1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google Search redirects to random websites

Discussion in 'Virus & Other Malware Removal' started by amz84uk, Jan 14, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. amz84uk

    amz84uk Thread Starter

    Joined:
    Jan 14, 2013
    Messages:
    11
    ;Hi all. I have been having a problem whereby any search links that I click on from Google directs me onto another random website. I have IE8, and installed IE9 hoping it would sort it, but hasn't. I've tried to see other post messages, but no luck.

    Here's my HijackThis log;

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:35:36, on 14/01/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.17115)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Amit\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-21-3601336174-2481348647-1585890067-1001\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User '?')
    O4 - HKUS\S-1-5-21-3601336174-2481348647-1585890067-1001\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
    O4 - S-1-5-21-3601336174-2481348647-1585890067-1001 Startup: RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.exe (User '?')
    O4 - Startup: RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110929130035
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
    O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SpyHunter 4 Service - Unknown owner - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 13851 bytes




    2 - DDS Log;
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.17115 BrowserJavaVersion: 1.6.0_37
    Run by Amit at 20:36:03 on 2013-01-14
    .
    ============== Running Processes ===============
    .
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll
    TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll
    TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    StartupFolder: C:\Users\Amit\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RT-UPD~1.LNK - C:\Ross-Tech\VCDS\VCDS.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    uPolicies-Explorer: NoDrives = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:149
    IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110929130035
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 192.168.1.1 0.0.0.0
    TCP: Interfaces\{292A6978-3D57-4767-8DBE-E153609B01B6} : DHCPNameServer = 192.168.1.1 0.0.0.0
    TCP: Interfaces\{292A6978-3D57-4767-8DBE-E153609B01B6}\14D696472E08993702960586F6E656 : DHCPNameServer = 172.31.139.17 172.30.139.17
    TCP: Interfaces\{292A6978-3D57-4767-8DBE-E153609B01B6}\36163716 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{292A6978-3D57-4767-8DBE-E153609B01B6}\4656661657C647 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{292A6978-3D57-4767-8DBE-E153609B01B6}\86F64756C602E616472716A6 : DHCPNameServer = 218.248.241.2 218.248.255.212
    TCP: Interfaces\{292A6978-3D57-4767-8DBE-E153609B01B6}\B41667562797 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{292A6978-3D57-4767-8DBE-E153609B01B6}\F42377962756C6563737731323337373 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{438C7DEB-47A6-46E9-A946-ACA03E977196} : DHCPNameServer = 172.31.139.17 172.30.139.17
    TCP: Interfaces\{6B87D712-635A-49D1-BC1E-ECC9A0ED9DA8} : DHCPNameServer = 172.31.139.17 172.30.139.17
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Notify: igfxcui - igfxdev.dll
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Amit\AppData\Roaming\Mozilla\Firefox\Profiles\riw15slo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-11-19 17:40; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2013-01-14 19:49:39 -------- d-----w- C:\Program Files (x86)\ESET
    2013-01-14 19:41:29 -------- d-----w- C:\Windows\ERUNT
    2013-01-14 19:41:20 -------- d-----w- C:\JRT
    2013-01-14 19:12:30 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-01-13 16:35:39 -------- d-----w- C:\Users\Amit\AppData\Local\DownTango
    2013-01-13 16:31:41 -------- d-----w- C:\Program Files (x86)\Red Sky
    2013-01-13 16:15:39 -------- d-----w- C:\ProgramData\Emicsoft Studio
    2013-01-12 18:50:19 -------- d-----w- C:\Windows\pss
    2013-01-12 18:12:12 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
    2013-01-12 17:48:33 294992 ----a-w- C:\Windows\System32\drivers\volsnap.sys
    2013-01-11 23:55:43 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
    2013-01-11 23:55:43 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
    2013-01-11 23:55:35 413448 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
    2013-01-11 23:55:30 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
    2013-01-11 23:55:30 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2013-01-11 23:54:42 -------- d-----w- C:\ProgramData\PC Tools
    2013-01-11 23:54:39 -------- d-----w- C:\Users\Amit\AppData\Roaming\TestApp
    2013-01-10 21:09:28 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
    2013-01-10 21:09:24 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2013-01-10 18:55:11 -------- d-----w- C:\Users\Amit\AppData\Roaming\SUPERAntiSpyware.com
    2013-01-10 18:55:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2013-01-10 18:55:04 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2013-01-10 18:26:05 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-01-10 18:18:51 -------- d-----w- C:\Users\Amit\AppData\Roaming\Malwarebytes
    2013-01-10 18:18:35 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-10 18:18:34 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-01-10 18:18:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-10 18:18:27 -------- d-----w- C:\Users\Amit\AppData\Local\Programs
    2013-01-09 20:48:23 -------- d-----w- C:\ProgramData\fssg
    2013-01-09 20:46:13 -------- d-----w- C:\ProgramData\f-secure
    2013-01-08 18:46:48 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2013-01-08 18:30:57 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
    2013-01-07 20:07:21 118784 --sha-r- C:\Windows\SysWow64\zh-HK1.dll
    2012-12-29 15:38:38 31344 ----a-w- C:\Windows\System32\drivers\OLD cnnctfy2.sys
    2012-12-21 23:31:05 -------- d-----w- C:\Program Files (x86)\CardRecovery
    2012-12-21 22:51:24 -------- d-----w- C:\Program Files (x86)\Stellar Phoenix Photo Recovery
    2012-12-18 20:07:11 106240 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2013-01-10 18:42:59 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-10 18:42:59 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-19 17:39:57 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-11-19 17:39:57 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-11-15 23:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-10-22 13:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    .
    ============= FINISH: 20:37:21.38 ===============



    SECOND ATTACHMENT
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Acoustica MP3 Audio Mixer
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 9.5.3 MUI
    Adobe Shockwave Player 11.5
    Agatha Christie - Death on the Nile
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2012
    AVG 2013
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    CardRecovery 5.30
    Chuzzle Deluxe
    Cool MP3 Splitter 2.02
    CyberLink DVD Suite
    CyberLink PowerDVD 9
    CyberLink YouCam
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DivX Setup
    Dora's Carnival Adventure
    Emicsoft FLV Converter
    Escape Rosecliff Island
    ESET Online Scanner v3
    ESU for Microsoft Windows 7
    FATE
    FileLab Plugin 1.1.33
    Final Drive Nitro
    Fotosizer 1.34
    Free DVD Video Burner version 3.1.3.1206
    Free Screen To Video V 2.0
    Free Video Flip and Rotate version 2.0.3.412
    HP Customer Experience Enhancements
    HP Documentation
    HP Game Console
    HP Games
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Software Framework
    HP Support Assistant
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    iPhoneModem
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20 (64-bit)
    Java(TM) 6 Update 37
    Jewel Quest - Heritage
    Junk Mail filter update
    LightScribe System Software
    Magic Desktop
    Malwarebytes Anti-Malware version 1.70.0.1100
    McAfee Security Scan Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Home and Business 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Mozilla Firefox 16.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVC80_x64_v2
    MSVC80_x86_v2
    MSVCRT
    Nitro PDF Reader
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Norton Internet Security
    OJOsoft Audio Converter
    Orbit Downloader
    PC Connectivity Solution
    PDF Settings CS5
    Penguins!
    PhotoNow!
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PrimoPDF -- brought to you by Nitro PDF Software
    QuickTime
    RAR Password Recovery v1.1 RC17 (remove only)
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    Recovery Manager
    RtVOsd
    Safari
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2345000)
    Skype¬ô 5.5
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    TMPGEnc DVD Author 1.6
    Trojan Killer
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.6195
    VCDS-Lite 1.1
    VCDS Release 805.1
    Virtual Villagers - The Secret City
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.0.1
    Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
    Windows Driver Package - Nokia Modem (10/07/2010 4.6)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB (09/29/2009 2.0.0.0)
    Windows Driver Package - Ross-Tech USB Driver Package (11/16/2007 6.0.2.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Movie Maker 2.6
    WinRAR 4.01 (32-bit)
    WinZip 15.5
    Zuma Deluxe
    .
    ==== End Of File ===========================


    Thanks in advance for looking into this for me.

     
  2. amz84uk

    amz84uk Thread Starter

    Joined:
    Jan 14, 2013
    Messages:
    11
    BUMP!

    Could anyone help please?
     
  3. amz84uk

    amz84uk Thread Starter

    Joined:
    Jan 14, 2013
    Messages:
    11
    BUMP. Can anyone help please?
     
  4. amz84uk

    amz84uk Thread Starter

    Joined:
    Jan 14, 2013
    Messages:
    11
    BUMP again
     
  5. amz84uk

    amz84uk Thread Starter

    Joined:
    Jan 14, 2013
    Messages:
    11
    Bump bump bump
     
  6. amz84uk

    amz84uk Thread Starter

    Joined:
    Jan 14, 2013
    Messages:
    11
    bump bump
     
  7. amz84uk

    amz84uk Thread Starter

    Joined:
    Jan 14, 2013
    Messages:
    11
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  9. amz84uk

    amz84uk Thread Starter

    Joined:
    Jan 14, 2013
    Messages:
    11
    Hi dvk01, thanks for taking the time to message back on here.

    I have run the TDSS Killer and no issues detected. Log as follows;


    17:46:09.0120 8608 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    17:46:09.0432 8608 ============================================================
    17:46:09.0432 8608 Current date / time: 2013/02/01 17:46:09.0432
    17:46:09.0432 8608 SystemInfo:
    17:46:09.0432 8608
    17:46:09.0432 8608 OS Version: 6.1.7600 ServicePack: 0.0
    17:46:09.0432 8608 Product type: Workstation
    17:46:09.0432 8608 ComputerName: AMIT-HP
    17:46:09.0432 8608 UserName: Amit
    17:46:09.0432 8608 Windows directory: C:\Windows
    17:46:09.0432 8608 System windows directory: C:\Windows
    17:46:09.0432 8608 Running under WOW64
    17:46:09.0432 8608 Processor architecture: Intel x64
    17:46:09.0432 8608 Number of processors: 4
    17:46:09.0432 8608 Page size: 0x1000
    17:46:09.0432 8608 Boot type: Normal boot
    17:46:09.0432 8608 ============================================================
    17:46:15.0362 8608 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:46:15.0876 8608 Drive \Device\Harddisk1\DR1 - Size: 0x3CAE00000 (15.17 Gb), SectorSize: 0x200, Cylinders: 0x7BC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    17:46:15.0876 8608 ============================================================
    17:46:15.0876 8608 \Device\Harddisk0\DR0:
    17:46:16.0032 8608 MBR partitions:
    17:46:16.0032 8608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    17:46:16.0032 8608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38382800
    17:46:16.0032 8608 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x383E6800, BlocksNum 0x1F6B800
    17:46:16.0032 8608 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xE, StartLBA 0x3A355B35, BlocksNum 0x2F10C
    17:46:16.0032 8608 \Device\Harddisk1\DR1:
    17:46:16.0048 8608 MBR partitions:
    17:46:16.0048 8608 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1E55000
    17:46:16.0048 8608 ============================================================
    17:46:16.0750 8608 C: <-> \Device\Harddisk0\DR0\Partition2
    17:46:21.0383 8608 D: <-> \Device\Harddisk0\DR0\Partition3
    17:46:21.0383 8608 ============================================================
    17:46:21.0383 8608 Initialize success
    17:46:21.0383 8608 ============================================================
    17:46:23.0832 5500 ============================================================
    17:46:23.0832 5500 Scan started
    17:46:23.0832 5500 Mode: Manual;
    17:46:23.0832 5500 ============================================================
    17:46:32.0241 5500 ================ Scan system memory ========================
    17:46:32.0241 5500 System memory - ok
    17:46:32.0241 5500 ================ Scan services =============================
    17:46:32.0475 5500 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    17:46:32.0522 5500 !SASCORE - ok
    17:46:33.0957 5500 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    17:46:34.0160 5500 1394ohci - ok
    17:46:34.0222 5500 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    17:46:34.0222 5500 ACPI - ok
    17:46:34.0300 5500 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    17:46:34.0316 5500 AcpiPmi - ok
    17:46:34.0440 5500 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    17:46:34.0487 5500 adp94xx - ok
    17:46:34.0550 5500 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    17:46:34.0565 5500 adpahci - ok
    17:46:34.0612 5500 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    17:46:34.0643 5500 adpu320 - ok
    17:46:34.0674 5500 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    17:46:34.0674 5500 AeLookupSvc - ok
    17:46:34.0846 5500 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    17:46:34.0862 5500 AERTFilters - ok
    17:46:35.0002 5500 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
    17:46:35.0096 5500 AFD - ok
    17:46:35.0267 5500 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    17:46:35.0330 5500 AgereSoftModem - ok
    17:46:35.0376 5500 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    17:46:35.0392 5500 agp440 - ok
    17:46:35.0439 5500 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    17:46:35.0439 5500 ALG - ok
    17:46:35.0501 5500 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    17:46:35.0501 5500 aliide - ok
    17:46:35.0548 5500 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    17:46:35.0548 5500 amdide - ok
    17:46:35.0579 5500 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    17:46:35.0595 5500 AmdK8 - ok
    17:46:35.0626 5500 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    17:46:35.0626 5500 AmdPPM - ok
    17:46:35.0657 5500 [ AB3166C09438A161FBDE13099A72E0AF ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
    17:46:35.0657 5500 amdsata - ok
    17:46:35.0673 5500 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    17:46:35.0673 5500 amdsbs - ok
    17:46:35.0688 5500 [ 5118DCD2065D8C8D752AD5EC0B2D6AA6 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
    17:46:35.0688 5500 amdxata - ok
    17:46:35.0735 5500 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    17:46:35.0735 5500 AppID - ok
    17:46:35.0766 5500 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    17:46:35.0766 5500 AppIDSvc - ok
    17:46:35.0782 5500 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    17:46:35.0813 5500 Appinfo - ok
    17:46:35.0969 5500 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    17:46:35.0985 5500 Apple Mobile Device - ok
    17:46:36.0032 5500 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    17:46:36.0047 5500 arc - ok
    17:46:36.0063 5500 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    17:46:36.0078 5500 arcsas - ok
    17:46:36.0094 5500 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    17:46:36.0094 5500 AsyncMac - ok
    17:46:36.0110 5500 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    17:46:36.0110 5500 atapi - ok
    17:46:36.0156 5500 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    17:46:36.0172 5500 AudioEndpointBuilder - ok
    17:46:36.0172 5500 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    17:46:36.0188 5500 AudioSrv - ok
    17:46:36.0390 5500 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    17:46:36.0422 5500 AVGIDSAgent - ok
    17:46:36.0453 5500 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    17:46:36.0468 5500 AVGIDSDriver - ok
    17:46:36.0515 5500 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    17:46:36.0515 5500 AVGIDSHA - ok
    17:46:36.0578 5500 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    17:46:36.0578 5500 Avgldx64 - ok
    17:46:36.0765 5500 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    17:46:36.0905 5500 Avgloga - ok
    17:46:36.0936 5500 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    17:46:36.0968 5500 Avgmfx64 - ok
    17:46:37.0030 5500 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    17:46:37.0030 5500 Avgrkx64 - ok
    17:46:37.0046 5500 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    17:46:37.0092 5500 Avgtdia - ok
    17:46:37.0155 5500 [ D9F75C9B11E4629D7B4C6139BA51D87F ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    17:46:37.0202 5500 avgtp - ok
    17:46:37.0248 5500 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    17:46:37.0248 5500 avgwd - ok
    17:46:37.0295 5500 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    17:46:37.0295 5500 AxInstSV - ok
    17:46:37.0342 5500 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    17:46:37.0373 5500 b06bdrv - ok
    17:46:37.0420 5500 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:46:37.0436 5500 b57nd60a - ok
    17:46:37.0654 5500 [ 810BE94A9E42309B3F74217AC28BC6AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    17:46:37.0748 5500 BCM43XX - ok
    17:46:37.0779 5500 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    17:46:37.0794 5500 BDESVC - ok
    17:46:37.0810 5500 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    17:46:37.0810 5500 Beep - ok
    17:46:37.0857 5500 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
    17:46:37.0888 5500 BFE - ok
    17:46:38.0106 5500 [ C823ADEEDD3AE6F3DB52B6152E5789CF ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110723.001\BHDrvx64.sys
    17:46:38.0153 5500 BHDrvx64 - ok
    17:46:38.0294 5500 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
    17:46:38.0387 5500 BITS - ok
    17:46:38.0418 5500 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    17:46:38.0418 5500 blbdrive - ok
    17:46:38.0496 5500 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    17:46:38.0512 5500 Bonjour Service - ok
    17:46:38.0543 5500 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    17:46:38.0574 5500 bowser - ok
    17:46:38.0637 5500 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:46:38.0637 5500 BrFiltLo - ok
    17:46:38.0652 5500 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:46:38.0668 5500 BrFiltUp - ok
    17:46:38.0684 5500 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    17:46:38.0699 5500 BridgeMP - ok
    17:46:38.0730 5500 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
    17:46:38.0746 5500 Browser - ok
    17:46:38.0762 5500 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    17:46:38.0777 5500 Brserid - ok
    17:46:38.0855 5500 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    17:46:38.0871 5500 BrSerWdm - ok
    17:46:38.0886 5500 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:46:38.0886 5500 BrUsbMdm - ok
    17:46:38.0902 5500 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    17:46:38.0902 5500 BrUsbSer - ok
    17:46:38.0949 5500 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    17:46:38.0949 5500 BthEnum - ok
    17:46:38.0980 5500 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    17:46:38.0980 5500 BTHMODEM - ok
    17:46:39.0042 5500 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    17:46:39.0042 5500 BthPan - ok
    17:46:39.0089 5500 [ E10D1912634974EA273A1588C75CCB76 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    17:46:39.0105 5500 BTHPORT - ok
    17:46:39.0136 5500 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    17:46:39.0152 5500 bthserv - ok
    17:46:39.0167 5500 [ 19B784B6ECBB3ADBB2242700FEE90BEC ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    17:46:39.0183 5500 BTHUSB - ok
    17:46:39.0214 5500 catchme - ok
    17:46:39.0230 5500 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    17:46:39.0245 5500 cdfs - ok
    17:46:39.0292 5500 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    17:46:39.0292 5500 cdrom - ok
    17:46:39.0323 5500 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    17:46:39.0323 5500 CertPropSvc - ok
    17:46:39.0339 5500 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    17:46:39.0339 5500 circlass - ok
    17:46:39.0386 5500 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    17:46:39.0401 5500 CLFS - ok
    17:46:39.0479 5500 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:46:39.0495 5500 clr_optimization_v2.0.50727_32 - ok
    17:46:39.0573 5500 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:46:39.0573 5500 clr_optimization_v2.0.50727_64 - ok
    17:46:39.0651 5500 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:46:39.0713 5500 clr_optimization_v4.0.30319_32 - ok
    17:46:39.0760 5500 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:46:39.0776 5500 clr_optimization_v4.0.30319_64 - ok
    17:46:39.0791 5500 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    17:46:39.0791 5500 CmBatt - ok
    17:46:39.0807 5500 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    17:46:39.0807 5500 cmdide - ok
    17:46:39.0838 5500 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
    17:46:39.0854 5500 CNG - ok
    17:46:39.0869 5500 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    17:46:39.0885 5500 Compbatt - ok
    17:46:39.0885 5500 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    17:46:39.0900 5500 CompositeBus - ok
    17:46:39.0900 5500 COMSysApp - ok
    17:46:39.0932 5500 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    17:46:39.0947 5500 crcdisk - ok
    17:46:40.0010 5500 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
    17:46:40.0025 5500 CryptSvc - ok
    17:46:40.0072 5500 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    17:46:40.0088 5500 DcomLaunch - ok
    17:46:40.0150 5500 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    17:46:40.0228 5500 defragsvc - ok
    17:46:40.0259 5500 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    17:46:40.0306 5500 DfsC - ok
    17:46:40.0337 5500 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    17:46:40.0337 5500 Dhcp - ok
    17:46:40.0368 5500 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    17:46:40.0368 5500 discache - ok
    17:46:40.0400 5500 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    17:46:40.0415 5500 Disk - ok
    17:46:40.0431 5500 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
    17:46:40.0478 5500 Dnscache - ok
    17:46:40.0509 5500 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    17:46:40.0509 5500 dot3svc - ok
    17:46:40.0524 5500 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    17:46:40.0524 5500 DPS - ok
    17:46:40.0556 5500 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    17:46:40.0571 5500 drmkaud - ok
    17:46:40.0618 5500 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    17:46:40.0649 5500 DXGKrnl - ok
    17:46:40.0665 5500 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    17:46:40.0680 5500 EapHost - ok
    17:46:40.0836 5500 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    17:46:40.0930 5500 ebdrv - ok
    17:46:40.0992 5500 [ 5E3A50930447F464C66032E05A4632F5 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    17:46:40.0992 5500 eeCtrl - ok
    17:46:41.0024 5500 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
    17:46:41.0039 5500 EFS - ok
    17:46:41.0164 5500 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    17:46:41.0273 5500 ehRecvr - ok
    17:46:41.0304 5500 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    17:46:41.0351 5500 ehSched - ok
    17:46:41.0398 5500 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    17:46:41.0398 5500 elxstor - ok
    17:46:41.0445 5500 [ DCB76ECC6B50A266FDC16E1963AB98CE ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    17:46:41.0460 5500 EraserUtilRebootDrv - ok
    17:46:41.0460 5500 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    17:46:41.0476 5500 ErrDev - ok
    17:46:41.0523 5500 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    17:46:41.0523 5500 EventSystem - ok
    17:46:41.0554 5500 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    17:46:41.0554 5500 exfat - ok
    17:46:41.0570 5500 ezSharedSvc - ok
    17:46:41.0601 5500 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    17:46:41.0601 5500 fastfat - ok
    17:46:41.0632 5500 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    17:46:41.0679 5500 Fax - ok
    17:46:41.0694 5500 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    17:46:41.0694 5500 fdc - ok
    17:46:41.0741 5500 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    17:46:41.0741 5500 fdPHost - ok
    17:46:41.0772 5500 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    17:46:41.0772 5500 FDResPub - ok
    17:46:41.0804 5500 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    17:46:41.0804 5500 FileInfo - ok
    17:46:41.0819 5500 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    17:46:41.0819 5500 Filetrace - ok
    17:46:41.0835 5500 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    17:46:41.0835 5500 flpydisk - ok
    17:46:41.0850 5500 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    17:46:41.0866 5500 FltMgr - ok
    17:46:41.0928 5500 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
    17:46:41.0960 5500 FontCache - ok
    17:46:42.0006 5500 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:46:42.0006 5500 FontCache3.0.0.0 - ok
    17:46:42.0038 5500 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    17:46:42.0038 5500 FsDepends - ok
    17:46:42.0069 5500 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    17:46:42.0069 5500 Fs_Rec - ok
    17:46:42.0116 5500 [ 35FD2BB5131714E657B7AB3A78642854 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
    17:46:42.0116 5500 FTDIBUS - ok
    17:46:42.0131 5500 [ 196C9BDDBEF9B6D0973F398BEF5B2EEE ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
    17:46:42.0131 5500 FTSER2K - ok
    17:46:42.0178 5500 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    17:46:42.0178 5500 fvevol - ok
    17:46:42.0209 5500 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:46:42.0225 5500 gagp30kx - ok
    17:46:42.0272 5500 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    17:46:42.0287 5500 GameConsoleService - ok
    17:46:42.0303 5500 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:46:42.0303 5500 GEARAspiWDM - ok
    17:46:42.0365 5500 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    17:46:42.0381 5500 gpsvc - ok
    17:46:42.0396 5500 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    17:46:42.0443 5500 hcw85cir - ok
    17:46:42.0474 5500 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    17:46:42.0490 5500 HdAudAddService - ok
    17:46:42.0506 5500 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:46:42.0506 5500 HDAudBus - ok
    17:46:42.0537 5500 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    17:46:42.0537 5500 HECIx64 - ok
    17:46:42.0537 5500 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    17:46:42.0552 5500 HidBatt - ok
    17:46:42.0552 5500 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    17:46:42.0552 5500 HidBth - ok
    17:46:42.0568 5500 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    17:46:42.0568 5500 HidIr - ok
    17:46:42.0599 5500 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    17:46:42.0599 5500 hidserv - ok
    17:46:42.0708 5500 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    17:46:42.0708 5500 HidUsb - ok
    17:46:42.0755 5500 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    17:46:42.0755 5500 hkmsvc - ok
    17:46:42.0864 5500 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    17:46:42.0864 5500 HomeGroupListener - ok
    17:46:42.0896 5500 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    17:46:42.0911 5500 HomeGroupProvider - ok
    17:46:43.0020 5500 [ 45A12CACB97B4F15858FCFD59355A1E9 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    17:46:43.0067 5500 HP Health Check Service - ok
    17:46:43.0130 5500 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    17:46:43.0130 5500 HP Wireless Assistant Service - ok
    17:46:43.0239 5500 [ D17F9E527F01770BD04A9223BC40EC22 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    17:46:43.0239 5500 HPDrvMntSvc.exe - ok
    17:46:43.0301 5500 [ 0955C23C041451FB4E7099D6B2CF1C06 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    17:46:43.0301 5500 hpqwmiex - ok
    17:46:43.0348 5500 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    17:46:43.0348 5500 HpSAMD - ok
    17:46:43.0410 5500 [ 171000873EB522E5EA3DD4C4E0B689B2 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    17:46:43.0426 5500 HPWMISVC - ok
    17:46:43.0457 5500 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    17:46:43.0488 5500 HTTP - ok
    17:46:43.0488 5500 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    17:46:43.0488 5500 hwpolicy - ok
    17:46:43.0504 5500 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    17:46:43.0520 5500 i8042prt - ok
    17:46:43.0566 5500 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    17:46:43.0566 5500 iaStor - ok
    17:46:43.0629 5500 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    17:46:43.0629 5500 IAStorDataMgrSvc - ok
    17:46:43.0660 5500 [ 513DC087CFED7D2BB82F005385D3531F ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
    17:46:43.0660 5500 iaStorV - ok
    17:46:43.0863 5500 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:46:43.0910 5500 idsvc - ok
    17:46:43.0988 5500 [ D321FF68FF6986BCC18FE85943CB55EF ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110812.030\IDSvia64.sys
    17:46:43.0988 5500 IDSVia64 - ok
    17:46:44.0424 5500 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:46:44.0752 5500 igfx - ok
    17:46:44.0892 5500 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    17:46:44.0892 5500 iirsp - ok
    17:46:45.0002 5500 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    17:46:45.0033 5500 IKEEXT - ok
    17:46:45.0189 5500 [ E76FDFFF07F8A2FA81FF250DDA0F6BBA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    17:46:45.0329 5500 IntcAzAudAddService - ok
    17:46:45.0485 5500 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    17:46:45.0704 5500 IntcDAud - ok
    17:46:45.0797 5500 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    17:46:45.0797 5500 intelide - ok
    17:46:45.0875 5500 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    17:46:45.0875 5500 intelppm - ok
    17:46:46.0031 5500 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    17:46:46.0047 5500 IPBusEnum - ok
    17:46:46.0094 5500 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:46:46.0094 5500 IpFilterDriver - ok
    17:46:46.0374 5500 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    17:46:46.0452 5500 iphlpsvc - ok
    17:46:46.0499 5500 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    17:46:46.0515 5500 IPMIDRV - ok
    17:46:46.0593 5500 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    17:46:46.0608 5500 IPNAT - ok
    17:46:46.0780 5500 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    17:46:46.0796 5500 iPod Service - ok
    17:46:46.0827 5500 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    17:46:46.0827 5500 IRENUM - ok
    17:46:46.0842 5500 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    17:46:46.0842 5500 isapnp - ok
    17:46:46.0874 5500 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    17:46:46.0874 5500 iScsiPrt - ok
    17:46:46.0889 5500 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    17:46:46.0889 5500 kbdclass - ok
    17:46:46.0905 5500 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    17:46:46.0905 5500 kbdhid - ok
    17:46:46.0936 5500 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
    17:46:46.0936 5500 KeyIso - ok
    17:46:46.0952 5500 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    17:46:46.0967 5500 KSecDD - ok
    17:46:46.0983 5500 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    17:46:46.0983 5500 KSecPkg - ok
    17:46:47.0014 5500 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    17:46:47.0014 5500 ksthunk - ok
    17:46:47.0045 5500 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    17:46:47.0045 5500 KtmRm - ok
    17:46:47.0092 5500 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
    17:46:47.0108 5500 LanmanServer - ok
    17:46:47.0123 5500 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    17:46:47.0139 5500 LanmanWorkstation - ok
    17:46:47.0170 5500 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    17:46:47.0170 5500 lltdio - ok
    17:46:47.0201 5500 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    17:46:47.0217 5500 lltdsvc - ok
    17:46:47.0232 5500 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    17:46:47.0232 5500 lmhosts - ok
    17:46:47.0295 5500 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    17:46:47.0295 5500 LMS - ok
    17:46:47.0342 5500 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:46:47.0342 5500 LSI_FC - ok
    17:46:47.0357 5500 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:46:47.0357 5500 LSI_SAS - ok
    17:46:47.0388 5500 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:46:47.0388 5500 LSI_SAS2 - ok
    17:46:47.0404 5500 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:46:47.0404 5500 LSI_SCSI - ok
    17:46:47.0435 5500 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    17:46:47.0435 5500 luafv - ok
    17:46:47.0591 5500 [ C58F15CD4EF79210455512CF0C449F39 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe
    17:46:47.0607 5500 McComponentHostService - ok
    17:46:47.0638 5500 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    17:46:47.0638 5500 Mcx2Svc - ok
    17:46:47.0685 5500 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    17:46:47.0685 5500 megasas - ok
    17:46:47.0747 5500 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    17:46:47.0763 5500 MegaSR - ok
    17:46:47.0872 5500 Microsoft SharePoint Workspace Audit Service - ok
    17:46:47.0903 5500 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    17:46:47.0903 5500 MMCSS - ok
    17:46:47.0934 5500 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    17:46:47.0934 5500 Modem - ok
    17:46:47.0950 5500 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    17:46:47.0950 5500 monitor - ok
    17:46:47.0966 5500 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    17:46:47.0966 5500 mouclass - ok
    17:46:47.0981 5500 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    17:46:47.0981 5500 mouhid - ok
    17:46:47.0997 5500 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    17:46:47.0997 5500 mountmgr - ok
    17:46:48.0028 5500 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    17:46:48.0044 5500 MozillaMaintenance - ok
    17:46:48.0106 5500 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    17:46:48.0106 5500 MpFilter - ok
    17:46:48.0122 5500 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    17:46:48.0137 5500 mpio - ok
    17:46:48.0153 5500 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    17:46:48.0168 5500 mpsdrv - ok
    17:46:48.0231 5500 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
    17:46:48.0262 5500 MpsSvc - ok
    17:46:48.0293 5500 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    17:46:48.0293 5500 MRxDAV - ok
    17:46:48.0324 5500 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:46:48.0340 5500 mrxsmb - ok
    17:46:48.0402 5500 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:46:48.0402 5500 mrxsmb10 - ok
    17:46:48.0434 5500 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:46:48.0434 5500 mrxsmb20 - ok
    17:46:48.0465 5500 [ 5E939CF91EA4A841DBAFE4627E0292BB ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    17:46:48.0465 5500 msahci - ok
    17:46:48.0496 5500 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    17:46:48.0496 5500 msdsm - ok
    17:46:48.0512 5500 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    17:46:48.0512 5500 MSDTC - ok
    17:46:48.0543 5500 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    17:46:48.0543 5500 Msfs - ok
    17:46:48.0543 5500 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    17:46:48.0543 5500 mshidkmdf - ok
    17:46:48.0558 5500 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    17:46:48.0558 5500 msisadrv - ok
    17:46:48.0590 5500 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    17:46:48.0605 5500 MSiSCSI - ok
    17:46:48.0605 5500 msiserver - ok
    17:46:48.0636 5500 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    17:46:48.0636 5500 MSKSSRV - ok
    17:46:48.0714 5500 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    17:46:48.0730 5500 MsMpSvc - ok
    17:46:48.0777 5500 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    17:46:48.0777 5500 MSPCLOCK - ok
    17:46:48.0792 5500 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    17:46:48.0792 5500 MSPQM - ok
    17:46:48.0808 5500 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    17:46:48.0824 5500 MsRPC - ok
    17:46:48.0824 5500 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    17:46:48.0824 5500 mssmbios - ok
    17:46:48.0839 5500 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    17:46:48.0855 5500 MSTEE - ok
    17:46:48.0855 5500 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    17:46:48.0855 5500 MTConfig - ok
    17:46:48.0870 5500 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    17:46:48.0870 5500 Mup - ok
    17:46:48.0902 5500 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    17:46:48.0902 5500 napagent - ok
    17:46:48.0948 5500 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    17:46:48.0964 5500 NativeWifiP - ok
    17:46:49.0026 5500 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110812.048\ENG64.SYS
    17:46:49.0042 5500 NAVENG - ok
    17:46:49.0104 5500 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110812.048\EX64.SYS
    17:46:49.0167 5500 NAVEX15 - ok
    17:46:49.0245 5500 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    17:46:49.0292 5500 NDIS - ok
    17:46:49.0307 5500 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    17:46:49.0307 5500 NdisCap - ok
    17:46:49.0338 5500 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    17:46:49.0338 5500 NdisTapi - ok
    17:46:49.0354 5500 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    17:46:49.0354 5500 Ndisuio - ok
    17:46:49.0385 5500 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    17:46:49.0385 5500 NdisWan - ok
    17:46:49.0401 5500 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    17:46:49.0416 5500 NDProxy - ok
    17:46:49.0448 5500 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
    17:46:49.0494 5500 Netaapl - ok
    17:46:49.0510 5500 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    17:46:49.0510 5500 NetBIOS - ok
    17:46:49.0541 5500 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    17:46:49.0541 5500 NetBT - ok
    17:46:49.0572 5500 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
    17:46:49.0572 5500 Netlogon - ok
    17:46:49.0619 5500 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    17:46:49.0635 5500 Netman - ok
    17:46:49.0650 5500 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    17:46:49.0666 5500 netprofm - ok
    17:46:49.0728 5500 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    17:46:49.0744 5500 NetTcpPortSharing - ok
    17:46:49.0947 5500 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    17:46:50.0103 5500 netw5v64 - ok
    17:46:50.0134 5500 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    17:46:50.0134 5500 nfrd960 - ok
    17:46:50.0212 5500 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
    17:46:50.0228 5500 NIS - ok
    17:46:50.0290 5500 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    17:46:50.0352 5500 NisDrv - ok
    17:46:50.0415 5500 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    17:46:50.0415 5500 NisSrv - ok
    17:46:50.0540 5500 [ 61EDEE7F29249640A3CF8D7A23E917CC ] NitroReaderDriverReadSpool C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
    17:46:50.0555 5500 NitroReaderDriverReadSpool - ok
    17:46:50.0602 5500 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    17:46:50.0618 5500 NlaSvc - ok
    17:46:50.0664 5500 [ 903681BAB213D5F84717C0FC42AFB28A ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
    17:46:50.0680 5500 nmwcd - ok
    17:46:50.0711 5500 [ EC4C5EBD003E0395BF4EA5A2EFD13CE6 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
    17:46:50.0711 5500 nmwcdc - ok
    17:46:50.0742 5500 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    17:46:50.0742 5500 Npfs - ok
    17:46:50.0774 5500 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    17:46:50.0774 5500 nsi - ok
    17:46:50.0774 5500 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    17:46:50.0789 5500 nsiproxy - ok
    17:46:50.0930 5500 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    17:46:50.0976 5500 Ntfs - ok
    17:46:51.0008 5500 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    17:46:51.0008 5500 Null - ok
    17:46:51.0039 5500 [ DEAB10231CBDB0881FC25428EBE11506 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
    17:46:51.0039 5500 nvraid - ok
    17:46:51.0054 5500 [ 0AF7B8136794E23E87BE138992880E64 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
    17:46:51.0070 5500 nvstor - ok
    17:46:51.0101 5500 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    17:46:51.0101 5500 nv_agp - ok
    17:46:51.0117 5500 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    17:46:51.0117 5500 ohci1394 - ok
    17:46:51.0179 5500 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:46:51.0179 5500 ose - ok
    17:46:51.0398 5500 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    17:46:51.0522 5500 osppsvc - ok
    17:46:51.0554 5500 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    17:46:51.0569 5500 p2pimsvc - ok
    17:46:51.0600 5500 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    17:46:51.0600 5500 p2psvc - ok
    17:46:51.0632 5500 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    17:46:51.0632 5500 Parport - ok
    17:46:51.0663 5500 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    17:46:51.0663 5500 partmgr - ok
    17:46:51.0694 5500 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    17:46:51.0694 5500 PcaSvc - ok
    17:46:51.0741 5500 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
    17:46:51.0741 5500 pccsmcfd - ok
    17:46:51.0772 5500 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    17:46:51.0772 5500 pci - ok
    17:46:51.0788 5500 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    17:46:51.0788 5500 pciide - ok
    17:46:51.0803 5500 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    17:46:51.0803 5500 pcmcia - ok
    17:46:51.0850 5500 [ 0012046DEE36BF3D241F027B4417B433 ] PCTCore C:\Windows\system32\drivers\PCTCore64.sys
    17:46:51.0897 5500 PCTCore - ok
    17:46:51.0928 5500 [ BA1F42A42F405F62CEFF6B69A2797F7C ] pctDS C:\Windows\system32\drivers\pctDS64.sys
    17:46:51.0944 5500 pctDS - ok
    17:46:51.0975 5500 [ 146CC91C93CED13E7FE40E8D8615BE39 ] pctEFA C:\Windows\system32\drivers\pctEFA64.sys
    17:46:52.0037 5500 pctEFA - ok
    17:46:52.0068 5500 [ DB2BA2D9585101947C5A60D785A63491 ] PCTSD C:\Windows\system32\Drivers\PCTSD64.sys
    17:46:52.0115 5500 PCTSD - ok
    17:46:52.0146 5500 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    17:46:52.0162 5500 pcw - ok
    17:46:52.0178 5500 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    17:46:52.0193 5500 PEAUTH - ok
    17:46:52.0287 5500 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    17:46:52.0287 5500 PerfHost - ok
    17:46:52.0349 5500 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    17:46:52.0396 5500 pla - ok
    17:46:52.0443 5500 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    17:46:52.0458 5500 PlugPlay - ok
    17:46:52.0505 5500 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    17:46:52.0521 5500 PNRPAutoReg - ok
    17:46:52.0536 5500 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    17:46:52.0536 5500 PNRPsvc - ok
    17:46:52.0568 5500 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    17:46:52.0583 5500 PolicyAgent - ok
    17:46:52.0630 5500 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    17:46:52.0630 5500 Power - ok
    17:46:52.0661 5500 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    17:46:52.0661 5500 PptpMiniport - ok
    17:46:52.0692 5500 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    17:46:52.0692 5500 Processor - ok
    17:46:52.0770 5500 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
    17:46:52.0786 5500 ProfSvc - ok
    17:46:52.0833 5500 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
    17:46:52.0833 5500 ProtectedStorage - ok
    17:46:52.0880 5500 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    17:46:52.0880 5500 Psched - ok
    17:46:52.0911 5500 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    17:46:52.0973 5500 ql2300 - ok
    17:46:52.0989 5500 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    17:46:52.0989 5500 ql40xx - ok
    17:46:53.0004 5500 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    17:46:53.0020 5500 QWAVE - ok
    17:46:53.0036 5500 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    17:46:53.0036 5500 QWAVEdrv - ok
    17:46:53.0051 5500 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    17:46:53.0051 5500 RasAcd - ok
    17:46:53.0082 5500 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:46:53.0098 5500 RasAgileVpn - ok
    17:46:53.0129 5500 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    17:46:53.0145 5500 RasAuto - ok
    17:46:53.0160 5500 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:46:53.0160 5500 Rasl2tp - ok
    17:46:53.0192 5500 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    17:46:53.0207 5500 RasMan - ok
    17:46:53.0207 5500 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    17:46:53.0207 5500 RasPppoe - ok
    17:46:53.0223 5500 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    17:46:53.0223 5500 RasSstp - ok
    17:46:53.0270 5500 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    17:46:53.0270 5500 rdbss - ok
    17:46:53.0332 5500 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    17:46:53.0332 5500 rdpbus - ok
    17:46:53.0348 5500 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:46:53.0348 5500 RDPCDD - ok
    17:46:53.0363 5500 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    17:46:53.0363 5500 RDPENCDD - ok
    17:46:53.0379 5500 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    17:46:53.0379 5500 RDPREFMP - ok
    17:46:53.0394 5500 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    17:46:53.0426 5500 RDPWD - ok
    17:46:53.0457 5500 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    17:46:53.0472 5500 rdyboost - ok
    17:46:53.0504 5500 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    17:46:53.0504 5500 RemoteAccess - ok
    17:46:53.0535 5500 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    17:46:53.0550 5500 RemoteRegistry - ok
    17:46:53.0582 5500 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    17:46:53.0597 5500 RFCOMM - ok
    17:46:53.0613 5500 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    17:46:53.0628 5500 RpcEptMapper - ok
    17:46:53.0644 5500 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    17:46:53.0660 5500 RpcLocator - ok
    17:46:53.0691 5500 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\System32\rpcss.dll
    17:46:53.0691 5500 RpcSs - ok
    17:46:53.0753 5500 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    17:46:53.0753 5500 rspndr - ok
    17:46:53.0816 5500 [ 79BAD3E977966AF21DF982DEF5A99C76 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    17:46:53.0831 5500 RSUSBSTOR - ok
    17:46:53.0878 5500 [ 0AD34E88A9C314D9F4D34EEBBCDA1E6B ] RT-USB C:\Windows\system32\drivers\RT-USB64.SYS
    17:46:53.0909 5500 RT-USB - ok
    17:46:53.0987 5500 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    17:46:54.0003 5500 RTL8167 - ok
    17:46:54.0018 5500 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
    17:46:54.0018 5500 SamSs - ok
    17:46:54.0096 5500 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    17:46:54.0112 5500 SASDIFSV - ok
    17:46:54.0143 5500 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    17:46:54.0159 5500 SASKUTIL - ok
    17:46:54.0190 5500 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    17:46:54.0190 5500 sbp2port - ok
    17:46:54.0237 5500 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    17:46:54.0237 5500 SCardSvr - ok
    17:46:54.0268 5500 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    17:46:54.0268 5500 scfilter - ok
    17:46:54.0315 5500 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
    17:46:54.0346 5500 Schedule - ok
    17:46:54.0377 5500 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    17:46:54.0377 5500 SCPolicySvc - ok
    17:46:54.0393 5500 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    17:46:54.0393 5500 sdbus - ok
    17:46:54.0424 5500 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    17:46:54.0455 5500 SDRSVC - ok
    17:46:54.0455 5500 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    17:46:54.0471 5500 secdrv - ok
    17:46:54.0471 5500 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    17:46:54.0471 5500 seclogon - ok
    17:46:54.0502 5500 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    17:46:54.0502 5500 SENS - ok
    17:46:54.0533 5500 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    17:46:54.0533 5500 SensrSvc - ok
    17:46:54.0564 5500 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    17:46:54.0564 5500 Serenum - ok
    17:46:54.0580 5500 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    17:46:54.0580 5500 Serial - ok
    17:46:54.0580 5500 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    17:46:54.0596 5500 sermouse - ok
    17:46:54.0642 5500 [ 7D3903AF48E6C1DC2704EAFCB608D031 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    17:46:54.0783 5500 ServiceLayer - ok
    17:46:54.0798 5500 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    17:46:54.0814 5500 SessionEnv - ok
    17:46:54.0814 5500 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    17:46:54.0814 5500 sffdisk - ok
    17:46:54.0830 5500 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    17:46:54.0830 5500 sffp_mmc - ok
    17:46:54.0845 5500 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    17:46:54.0861 5500 sffp_sd - ok
    17:46:54.0876 5500 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    17:46:54.0876 5500 sfloppy - ok
    17:46:54.0923 5500 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    17:46:54.0939 5500 SharedAccess - ok
    17:46:54.0954 5500 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    17:46:54.0970 5500 ShellHWDetection - ok
    17:46:54.0986 5500 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:46:54.0986 5500 SiSRaid2 - ok
    17:46:55.0017 5500 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    17:46:55.0017 5500 SiSRaid4 - ok
    17:46:55.0064 5500 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    17:46:55.0079 5500 Smb - ok
    17:46:55.0110 5500 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    17:46:55.0126 5500 SNMPTRAP - ok
    17:46:55.0142 5500 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    17:46:55.0157 5500 spldr - ok
    17:46:55.0188 5500 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
    17:46:55.0220 5500 Spooler - ok
    17:46:55.0329 5500 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    17:46:55.0438 5500 sppsvc - ok
    17:46:55.0469 5500 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    17:46:55.0469 5500 sppuinotify - ok
    17:46:55.0500 5500 SpyHunter 4 Service - ok
    17:46:55.0594 5500 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS
    17:46:55.0610 5500 SRTSP - ok
    17:46:55.0672 5500 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS
    17:46:55.0672 5500 SRTSPX - ok
    17:46:55.0703 5500 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
    17:46:55.0734 5500 srv - ok
    17:46:55.0750 5500 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    17:46:55.0766 5500 srv2 - ok
    17:46:55.0812 5500 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    17:46:55.0812 5500 SrvHsfHDA - ok
    17:46:55.0890 5500 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    17:46:55.0937 5500 SrvHsfV92 - ok
    17:46:55.0953 5500 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    17:46:56.0000 5500 SrvHsfWinac - ok
    17:46:56.0031 5500 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    17:46:56.0031 5500 srvnet - ok
    17:46:56.0062 5500 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    17:46:56.0062 5500 SSDPSRV - ok
    17:46:56.0093 5500 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    17:46:56.0093 5500 SstpSvc - ok
    17:46:56.0124 5500 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    17:46:56.0124 5500 stexstor - ok
    17:46:56.0156 5500 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    17:46:56.0202 5500 stisvc - ok
    17:46:56.0218 5500 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    17:46:56.0218 5500 swenum - ok
    17:46:56.0234 5500 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    17:46:56.0249 5500 swprv - ok
    17:46:56.0296 5500 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS
    17:46:56.0312 5500 SymDS - ok
    17:46:56.0374 5500 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS
    17:46:56.0405 5500 SymEFA - ok
    17:46:56.0436 5500 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    17:46:56.0436 5500 SymEvent - ok
    17:46:56.0468 5500 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS
    17:46:56.0483 5500 SymIRON - ok
    17:46:56.0514 5500 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS
    17:46:56.0561 5500 SymNetS - ok
    17:46:56.0608 5500 [ 4998AE89119C7106C92F0A64E4840FF6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    17:46:56.0624 5500 SynTP - ok
    17:46:56.0733 5500 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    17:46:56.0795 5500 SysMain - ok
    17:46:56.0982 5500 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    17:46:56.0998 5500 TabletInputService - ok
    17:46:57.0029 5500 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    17:46:57.0029 5500 TapiSrv - ok
    17:46:57.0045 5500 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    17:46:57.0045 5500 TBS - ok
    17:46:57.0138 5500 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    17:46:57.0263 5500 Tcpip - ok
    17:46:57.0326 5500 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    17:46:57.0341 5500 TCPIP6 - ok
    17:46:57.0388 5500 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    17:46:57.0404 5500 tcpipreg - ok
    17:46:57.0435 5500 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    17:46:57.0450 5500 TDPIPE - ok
    17:46:57.0482 5500 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    17:46:57.0497 5500 TDTCP - ok
    17:46:57.0513 5500 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    17:46:57.0513 5500 tdx - ok
    17:46:57.0528 5500 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    17:46:57.0528 5500 TermDD - ok
    17:46:57.0560 5500 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    17:46:57.0591 5500 TermService - ok
    17:46:57.0591 5500 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    17:46:57.0591 5500 Themes - ok
    17:46:57.0622 5500 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    17:46:57.0622 5500 THREADORDER - ok
    17:46:57.0638 5500 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    17:46:57.0653 5500 TrkWks - ok
    17:46:57.0684 5500 [ 9BF9E809FBB2D5D0403B32B15ABE5F30 ] TrojanKillerDriver C:\Windows\system32\DRIVERS\gtkdrv.sys
    17:46:57.0700 5500 TrojanKillerDriver - ok
    17:46:57.0762 5500 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    17:46:57.0825 5500 TrustedInstaller - ok
    17:46:57.0856 5500 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:46:57.0856 5500 tssecsrv - ok
    17:46:57.0887 5500 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    17:46:57.0887 5500 tunnel - ok
    17:46:57.0903 5500 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    17:46:57.0918 5500 uagp35 - ok
    17:46:57.0934 5500 [ C06E6F4679CEB8F430B90A51D76D8D3C ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    17:46:57.0965 5500 udfs - ok
    17:46:58.0012 5500 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    17:46:58.0012 5500 UI0Detect - ok
    17:46:58.0074 5500 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    17:46:58.0090 5500 uliagpkx - ok
    17:46:58.0137 5500 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    17:46:58.0152 5500 umbus - ok
    17:46:58.0152 5500 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    17:46:58.0152 5500 UmPass - ok
    17:46:58.0480 5500 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    17:46:58.0542 5500 UNS - ok
    17:46:58.0574 5500 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    17:46:58.0589 5500 upnphost - ok
    17:46:58.0620 5500 [ 7168819F30FE9622284EA19BDE7F8AB4 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
    17:46:58.0620 5500 upperdev - ok
    17:46:58.0652 5500 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    17:46:58.0667 5500 USBAAPL64 - ok
    17:46:58.0683 5500 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    17:46:58.0683 5500 usbccgp - ok
    17:46:58.0714 5500 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    17:46:58.0714 5500 usbcir - ok
    17:46:58.0730 5500 [ CB490987A7F6928A04BB838E3BD8A936 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    17:46:58.0745 5500 usbehci - ok
    17:46:58.0761 5500 [ 18124EF0A881A00EE222D02A3EE30270 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    17:46:58.0776 5500 usbhub - ok
    17:46:58.0792 5500 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    17:46:58.0792 5500 usbohci - ok
    17:46:58.0808 5500 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    17:46:58.0823 5500 usbprint - ok
    17:46:58.0854 5500 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    17:46:58.0854 5500 usbscan - ok
    17:46:58.0901 5500 [ 0F0C72A657C622286013788B886968AD ] usbser C:\Windows\system32\drivers\usbser.sys
    17:46:58.0901 5500 usbser - ok
    17:46:58.0917 5500 [ 66C25CB20B2974E0C0CFDAB49FB72A02 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
    17:46:58.0917 5500 UsbserFilt - ok
    17:46:58.0932 5500 [ A60E7E0FA88FF067D049D525547CD5E9 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:46:58.0948 5500 USBSTOR - ok
    17:46:58.0964 5500 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    17:46:58.0964 5500 usbuhci - ok
    17:46:58.0995 5500 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    17:46:58.0995 5500 usbvideo - ok
    17:46:59.0026 5500 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    17:46:59.0026 5500 UxSms - ok
    17:46:59.0042 5500 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
    17:46:59.0042 5500 VaultSvc - ok
    17:46:59.0057 5500 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    17:46:59.0057 5500 vdrvroot - ok
    17:46:59.0088 5500 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    17:46:59.0104 5500 vds - ok
    17:46:59.0135 5500 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    17:46:59.0135 5500 vga - ok
    17:46:59.0135 5500 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    17:46:59.0135 5500 VgaSave - ok
    17:46:59.0166 5500 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    17:46:59.0166 5500 vhdmp - ok
    17:46:59.0166 5500 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    17:46:59.0182 5500 viaide - ok
    17:46:59.0229 5500 [ 3F63FA4A5D8A7C1B1A87E342569FBA53 ] VNUSB C:\Windows\system32\Drivers\VNUSB.sys
    17:46:59.0276 5500 VNUSB - ok
    17:46:59.0307 5500 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    17:46:59.0307 5500 volmgr - ok
    17:46:59.0338 5500 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    17:46:59.0354 5500 volmgrx - ok
    17:46:59.0369 5500 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\drivers\volsnap.sys
    17:46:59.0385 5500 volsnap - ok
    17:46:59.0400 5500 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    17:46:59.0416 5500 vsmraid - ok
    17:46:59.0572 5500 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    17:46:59.0666 5500 VSS - ok
    17:46:59.0837 5500 [ 760C2DC98878CF61E3C5FEEE0D155EEA ] vToolbarUpdater14.0.1 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    17:46:59.0853 5500 vToolbarUpdater14.0.1 - ok
    17:46:59.0884 5500 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    17:46:59.0884 5500 vwifibus - ok
    17:46:59.0900 5500 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    17:46:59.0900 5500 vwififlt - ok
    17:46:59.0931 5500 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    17:46:59.0931 5500 vwifimp - ok
    17:46:59.0962 5500 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    17:46:59.0978 5500 W32Time - ok
    17:46:59.0993 5500 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    17:47:00.0009 5500 WacomPen - ok
    17:47:00.0056 5500 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    17:47:00.0056 5500 WANARP - ok
    17:47:00.0071 5500 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    17:47:00.0071 5500 Wanarpv6 - ok
    17:47:00.0149 5500 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    17:47:00.0196 5500 WatAdminSvc - ok
    17:47:00.0274 5500 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    17:47:00.0321 5500 wbengine - ok
    17:47:00.0336 5500 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    17:47:00.0336 5500 WbioSrvc - ok
    17:47:00.0383 5500 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    17:47:00.0414 5500 wcncsvc - ok
    17:47:00.0414 5500 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    17:47:00.0430 5500 WcsPlugInService - ok
    17:47:00.0446 5500 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    17:47:00.0446 5500 Wd - ok
    17:47:00.0477 5500 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    17:47:00.0508 5500 Wdf01000 - ok
    17:47:00.0524 5500 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    17:47:00.0524 5500 WdiServiceHost - ok
    17:47:00.0524 5500 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    17:47:00.0539 5500 WdiSystemHost - ok
    17:47:00.0570 5500 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
    17:47:00.0586 5500 WebClient - ok
    17:47:00.0633 5500 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    17:47:00.0648 5500 Wecsvc - ok
    17:47:00.0664 5500 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    17:47:00.0680 5500 wercplsupport - ok
    17:47:00.0680 5500 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    17:47:00.0695 5500 WerSvc - ok
    17:47:00.0789 5500 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    17:47:00.0789 5500 WfpLwf - ok
    17:47:00.0804 5500 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    17:47:00.0820 5500 WIMMount - ok
    17:47:00.0945 5500 WinDefend - ok
    17:47:00.0945 5500 WinHttpAutoProxySvc - ok
    17:47:01.0101 5500 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    17:47:01.0132 5500 Winmgmt - ok
    17:47:01.0241 5500 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
    17:47:01.0288 5500 WinRM - ok
    17:47:01.0366 5500 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    17:47:01.0382 5500 WinUsb - ok
    17:47:01.0506 5500 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    17:47:01.0538 5500 Wlansvc - ok
    17:47:01.0584 5500 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    17:47:01.0584 5500 WmiAcpi - ok
    17:47:01.0631 5500 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    17:47:01.0678 5500 wmiApSrv - ok
    17:47:01.0709 5500 WMPNetworkSvc - ok
    17:47:01.0740 5500 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    17:47:01.0772 5500 WPCSvc - ok
    17:47:01.0787 5500 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    17:47:01.0803 5500 WPDBusEnum - ok
    17:47:01.0818 5500 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    17:47:01.0818 5500 ws2ifsl - ok
    17:47:01.0865 5500 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
    17:47:01.0865 5500 wscsvc - ok
    17:47:01.0881 5500 WSearch - ok
    17:47:01.0959 5500 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    17:47:02.0037 5500 wuauserv - ok
    17:47:02.0068 5500 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    17:47:02.0068 5500 WudfPf - ok
    17:47:02.0084 5500 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:47:02.0084 5500 WUDFRd - ok
    17:47:02.0115 5500 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    17:47:02.0130 5500 wudfsvc - ok
    17:47:02.0130 5500 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    17:47:02.0146 5500 WwanSvc - ok
    17:47:02.0193 5500 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    17:47:02.0208 5500 yukonw7 - ok
    17:47:02.0271 5500 ================ Scan global ===============================
    17:47:02.0286 5500 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    17:47:02.0318 5500 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
    17:47:02.0333 5500 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
    17:47:02.0349 5500 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    17:47:02.0380 5500 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    17:47:02.0396 5500 [Global] - ok
    17:47:02.0396 5500 ================ Scan MBR ==================================
    17:47:02.0396 5500 [ 1F426ABFB9D45B059B66FFBDE9995AC5 ] \Device\Harddisk0\DR0
    17:47:02.0973 5500 \Device\Harddisk0\DR0 - ok
    17:47:02.0988 5500 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    17:47:02.0988 5500 \Device\Harddisk1\DR1 - ok
    17:47:02.0988 5500 ================ Scan VBR ==================================
    17:47:03.0035 5500 [ 4A4189F79383C44E3A892B29B629F669 ] \Device\Harddisk0\DR0\Partition1
    17:47:03.0035 5500 \Device\Harddisk0\DR0\Partition1 - ok
    17:47:03.0051 5500 [ 68540AF1E794CB01B95FA179B9DB4F32 ] \Device\Harddisk0\DR0\Partition2
    17:47:03.0066 5500 \Device\Harddisk0\DR0\Partition2 - ok
    17:47:03.0098 5500 [ 2664B830C41C3896EE759ECAD6F7AC34 ] \Device\Harddisk0\DR0\Partition3
    17:47:03.0098 5500 \Device\Harddisk0\DR0\Partition3 - ok
    17:47:03.0129 5500 [ 6B3732A540DF9BEEF6E5510482987879 ] \Device\Harddisk0\DR0\Partition4
    17:47:03.0129 5500 \Device\Harddisk0\DR0\Partition4 - ok
    17:47:03.0144 5500 [ 07676F0ACB529D8AEC875EC6BECA48A2 ] \Device\Harddisk1\DR1\Partition1
    17:47:03.0144 5500 \Device\Harddisk1\DR1\Partition1 - ok
    17:47:03.0144 5500 ============================================================
    17:47:03.0144 5500 Scan finished
    17:47:03.0144 5500 ============================================================
    17:47:03.0160 4680 Detected object count: 0
    17:47:03.0160 4680 Actual detected object count: 0
    17:47:18.0744 8944 Deinitialize success
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Is this only in IE or Firefox or all browsers

    lets see what this shows us
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  11. amz84uk

    amz84uk Thread Starter

    Joined:
    Jan 14, 2013
    Messages:
    11
    Hi again, I have disabled AVG anti-virus and it says it's disabled when I went into the Notification Centre too. Here is the log;

    ComboFix 13-02-01.04 - Amit 01/02/2013 18:46:14.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3894.2577 [GMT 0:00]
    Running from: c:\users\Amit\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-01 to 2013-02-01 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-01 18:56 . 2013-02-01 18:56 -------- d-----w- c:\users\Public\AppData\Local\temp
    2013-02-01 18:56 . 2013-02-01 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-01 18:56 . 2013-02-01 18:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2013-02-01 17:46 . 2013-02-01 17:46 208216 ----a-w- c:\windows\system32\drivers\20931648.sys
    2013-02-01 17:36 . 2013-01-15 02:45 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56282B74-ACD0-4572-9C65-1A84F78E7F62}\mpengine.dll
    2013-01-31 14:02 . 2013-01-15 02:45 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-24 18:56 . 2013-01-24 18:58 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-01-24 18:47 . 2012-10-23 06:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-01-24 18:47 . 2012-10-23 06:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5B70760-4C6D-4A4F-A634-3B2F81978006}\gapaengine.dll
    2013-01-23 23:53 . 2013-01-23 23:53 -------- d-----w- c:\users\Amit\AppData\Local\AVG Secure Search
    2013-01-23 23:52 . 2013-01-23 23:52 -------- d-----w- c:\programdata\AVG Security Toolbar
    2013-01-23 23:52 . 2013-01-23 23:53 -------- d-----w- c:\programdata\AVG Secure Search
    2013-01-23 23:52 . 2013-01-23 23:52 37720 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-01-23 23:52 . 2013-01-23 23:52 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2013-01-23 23:52 . 2013-01-23 23:52 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2013-01-23 18:32 . 2013-01-23 18:34 -------- d-----w- c:\programdata\AVG January 2013 Campaign
    2013-01-22 20:30 . 2012-10-23 06:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF922100-684E-4B19-A35E-C276A93F621F}\gapaengine.dll
    2013-01-22 19:46 . 2013-01-22 19:46 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2013-01-22 19:43 . 2013-01-22 19:48 -------- d-----w- c:\program files\Microsoft Security Client
    2013-01-22 19:42 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
    2013-01-18 22:20 . 2013-01-24 18:58 -------- d-----w- c:\program files\iTunes
    2013-01-18 22:20 . 2013-01-24 18:58 -------- d-----w- c:\program files (x86)\iTunes
    2013-01-18 22:20 . 2013-01-24 18:56 -------- d-----w- c:\program files\iPod
    2013-01-18 22:09 . 2013-01-18 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2013-01-18 22:09 . 2013-01-18 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2013-01-18 22:09 . 2013-01-18 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2013-01-18 22:09 . 2013-01-18 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2013-01-18 22:09 . 2013-01-18 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2013-01-18 22:09 . 2013-01-18 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2013-01-18 22:09 . 2013-01-18 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2013-01-18 22:09 . 2013-01-18 22:09 -------- d-----w- c:\program files (x86)\QuickTime
    2013-01-16 19:20 . 2013-01-16 19:20 -------- d-----w- C:\_OTL
    2013-01-14 19:41 . 2013-01-14 19:41 -------- d-----w- c:\windows\ERUNT
    2013-01-14 19:41 . 2013-01-14 19:41 -------- d-----w- C:\JRT
    2013-01-14 19:12 . 2013-01-14 19:12 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-01-13 16:35 . 2013-01-13 16:35 -------- d-----w- c:\users\Amit\AppData\Local\DownTango
    2013-01-13 16:31 . 2013-01-13 16:36 -------- d-----w- c:\program files (x86)\Red Sky
    2013-01-13 16:15 . 2013-01-13 16:15 -------- d-----w- c:\programdata\Emicsoft Studio
    2013-01-12 18:12 . 2013-01-13 13:21 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
    2013-01-12 17:48 . 2009-07-14 01:45 294992 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2013-01-11 23:55 . 2012-02-28 11:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
    2013-01-11 23:55 . 2012-02-28 11:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
    2013-01-11 23:55 . 2012-10-22 16:38 413448 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
    2013-01-11 23:55 . 2013-01-11 23:55 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2013-01-11 23:55 . 2012-11-01 15:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2013-01-11 23:54 . 2013-01-11 23:54 -------- d-----w- c:\programdata\PC Tools
    2013-01-11 23:54 . 2013-01-11 23:54 -------- d-----w- c:\users\Amit\AppData\Roaming\TestApp
    2013-01-10 21:09 . 2013-01-10 21:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2013-01-10 18:55 . 2013-01-10 18:55 -------- d-----w- c:\users\Amit\AppData\Roaming\SUPERAntiSpyware.com
    2013-01-10 18:55 . 2013-01-10 18:55 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-01-10 18:55 . 2013-01-10 18:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-01-10 18:26 . 2013-01-10 21:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-01-10 18:18 . 2013-01-10 18:18 -------- d-----w- c:\users\Amit\AppData\Roaming\Malwarebytes
    2013-01-10 18:18 . 2013-01-10 18:18 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-10 18:18 . 2013-01-10 18:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-10 18:18 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-10 18:18 . 2013-01-10 18:18 -------- d-----w- c:\users\Amit\AppData\Local\Programs
    2013-01-10 18:03 . 2013-01-10 18:03 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
    2013-01-09 20:48 . 2013-01-09 20:52 -------- d-----w- c:\programdata\fssg
    2013-01-09 20:46 . 2013-01-09 20:47 -------- d-----w- c:\programdata\f-secure
    2013-01-08 18:46 . 2013-01-08 18:46 -------- d-----w- c:\program files (x86)\Trend Micro
    2013-01-08 18:30 . 2010-01-10 18:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-30 10:53 . 2011-08-14 03:07 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-10 18:42 . 2012-04-09 10:49 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-10 18:42 . 2011-10-13 20:26 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-29 15:38 . 2012-12-29 15:38 31344 ----a-w- c:\windows\system32\drivers\OLD cnnctfy2.sys
    2012-12-16 17:31 . 2011-06-21 18:12 67599240 ----a-w- c:\windows\system32\MRT.exe
    2012-11-19 17:39 . 2012-11-19 17:40 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-11-19 17:39 . 2010-07-21 02:43 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-11-15 23:33 . 2012-11-15 23:33 111968 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2013-01-23 23:52 1883824 ----a-w- c:\program files (x86)\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll" [2013-01-23 1883824]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
    "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-08-20 4992880]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-09-28 296096]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-01-23 1101488]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    .
    c:\users\Amit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    RT-Updater.lnk - c:\ross-tech\VCDS\VCDS.exe [2008-8-22 1042432]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    3;2 AVGIDSAgent;AVGIDSAgent [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB64.SYS [2007-11-16 65024]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-10-03 16640]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    R4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-10-22 413448]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [2011-01-27 450680]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [2011-03-15 912504]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-23 37720]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-07-23 1151096]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110812.030\IDSvia64.sys [2011-08-02 488056]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-11-01 253256]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [2011-01-27 171128]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [2011-04-21 386168]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
    S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
    S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
    S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-23 945328]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-09-25 243744]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 82212462
    *NewlyCreated* - AVGTP
    *NewlyCreated* - NISDRV
    *Deregistered* - 82212462
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-05-19 18:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-22 c:\windows\Tasks\Flikkzbax.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    2013-01-29 c:\windows\Tasks\HPCeeScheduleForAmit.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
    .
    2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
    - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-23 21:16]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
    TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110929130035
    FF - ProfilePath - c:\users\Amit\AppData\Roaming\Mozilla\Firefox\Profiles\riw15slo.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={8D7F500A-EB4A-4CF9-9788-4AAB3FE7A73C}&mid=ebc8a00582cf47d088467afa3a28f164-879687b8f1c82bdd4897e798832c139bd749d622&lang=en&ds=AVG&pr=fr&d=&v=&pid=avg&sg=&sap=hp
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={8D7F500A-EB4A-4CF9-9788-4AAB3FE7A73C}&mid=ebc8a00582cf47d088467afa3a28f164-879687b8f1c82bdd4897e798832c139bd749d622&lang=en&ds=AVG&pr=fr&d=2013-01-23 23:52&pid=avg&sg=&v=14.0.0.14&sap=ku&q=
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-01 18:59:48
    ComboFix-quarantined-files.txt 2013-02-01 18:59
    ComboFix2.txt 2013-01-16 20:23
    ComboFix3.txt 2011-08-27 23:35
    .
    Pre-Run: 343,353,561,088 bytes free
    Post-Run: 343,042,744,320 bytes free
    .
    - - End Of File - - 03FD229F72D8D5DD88038A3238382489




    Please also let me know if you know of any other software or ways to clean this up, as I don't want the redirect virus or any other viruses to come back. Thanks for helping.
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    nothing definite there
    where are you being diverted to

    I think it is probably AVG secure search playing up so uninstall that
     
  13. amz84uk

    amz84uk Thread Starter

    Joined:
    Jan 14, 2013
    Messages:
    11
    Hi, it seems to have stopped diverting me to other websites now.

    It was to random websites (no p0rn) but websites such as eBay, and other search engines that I have never heard of. I haven't uninstalled anything or installed anything, but does seem to have stopped the redirection from Google searches on my Internet Explorer.

    Thanks SO much for helping out - just so glad that it's fixed!
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    if it is all ok then

    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  15. amz84uk

    amz84uk Thread Starter

    Joined:
    Jan 14, 2013
    Messages:
    11
    Hi, sorry for the delayed reply. I have done all of the above and surprisingly it all works perfectly fine now. There were lots of updates that had to be made too.

    Best of all is that I can now surf the internet problem-free, which is amazing.

    Thank you SO much for your help with this - just wish I could return the favour, but if there's any recommendations or anything, please do let me know. Thanks again!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085195

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice