Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Win 32 alurean.fo


(!)

PaGrrl's Avatar
PaGrrl PaGrrl is offline
Member with 34 posts.
THREAD STARTER
 
Join Date: May 2007
31-Jul-2012, 01:55 AM #1
Win 32 alurean.fo
Hi there, My computer found this virus it wouldnt let me delete it so I had to quarantine it. But I still seem to be having trouble with the computer. Slow and acts different. Also redirects me when I try to go somewhere it takes me another place.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:26:12 AM, on 7/31/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tanya\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/?a=DgVJWLEGFh
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.716.0\NativeBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON NX110 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE /FU "C:\Users\Tanya\AppData\Local\Temp\E_S5C0D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON NX110 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE /FU "C:\Windows\TEMP\E_S3481.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Tanya\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

--
End of file - 7458 bytes




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Tanya at 1:27:59 on 2012-07-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3573.1044 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Users\Tanya\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredimail.com/?a=DgVJWLEGFh
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\programdata\white sky, inc\id vault\iebho1.1.716.0\NativeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TBSB07898 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\coupons.com couponbar\tbcore3.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - c:\program files\coupons.com couponbar\tbcore3.dll
TB: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [EPSON NX110 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifba.exe /fu "c:\users\tanya\appdata\local\temp\E_S5C0D.tmp" /EF "HKCU"
uRun: [EPSON NX110 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifba.exe /fu "c:\windows\temp\E_S3481.tmp" /EF "HKCU"
uRun: [Facebook Update] "c:\users\tanya\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{ED7302B1-BE3B-45A3-B442-C03EF67E3CE3} : DhcpNameServer = 75.75.76.76 75.75.75.75
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tanya\appdata\roaming\mozilla\firefox\profiles\flca98ga.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?src_id=30182&client_id=f8b8ba561f641a9b9c5e4ca8&camp_id=3353&install_ti me=2012-06-04T02:54:09Z&pr=auto&tb_version=1.0.17000(G)&q=
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\tanya\appdata\local\facebook\video\skype\npFacebookVideoCalling.dl l
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-1-22 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-1-22 12464]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2012-1-11 25232]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120728.001\IDSvix86.sys [2012-7-30 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0502020.003\symnets.sys [2012-7-16 299640]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-6-7 176128]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-7-18 66160]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-9-23 641832]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-6-1 185856]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-6-4 115808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-5-22 148800]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-1-11 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-21 1262400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2012-1-11 70272]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-10-26 8853504]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-10-26 264192]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2012-1-11 149632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-1-11 211984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 113120]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-13 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
.
=============== Created Last 30 ================
.
2012-07-29 15:24:30 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3d45e049-1138-4efe-abd6-266fed836f46}\mpengine.dll
2012-07-27 15:20:30 -------- d-----w- c:\users\tanya\appdata\local\Symantec
2012-07-17 01:47:15 -------- d-----w- c:\users\tanya\appdata\roaming\Microsoft Games
2012-07-17 01:47:09 60200 ------r- c:\program files\microsoft games\zoo tycoon 2\SetupENU3.dll
2012-07-17 01:47:08 -------- d-----w- c:\program files\common files\Microsoft Games
2012-07-17 01:43:15 60216 ------w- c:\program files\microsoft games\zoo tycoon 2\SetupENU2.dll
2012-07-17 01:40:03 -------- d-----w- c:\programdata\Microsoft Games
2012-07-16 20:05:40 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys
2012-07-16 20:05:40 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys
2012-07-16 20:05:40 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys
2012-07-16 20:05:40 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys
2012-07-16 20:05:40 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys
2012-07-16 20:05:40 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys
2012-07-16 20:05:29 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003
2012-07-11 07:00:55 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 03:31:46 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-07-09 03:31:38 237072 ------w- c:\windows\system32\MpSigStub.exe
.
==================== Find3M ====================
.
2012-07-27 12:10:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 12:10:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28:49 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 06:21:50 423744 ----a-w- c:\windows\system32\nvStreaming.exe
.
============= FINISH: 1:29:16.91 ===============





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-31 01:46:25
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD5000AADS-00S9B0 rev.01.00A01
Running: mmvsr5ug.exe; Driver: C:\Users\Tanya\AppData\Local\Temp\ugloapod.sys


---- System - GMER 1.0.15 ----

SSDT 88DFD3C8 ZwAlertResumeThread
SSDT 89260788 ZwAlertThread
SSDT 892613E8 ZwAllocateVirtualMemory
SSDT 87D69AB8 ZwAlpcConnectPort
SSDT 89259160 ZwAssignProcessToJobObject
SSDT 88DFD480 ZwCreateMutant
SSDT 8926C2B0 ZwCreateSymbolicLinkObject
SSDT 89266868 ZwCreateThread
SSDT 8926C340 ZwCreateThreadEx
SSDT 8925E368 ZwDebugActiveProcess
SSDT 8797AD10 ZwDuplicateObject
SSDT 89084988 ZwFreeVirtualMemory
SSDT 884B4280 ZwImpersonateAnonymousToken
SSDT 8797EDC0 ZwImpersonateThread
SSDT 87D6AFD0 ZwLoadDriver
SSDT 8926AEF0 ZwMapViewOfSection
SSDT 8790A6C0 ZwOpenEvent
SSDT 891815A8 ZwOpenProcess
SSDT 87AC4490 ZwOpenProcessToken
SSDT 8926A4D0 ZwOpenSection
SSDT 891FEB50 ZwOpenThread
SSDT 89266990 ZwProtectVirtualMemory
SSDT 89260DE0 ZwResumeThread
SSDT 89253610 ZwSetContextThread
SSDT 89255AC8 ZwSetInformationProcess
SSDT 8925B7E0 ZwSetSystemInformation
SSDT 891295B0 ZwSuspendProcess
SSDT 89258380 ZwSuspendThread
SSDT 891765D0 ZwTerminateProcess
SSDT 89255130 ZwTerminateThread
SSDT 891AB5A8 ZwUnmapViewOfSection
SSDT 89263758 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 830793C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B2D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 830B9D90 6 Bytes [C8, D3, DF, 88, 88, 07] {ENTER 0xdfd3, 0x88; MOV [EDI], AL}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10E2 830B9D97 1 Byte [89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 830B9DA8 2 Bytes CALL C494C3C0
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F6 830B9DAB 1 Byte [89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 830B9DB4 4 Bytes [B8, 9A, D6, 87]
.text ...
? C:\Users\Tanya\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
.text autochk.exe 003211D3 5 Bytes [FF, D5, 03, 10, 53] {CALL EBP; ADD EDX, [EAX]; PUSH EBX}
.text autochk.exe 003211DA 1 Byte [2F]
.text autochk.exe 003211DA 3 Bytes [2F, 00, 10] {DAS ; ADD [EAX], DL}
.text autochk.exe 003211E0 1 Byte [07]
.text autochk.exe 003211E4 1 Byte [09]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[2192] ntdll.dll!NtWriteFile 77036A68 5 Bytes JMP 00013E39
.text C:\Windows\system32\svchost.exe[2192] kernel32.dll!SetUnhandledExceptionFilter 754FF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[2192] USER32.dll!GetCursorPos 76ABA4B3 5 Bytes JMP 000147A7
.text C:\Windows\system32\svchost.exe[2192] USER32.dll!GetForegroundWindow 76AC335D 5 Bytes JMP 00014856
.text C:\Windows\system32\svchost.exe[2192] USER32.dll!IsWindowVisible 76AC4D69 5 Bytes JMP 0001487D
.text C:\Windows\system32\svchost.exe[2192] USER32.dll!WindowFromPoint 76AE6BE9 5 Bytes JMP 000147F6
.text C:\Windows\system32\svchost.exe[2192] USER32.dll!MessageBoxIndirectW 76B0E963 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[2192] WS2_32.dll!GetAddrInfoW 76C64889 5 Bytes JMP 00014743
.text C:\Windows\system32\svchost.exe[2192] ole32.dll!CoGetClassObject 756A54AD 5 Bytes JMP 0001494A
.text C:\Windows\system32\svchost.exe[2192] ole32.dll!CoCreateInstance 756B9D0B 5 Bytes JMP 00014974
.text C:\Program Files\Mozilla Firefox\firefox.exe[3816] ntdll.dll!LdrGetProcedureAddress + 26 77052239 7 Bytes JMP 5E0AB52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3816] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 754F93D6 7 Bytes JMP 5E35B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3816] kernel32.dll!QueryPerformanceCounter + 13 754FC435 7 Bytes JMP 5E35B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3816] GDI32.dll!GetViewportOrgEx + 26C 76F1884B 7 Bytes JMP 5E35B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
PaGrrl's Avatar
PaGrrl PaGrrl is offline
Member with 34 posts.
THREAD STARTER
 
Join Date: May 2007
02-Aug-2012, 12:27 PM #2
Now its starting to freeze shut down and do things it shouldnt be doing. So does anyone have any ideas? I posted a couple of days ago and still have not got a reply
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
02-Aug-2012, 12:39 PM #3
Hello PaGrrl and welcome to TSG,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.
  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.

Please proceed as follows :-

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on to run the application.
  • The "Ready to scan" window will open, Click on "Change parameters"




  • Place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.





  • Select "Start Scan"




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Kevin
PaGrrl's Avatar
PaGrrl PaGrrl is offline
Member with 34 posts.
THREAD STARTER
 
Join Date: May 2007
02-Aug-2012, 10:59 PM #4
Hey Kevin thanks for taking the time to help me. I did what you asked and here is the log.


22:43:05.0985 7992 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:43:06.0552 7992 ============================================================
22:43:06.0552 7992 Current date / time: 2012/08/02 22:43:06.0552
22:43:06.0552 7992 SystemInfo:
22:43:06.0552 7992
22:43:06.0552 7992 OS Version: 6.1.7601 ServicePack: 1.0
22:43:06.0552 7992 Product type: Workstation
22:43:06.0552 7992 ComputerName: PIXIE-PC
22:43:06.0552 7992 UserName: Tanya
22:43:06.0552 7992 Windows directory: C:\Windows
22:43:06.0552 7992 System windows directory: C:\Windows
22:43:06.0552 7992 Processor architecture: Intel x86
22:43:06.0552 7992 Number of processors: 2
22:43:06.0552 7992 Page size: 0x1000
22:43:06.0552 7992 Boot type: Normal boot
22:43:06.0552 7992 ============================================================
22:43:08.0807 7992 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:43:08.0808 7992 ============================================================
22:43:08.0808 7992 \Device\Harddisk0\DR0:
22:43:08.0808 7992 MBR partitions:
22:43:08.0808 7992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
22:43:08.0808 7992 ============================================================
22:43:08.0827 7992 C: <-> \Device\Harddisk0\DR0\Partition0
22:43:08.0827 7992 ============================================================
22:43:08.0827 7992 Initialize success
22:43:08.0827 7992 ============================================================
22:43:44.0787 6220 ============================================================
22:43:44.0787 6220 Scan started
22:43:44.0787 6220 Mode: Manual;
22:43:44.0787 6220 ============================================================
22:43:45.0283 6220 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:43:45.0285 6220 1394ohci - ok
22:43:45.0311 6220 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:43:45.0314 6220 ACPI - ok
22:43:45.0332 6220 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:43:45.0333 6220 AcpiPmi - ok
22:43:45.0421 6220 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:43:45.0422 6220 AdobeARMservice - ok
22:43:45.0529 6220 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:43:45.0531 6220 AdobeFlashPlayerUpdateSvc - ok
22:43:45.0578 6220 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
22:43:45.0583 6220 adp94xx - ok
22:43:45.0610 6220 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
22:43:45.0614 6220 adpahci - ok
22:43:45.0636 6220 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
22:43:45.0638 6220 adpu320 - ok
22:43:45.0691 6220 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:43:45.0693 6220 AeLookupSvc - ok
22:43:45.0730 6220 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:43:45.0734 6220 AFD - ok
22:43:45.0761 6220 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:43:45.0763 6220 agp440 - ok
22:43:45.0818 6220 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
22:43:45.0820 6220 aic78xx - ok
22:43:45.0846 6220 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:43:45.0847 6220 ALG - ok
22:43:45.0866 6220 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:43:45.0867 6220 aliide - ok
22:43:45.0908 6220 AMD External Events Utility (89dd6104e542552daf25f42a30f75e08) C:\Windows\system32\atiesrxx.exe
22:43:45.0911 6220 AMD External Events Utility - ok
22:43:45.0930 6220 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:43:45.0932 6220 amdagp - ok
22:43:45.0999 6220 amdhub30 (9e5ece4c5a036b159f949dcdad2728ea) C:\Windows\system32\DRIVERS\amdhub30.sys
22:43:46.0001 6220 amdhub30 - ok
22:43:46.0005 6220 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:43:46.0006 6220 amdide - ok
22:43:46.0010 6220 amdiox86 - ok
22:43:46.0023 6220 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
22:43:46.0025 6220 AmdK8 - ok
22:43:46.0689 6220 amdkmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys
22:43:46.0800 6220 amdkmdag - ok
22:43:46.0923 6220 amdkmdap (f566c90e4bbe387e905130b6e490dccd) C:\Windows\system32\DRIVERS\atikmpag.sys
22:43:46.0927 6220 amdkmdap - ok
22:43:46.0967 6220 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:43:46.0968 6220 AmdPPM - ok
22:43:47.0007 6220 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:43:47.0009 6220 amdsata - ok
22:43:47.0038 6220 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
22:43:47.0041 6220 amdsbs - ok
22:43:47.0061 6220 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:43:47.0061 6220 amdxata - ok
22:43:47.0128 6220 amdxhc (2668791b83ed50f38e8f08c95c54ae1c) C:\Windows\system32\DRIVERS\amdxhc.sys
22:43:47.0130 6220 amdxhc - ok
22:43:47.0146 6220 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:43:47.0147 6220 AppID - ok
22:43:47.0244 6220 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:43:47.0246 6220 AppIDSvc - ok
22:43:47.0272 6220 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:43:47.0274 6220 Appinfo - ok
22:43:47.0298 6220 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
22:43:47.0300 6220 arc - ok
22:43:47.0313 6220 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
22:43:47.0315 6220 arcsas - ok
22:43:47.0335 6220 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:43:47.0336 6220 AsyncMac - ok
22:43:47.0354 6220 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:43:47.0355 6220 atapi - ok
22:43:47.0414 6220 AtiHDAudioService (84faf3d287d56d210f84db7c1349d43b) C:\Windows\system32\drivers\AtihdW73.sys
22:43:47.0417 6220 AtiHDAudioService - ok
22:43:47.0495 6220 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:43:47.0511 6220 AudioEndpointBuilder - ok
22:43:47.0517 6220 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:43:47.0520 6220 Audiosrv - ok
22:43:47.0547 6220 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:43:47.0549 6220 AxInstSV - ok
22:43:47.0578 6220 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
22:43:47.0583 6220 b06bdrv - ok
22:43:47.0629 6220 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:43:47.0633 6220 b57nd60x - ok
22:43:47.0676 6220 BazisVirtualCDBus (1bab373a270207f600c9cf8f167f3f03) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
22:43:47.0678 6220 BazisVirtualCDBus - ok
22:43:47.0701 6220 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:43:47.0703 6220 BDESVC - ok
22:43:47.0719 6220 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:43:47.0720 6220 Beep - ok
22:43:47.0765 6220 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
22:43:47.0774 6220 BFE - ok
22:43:47.0939 6220 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
22:43:47.0947 6220 BHDrvx86 - ok
22:43:48.0091 6220 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
22:43:48.0109 6220 BITS - ok
22:43:48.0160 6220 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:43:48.0161 6220 blbdrive - ok
22:43:48.0185 6220 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:43:48.0186 6220 bowser - ok
22:43:48.0201 6220 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
22:43:48.0202 6220 BrFiltLo - ok
22:43:48.0208 6220 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
22:43:48.0209 6220 BrFiltUp - ok
22:43:48.0262 6220 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:43:48.0264 6220 Browser - ok
22:43:48.0300 6220 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:43:48.0303 6220 Brserid - ok
22:43:48.0319 6220 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:43:48.0320 6220 BrSerWdm - ok
22:43:48.0337 6220 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:43:48.0338 6220 BrUsbMdm - ok
22:43:48.0352 6220 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:43:48.0353 6220 BrUsbSer - ok
22:43:48.0378 6220 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
22:43:48.0380 6220 BTHMODEM - ok
22:43:48.0413 6220 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:43:48.0415 6220 bthserv - ok
22:43:48.0426 6220 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:43:48.0428 6220 cdfs - ok
22:43:48.0467 6220 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
22:43:48.0470 6220 cdrom - ok
22:43:48.0529 6220 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:43:48.0531 6220 CertPropSvc - ok
22:43:48.0544 6220 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
22:43:48.0545 6220 circlass - ok
22:43:48.0579 6220 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:43:48.0582 6220 CLFS - ok
22:43:48.0650 6220 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:43:48.0652 6220 clr_optimization_v2.0.50727_32 - ok
22:43:48.0717 6220 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:43:48.0719 6220 clr_optimization_v4.0.30319_32 - ok
22:43:48.0739 6220 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
22:43:48.0741 6220 CmBatt - ok
22:43:48.0748 6220 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:43:48.0749 6220 cmdide - ok
22:43:48.0814 6220 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
22:43:48.0818 6220 CNG - ok
22:43:48.0828 6220 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
22:43:48.0829 6220 Compbatt - ok
22:43:48.0856 6220 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:43:48.0857 6220 CompositeBus - ok
22:43:48.0861 6220 COMSysApp - ok
22:43:48.0882 6220 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
22:43:48.0883 6220 crcdisk - ok
22:43:48.0964 6220 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
22:43:48.0967 6220 CryptSvc - ok
22:43:49.0031 6220 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:43:49.0037 6220 DcomLaunch - ok
22:43:49.0088 6220 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:43:49.0091 6220 defragsvc - ok
22:43:49.0102 6220 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:43:49.0104 6220 DfsC - ok
22:43:49.0137 6220 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:43:49.0140 6220 Dhcp - ok
22:43:49.0145 6220 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:43:49.0146 6220 discache - ok
22:43:49.0182 6220 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
22:43:49.0183 6220 Disk - ok
22:43:49.0212 6220 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:43:49.0215 6220 Dnscache - ok
22:43:49.0301 6220 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:43:49.0305 6220 dot3svc - ok
22:43:49.0333 6220 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:43:49.0335 6220 DPS - ok
22:43:49.0387 6220 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:43:49.0388 6220 drmkaud - ok
22:43:49.0435 6220 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:43:49.0447 6220 DXGKrnl - ok
22:43:49.0460 6220 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:43:49.0463 6220 EapHost - ok
22:43:49.0633 6220 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
22:43:49.0664 6220 ebdrv - ok
22:43:49.0795 6220 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:43:49.0799 6220 eeCtrl - ok
22:43:49.0904 6220 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:43:49.0906 6220 EFS - ok
22:43:50.0004 6220 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:43:50.0011 6220 ehRecvr - ok
22:43:50.0038 6220 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:43:50.0041 6220 ehSched - ok
22:43:50.0119 6220 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
22:43:50.0125 6220 elxstor - ok
22:43:50.0194 6220 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
22:43:50.0197 6220 EPSON_EB_RPCV4_01 - ok
22:43:50.0242 6220 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
22:43:50.0244 6220 EPSON_PM_RPCV4_01 - ok
22:43:50.0397 6220 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:43:50.0399 6220 EraserUtilRebootDrv - ok
22:43:50.0412 6220 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:43:50.0413 6220 ErrDev - ok
22:43:50.0474 6220 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:43:50.0479 6220 EventSystem - ok
22:43:50.0508 6220 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:43:50.0512 6220 exfat - ok
22:43:50.0526 6220 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:43:50.0529 6220 fastfat - ok
22:43:50.0621 6220 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:43:50.0639 6220 Fax - ok
22:43:50.0661 6220 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
22:43:50.0663 6220 fdc - ok
22:43:50.0672 6220 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:43:50.0674 6220 fdPHost - ok
22:43:50.0691 6220 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:43:50.0694 6220 FDResPub - ok
22:43:50.0705 6220 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:43:50.0705 6220 FileInfo - ok
22:43:50.0728 6220 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:43:50.0729 6220 Filetrace - ok
22:43:50.0743 6220 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
22:43:50.0744 6220 flpydisk - ok
22:43:50.0770 6220 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:43:50.0772 6220 FltMgr - ok
22:43:50.0833 6220 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:43:50.0854 6220 FontCache - ok
22:43:50.0956 6220 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:43:50.0957 6220 FontCache3.0.0.0 - ok
22:43:50.0969 6220 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:43:50.0971 6220 FsDepends - ok
22:43:51.0010 6220 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
22:43:51.0011 6220 Fs_Rec - ok
22:43:51.0048 6220 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:43:51.0051 6220 fvevol - ok
22:43:51.0082 6220 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
22:43:51.0084 6220 gagp30kx - ok
22:43:51.0111 6220 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:43:51.0112 6220 GEARAspiWDM - ok
22:43:51.0157 6220 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\Windows\system32\drivers\GIDv2.sys
22:43:51.0158 6220 GIDv2 - ok
22:43:51.0208 6220 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:43:51.0224 6220 gpsvc - ok
22:43:51.0240 6220 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:43:51.0241 6220 hcw85cir - ok
22:43:51.0322 6220 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:43:51.0326 6220 HdAudAddService - ok
22:43:51.0356 6220 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:43:51.0358 6220 HDAudBus - ok
22:43:51.0371 6220 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
22:43:51.0372 6220 HidBatt - ok
22:43:51.0397 6220 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
22:43:51.0399 6220 HidBth - ok
22:43:51.0434 6220 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
22:43:51.0435 6220 HidIr - ok
22:43:51.0443 6220 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
22:43:51.0445 6220 hidserv - ok
22:43:51.0461 6220 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:43:51.0463 6220 HidUsb - ok
22:43:51.0520 6220 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:43:51.0523 6220 hkmsvc - ok
22:43:51.0546 6220 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:43:51.0550 6220 HomeGroupListener - ok
22:43:51.0610 6220 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:43:51.0614 6220 HomeGroupProvider - ok
22:43:51.0628 6220 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:43:51.0629 6220 HpSAMD - ok
22:43:51.0748 6220 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:43:51.0754 6220 HTTP - ok
22:43:51.0767 6220 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:43:51.0768 6220 hwpolicy - ok
22:43:51.0793 6220 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
22:43:51.0795 6220 i8042prt - ok
22:43:51.0825 6220 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:43:51.0829 6220 iaStorV - ok
22:43:51.0923 6220 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:43:51.0925 6220 IDriverT - ok
22:43:52.0044 6220 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:43:52.0063 6220 idsvc - ok
22:43:52.0200 6220 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120802.001\IDSvix86.sys
22:43:52.0204 6220 IDSVix86 - ok
22:43:52.0263 6220 IDVaultSvc (a744324e96d6c12a007a4a11e910afdb) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
22:43:52.0271 6220 IDVaultSvc - ok
22:43:52.0383 6220 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
22:43:52.0384 6220 iirsp - ok
22:43:52.0482 6220 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:43:52.0500 6220 IKEEXT - ok
22:43:52.0716 6220 IntcAzAudAddService (6bea3c6c9b0dc7bb92a54154796895b7) C:\Windows\system32\drivers\RTKVHDA.sys
22:43:52.0759 6220 IntcAzAudAddService - ok
22:43:52.0888 6220 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:43:52.0889 6220 intelide - ok
22:43:52.0922 6220 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
22:43:52.0924 6220 intelppm - ok
22:43:52.0974 6220 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:43:52.0976 6220 IPBusEnum - ok
22:43:53.0003 6220 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:43:53.0005 6220 IpFilterDriver - ok
22:43:53.0045 6220 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:43:53.0054 6220 iphlpsvc - ok
22:43:53.0074 6220 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:43:53.0076 6220 IPMIDRV - ok
22:43:53.0088 6220 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:43:53.0090 6220 IPNAT - ok
22:43:53.0117 6220 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:43:53.0118 6220 IRENUM - ok
22:43:53.0134 6220 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:43:53.0136 6220 isapnp - ok
22:43:53.0166 6220 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:43:53.0170 6220 iScsiPrt - ok
22:43:53.0206 6220 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:43:53.0207 6220 kbdclass - ok
22:43:53.0219 6220 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:43:53.0220 6220 kbdhid - ok
22:43:53.0241 6220 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:43:53.0242 6220 KeyIso - ok
22:43:53.0294 6220 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
22:43:53.0295 6220 KSecDD - ok
22:43:53.0307 6220 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
22:43:53.0308 6220 KSecPkg - ok
22:43:53.0398 6220 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:43:53.0402 6220 KtmRm - ok
22:43:53.0472 6220 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
22:43:53.0476 6220 LanmanServer - ok
22:43:53.0524 6220 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:43:53.0528 6220 LanmanWorkstation - ok
22:43:53.0549 6220 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:43:53.0550 6220 lltdio - ok
22:43:53.0615 6220 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:43:53.0619 6220 lltdsvc - ok
22:43:53.0636 6220 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:43:53.0638 6220 lmhosts - ok
22:43:53.0674 6220 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
22:43:53.0676 6220 LSI_FC - ok
22:43:53.0705 6220 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
22:43:53.0707 6220 LSI_SAS - ok
22:43:53.0718 6220 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
22:43:53.0720 6220 LSI_SAS2 - ok
22:43:53.0741 6220 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
22:43:53.0743 6220 LSI_SCSI - ok
22:43:53.0759 6220 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:43:53.0761 6220 luafv - ok
22:43:53.0812 6220 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:43:53.0815 6220 Mcx2Svc - ok
22:43:53.0826 6220 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
22:43:53.0827 6220 megasas - ok
22:43:53.0850 6220 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
22:43:53.0853 6220 MegaSR - ok
22:43:53.0903 6220 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:43:53.0905 6220 MMCSS - ok
22:43:53.0926 6220 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:43:53.0927 6220 Modem - ok
22:43:53.0960 6220 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:43:53.0961 6220 monitor - ok
22:43:53.0966 6220 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:43:53.0967 6220 mouclass - ok
22:43:53.0990 6220 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:43:53.0991 6220 mouhid - ok
22:43:54.0012 6220 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:43:54.0014 6220 mountmgr - ok
22:43:54.0118 6220 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:43:54.0119 6220 MozillaMaintenance - ok
22:43:54.0146 6220 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:43:54.0148 6220 mpio - ok
22:43:54.0168 6220 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:43:54.0169 6220 mpsdrv - ok
22:43:54.0204 6220 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
22:43:54.0211 6220 MpsSvc - ok
22:43:54.0238 6220 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:43:54.0240 6220 MRxDAV - ok
22:43:54.0287 6220 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:43:54.0288 6220 mrxsmb - ok
22:43:54.0315 6220 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:43:54.0317 6220 mrxsmb10 - ok
22:43:54.0334 6220 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:43:54.0336 6220 mrxsmb20 - ok
22:43:54.0358 6220 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:43:54.0360 6220 msahci - ok
22:43:54.0407 6220 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:43:54.0410 6220 msdsm - ok
22:43:54.0453 6220 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:43:54.0457 6220 MSDTC - ok
22:43:54.0481 6220 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:43:54.0482 6220 Msfs - ok
22:43:54.0494 6220 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:43:54.0495 6220 mshidkmdf - ok
22:43:54.0500 6220 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:43:54.0500 6220 msisadrv - ok
22:43:54.0559 6220 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:43:54.0561 6220 MSiSCSI - ok
22:43:54.0564 6220 msiserver - ok
22:43:54.0578 6220 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:43:54.0579 6220 MSKSSRV - ok
22:43:54.0586 6220 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:43:54.0587 6220 MSPCLOCK - ok
22:43:54.0597 6220 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:43:54.0598 6220 MSPQM - ok
22:43:54.0620 6220 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:43:54.0622 6220 MsRPC - ok
22:43:54.0623 6220 Scan interrupted by user!
22:43:54.0623 6220 Scan interrupted by user!
22:43:54.0623 6220 Scan interrupted by user!
22:43:54.0623 6220 ============================================================
22:43:54.0623 6220 Scan finished
22:43:54.0623 6220 ============================================================
22:43:54.0635 6236 Detected object count: 0
22:43:54.0635 6236 Actual detected object count: 0
22:44:38.0024 7884 ============================================================
22:44:38.0024 7884 Scan started
22:44:38.0024 7884 Mode: Manual; SigCheck; TDLFS;
22:44:38.0024 7884 ============================================================
22:44:38.0384 7884 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:44:38.0498 7884 1394ohci - ok
22:44:38.0533 7884 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:44:38.0548 7884 ACPI - ok
22:44:38.0565 7884 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:44:38.0621 7884 AcpiPmi - ok
22:44:38.0691 7884 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:44:38.0701 7884 AdobeARMservice - ok
22:44:38.0774 7884 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:44:38.0787 7884 AdobeFlashPlayerUpdateSvc - ok
22:44:38.0836 7884 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
22:44:38.0853 7884 adp94xx - ok
22:44:38.0893 7884 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
22:44:38.0907 7884 adpahci - ok
22:44:38.0930 7884 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
22:44:38.0943 7884 adpu320 - ok
22:44:38.0997 7884 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:44:39.0114 7884 AeLookupSvc - ok
22:44:39.0145 7884 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:44:39.0238 7884 AFD - ok
22:44:39.0259 7884 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:44:39.0271 7884 agp440 - ok
22:44:39.0327 7884 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
22:44:39.0339 7884 aic78xx - ok
22:44:39.0356 7884 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:44:39.0431 7884 ALG - ok
22:44:39.0448 7884 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:44:39.0458 7884 aliide - ok
22:44:39.0497 7884 AMD External Events Utility (89dd6104e542552daf25f42a30f75e08) C:\Windows\system32\atiesrxx.exe
22:44:39.0664 7884 AMD External Events Utility - ok
22:44:39.0750 7884 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:44:39.0761 7884 amdagp - ok
22:44:39.0869 7884 amdhub30 (9e5ece4c5a036b159f949dcdad2728ea) C:\Windows\system32\DRIVERS\amdhub30.sys
22:44:39.0883 7884 amdhub30 - ok
22:44:39.0892 7884 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:44:39.0903 7884 amdide - ok
22:44:39.0906 7884 amdiox86 - ok
22:44:39.0929 7884 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
22:44:39.0960 7884 AmdK8 - ok
22:44:40.0385 7884 amdkmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys
22:44:40.0506 7884 amdkmdag - ok
22:44:40.0637 7884 amdkmdap (f566c90e4bbe387e905130b6e490dccd) C:\Windows\system32\DRIVERS\atikmpag.sys
22:44:40.0679 7884 amdkmdap - ok
22:44:40.0705 7884 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:44:40.0736 7884 AmdPPM - ok
22:44:40.0781 7884 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:44:40.0793 7884 amdsata - ok
22:44:40.0824 7884 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
22:44:40.0837 7884 amdsbs - ok
22:44:40.0859 7884 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:44:40.0870 7884 amdxata - ok
22:44:40.0926 7884 amdxhc (2668791b83ed50f38e8f08c95c54ae1c) C:\Windows\system32\DRIVERS\amdxhc.sys
22:44:40.0937 7884 amdxhc - ok
22:44:40.0956 7884 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:44:40.0978 7884 AppID - ok
22:44:41.0018 7884 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:44:41.0041 7884 AppIDSvc - ok
22:44:41.0058 7884 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:44:41.0097 7884 Appinfo - ok
22:44:41.0119 7884 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
22:44:41.0131 7884 arc - ok
22:44:41.0147 7884 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
22:44:41.0158 7884 arcsas - ok
22:44:41.0162 7884 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:44:41.0281 7884 AsyncMac - ok
22:44:41.0308 7884 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:44:41.0319 7884 atapi - ok
22:44:41.0380 7884 AtiHDAudioService (84faf3d287d56d210f84db7c1349d43b) C:\Windows\system32\drivers\AtihdW73.sys
22:44:41.0392 7884 AtiHDAudioService - ok
22:44:41.0424 7884 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:44:41.0476 7884 AudioEndpointBuilder - ok
22:44:41.0482 7884 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:44:41.0524 7884 Audiosrv - ok
22:44:41.0549 7884 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:44:41.0616 7884 AxInstSV - ok
22:44:41.0652 7884 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
22:44:41.0676 7884 b06bdrv - ok
22:44:41.0703 7884 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:44:41.0750 7884 b57nd60x - ok
22:44:41.0786 7884 BazisVirtualCDBus (1bab373a270207f600c9cf8f167f3f03) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
22:44:41.0797 7884 BazisVirtualCDBus - ok
22:44:41.0823 7884 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:44:41.0912 7884 BDESVC - ok
22:44:41.0925 7884 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:44:41.0977 7884 Beep - ok
22:44:42.0032 7884 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
22:44:42.0081 7884 BFE - ok
22:44:42.0241 7884 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
22:44:42.0266 7884 BHDrvx86 - ok
22:44:42.0406 7884 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
22:44:42.0467 7884 BITS - ok
22:44:42.0545 7884 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:44:42.0582 7884 blbdrive - ok
22:44:42.0613 7884 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:44:42.0662 7884 bowser - ok
22:44:42.0671 7884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
22:44:42.0703 7884 BrFiltLo - ok
22:44:42.0726 7884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
22:44:42.0766 7884 BrFiltUp - ok
22:44:42.0792 7884 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:44:42.0815 7884 Browser - ok
22:44:42.0842 7884 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:44:42.0869 7884 Brserid - ok
22:44:42.0884 7884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:44:42.0898 7884 BrSerWdm - ok
22:44:42.0915 7884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:44:42.0946 7884 BrUsbMdm - ok
22:44:42.0966 7884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:44:43.0000 7884 BrUsbSer - ok
22:44:43.0029 7884 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
22:44:43.0061 7884 BTHMODEM - ok
22:44:43.0087 7884 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:44:43.0110 7884 bthserv - ok
22:44:43.0124 7884 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:44:43.0169 7884 cdfs - ok
22:44:43.0201 7884 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
22:44:43.0214 7884 cdrom - ok
22:44:43.0235 7884 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:44:43.0284 7884 CertPropSvc - ok
22:44:43.0314 7884 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
22:44:43.0353 7884 circlass - ok
22:44:43.0385 7884 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:44:43.0399 7884 CLFS - ok
22:44:43.0480 7884 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:44:43.0491 7884 clr_optimization_v2.0.50727_32 - ok
22:44:43.0535 7884 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:44:43.0546 7884 clr_optimization_v4.0.30319_32 - ok
22:44:43.0557 7884 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
22:44:43.0569 7884 CmBatt - ok
22:44:43.0578 7884 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:44:43.0588 7884 cmdide - ok
22:44:43.0655 7884 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
22:44:43.0721 7884 CNG - ok
22:44:43.0741 7884 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
22:44:43.0752 7884 Compbatt - ok
22:44:43.0769 7884 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:44:43.0806 7884 CompositeBus - ok
22:44:43.0809 7884 COMSysApp - ok
22:44:43.0843 7884 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
22:44:43.0854 7884 crcdisk - ok
22:44:43.0914 7884 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
22:44:44.0000 7884 CryptSvc - ok
22:44:44.0066 7884 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:44:44.0110 7884 DcomLaunch - ok
22:44:44.0157 7884 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:44:44.0206 7884 defragsvc - ok
22:44:44.0232 7884 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:44:44.0280 7884 DfsC - ok
22:44:44.0339 7884 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:44:44.0384 7884 Dhcp - ok
22:44:44.0408 7884 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:44:44.0449 7884 discache - ok
22:44:44.0496 7884 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
22:44:44.0507 7884 Disk - ok
22:44:44.0534 7884 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:44:44.0630 7884 Dnscache - ok
22:44:44.0684 7884 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:44:44.0731 7884 dot3svc - ok
22:44:44.0762 7884 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:44:44.0818 7884 DPS - ok
22:44:44.0854 7884 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:44:44.0892 7884 drmkaud - ok
22:44:44.0975 7884 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:44:44.0994 7884 DXGKrnl - ok
22:44:45.0011 7884 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:44:45.0053 7884 EapHost - ok
22:44:45.0215 7884 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
22:44:45.0272 7884 ebdrv - ok
22:44:45.0358 7884 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:44:45.0372 7884 eeCtrl - ok
22:44:45.0479 7884 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:44:45.0557 7884 EFS - ok
22:44:45.0664 7884 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:44:45.0719 7884 ehRecvr - ok
22:44:45.0745 7884 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:44:45.0777 7884 ehSched - ok
22:44:45.0863 7884 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
22:44:45.0879 7884 elxstor - ok
22:44:45.0937 7884 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
22:44:45.0993 7884 EPSON_EB_RPCV4_01 - ok
22:44:46.0009 7884 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
22:44:46.0049 7884 EPSON_PM_RPCV4_01 - ok
22:44:46.0152 7884 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:44:46.0162 7884 EraserUtilRebootDrv - ok
22:44:46.0179 7884 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:44:46.0218 7884 ErrDev - ok
22:44:46.0265 7884 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:44:46.0313 7884 EventSystem - ok
22:44:46.0343 7884 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:44:46.0366 7884 exfat - ok
22:44:46.0389 7884 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:44:46.0432 7884 fastfat - ok
22:44:46.0501 7884 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:44:46.0582 7884 Fax - ok
22:44:46.0596 7884 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
22:44:46.0624 7884 fdc - ok
22:44:46.0655 7884 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:44:46.0705 7884 fdPHost - ok
22:44:46.0734 7884 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:44:46.0780 7884 FDResPub - ok
22:44:46.0808 7884 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:44:46.0819 7884 FileInfo - ok
22:44:46.0831 7884 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:44:46.0853 7884 Filetrace - ok
22:44:46.0869 7884 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
22:44:46.0881 7884 flpydisk - ok
22:44:46.0909 7884 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:44:46.0922 7884 FltMgr - ok
22:44:46.0973 7884 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:44:47.0049 7884 FontCache - ok
22:44:47.0143 7884 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:44:47.0152 7884 FontCache3.0.0.0 - ok
22:44:47.0168 7884 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:44:47.0179 7884 FsDepends - ok
22:44:47.0221 7884 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
22:44:47.0231 7884 Fs_Rec - ok
22:44:47.0248 7884 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:44:47.0263 7884 fvevol - ok
22:44:47.0281 7884 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
22:44:47.0293 7884 gagp30kx - ok
22:44:47.0310 7884 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:44:47.0319 7884 GEARAspiWDM - ok
22:44:47.0344 7884 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\Windows\system32\drivers\GIDv2.sys
22:44:47.0354 7884 GIDv2 - ok
22:44:47.0431 7884 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:44:47.0487 7884 gpsvc - ok
22:44:47.0511 7884 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:44:47.0567 7884 hcw85cir - ok
22:44:47.0646 7884 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:44:47.0679 7884 HdAudAddService - ok
22:44:47.0711 7884 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:44:47.0745 7884 HDAudBus - ok
22:44:47.0773 7884 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
22:44:47.0808 7884 HidBatt - ok
22:44:47.0836 7884 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
22:44:47.0873 7884 HidBth - ok
22:44:47.0897 7884 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
22:44:47.0933 7884 HidIr - ok
22:44:47.0966 7884 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
22:44:48.0010 7884 hidserv - ok
22:44:48.0032 7884 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:44:48.0062 7884 HidUsb - ok
22:44:48.0102 7884 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:44:48.0142 7884 hkmsvc - ok
22:44:48.0177 7884 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:44:48.0209 7884 HomeGroupListener - ok
22:44:48.0265 7884 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:44:48.0311 7884 HomeGroupProvider - ok
22:44:48.0342 7884 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:44:48.0354 7884 HpSAMD - ok
22:44:48.0390 7884 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:44:48.0415 7884 HTTP - ok
22:44:48.0422 7884 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:44:48.0433 7884 hwpolicy - ok
22:44:48.0448 7884 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
22:44:48.0461 7884 i8042prt - ok
22:44:48.0498 7884 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:44:48.0512 7884 iaStorV - ok
22:44:48.0602 7884 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:44:48.0625 7884 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:44:48.0625 7884 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:44:48.0761 7884 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:44:48.0780 7884 idsvc - ok
22:44:48.0916 7884 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120802.001\IDSvix86.sys
22:44:48.0930 7884 IDSVix86 - ok
22:44:48.0977 7884 IDVaultSvc (a744324e96d6c12a007a4a11e910afdb) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
22:44:48.0987 7884 IDVaultSvc - ok
22:44:49.0072 7884 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
22:44:49.0084 7884 iirsp - ok
22:44:49.0161 7884 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:44:49.0217 7884 IKEEXT - ok
22:44:49.0420 7884 IntcAzAudAddService (6bea3c6c9b0dc7bb92a54154796895b7) C:\Windows\system32\drivers\RTKVHDA.sys
22:44:49.0473 7884 IntcAzAudAddService - ok
22:44:49.0614 7884 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:44:49.0625 7884 intelide - ok
22:44:49.0636 7884 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
22:44:49.0671 7884 intelppm - ok
22:44:49.0700 7884 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:44:49.0723 7884 IPBusEnum - ok
22:44:49.0741 7884 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:44:49.0765 7884 IpFilterDriver - ok
22:44:49.0796 7884 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:44:49.0823 7884 iphlpsvc - ok
22:44:49.0836 7884 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:44:49.0848 7884 IPMIDRV - ok
22:44:49.0862 7884 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:44:49.0908 7884 IPNAT - ok
22:44:49.0939 7884 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:44:49.0977 7884 IRENUM - ok
22:44:50.0004 7884 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:44:50.0015 7884 isapnp - ok
22:44:50.0036 7884 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:44:50.0050 7884 iScsiPrt - ok
22:44:50.0064 7884 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:44:50.0075 7884 kbdclass - ok
22:44:50.0088 7884 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:44:50.0122 7884 kbdhid - ok
22:44:50.0159 7884 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:44:50.0170 7884 KeyIso - ok
22:44:50.0224 7884 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
22:44:50.0235 7884 KSecDD - ok
22:44:50.0249 7884 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
22:44:50.0261 7884 KSecPkg - ok
22:44:50.0329 7884 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:44:50.0376 7884 KtmRm - ok
22:44:50.0426 7884 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
22:44:50.0476 7884 LanmanServer - ok
22:44:50.0516 7884 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:44:50.0540 7884 LanmanWorkstation - ok
22:44:50.0550 7884 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:44:50.0596 7884 lltdio - ok
22:44:50.0665 7884 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:44:50.0690 7884 lltdsvc - ok
22:44:50.0709 7884 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:44:50.0752 7884 lmhosts - ok
22:44:50.0784 7884 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
22:44:50.0796 7884 LSI_FC - ok
22:44:50.0814 7884 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
22:44:50.0826 7884 LSI_SAS - ok
22:44:50.0840 7884 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
22:44:50.0851 7884 LSI_SAS2 - ok
22:44:50.0875 7884 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
22:44:50.0887 7884 LSI_SCSI - ok
22:44:50.0905 7884 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:44:50.0929 7884 luafv - ok
22:44:50.0982 7884 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:44:50.0995 7884 Mcx2Svc - ok
22:44:51.0008 7884 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
22:44:51.0019 7884 megasas - ok
22:44:51.0043 7884 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
22:44:51.0057 7884 MegaSR - ok
22:44:51.0097 7884 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:44:51.0149 7884 MMCSS - ok
22:44:51.0179 7884 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:44:51.0229 7884 Modem - ok
22:44:51.0262 7884 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:44:51.0301 7884 monitor - ok
22:44:51.0332 7884 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:44:51.0343 7884 mouclass - ok
22:44:51.0352 7884 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:44:51.0387 7884 mouhid - ok
22:44:51.0422 7884 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:44:51.0434 7884 mountmgr - ok
22:44:51.0519 7884 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:44:51.0530 7884 MozillaMaintenance - ok
22:44:51.0556 7884 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:44:51.0568 7884 mpio - ok
22:44:51.0589 7884 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:44:51.0635 7884 mpsdrv - ok
22:44:51.0700 7884 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
22:44:51.0755 7884 MpsSvc - ok
22:44:51.0791 7884 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:44:51.0806 7884 MRxDAV - ok
22:44:51.0840 7884 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:44:51.0868 7884 mrxsmb - ok
22:44:51.0893 7884 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:44:51.0905 7884 mrxsmb10 - ok
22:44:51.0924 7884 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:44:51.0953 7884 mrxsmb20 - ok
22:44:51.0984 7884 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:44:51.0995 7884 msahci - ok
22:44:52.0010 7884 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:44:52.0022 7884 msdsm - ok
22:44:52.0043 7884 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:44:52.0078 7884 MSDTC - ok
22:44:52.0107 7884 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:44:52.0130 7884 Msfs - ok
22:44:52.0144 7884 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:44:52.0166 7884 mshidkmdf - ok
22:44:52.0186 7884 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:44:52.0197 7884 msisadrv - ok
22:44:52.0256 7884 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:44:52.0304 7884 MSiSCSI - ok
22:44:52.0307 7884 msiserver - ok
22:44:52.0336 7884 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:44:52.0379 7884 MSKSSRV - ok
22:44:52.0404 7884 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:44:52.0454 7884 MSPCLOCK - ok
22:44:52.0487 7884 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:44:52.0510 7884 MSPQM - ok
22:44:52.0534 7884 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:44:52.0547 7884 MsRPC - ok
22:44:52.0600 7884 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
22:44:52.0611 7884 mssmbios - ok
22:44:52.0632 7884 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:44:52.0654 7884 MSTEE - ok
22:44:52.0674 7884 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
22:44:52.0707 7884 MTConfig - ok
22:44:52.0733 7884 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:44:52.0745 7884 Mup - ok
22:44:52.0867 7884 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
22:44:52.0879 7884 N360 - ok
22:44:53.0006 7884 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:44:53.0034 7884 napagent - ok
22:44:53.0076 7884 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:44:53.0094 7884 NativeWifiP - ok
22:44:53.0290 7884 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files\Nero\Update\NASvc.exe
22:44:53.0310 7884 NAUpdate - ok
22:44:53.0463 7884 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120802.008\NAVENG.SYS
22:44:53.0473 7884 NAVENG - ok
22:44:53.0616 7884 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120802.008\NAVEX15.SYS
22:44:53.0652 7884 NAVEX15 - ok
22:44:53.0843 7884 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\Windows\system32\DRIVERS\NBVol.sys
22:44:53.0853 7884 NBVol - ok
22:44:53.0867 7884 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\Windows\system32\DRIVERS\NBVolUp.sys
22:44:53.0876 7884 NBVolUp - ok
22:44:53.0965 7884 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:44:53.0987 7884 NDIS - ok
22:44:54.0010 7884 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:44:54.0061 7884 NdisCap - ok
22:44:54.0107 7884 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:44:54.0148 7884 NdisTapi - ok
22:44:54.0196 7884 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:44:54.0237 7884 Ndisuio - ok
22:44:54.0286 7884 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:44:54.0336 7884 NdisWan - ok
22:44:54.0359 7884 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:44:54.0381 7884 NDProxy - ok
22:44:54.0449 7884 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
22:44:54.0456 7884 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:44:54.0456 7884 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:44:54.0463 7884 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:44:54.0511 7884 NetBIOS - ok
22:44:54.0548 7884 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:44:54.0572 7884 NetBT - ok
22:44:54.0587 7884 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:44:54.0599 7884 Netlogon - ok
22:44:54.0664 7884 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:44:54.0691 7884 Netman - ok
22:44:54.0720 7884 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:44:54.0769 7884 netprofm - ok
22:44:54.0868 7884 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:44:54.0879 7884 NetTcpPortSharing - ok
22:44:54.0898 7884 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
22:44:54.0910 7884 nfrd960 - ok
22:44:54.0941 7884 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:44:54.0988 7884 NlaSvc - ok
22:44:55.0013 7884 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:44:55.0036 7884 Npfs - ok
22:44:55.0092 7884 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:44:55.0117 7884 nsi - ok
22:44:55.0134 7884 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:44:55.0180 7884 nsiproxy - ok
22:44:55.0273 7884 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:44:55.0313 7884 Ntfs - ok
22:44:55.0328 7884 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:44:55.0375 7884 Null - ok
22:44:55.0424 7884 NVHDA (a0a9e53b4aac3c6534a063aba69bc19f) C:\Windows\system32\drivers\nvhda32v.sys
22:44:55.0437 7884 NVHDA - ok
22:44:56.0007 7884 nvlddmkm (afb33a823aabc112fc7bd62afbcdb0cd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:44:56.0207 7884 nvlddmkm - ok
22:44:56.0355 7884 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:44:56.0368 7884 nvraid - ok
22:44:56.0387 7884 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:44:56.0401 7884 nvstor - ok
22:44:56.0458 7884 NVSvc (782945716ad010ac3d41758e8e52c735) C:\Windows\system32\nvvsvc.exe
22:44:56.0505 7884 NVSvc - ok
22:44:56.0639 7884 nvUpdatusService (a974e5c310b9b00894070ceb055d467f) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:44:56.0703 7884 nvUpdatusService - ok
22:44:56.0786 7884 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:44:56.0799 7884 nv_agp - ok
22:44:56.0823 7884 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:44:56.0863 7884 ohci1394 - ok
22:44:56.0913 7884 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:44:57.0002 7884 p2pimsvc - ok
22:44:57.0057 7884 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:44:57.0075 7884 p2psvc - ok
22:44:57.0104 7884 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:44:57.0117 7884 Parport - ok
22:44:57.0143 7884 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
22:44:57.0155 7884 partmgr - ok
22:44:57.0168 7884 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:44:57.0200 7884 Parvdm - ok
22:44:57.0236 7884 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:44:57.0253 7884 PcaSvc - ok
22:44:57.0265 7884 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:44:57.0278 7884 pci - ok
22:44:57.0290 7884 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:44:57.0301 7884 pciide - ok
22:44:57.0330 7884 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
22:44:57.0344 7884 pcmcia - ok
22:44:57.0384 7884 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
22:44:57.0437 7884 pcouffin - ok
22:44:57.0452 7884 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:44:57.0463 7884 pcw - ok
22:44:57.0517 7884 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:44:57.0574 7884 PEAUTH - ok
22:44:57.0669 7884 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:44:57.0739 7884 pla - ok
22:44:57.0870 7884 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:44:57.0955 7884 PlugPlay - ok
22:44:58.0032 7884 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
22:44:58.0065 7884 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:44:58.0065 7884 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:44:58.0090 7884 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:44:58.0121 7884 PNRPAutoReg - ok
22:44:58.0173 7884 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:44:58.0188 7884 PNRPsvc - ok
22:44:58.0240 7884 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
22:44:58.0250 7884 Point32 - ok
22:44:58.0310 7884 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:44:58.0359 7884 PolicyAgent - ok
22:44:58.0413 7884 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:44:58.0437 7884 Power - ok
22:44:58.0499 7884 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:44:58.0545 7884 PptpMiniport - ok
22:44:58.0591 7884 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
22:44:58.0627 7884 Processor - ok
22:44:58.0668 7884 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
22:44:58.0729 7884 ProfSvc - ok
22:44:58.0758 7884 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:44:58.0770 7884 ProtectedStorage - ok
22:44:58.0828 7884 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:44:58.0853 7884 Psched - ok
22:44:58.0934 7884 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
22:44:58.0980 7884 ql2300 - ok
22:44:59.0098 7884 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
22:44:59.0111 7884 ql40xx - ok
22:44:59.0168 7884 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:44:59.0213 7884 QWAVE - ok
22:44:59.0246 7884 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:44:59.0261 7884 QWAVEdrv - ok
22:44:59.0278 7884 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:44:59.0320 7884 RasAcd - ok
22:44:59.0405 7884 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:44:59.0455 7884 RasAgileVpn - ok
22:44:59.0495 7884 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:44:59.0544 7884 RasAuto - ok
22:44:59.0574 7884 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:44:59.0620 7884 Rasl2tp - ok
22:44:59.0669 7884 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:44:59.0720 7884 RasMan - ok
22:44:59.0755 7884 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:44:59.0779 7884 RasPppoe - ok
22:44:59.0832 7884 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:44:59.0877 7884 RasSstp - ok
22:44:59.0919 7884 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:44:59.0962 7884 rdbss - ok
22:44:59.0992 7884 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
22:45:00.0005 7884 rdpbus - ok
22:45:00.0022 7884 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:45:00.0066 7884 RDPCDD - ok
22:45:00.0112 7884 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:45:00.0152 7884 RDPENCDD - ok
22:45:00.0176 7884 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:45:00.0197 7884 RDPREFMP - ok
22:45:00.0254 7884 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
22:45:00.0326 7884 RDPWD - ok
22:45:00.0348 7884 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:45:00.0363 7884 rdyboost - ok
22:45:00.0415 7884 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:45:00.0438 7884 RemoteAccess - ok
22:45:00.0492 7884 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:45:00.0518 7884 RemoteRegistry - ok
22:45:00.0570 7884 RkHit - ok
22:45:00.0585 7884 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:45:00.0630 7884 RpcEptMapper - ok
22:45:00.0665 7884 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:45:00.0702 7884 RpcLocator - ok
22:45:00.0747 7884 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:45:00.0772 7884 RpcSs - ok
22:45:00.0819 7884 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:45:00.0862 7884 rspndr - ok
22:45:00.0928 7884 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:45:00.0945 7884 RTL8167 - ok
22:45:00.0970 7884 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:45:00.0982 7884 SamSs - ok
22:45:01.0012 7884 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:45:01.0024 7884 sbp2port - ok
22:45:01.0041 7884 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:45:01.0089 7884 SCardSvr - ok
22:45:01.0112 7884 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:45:01.0134 7884 scfilter - ok
22:45:01.0216 7884 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:45:01.0278 7884 Schedule - ok
22:45:01.0320 7884 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:45:01.0341 7884 SCPolicySvc - ok
22:45:01.0403 7884 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\DRIVERS\sdbus.sys
22:45:01.0442 7884 sdbus - ok
22:45:01.0477 7884 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:45:01.0554 7884 SDRSVC - ok
22:45:01.0580 7884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:45:01.0626 7884 secdrv - ok
22:45:01.0657 7884 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:45:01.0707 7884 seclogon - ok
22:45:01.0731 7884 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
22:45:01.0780 7884 SENS - ok
22:45:01.0839 7884 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:45:01.0890 7884 SensrSvc - ok
22:45:01.0920 7884 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:45:01.0932 7884 Serenum - ok
22:45:01.0958 7884 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:45:01.0971 7884 Serial - ok
22:45:01.0992 7884 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
22:45:02.0005 7884 sermouse - ok
22:45:02.0040 7884 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:45:02.0086 7884 SessionEnv - ok
22:45:02.0115 7884 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:45:02.0152 7884 sffdisk - ok
22:45:02.0182 7884 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:45:02.0195 7884 sffp_mmc - ok
22:45:02.0210 7884 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:45:02.0253 7884 sffp_sd - ok
22:45:02.0276 7884 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
22:45:02.0308 7884 sfloppy - ok
22:45:02.0366 7884 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:45:02.0414 7884 SharedAccess - ok
22:45:02.0453 7884 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:45:02.0481 7884 ShellHWDetection - ok
22:45:02.0505 7884 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:45:02.0518 7884 sisagp - ok
22:45:02.0554 7884 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
22:45:02.0566 7884 SiSRaid2 - ok
22:45:02.0595 7884 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
22:45:02.0608 7884 SiSRaid4 - ok
22:45:02.0651 7884 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:45:02.0675 7884 Smb - ok
22:45:02.0743 7884 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:45:02.0756 7884 SNMPTRAP - ok
22:45:02.0764 7884 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:45:02.0775 7884 spldr - ok
22:45:02.0813 7884 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:45:02.0868 7884 Spooler - ok
22:45:03.0035 7884 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:45:03.0123 7884 sppsvc - ok
22:45:03.0231 7884 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:45:03.0278 7884 sppuinotify - ok
22:45:03.0434 7884 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS
22:45:03.0463 7884 SRTSP - ok
22:45:03.0479 7884 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS
22:45:03.0492 7884 SRTSPX - ok
22:45:03.0532 7884 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:45:03.0587 7884 srv - ok
22:45:03.0618 7884 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:45:03.0658 7884 srv2 - ok
22:45:03.0685 7884 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:45:03.0718 7884 srvnet - ok
22:45:03.0749 7884 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:45:03.0775 7884 SSDPSRV - ok
22:45:03.0833 7884 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:45:03.0885 7884 SstpSvc - ok
22:45:04.0045 7884 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:45:04.0061 7884 Stereo Service - ok
22:45:04.0130 7884 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
22:45:04.0142 7884 stexstor - ok
22:45:04.0221 7884 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:45:04.0297 7884 StiSvc - ok
22:45:04.0329 7884 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
22:45:04.0341 7884 swenum - ok
22:45:04.0478 7884 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:45:04.0496 7884 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
22:45:04.0496 7884 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
22:45:04.0561 7884 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:45:04.0589 7884 swprv - ok
22:45:04.0712 7884 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS
22:45:04.0728 7884 SymDS - ok
22:45:04.0772 7884 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS
22:45:04.0794 7884 SymEFA - ok
22:45:04.0831 7884 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
22:45:04.0843 7884 SymEvent - ok
22:45:04.0906 7884 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS
22:45:04.0918 7884 SymIRON - ok
22:45:04.0986 7884 SymNetS (2c688094650d23b62b0a809decd0b12f) C:\Windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS
22:45:05.0000 7884 SymNetS - ok
22:45:05.0090 7884 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:45:05.0121 7884 SysMain - ok
22:45:05.0144 7884 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:45:05.0182 7884 TabletInputService - ok
22:45:05.0221 7884 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:45:05.0269 7884 TapiSrv - ok
22:45:05.0296 7884 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:45:05.0321 7884 TBS - ok
22:45:05.0445 7884 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
22:45:05.0483 7884 Tcpip - ok
22:45:05.0621 7884 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
22:45:05.0647 7884 TCPIP6 - ok
22:45:05.0717 7884 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:45:05.0747 7884 tcpipreg - ok
22:45:05.0773 7884 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:45:05.0810 7884 TDPIPE - ok
22:45:05.0850 7884 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:45:05.0862 7884 TDTCP - ok
22:45:05.0878 7884 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:45:05.0928 7884 tdx - ok
22:45:05.0960 7884 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
22:45:05.0972 7884 TermDD - ok
22:45:06.0011 7884 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:45:06.0050 7884 TermService - ok
22:45:06.0076 7884 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:45:06.0120 7884 Themes - ok
22:45:06.0157 7884 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:45:06.0181 7884 THREADORDER - ok
22:45:06.0199 7884 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:45:06.0247 7884 TrkWks - ok
22:45:06.0325 7884 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:45:06.0372 7884 TrustedInstaller - ok
22:45:06.0407 7884 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:45:06.0455 7884 tssecsrv - ok
22:45:06.0493 7884 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:45:06.0565 7884 TsUsbFlt - ok
22:45:06.0583 7884 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
22:45:06.0614 7884 TsUsbGD - ok
22:45:06.0667 7884 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:45:06.0708 7884 tunnel - ok
22:45:06.0743 7884 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
22:45:06.0755 7884 uagp35 - ok
22:45:06.0788 7884 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:45:06.0831 7884 udfs - ok
22:45:06.0867 7884 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:45:06.0898 7884 UI0Detect - ok
22:45:06.0933 7884 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:45:06.0945 7884 uliagpkx - ok
22:45:06.0974 7884 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
22:45:06.0986 7884 umbus - ok
22:45:07.0018 7884 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
22:45:07.0031 7884 UmPass - ok
22:45:07.0091 7884 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:45:07.0147 7884 upnphost - ok
22:45:07.0197 7884 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:45:07.0220 7884 usbccgp - ok
22:45:07.0242 7884 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:45:07.0256 7884 usbcir - ok
22:45:07.0283 7884 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:45:07.0295 7884 usbehci - ok
22:45:07.0322 7884 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:45:07.0337 7884 usbhub - ok
22:45:07.0348 7884 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
22:45:07.0386 7884 usbohci - ok
22:45:07.0418 7884 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:45:07.0431 7884 usbprint - ok
22:45:07.0469 7884 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:45:07.0483 7884 usbscan - ok
22:45:07.0516 7884 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:45:07.0596 7884 USBSTOR - ok
22:45:07.0613 7884 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:45:07.0625 7884 usbuhci - ok
22:45:07.0642 7884 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:45:07.0665 7884 UxSms - ok
22:45:07.0691 7884 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:45:07.0703 7884 VaultSvc - ok
22:45:07.0713 7884 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:45:07.0725 7884 vdrvroot - ok
22:45:07.0762 7884 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:45:07.0822 7884 vds - ok
22:45:07.0850 7884 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:45:07.0884 7884 vga - ok
22:45:07.0915 7884 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:45:07.0938 7884 VgaSave - ok
22:45:07.0959 7884 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:45:07.0973 7884 vhdmp - ok
22:45:07.0996 7884 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:45:08.0008 7884 viaagp - ok
22:45:08.0030 7884 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
22:45:08.0064 7884 ViaC7 - ok
22:45:08.0088 7884 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:45:08.0099 7884 viaide - ok
22:45:08.0113 7884 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:45:08.0125 7884 volmgr - ok
22:45:08.0149 7884 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:45:08.0165 7884 volmgrx - ok
22:45:08.0186 7884 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:45:08.0201 7884 volsnap - ok
22:45:08.0234 7884 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
22:45:08.0248 7884 vsmraid - ok
22:45:08.0339 7884 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:45:08.0416 7884 VSS - ok
22:45:08.0450 7884 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:45:08.0495 7884 vwifibus - ok
22:45:08.0539 7884 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:45:08.0568 7884 W32Time - ok
22:45:08.0588 7884 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
22:45:08.0629 7884 WacomPen - ok
22:45:08.0665 7884 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:45:08.0687 7884 WANARP - ok
22:45:08.0691 7884 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:45:08.0713 7884 Wanarpv6 - ok
22:45:08.0830 7884 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:45:08.0879 7884 WatAdminSvc - ok
22:45:09.0023 7884 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:45:09.0072 7884 wbengine - ok
22:45:09.0102 7884 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:45:09.0120 7884 WbioSrvc - ok
22:45:09.0147 7884 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:45:09.0166 7884 wcncsvc - ok
22:45:09.0191 7884 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:45:09.0267 7884 WcsPlugInService - ok
22:45:09.0334 7884 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
22:45:09.0346 7884 Wd - ok
22:45:09.0386 7884 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:45:09.0407 7884 Wdf01000 - ok
22:45:09.0422 7884 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:45:09.0501 7884 WdiServiceHost - ok
22:45:09.0504 7884 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:45:09.0519 7884 WdiSystemHost - ok
22:45:09.0648 7884 Web Assistant Updater (f70d9dbf55cbf7f0b5705bd5fe79d907) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
22:45:09.0680 7884 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning
22:45:09.0681 7884 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)
22:45:09.0716 7884 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:45:09.0750 7884 WebClient - ok
22:45:09.0780 7884 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:45:09.0807 7884 Wecsvc - ok
22:45:09.0821 7884 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:45:09.0871 7884 wercplsupport - ok
22:45:09.0916 7884 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:45:09.0941 7884 WerSvc - ok
22:45:10.0020 7884 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:45:10.0042 7884 WfpLwf - ok
22:45:10.0064 7884 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:45:10.0075 7884 WIMMount - ok
22:45:10.0164 7884 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:45:10.0219 7884 WinDefend - ok
22:45:10.0224 7884 WinHttpAutoProxySvc - ok
22:45:10.0323 7884 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:45:10.0347 7884 Winmgmt - ok
22:45:10.0448 7884 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:45:10.0509 7884 WinRM - ok
22:45:10.0593 7884 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:45:10.0607 7884 WinUsb - ok
22:45:10.0685 7884 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:45:10.0721 7884 Wlansvc - ok
22:45:10.0897 7884 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:45:10.0940 7884 wlidsvc - ok
22:45:11.0072 7884 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:45:11.0084 7884 WmiAcpi - ok
22:45:11.0168 7884 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:45:11.0206 7884 wmiApSrv - ok
22:45:11.0329 7884 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:45:11.0393 7884 WMPNetworkSvc - ok
22:45:11.0496 7884 WMZuneComm (017695393afffed8de58abd1b085be6d) C:\Program Files\Zune\WMZuneComm.exe
22:45:11.0512 7884 WMZuneComm - ok
22:45:11.0601 7884 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:45:11.0629 7884 WPCSvc - ok
22:45:11.0643 7884 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:45:11.0708 7884 WPDBusEnum - ok
22:45:11.0738 7884 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:45:11.0781 7884 ws2ifsl - ok
22:45:11.0807 7884 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
22:45:11.0848 7884 wscsvc - ok
22:45:11.0851 7884 WSearch - ok
22:45:11.0993 7884 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
22:45:12.0051 7884 wuauserv - ok
22:45:12.0104 7884 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:45:12.0150 7884 WudfPf - ok
22:45:12.0197 7884 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:45:12.0245 7884 WUDFRd - ok
22:45:12.0286 7884 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:45:12.0310 7884 wudfsvc - ok
22:45:12.0374 7884 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:45:12.0393 7884 WwanSvc - ok
22:45:12.0794 7884 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) C:\Program Files\Zune\ZuneNss.exe
22:45:12.0921 7884 ZuneNetworkSvc - ok
22:45:13.0007 7884 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
22:45:13.0026 7884 ZuneWlanCfgSvc - ok
22:45:13.0050 7884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:45:13.0078 7884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:45:13.0078 7884 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:45:13.0108 7884 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:45:13.0108 7884 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:45:13.0112 7884 Boot (0x1200) (131553dc1021501ce03885c65e453940) \Device\Harddisk0\DR0\Partition0
22:45:13.0114 7884 \Device\Harddisk0\DR0\Partition0 - ok
22:45:13.0115 7884 ============================================================
22:45:13.0115 7884 Scan finished
22:45:13.0115 7884 ============================================================
22:45:13.0124 7888 Detected object count: 7
22:45:13.0124 7888 Actual detected object count: 7
22:47:16.0736 7888 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:16.0736 7888 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:47:16.0736 7888 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:16.0736 7888 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:47:16.0738 7888 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:16.0738 7888 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:47:16.0740 7888 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:16.0740 7888 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:47:16.0743 7888 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:16.0743 7888 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:47:17.0476 7888 \Device\Harddisk0\DR0\# - copied to quarantine
22:47:17.0477 7888 \Device\Harddisk0\DR0 - copied to quarantine
22:47:17.0508 7888 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:47:17.0517 7888 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:47:17.0520 7888 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:47:17.0525 7888 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:47:17.0530 7888 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:47:17.0541 7888 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:47:17.0548 7888 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:47:17.0551 7888 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:47:17.0553 7888 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:47:17.0555 7888 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:47:17.0558 7888 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:47:17.0561 7888 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:47:17.0563 7888 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:47:17.0565 7888 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:47:17.0568 7888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:47:17.0569 7888 \Device\Harddisk0\DR0 - ok
22:47:17.0580 7888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:47:17.0581 7888 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:47:17.0581 7888 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:47:20.0761 7920 Deinitialize success
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
03-Aug-2012, 02:59 AM #5
Glad to help, OK do the following and post the produced logs. Please also give an update on current issues/concerns:

Step 1

Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Please download
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2

Download OTL from any of the following links and save to your desktop.

Link 1
Link 2
Link3

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
  • Please check the box next to "LOP check" and "Purtiy check"
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Kevin
PaGrrl's Avatar
PaGrrl PaGrrl is offline
Member with 34 posts.
THREAD STARTER
 
Join Date: May 2007
04-Aug-2012, 10:55 PM #6
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Tanya :: PIXIE-PC [administrator]

8/4/2012 10:31:12 PM
mbam-log-2012-08-04 (22-31-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233633
Time elapsed: 7 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Tanya\Downloads\dvdburning_1289.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)




OTL logfile created on: 8/4/2012 10:44:45 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Tanya\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 60.75% Memory free
6.98 Gb Paging File | 5.39 Gb Available in Paging File | 77.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 76.43 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 671.57 Gb Free Space | 72.09% Space Free | Partition Type: NTFS

Computer Name: PIXIE-PC | User Name: Tanya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/04 22:41:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Tanya\Desktop\OTL.com
PRC - [2012/07/18 10:03:39 | 000,066,160 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2012/07/18 10:03:37 | 006,536,304 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2012/07/13 20:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/01 10:33:54 | 000,366,536 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
PRC - [2012/06/01 10:33:53 | 000,264,136 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
PRC - [2012/05/15 05:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 05:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/05/08 15:14:30 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/26 03:01:20 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/10/26 03:00:48 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/06/24 04:27:04 | 006,044,264 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (No Company Name) ==========

MOD - [2012/07/18 10:03:39 | 000,104,048 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2012/07/18 10:00:32 | 000,548,040 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\sqlite3.dll
MOD - [2012/07/13 20:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 03:36:49 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201 dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
MOD - [2012/06/14 03:36:46 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa4 5736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/14 03:30:39 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a4 3ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:30:34 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1af c17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/06/14 03:30:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e3 9162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 03:30:22 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a23 0496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 03:30:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe6 51c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:30:01 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f8773 6d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 03:29:54 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea4 9639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/01 10:33:54 | 000,268,232 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImLookExU.dll
MOD - [2012/06/01 10:33:54 | 000,133,064 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
MOD - [2012/06/01 10:33:54 | 000,079,816 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImAppRU.dll
MOD - [2012/06/01 10:33:54 | 000,071,624 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\wlessfp1.dll
MOD - [2012/06/01 10:33:54 | 000,032,648 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/05/12 14:48:16 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b2 6f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/05/12 14:47:12 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61 b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/12 14:46:15 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210 219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/12 14:46:14 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b4 5e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/12 14:46:12 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe 4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/12 14:46:11 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca 2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/05/12 14:23:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489 276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 14:23:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083c bbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/12 14:22:52 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff6 0beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
MOD - [2012/05/12 14:22:42 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a58 6d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 14:22:40 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035 c210487b0888e6461192\System.Security.ni.dll
MOD - [2012/05/12 14:22:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d4 9b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 14:22:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c50 6bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 14:22:32 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673 d948179195c\System.ni.dll
MOD - [2012/05/12 14:22:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a35 9778ea57d914c\mscorlib.ni.dll
MOD - [2011/12/19 18:50:40 | 000,107,896 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\PMC.dll
MOD - [2011/05/28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/11/20 17:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/02 23:50:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 11:11:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/18 10:03:39 | 000,066,160 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/05/15 06:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/05/08 15:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012/01/13 04:03:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/26 03:00:48 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\RKHit.sys -- (RkHit)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\amdiox86.sys -- (amdiox86)
DRV - [2012/07/27 17:01:36 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120804.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/07/27 17:01:36 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120804.009\NAVENG.SYS -- (NAVENG)
DRV - [2012/06/18 20:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/14 14:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120803.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012/05/31 10:55:02 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 10:55:02 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 06:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/04/18 13:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/01/11 01:19:28 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/26 04:03:50 | 008,853,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/10/26 02:21:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/07/13 14:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/07/13 14:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011/07/05 11:24:24 | 000,025,232 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\gidv2.sys -- (GIDv2)
DRV - [2011/06/20 07:36:10 | 000,115,808 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2011/06/06 06:06:54 | 000,211,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/04/20 21:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symnets.sys -- (SymNetS)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/17 08:04:18 | 000,149,632 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdxhc.sys -- (amdxhc)
DRV - [2011/03/17 08:04:16 | 000,070,272 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdhub30.sys -- (amdhub30)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/?a=DgVJWLEGFh
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D A9 A9 1D 88 D0 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s1122&geo=US&ver=5
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=DgVJWLEGFh
IE - HKCU\..\SearchScopes\{E77B06D4-F131-4169-9957-86324858B784}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..keyword.URL: "http://search.alot.com/web?src_id=30182&client_id=f8b8ba561f641a9b9c5e4ca8&camp_id=3353&install_ti me=2012-06-04T02:54:09Z&pr=auto&tb_version=1.0.17000(G)&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tanya\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dl l (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 08:31:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_10_1 [2012/08/04 20:10:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 13:18:46 | 000,185,164 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/01 10:33:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/01 22:12:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 07:34:47 | 000,000,000 | ---D | M]

[2012/01/11 14:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanya\AppData\Roaming\Mozilla\Extensions
[2012/07/30 23:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\flca98ga.default\ex tensions
[2012/07/30 23:33:39 | 000,001,635 | ---- | M] () -- C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\flca98ga.default\se archplugins\firefox-add-ons.xml
[2012/08/01 22:12:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/01 10:33:42 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012/07/30 23:33:26 | 000,368,105 | ---- | M] () (No name found) -- C:\USERS\TANYA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FLCA98GA.DEFAULT\EX TENSIONS\GOOGLE@HITACHI.COM.XPI
[2012/07/16 20:38:01 | 000,113,603 | ---- | M] () (No name found) -- C:\USERS\TANYA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FLCA98GA.DEFAULT\EX TENSIONS\NOSQUINT@URANDOM.CA.XPI
[2012/07/13 20:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 18:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/20 13:15:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/22 18:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/26 14:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/19 17:10:02 | 000,000,825 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts:
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.716.0\NativeBHO.dll (WhiteSky)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EPSON NX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON NX110 Series (Copy 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Tanya\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED7302B1-BE3B-45A3-B442-C03EF67E3CE3}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\Shell\AutoRun\command - "" = V:\Autorun.exe
O33 - MountPoints2\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\Shell\AutoRun\command - "" = W:\Autorun.exe
O33 - MountPoints2\{0f352201-3f54-11e1-8dd3-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{0f352201-3f54-11e1-8dd3-8c89a559a309}\Shell\AutoRun\command - "" = X:\Autorun.exe
O33 - MountPoints2\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\Shell\AutoRun\command - "" = G:\autorun.exe Launch.hta
O33 - MountPoints2\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\Shell\AutoRun\command - "" = G:\autorun.exe Launch.hta
O33 - MountPoints2\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = Y:\Autorun.exe
O33 - MountPoints2\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = Z:\Autorun.exe
O33 - MountPoints2\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\Shell\AutoRun\command - "" = G:\CD_Start.exe
O33 - MountPoints2\{c4cd636f-69e4-11e1-b055-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{c4cd636f-69e4-11e1-b055-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{c4cd6371-69e4-11e1-b055-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{c4cd6371-69e4-11e1-b055-8c89a559a309}\Shell\AutoRun\command - "" = H:\autorun.exe Launch.hta
O33 - MountPoints2\{e1e77233-983a-11e1-be29-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{e1e77233-983a-11e1-be29-8c89a559a309}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\Shell - "" = AutoRun
O33 - MountPoints2\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 22:41:52 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Tanya\Desktop\OTL.com
[2012/08/04 22:29:58 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Roaming\Malwarebytes
[2012/08/04 22:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/04 22:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/04 22:29:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/04 22:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/04 22:28:19 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tanya\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/02 22:47:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/02 22:42:29 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tanya\Desktop\tdsskiller.exe
[2012/08/01 22:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/01 22:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/08/01 22:33:59 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/08/01 22:33:59 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/01 22:33:39 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/01 22:33:39 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/01 22:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/31 01:27:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tanya\Desktop\dds.com
[2012/07/31 01:24:51 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tanya\Desktop\HijackThis.exe
[2012/07/27 11:20:30 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\Symantec
[2012/07/16 21:47:15 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Roaming\Microsoft Games
[2012/07/16 21:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Games
[2012/07/16 21:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2012/07/11 03:03:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/11 03:03:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/11 03:03:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/11 03:03:13 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/11 03:03:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/11 03:03:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/11 03:03:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/11 03:00:55 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/10 16:30:40 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/10 16:30:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/10 16:30:36 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/07/08 23:31:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/15 20:04:11 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Tanya\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/08/04 22:41:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Tanya\Desktop\OTL.com
[2012/08/04 22:29:39 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 22:28:22 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tanya\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/04 22:28:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2499311016-898022518-1243461680-1000UA.job
[2012/08/04 21:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/04 20:18:10 | 000,021,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 20:18:10 | 000,021,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 20:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/04 20:10:23 | 2810,290,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/04 19:28:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2499311016-898022518-1243461680-1000Core.job
[2012/08/03 00:56:44 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/03 00:56:44 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/02 23:50:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/02 23:50:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/02 22:42:41 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tanya\Desktop\tdsskiller.exe
[2012/08/01 22:33:18 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/01 22:33:18 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/31 01:34:27 | 000,302,592 | ---- | M] () -- C:\Users\Tanya\Desktop\mmvsr5ug.exe
[2012/07/31 01:27:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tanya\Desktop\dds.com
[2012/07/31 01:25:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tanya\Desktop\HijackThis.exe
[2012/07/30 23:48:07 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2012/07/27 16:56:43 | 289,164,778 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/23 21:13:15 | 000,002,153 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/07/23 21:13:14 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2012/07/16 22:37:02 | 000,002,432 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/07/16 22:36:36 | 001,211,442 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502020.003\Cat.DB
[2012/07/16 22:22:30 | 000,001,596 | ---- | M] () -- C:\Users\Tanya\Desktop\ZOO TYCOON.lnk
[2012/07/16 21:36:02 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2012/07/11 21:25:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502020.003\isolate.ini
[2012/07/11 03:20:46 | 003,723,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/09 14:05:24 | 000,001,146 | ---- | M] () -- C:\Users\Tanya\Desktop\BitTorrent.lnk

========== Files Created - No Company Name ==========

[2012/08/04 22:29:39 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/31 01:34:25 | 000,302,592 | ---- | C] () -- C:\Users\Tanya\Desktop\mmvsr5ug.exe
[2012/07/30 23:48:07 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2012/07/23 21:13:13 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2012/07/16 22:37:02 | 000,002,432 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/07/16 22:21:47 | 000,001,596 | ---- | C] () -- C:\Users\Tanya\Desktop\ZOO TYCOON.lnk
[2012/07/16 21:36:02 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012/07/09 14:04:09 | 000,001,146 | ---- | C] () -- C:\Users\Tanya\Desktop\BitTorrent.lnk
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/05/14 21:01:36 | 000,202,094 | ---- | C] () -- C:\Users\Tanya\da Boys birth certificates.JPG
[2012/03/30 23:11:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/16 10:35:34 | 000,327,166 | ---- | C] () -- C:\Users\Tanya\wwtracker.jpg
[2012/02/21 10:55:48 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/01/27 17:39:11 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
[2012/01/21 16:03:40 | 000,330,260 | ---- | C] () -- C:\Users\Tanya\Boys birth certificates kn.JPG
[2012/01/18 01:14:09 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/01/18 00:02:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/15 23:17:53 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012/01/15 23:17:53 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012/01/15 23:17:53 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012/01/15 23:17:53 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012/01/15 23:17:53 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012/01/15 23:17:53 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012/01/15 23:17:53 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012/01/15 23:17:53 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012/01/15 23:17:53 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012/01/15 23:17:53 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012/01/15 23:17:53 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012/01/15 23:17:53 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012/01/15 23:17:53 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012/01/15 23:17:53 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/01/15 23:17:53 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012/01/15 23:17:52 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012/01/15 20:05:00 | 000,000,671 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\vso_ts_preview.xml
[2012/01/15 20:04:11 | 000,087,608 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\inst.exe
[2012/01/15 20:04:11 | 000,007,887 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\pcouffin.cat
[2012/01/15 20:04:11 | 000,001,144 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\pcouffin.inf
[2012/01/11 13:39:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/11 13:33:23 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012/01/11 01:41:15 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{8474a8d8-a5af-bd38-9cd5-f5bd335edbe1}\@
[2011/10/26 02:59:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\amdverag.dll
[2011/10/26 02:20:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/30 15:33:12 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/07 23:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll

========== LOP Check ==========

[2012/03/03 20:41:39 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\.minecraft
[2012/07/18 00:21:08 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\BitTorrent
[2012/05/01 19:08:44 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\EPSON
[2012/08/04 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\ID Vault
[2012/05/02 21:24:42 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\RipIt4Me
[2012/03/02 19:31:27 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987 F0111B594.1
[2012/05/27 14:50:12 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Tific
[2012/07/27 23:01:31 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Vso
[2012/08/04 19:28:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2499311016-898022518-1243461680-1000Core.job
[2012/08/04 22:28:00 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2499311016-898022518-1243461680-1000UA.job
[2012/08/02 06:11:41 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




OTL Extras logfile created on: 8/4/2012 10:44:45 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Tanya\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 60.75% Memory free
6.98 Gb Paging File | 5.39 Gb Available in Paging File | 77.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 76.43 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 671.57 Gb Free Space | 72.09% Space Free | Partition Type: NTFS

Computer Name: PIXIE-PC | User Name: Tanya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0A2AEE7D-5FF9-4166-BF15-43747B263E9B}" = rport=445 | protocol=6 | dir=out | app=system |
"{11BEDC0E-AC27-4CB6-B01F-E2309744110A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1EB30D64-D563-40B7-BD13-AF561B27862A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34CBA3A3-CAD8-4AC2-8FA5-14B5757B25B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{65C72A6C-20C1-4E91-8037-39B4121CBFC9}" = rport=139 | protocol=6 | dir=out | app=system |
"{70B4FEF2-3D72-42D5-9B6F-7946CE7327EE}" = lport=138 | protocol=17 | dir=in | app=system |
"{99496F93-1156-4D2D-A283-9F110215DAE5}" = rport=137 | protocol=17 | dir=out | app=system |
"{A1B0C4D6-3056-462D-91B9-D9E002C1588A}" = lport=137 | protocol=17 | dir=in | app=system |
"{B52BF570-5168-455E-9C9C-4845B2FADE3F}" = rport=138 | protocol=17 | dir=out | app=system |
"{BB31CA34-4761-4AA9-964F-68CCA59F3712}" = lport=139 | protocol=6 | dir=in | app=system |
"{BEAB5131-14D1-4A71-A0C9-EC6557170402}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FC703947-54DC-43AB-B130-B1EDFCDC316E}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{3A8B8AD2-463D-4B63-9479-8422F4D4BC2A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{3DC6087D-6083-486D-B0A0-EEF9FEBA305A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{4006DD2B-23A6-4495-BCC8-3AD3BEBD5B05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{63B12F14-2312-468F-98D4-2A884FA75788}" = protocol=17 | dir=in | app=c:\users\tanya\downloads\bittorrent-7.6.exe |
"{6D1837B8-E476-48AF-8B02-BD2E7118DD7D}" = dir=in | app=c:\users\tanya\appdata\local\facebook\video\skype\facebookvideocalling. exe |
"{6FB1016C-45AD-4B18-93F4-113A5C79F692}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{73A7CFFE-564A-4B68-89FF-51D5875BBDE9}" = protocol=6 | dir=in | app=c:\users\tanya\downloads\bittorrent-7.6.exe |
"{82F53E06-6BAF-4009-AD09-64CA60CB35E0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD965A49-8AA0-451A-9360-B58E28EF5810}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C558186F-6638-4F66-A653-2BF3F0E7B048}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D5B93534-6476-41F2-930C-58C9D287C6AF}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{EE90C35F-8E89-433E-9C8E-E1217A5554EB}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"TCP Query User{255E319E-CD43-472B-AB8A-36328A8934B8}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{7D45141C-B0D1-40A7-9F75-33F5DE5E0DC0}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{EE7911D0-F8CE-49F0-8D33-2218DA5D3C92}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{F12A7377-81E7-472A-8F20-04F0F2136306}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.441
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{5332A981-2332-55C4-FE31-7BCAAB16CAE2}" = Catalyst Control Center InstallProxy
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{562817EC-0640-4947-9513-570A53D55877}" = Grey's Anatomy
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.107
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777089A-4CF4-44BA-910B-9A4580669DED}" = Hallmark Card Studio 2012 Deluxe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{9191979D-821C-4EA8-B021-2DA1D859A7C5}" = GuardedID
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2C948AC-CA5B-1921-E1CC-73DAAAD7ED15}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1" = Ares 3.1.7.3042
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{F021D637-BBDA-486B-96F0-225B62596C3B}" = Nero 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49AC447-8ED0-0C8A-8622-4737B2EE4248}" = ATI Catalyst Install Manager
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BitTorrent" = BitTorrent
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool Timer_is1" = Cool Timer 3.7
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CouponBar5.0.0.5" = CouponBar
"EPSON NX110 Series" = EPSON NX110 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Guild Wars" = Guild Wars
"ID Vault" = Constant Guard Protection Suite
"IncrediMail" = IncrediMail 2.0
"InstallShield_{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"Magic DVD Ripper_is1" = Magic DVD Ripper V6.0.2 Standard
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"WBFS Manager 3.0" = WBFS Manager 3.0
"Winamp" = Winamp
"WinCDEmu" = WinCDEmu
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2012 12:22:38 PM | Computer Name = Pixie-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2012 2:40:06 PM | Computer Name = Pixie-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Users\Tanya\downloads\any
dvd cloner platinum 1.1.6 + serials\SETUP.EXE". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="65 95b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/2/2012 2:40:48 PM | Computer Name = Pixie-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\WinCDEmu\vmnt64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="65 95b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/2/2012 2:42:09 PM | Computer Name = Pixie-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Nero\Nero
11\nero backitup\NBVSSTool_x64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="65 95b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/2/2012 10:50:26 PM | Computer Name = Pixie-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/3/2012 2:11:23 AM | Computer Name = Pixie-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Users\Tanya\downloads\any
dvd cloner platinum 1.1.6 + serials\SETUP.EXE". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="65 95b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/3/2012 2:11:48 AM | Computer Name = Pixie-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\WinCDEmu\vmnt64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="65 95b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/3/2012 2:12:40 AM | Computer Name = Pixie-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Nero\Nero
11\nero backitup\NBVSSTool_x64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="65 95b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/4/2012 11:48:56 AM | Computer Name = Pixie-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/4/2012 8:11:55 PM | Computer Name = Pixie-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 5/19/2012 7:46:11 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
Description = 7:46:06 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/20/2012 8:42:37 AM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
Description = 8:42:37 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/20/2012 8:42:42 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
Description = 8:42:37 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/21/2012 7:54:25 AM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
Description = 7:54:25 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 12:02:08 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
Description = 12:02:08 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 1:02:40 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
Description = 1:02:37 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 2:03:04 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
Description = 2:03:00 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 3:06:30 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
Description = 3:06:26 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 7:42:27 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
Description = 7:42:22 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/23/2012 7:23:13 AM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
Description = 7:23:13 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

[ System Events ]
Error - 7/14/2012 3:57:35 PM | Computer Name = Pixie-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 7/15/2012 12:01:17 AM | Computer Name = Pixie-PC | Source = DCOM | ID = 10010
Description =

Error - 7/15/2012 12:56:44 AM | Computer Name = Pixie-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 7/15/2012 12:56:44 AM | Computer Name = Pixie-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 7/16/2012 9:55:17 AM | Computer Name = Pixie-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 7/16/2012 9:55:17 AM | Computer Name = Pixie-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 7/16/2012 1:30:55 PM | Computer Name = Pixie-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 7/16/2012 1:53:29 PM | Computer Name = Pixie-PC | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk1\DR1, is not ready for access yet.

Error - 7/16/2012 1:53:29 PM | Computer Name = Pixie-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.

Error - 7/16/2012 1:53:29 PM | Computer Name = Pixie-PC | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk1\DR1, is not ready for access yet.


< End of report >
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
05-Aug-2012, 02:36 AM #7
Continue as follows:-

Re-Run by double left click, Vista and Widows 7 users accept UAC alert.
  • Under the box at the bottom, paste in the following

    Code:
    :OTL
    PRC - [2012/06/01 10:33:54 | 000,366,536 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    PRC - [2012/06/01 10:33:53 | 000,264,136 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
    PRC - [2012/05/08 15:14:30 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    MOD - [2012/06/01 10:33:54 | 000,268,232 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImLookExU.dll
    MOD - [2012/06/01 10:33:54 | 000,133,064 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
    MOD - [2012/06/01 10:33:54 | 000,079,816 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImAppRU.dll
    MOD - [2012/06/01 10:33:54 | 000,071,624 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\wlessfp1.dll
    MOD - [2012/06/01 10:33:54 | 000,032,648 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
    MOD - [2011/12/19 18:50:40 | 000,107,896 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\PMC.dll
    SRV - [2012/05/08 15:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/?a=DgVJWLEGFh
    IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s1122&geo=US&ver=5
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=DgVJWLEGFh
    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 13:18:46 | 000,185,164 | ---- | M] ()
    [2012/06/01 10:33:42 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
    O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
    O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\Shell\AutoRun\command - "" = V:\Autorun.exe
    O33 - MountPoints2\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\Shell\AutoRun\command - "" = W:\Autorun.exe
    O33 - MountPoints2\{0f352201-3f54-11e1-8dd3-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{0f352201-3f54-11e1-8dd3-8c89a559a309}\Shell\AutoRun\command - "" = X:\Autorun.exe
    O33 - MountPoints2\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
    O33 - MountPoints2\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\Shell\AutoRun\command - "" = G:\autorun.exe Launch.hta
    O33 - MountPoints2\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\Shell\AutoRun\command - "" = G:\autorun.exe Launch.hta
    O33 - MountPoints2\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = Y:\Autorun.exe
    O33 - MountPoints2\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = Z:\Autorun.exe
    O33 - MountPoints2\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = F:\Autorun.exe
    O33 - MountPoints2\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
    O33 - MountPoints2\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
    O33 - MountPoints2\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
    O33 - MountPoints2\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\Shell\AutoRun\command - "" = G:\CD_Start.exe
    O33 - MountPoints2\{c4cd636f-69e4-11e1-b055-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{c4cd636f-69e4-11e1-b055-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
    O33 - MountPoints2\{c4cd6371-69e4-11e1-b055-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{c4cd6371-69e4-11e1-b055-8c89a559a309}\Shell\AutoRun\command - "" = H:\autorun.exe Launch.hta
    O33 - MountPoints2\{e1e77233-983a-11e1-be29-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{e1e77233-983a-11e1-be29-8c89a559a309}\Shell\AutoRun\command - "" = G:\setup.exe
    O33 - MountPoints2\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{18DB3375-0649-4EA3-959A-44F1ACD278BA}"=-
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}"=-
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Also give an update on any remaining issues or concerns....

Kevin
PaGrrl's Avatar
PaGrrl PaGrrl is offline
Member with 34 posts.
THREAD STARTER
 
Join Date: May 2007
05-Aug-2012, 06:08 PM #8
The computer seems to be running better. Only thing I have a problem with is games loading on FB but Im sure its FB





All processes killed
========== OTL ==========
No active process named IncMail.exe was found!
No active process named ImApp.exe was found!
Process ExtensionUpdaterService.exe killed successfully!
Service Web Assistant Updater stopped successfully!
Service Web Assistant Updater deleted successfully!
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 13:18:46 | 000,185,164 | ---- | M] () not found.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\defaults\preferences folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\defaults folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\skin folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\locale\en-US folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\locale folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\content\resources folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\content\libraries folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\content folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
C:\Program Files\Web Assistant\Extension32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
C:\Program Files\Coupons.com CouponBar\tbcore3.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ deleted successfully.
File C:\Program Files\Coupons.com CouponBar\tbcore3.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\ not found.
File V:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\ not found.
File W:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0f352201-3f54-11e1-8dd3-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f352201-3f54-11e1-8dd3-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0f352201-3f54-11e1-8dd3-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f352201-3f54-11e1-8dd3-8c89a559a309}\ not found.
File X:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\ not found.
File G:\autorun.exe Launch.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\ not found.
File G:\autorun.exe Launch.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\ not found.
File Y:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\ not found.
File Z:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\ not found.
File G:\CD_Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{c4cd636f-69e4-11e1-b055-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4cd636f-69e4-11e1-b055-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{c4cd636f-69e4-11e1-b055-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4cd636f-69e4-11e1-b055-8c89a559a309}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{c4cd6371-69e4-11e1-b055-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4cd6371-69e4-11e1-b055-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{c4cd6371-69e4-11e1-b055-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4cd6371-69e4-11e1-b055-8c89a559a309}\ not found.
File H:\autorun.exe Launch.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{e1e77233-983a-11e1-be29-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e77233-983a-11e1-be29-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{e1e77233-983a-11e1-be29-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e77233-983a-11e1-be29-8c89a559a309}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\ not found.
File E:\TL_Bootstrap.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{18 DB3375-0649-4EA3-959A-44F1ACD278BA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DB3375-0649-4EA3-959A-44F1ACD278BA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{26 A24AE4-039D-4CA4-87B4-2F83217005FF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A24AE4-039D-4CA4-87B4-2F83217005FF}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tanya\Desktop\cmd.bat deleted successfully.
C:\Users\Tanya\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tanya
->Temp folder emptied: 1745575 bytes
->Temporary Internet Files folder emptied: 29888444 bytes
->Java cache emptied: 15952 bytes
->FireFox cache emptied: 109361381 bytes
->Flash cache emptied: 5049372 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: UpdatusUser.Pixie-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 305637795 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 10653208 bytes

Total Files Cleaned = 441.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 08052012_180144

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP00000088D02F58813E9B5381 not found!

PendingFileRenameOperations files...
File C:\Windows\temp\TMP00000088D02F58813E9B5381 not found!

Registry entries deleted on Reboot...
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
05-Aug-2012, 06:37 PM #9
We`ve not done anything that would affect FaceBook, not sure whats wrong there? Do the following:

Step 1
  • Re-open to run it. (Vista and Win 7 users accept UAC alert)
  • Click on the button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Step 2

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates.
If Java or Adobe as updated please check under Start > Control Panel > Programs and Featues, ensure any old versions are removed. <--- Very Important

Step 3

Download TFC to your desktop, from either of the following links
Link 1
Link 2
  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
  • If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Step 4

Create a new restore point:

1. Right-click on Computer and go to Properties.
2. Next click on the System Protection link.
3. The System Properties dialog screen opens up and you will want to click on Create.
4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.
5. You should see the message "The restore point was created successfully

To remove all but the most recent restore point do the following:

1. Open Disk Cleanup by clicking the Start button . In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
2. If prompted, select the drive that you want to clean up, and then click OK.
3. In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
4. If prompted, select the drive that you want to clean up, and then click OK.
5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
6. In the Disk Cleanup dialog box, click Delete.
7. Click Delete Files, and then click OK. Re-Boot your PC.

Let me know if those steps complete OK..

Kevin
PaGrrl's Avatar
PaGrrl PaGrrl is offline
Member with 34 posts.
THREAD STARTER
 
Join Date: May 2007
05-Aug-2012, 07:09 PM #10
I have done those steps
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
06-Aug-2012, 02:59 AM #11
Is FaceBook ok now? Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.

Here are some tips to reduce the potential for malware infection in the future;

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained Here

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates.
If Java or Adobe as updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed.
Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

Firefox,

Opera, and

Chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,
Yellow for caution, and
Red to stop.


Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the “Mark Solved” tab at the top of the thread,

Take care,

Kevin
PaGrrl's Avatar
PaGrrl PaGrrl is offline
Member with 34 posts.
THREAD STARTER
 
Join Date: May 2007
06-Aug-2012, 03:54 PM #12
The system is running well. FB still wont load a game on my account but it does on my partners account and we share the same computers so I would say it would be facebook. Thank you for all your help
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
06-Aug-2012, 03:57 PM #13
OK, thanks for letting me know, can you mark the thread solved.

Thanks,

Kevin
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑