%APPDATA%

2012-08-01 00:31 . 2012-08-01 00:31 -------- d-----w- c:\programdata\Macrovision

2012-07-31 21:53 . 2012-07-31 21:53 -------- d-----w- C:\$AVG

2012-07-31 21:53 . 2012-08-06 12:16 -------- d-----w- c:\programdata\AVG2012

2012-07-31 21:52 . 2012-07-31 21:52 -------- d-----w- c:\program files\AVG

2012-07-31 21:50 . 2012-08-06 10:28 -------- d-----w- c:\programdata\MFAData

2012-07-31 20:44 . 2012-07-31 20:44 -------- d-----w- c:\program files\Promosoft Corporation

2012-07-31 20:36 . 2012-07-31 20:36 -------- d-----w- c:\users\sheila\AppData\Roaming\YourFileDownloader

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\SpeedyPC Software

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\DriverCure

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\programdata\SpeedyPC Software

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\SpeedyPC Software

2012-07-31 09:51 . 2012-07-31 09:51 -------- d-----w- c:\users\sheila\AppData\Roaming\IObit

2012-07-31 09:44 . 2012-07-31 09:44 -------- d-----w- c:\users\sheila\AppData\Local\Promosoft Corporation

2012-07-16 19:50 . 2012-08-03 08:10 -------- d-----w- c:\windows\system32\drivers\N360\0502020.003

2012-07-13 11:00 . 2012-08-04 08:51 192592 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-07-13 11:00 . 2012-08-04 08:51 114144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-07-13 11:00 . 2012-08-04 08:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-07-13 11:00 . 2012-08-04 08:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-07-12 08:57 . 2012-07-12 08:57 -------- d-----w- c:\program files\x86

2012-07-12 08:55 . 2012-08-05 14:02 -------- d-----w- c:\program files\OApps

2012-07-12 08:55 . 2012-08-03 08:09 -------- d-----w- c:\program files\TorrentSearch

2012-07-12 08:54 . 2012-07-12 08:54 -------- d-----w- c:\users\sheila\Xoliul Shader

2012-07-12 08:54 . 2012-08-06 11:21 -------- d-----w- c:\program files\intellidownload

2012-07-10 17:37 . 2012-07-10 17:37 184886 ----a-w- C:\torrent.exe

2012-07-10 13:04 . 2012-07-10 13:04 -------- d-----w- c:\users\sheila\AppData\Local\Aeria Games

2012-07-10 13:03 . 2012-07-10 13:03 -------- d-----w- c:\programdata\Aeria Games

2012-07-10 12:49 . 2012-07-25 18:26 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2012-07-10 12:49 . 2012-08-03 08:09 -------- d-----w- c:\program files\Aeria Games

2012-07-10 08:46 . 2012-08-03 08:09 -------- d-----w- C:\New Folder

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 07:20 . 2012-06-27 03:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-04 07:20 . 2012-06-27 03:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-19 23:59 . 2012-06-19 23:59 18944 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe

2012-05-31 16:25 . 2010-04-02 13:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-18 00:39 . 2012-05-18 00:39 16304 ------w- c:\windows\system32\apl003.sys

2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]

2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\sheila\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]

"AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360]

"MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-04-05 30096]

"Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]

"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816]

"PC Pitstop PC Matic Reminder"="c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe" [2012-05-16 325320]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]

2011-07-04 11:43 3493720 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2008-11-17 11:29 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]

2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]

2008-06-03 19:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnamon]

2008-03-17 21:29 16624 ----a-w- c:\program files\Dell V105\dldnamon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnmon.exe]

2008-03-17 21:29 668912 ----a-w- c:\program files\Dell V105\dldnmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2010-03-31 15:13 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]

2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-06-16 02:13 116648 ----atw- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-02-26 17:57 173592 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-02-26 17:57 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-08-09 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-02-26 17:57 150552 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]

2009-06-19 16:25 4825976 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]

2012-05-15 14:06 325448 ----a-w- c:\users\sheila\AppData\Roaming\Smilebox\SmileboxTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-10-07 02:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2010-03-31 15:05 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

R0 45083044;45083044;c:\windows\system32\drivers\07025176.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:20]

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44]

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44]

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000Core.job

- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13]

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000UA.job

- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13]

.

2012-07-16 c:\windows\Tasks\Norton Security Scan for sheila.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-16 04:51]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/

mStart Page = hxxp://www.yahoo.com

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=

FF - user.js: browser.search.defaultEngine - yahoo

FF - user.js: browser.search.defaultenginename - yahoo

FF - user.js: browser.search.selectedEngine - Yahoo

FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=

FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=

FF - user.js: browser.search.param.yahoo-fr - chrf-protectff

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c

FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.funmoods.hmpg - false

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341

FF - user.js: extensions.funmoods.dfltSrch - false

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - false

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341

FF - user.js: extensions.funmoods.tlbrSrchUrl -

FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c

FF - user.js: extensions.funmoods.instlDay - 15486

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - axl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - axl

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c

FF - user.js: extensions.incredibar_i.instlDay - 15507

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6

FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10665

FF - user.js: extensions.incredibar_i.ppd -

FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf

FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube

FF - user.js: extensions.autoDisableScopes - 14

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-06 19:51

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCCUJobMgr]

"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]

"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,

99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,

2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,

8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56,

ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,

f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc

"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,

f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95

"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,

93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d2,77,

68,82,e9,5d,3d,9d,e9,17,af,ad,b0,e5,ab

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:d1,03,ad,e3,bd,33,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5100)

c:\windows\system32\ACTXPRXY.DLL

c:\program files\MyFunCards_5m\bar\1.bin\5mbrstub.dll

c:\windows\system32\mssprxy.dll

.

Completion time: 2012-08-06 20:03:11

ComboFix-quarantined-files.txt 2012-08-07 00:02

ComboFix2.txt 2012-08-06 12:30

.

Pre-Run: 183,398,924,288 bytes free

Post-Run: 182,432,690,176 bytes free

.

- - End Of File - - 00AE72F20A85BCC2EFFEE6594C0D89CD

Share this post


Link to post
Share on other sites
Command switches used :: c:\users\sheila\AppData\Roaming\Microsoft\Windows\Recent\CFScript.lnk

My instructions are to create a new text file, not link file and not here, but on the Desktop. Please follow my instructions strictly.

Share this post


Link to post
Share on other sites

Then I'm not sure I understand your instructions. You want me to save it as a .txt file to my desktop then drag it into the ComboFix icon?

Share this post


Link to post
Share on other sites

Sorry, your original instructions confused me a bit. I think this is what you meant. My apologies.

ComboFix 12-08-07.02 - sheila 08/07/2012 8:09.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1905 [GMT -4:00]

Running from: c:\users\sheila\Desktop\ComboFix.exe

Command switches used :: c:\users\sheila\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))

.

.

2012-08-07 12:33 . 2012-08-07 12:33 -------- d-----w- c:\users\sheila\AppData\Local\temp

2012-08-07 12:33 . 2012-08-07 12:33 -------- d-----w- c:\users\Samantha\AppData\Local\temp

2012-08-07 12:33 . 2012-08-07 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-06 10:25 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-08-05 00:27 . 2012-08-05 13:51 -------- d-----w- c:\program files\PCPitstop

2012-08-05 00:11 . 2012-08-05 00:11 -------- d-----w- c:\programdata\Sophos

2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-08-05 00:09 . 2012-08-05 00:09 -------- d-----w- c:\program files\Sophos

2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\users\sheila\AppData\Roaming\Malwarebytes

2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\programdata\Malwarebytes

2012-08-04 23:47 . 2012-08-04 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-04 23:47 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-04 12:03 . 2012-08-05 13:29 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe

2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe

2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe

2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- C:\sh4ldr

2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- c:\program files\Enigma Software Group

2012-08-04 08:56 . 2012-08-04 08:57 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP

2012-08-04 08:51 . 2012-08-04 08:51 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll

2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-08-04 08:51 . 2012-08-04 08:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2012-08-04 08:51 . 2012-08-04 08:51 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll

2012-08-04 08:51 . 2012-08-04 08:51 118240 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe

2012-08-04 08:51 . 2012-08-04 08:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2012-08-04 06:19 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-08-04 05:28 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-08-04 05:28 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll

2012-08-04 05:28 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-08-04 04:32 . 2012-08-04 04:32 -------- d-----w- c:\users\sheila\AppData\Roaming\AVG2012

2012-08-04 03:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-08-04 03:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-08-04 03:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-08-04 03:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-08-04 03:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-08-04 03:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-08-04 03:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-08-04 03:40 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39B4C142-238B-4852-BCD4-4593264C2630}\mpengine.dll

2012-08-04 03:40 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-04 03:40 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-08-04 02:36 . 2012-08-04 02:37 -------- d-----w- c:\programdata\DriverGenius

2012-08-04 02:36 . 2012-08-04 02:36 -------- d-----w- c:\program files\Driver-Soft

2012-08-03 08:22 . 2012-08-06 23:08 -------- d-----w- c:\windows\system32\wbem\repository

2012-08-03 07:25 . 2012-08-03 07:26 -------- d-----w- c:\users\Samantha\AppData\Roaming\Skype

2012-08-03 07:21 . 2012-08-03 07:21 -------- d-----w- c:\users\Samantha\AppData\Local\Mozilla

2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\programdata\iolo

2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\sheila\AppData\Roaming\iolo

2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\users\sheila\AppData\Roaming\Qwiklinx

2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\Qwiklinx

2012-08-03 06:28 . 2012-08-03 06:29 -------- d-----w- c:\program files\Shop to Win 36

2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\program files\BabylonToolbar

2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\users\sheila\AppData\Local\Wajam

2012-08-03 06:27 . 2012-08-03 06:28 -------- d-----w- c:\program files\Wajam

2012-08-03 06:27 . 2012-08-03 06:27 -------- d-----w- c:\users\sheila\AppData\Roaming\RadarSync

2012-08-03 06:19 . 2012-08-03 06:20 -------- d-----w- c:\program files\Driver Checker

2012-08-03 06:07 . 2012-08-03 07:27 -------- d-----w- c:\users\Samantha\AppData\Local\PMB Files

2012-08-03 05:03 . 2012-08-03 05:03 -------- d-----w- c:\users\sheila\AppData\Local\ElevatedDiagnostics

2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\programdata\RegAce

2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\users\sheila\AppData\Local\APN

2012-08-03 04:41 . 2012-08-03 04:49 -------- d-----w- c:\program files\Fix RegCleaner

2012-08-01 22:48 . 2012-08-01 22:48 -------- d-----w- c:\windows\system32\%APPDATA%

2012-08-01 00:31 . 2012-08-01 00:31 -------- d-----w- c:\programdata\Macrovision

2012-07-31 21:53 . 2012-07-31 21:53 -------- d-----w- C:\$AVG

2012-07-31 21:53 . 2012-08-06 12:16 -------- d-----w- c:\programdata\AVG2012

2012-07-31 21:52 . 2012-07-31 21:52 -------- d-----w- c:\program files\AVG

2012-07-31 21:50 . 2012-08-06 10:28 -------- d-----w- c:\programdata\MFAData

2012-07-31 20:44 . 2012-07-31 20:44 -------- d-----w- c:\program files\Promosoft Corporation

2012-07-31 20:36 . 2012-07-31 20:36 -------- d-----w- c:\users\sheila\AppData\Roaming\YourFileDownloader

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\SpeedyPC Software

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\DriverCure

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\programdata\SpeedyPC Software

2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\SpeedyPC Software

2012-07-31 09:51 . 2012-07-31 09:51 -------- d-----w- c:\users\sheila\AppData\Roaming\IObit

2012-07-31 09:44 . 2012-07-31 09:44 -------- d-----w- c:\users\sheila\AppData\Local\Promosoft Corporation

2012-07-16 19:50 . 2012-08-03 08:10 -------- d-----w- c:\windows\system32\drivers\N360\0502020.003

2012-07-13 11:00 . 2012-08-04 08:51 192592 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-07-13 11:00 . 2012-08-04 08:51 114144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-07-13 11:00 . 2012-08-04 08:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-07-13 11:00 . 2012-08-04 08:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-07-12 08:57 . 2012-07-12 08:57 -------- d-----w- c:\program files\x86

2012-07-12 08:55 . 2012-08-05 14:02 -------- d-----w- c:\program files\OApps

2012-07-12 08:55 . 2012-08-03 08:09 -------- d-----w- c:\program files\TorrentSearch

2012-07-12 08:54 . 2012-07-12 08:54 -------- d-----w- c:\users\sheila\Xoliul Shader

2012-07-12 08:54 . 2012-08-06 11:21 -------- d-----w- c:\program files\intellidownload

2012-07-10 17:37 . 2012-07-10 17:37 184886 ----a-w- C:\torrent.exe

2012-07-10 13:04 . 2012-07-10 13:04 -------- d-----w- c:\users\sheila\AppData\Local\Aeria Games

2012-07-10 13:03 . 2012-07-10 13:03 -------- d-----w- c:\programdata\Aeria Games

2012-07-10 12:49 . 2012-07-25 18:26 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2012-07-10 12:49 . 2012-08-03 08:09 -------- d-----w- c:\program files\Aeria Games

2012-07-10 08:46 . 2012-08-03 08:09 -------- d-----w- C:\New Folder

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 07:20 . 2012-06-27 03:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-04 07:20 . 2012-06-27 03:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-19 23:59 . 2012-06-19 23:59 18944 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe

2012-05-31 16:25 . 2010-04-02 13:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-18 00:39 . 2012-05-18 00:39 16304 ------w- c:\windows\system32\apl003.sys

2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]

2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\sheila\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]

"AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360]

"MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-04-05 30096]

"Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]

"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816]

"PC Pitstop PC Matic Reminder"="c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe" [2012-05-16 325320]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]

2011-07-04 11:43 3493720 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2008-11-17 11:29 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]

2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]

2008-06-03 19:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnamon]

2008-03-17 21:29 16624 ----a-w- c:\program files\Dell V105\dldnamon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnmon.exe]

2008-03-17 21:29 668912 ----a-w- c:\program files\Dell V105\dldnmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2010-03-31 15:13 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]

2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-06-16 02:13 116648 ----atw- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-02-26 17:57 173592 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-02-26 17:57 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-08-09 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-02-26 17:57 150552 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]

2009-06-19 16:25 4825976 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]

2012-05-15 14:06 325448 ----a-w- c:\users\sheila\AppData\Roaming\Smilebox\SmileboxTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-10-07 02:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2010-03-31 15:05 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

R0 45083044;45083044;c:\windows\system32\drivers\07025176.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:20]

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44]

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000Core.job

- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000UA.job

- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13]

.

2012-07-16 c:\windows\Tasks\Norton Security Scan for sheila.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-16 04:51]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/

mStart Page = hxxp://www.yahoo.com

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=

FF - user.js: browser.search.defaultEngine - yahoo

FF - user.js: browser.search.defaultenginename - yahoo

FF - user.js: browser.search.selectedEngine - Yahoo

FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p=

FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p=

FF - user.js: browser.search.param.yahoo-fr - chrf-protectff

FF - user.js: extensions.autoDisableScopes - 14

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-07 08:33

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCCUJobMgr]

"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]

"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,

99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,

2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,

8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56,

ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,

f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc

"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,

f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95

"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,

93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d2,77,

68,82,e9,5d,3d,9d,e9,17,af,ad,b0,e5,ab

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:d1,03,ad,e3,bd,33,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2676)

c:\windows\system32\ACTXPRXY.DLL

c:\program files\MyFunCards_5m\bar\1.bin\5mbrstub.dll

c:\program files\Norton Security Suite\Engine\5.2.2.3\ccIPC.dll

c:\program files\Norton Security Suite\Engine\5.2.2.3\ccGEvt.dll

c:\windows\system32\mssprxy.dll

.

Completion time: 2012-08-07 08:39:42

ComboFix-quarantined-files.txt 2012-08-07 12:39

ComboFix2.txt 2012-08-07 00:03

ComboFix3.txt 2012-08-06 12:30

.

Pre-Run: 182,438,207,488 bytes free

Post-Run: 182,392,610,816 bytes free

.

- - End Of File - - B8B179B65D4A03FC56CC13D3F75C7421

Share this post


Link to post
Share on other sites

Good, now is much better. :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

This was the only log I found

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Share this post


Link to post
Share on other sites

Everything is running smoothly. Shut downs, log ins, rebooting the laptop is so much easier and works much faster. It's almost as if the laptop is brand new.

Is there anything else I need to do?

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.