1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Norton Power Eraser keeps informing me of trojan.patchep!sys, cannot remove

Discussion in 'Virus & Other Malware Removal' started by Sotike, Jul 18, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Sotike

    Sotike Thread Starter

    Joined:
    Jul 18, 2012
    Messages:
    12
    I seemed to have randomly gotten this virus, apparently its located in C:\windows\system32\services.exe and I cannot get rid of it with Norton Power Eraser.
    Google and Yahoo! search results redirects to infected sites, along with my computer becoming a lot slower. Currently in Safe Mode with Networking

    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 4
    RAM: 6048 Mb
    Graphics Card: Intel(R) HD Graphics, -1988 Mb
    Hard Drives: C: Total - 939431 MB, Free - 834478 MB;
    Motherboard: Gateway, IPISB-VR
    Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled

    (Currently using Norton 360, AVG Free Edition is no longer my anti-virus software though it appears in my logs.)


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:45:01 AM, on 7/18/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Users\Sotike\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Sotike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    C:\Users\Sotike\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=10...HP_ss&mntrId=9ef66ed300000000000074de2b170474
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
    O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &Compress Image Using Image Compressor 2008 - C:\Program Files (x86)\MasRizal\IMC2008\imcieex_compress.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

    --
    End of file - 12850 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Sotike at 2:49:38 on 2012-07-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6048.4466 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Users\Sotike\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Sotike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    C:\Windows\System32\svchost.exe -k swprv
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\system32\wbem\wmiprvse.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?affID=109936&tt=100512_4_&babsrc=HP_ss&mntrId=9ef66ed300000000000074de2b170474
    uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
    mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
    mStart Page = hxxp://www.bing.com/?pc=MAGW
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
    TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} -
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: &Compress Image Using Image Compressor 2008 - C:\Program Files (x86)\MasRizal\IMC2008\imcieex_compress.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.15.1
    TCP: Interfaces\{B60A66F4-5999-4B00-9E62-9FEEB2F7F56A} : DhcpNameServer = 192.168.15.1
    TCP: Interfaces\{B60A66F4-5999-4B00-9E62-9FEEB2F7F56A}\1627279637534376 : DhcpNameServer = 24.116.1.157
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO-X64: Canon Easy-WebPrint EX BHO - No File
    BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
    BHO-X64: Norton Identity Protection - No File
    BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
    BHO-X64: Norton Vulnerability Protection - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    BHO-X64: Searchqu Toolbar - No File
    BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
    TB-X64: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -
    EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
    mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    mRun-x64: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Sotike\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Sotike\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Sotike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Sotike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109936&tt=100512_4_
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 9ef66ed300000000000074de2b170474
    FF - user.js: extensions.BabylonToolbar_i.hardId - 9ef66ed300000000000074de2b170474
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15472
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:15:48
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]
    S1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
    S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSviA64.sys [2012-7-14 509088]
    S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]
    S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS [?]
    S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-2 136176]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-15 13336]
    S2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-7-13 821592]
    S2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-7-15 244624]
    S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-7-10 138232]
    S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
    S2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-13 2656280]
    S2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2011-12-16 127272]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
    S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-7-10 138912]
    S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-7-13 21384]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-2 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
    S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-7-13 33224]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-7-13 21904]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-15 05:30:56 356352 ----a-w- C:\Users\Sotike\AppData\Local\tubhmifm.exe
    2012-07-13 05:16:55 -------- d-----w- C:\Users\Sotike\AppData\Roaming\IObit
    2012-07-13 05:16:54 -------- d-----w- C:\Program Files (x86)\IObit
    2012-07-13 03:23:13 -------- d-----w- C:\Users\Sotike\AppData\Local\ElevatedDiagnostics
    2012-07-12 17:53:36 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2012-07-11 05:20:51 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-11 04:22:53 -------- d-----w- C:\Users\Sotike\AppData\Local\NPE
    2012-07-11 04:14:11 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2012-07-11 04:14:11 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2012-07-11 04:14:11 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-07-11 04:14:11 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-07-11 04:14:11 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-07-11 04:14:11 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-07-11 04:12:14 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-07-11 04:12:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-07-11 04:12:14 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-07-11 04:12:14 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-07-11 04:12:14 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-07-11 04:12:14 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-07-11 04:12:14 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-07-11 04:12:14 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-07-11 04:12:14 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-07-11 01:00:12 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2012-07-09 07:16:03 -------- d-----w- C:\Users\Sotike\AppData\Local\libimobiledevice
    2012-07-09 06:52:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    2012-07-06 06:18:37 -------- d-----w- C:\Users\Sotike\AppData\Local\{A7A3FEAB-F3EC-4B24-9F03-01DD152E75B5}
    2012-07-06 06:18:17 -------- d-----w- C:\Users\Sotike\AppData\Local\{6A84B818-3148-416B-91B0-70D4E41BA763}
    2012-07-05 05:26:58 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-07-05 05:26:58 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-07-03 09:46:27 -------- d-----w- C:\Users\Sotike\AppData\Roaming\TuneUp Software
    2012-07-03 09:46:23 -------- d-----w- C:\ProgramData\TuneUp Software
    2012-07-03 09:46:19 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-06-21 22:14:15 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-21 22:13:56 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-21 22:13:45 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-21 22:13:45 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-19 05:48:35 -------- d-----w- C:\Program Files (x86)\AMD
    2012-06-19 05:48:32 -------- d-----w- C:\Users\Sotike\AppData\Local\Downloaded Installations
    2012-06-19 05:48:30 -------- d-----w- C:\Windows\SysWow64\AGEIA
    2012-06-19 05:48:26 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-06-19 05:48:18 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
    2012-06-19 05:48:18 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
    2012-06-19 05:48:18 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
    2012-06-19 05:48:18 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
    2012-06-19 05:48:17 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
    2012-06-19 05:48:17 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
    .
    ==================== Find3M ====================
    .
    2012-07-12 04:41:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 04:41:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-11 02:46:17 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    .
    ============= FINISH: 2:49:44.42 ===============
     

    Attached Files:

  2. Sotike

    Sotike Thread Starter

    Joined:
    Jul 18, 2012
    Messages:
    12
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,847
    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  4. Sotike

    Sotike Thread Starter

    Joined:
    Jul 18, 2012
    Messages:
    12
    Nothing was detected


    03:48:01.0861 2604 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
    03:48:02.0382 2604 ============================================================
    03:48:02.0382 2604 Current date / time: 2012/07/21 03:48:02.0382
    03:48:02.0382 2604 SystemInfo:
    03:48:02.0382 2604
    03:48:02.0382 2604 OS Version: 6.1.7601 ServicePack: 1.0
    03:48:02.0382 2604 Product type: Workstation
    03:48:02.0382 2604 ComputerName: MITZUKI
    03:48:02.0382 2604 UserName: Sotike
    03:48:02.0382 2604 Windows directory: C:\Windows
    03:48:02.0382 2604 System windows directory: C:\Windows
    03:48:02.0382 2604 Running under WOW64
    03:48:02.0382 2604 Processor architecture: Intel x64
    03:48:02.0382 2604 Number of processors: 4
    03:48:02.0382 2604 Page size: 0x1000
    03:48:02.0382 2604 Boot type: Safe boot with network
    03:48:02.0382 2604 ============================================================
    03:48:02.0991 2604 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    03:48:03.0022 2604 ============================================================
    03:48:03.0022 2604 \Device\Harddisk0\DR0:
    03:48:03.0022 2604 MBR partitions:
    03:48:03.0022 2604 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
    03:48:03.0022 2604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x72AD3DB0
    03:48:03.0022 2604 ============================================================
    03:48:03.0055 2604 C: <-> \Device\Harddisk0\DR0\Partition1
    03:48:03.0055 2604 ============================================================
    03:48:03.0055 2604 Initialize success
    03:48:03.0055 2604 ============================================================
    03:48:04.0685 2648 ============================================================
    03:48:04.0685 2648 Scan started
    03:48:04.0685 2648 Mode: Manual;
    03:48:04.0686 2648 ============================================================
    03:48:04.0977 2648 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    03:48:04.0979 2648 1394ohci - ok
    03:48:05.0024 2648 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    03:48:05.0027 2648 ACPI - ok
    03:48:05.0035 2648 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    03:48:05.0035 2648 AcpiPmi - ok
    03:48:05.0133 2648 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    03:48:05.0135 2648 AdobeARMservice - ok
    03:48:05.0251 2648 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    03:48:05.0253 2648 AdobeFlashPlayerUpdateSvc - ok
    03:48:05.0301 2648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    03:48:05.0315 2648 adp94xx - ok
    03:48:05.0348 2648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    03:48:05.0351 2648 adpahci - ok
    03:48:05.0360 2648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    03:48:05.0362 2648 adpu320 - ok
    03:48:05.0392 2648 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    03:48:05.0392 2648 AeLookupSvc - ok
    03:48:05.0449 2648 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    03:48:05.0463 2648 AFD - ok
    03:48:05.0496 2648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    03:48:05.0497 2648 agp440 - ok
    03:48:05.0530 2648 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    03:48:05.0531 2648 ALG - ok
    03:48:05.0550 2648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    03:48:05.0551 2648 aliide - ok
    03:48:05.0553 2648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    03:48:05.0554 2648 amdide - ok
    03:48:05.0559 2648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    03:48:05.0560 2648 AmdK8 - ok
    03:48:05.0565 2648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    03:48:05.0566 2648 AmdPPM - ok
    03:48:05.0589 2648 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    03:48:05.0591 2648 amdsata - ok
    03:48:05.0607 2648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    03:48:05.0609 2648 amdsbs - ok
    03:48:05.0627 2648 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    03:48:05.0628 2648 amdxata - ok
    03:48:05.0662 2648 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    03:48:05.0663 2648 AppID - ok
    03:48:05.0686 2648 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    03:48:05.0687 2648 AppIDSvc - ok
    03:48:05.0718 2648 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    03:48:05.0719 2648 Appinfo - ok
    03:48:05.0825 2648 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    03:48:05.0827 2648 Apple Mobile Device - ok
    03:48:05.0843 2648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    03:48:05.0844 2648 arc - ok
    03:48:06.0123 2648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    03:48:06.0125 2648 arcsas - ok
    03:48:06.0159 2648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    03:48:06.0160 2648 AsyncMac - ok
    03:48:06.0177 2648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    03:48:06.0178 2648 atapi - ok
    03:48:06.0229 2648 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    03:48:06.0247 2648 AudioEndpointBuilder - ok
    03:48:06.0252 2648 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    03:48:06.0255 2648 AudioSrv - ok
    03:48:06.0288 2648 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    03:48:06.0290 2648 AxInstSV - ok
    03:48:06.0333 2648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    03:48:06.0336 2648 b06bdrv - ok
    03:48:06.0383 2648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    03:48:06.0385 2648 b57nd60a - ok
    03:48:06.0414 2648 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    03:48:06.0415 2648 BDESVC - ok
    03:48:06.0429 2648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    03:48:06.0429 2648 Beep - ok
    03:48:06.0623 2648 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
    03:48:06.0646 2648 BHDrvx64 - ok
    03:48:06.0707 2648 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    03:48:06.0898 2648 BITS - ok
    03:48:06.0951 2648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
    03:48:06.0952 2648 blbdrive - ok
    03:48:07.0060 2648 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    03:48:07.0075 2648 Bonjour Service - ok
    03:48:07.0104 2648 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    03:48:07.0105 2648 bowser - ok
    03:48:07.0120 2648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    03:48:07.0121 2648 BrFiltLo - ok
    03:48:07.0124 2648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    03:48:07.0124 2648 BrFiltUp - ok
    03:48:07.0159 2648 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    03:48:07.0161 2648 Browser - ok
    03:48:07.0173 2648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    03:48:07.0176 2648 Brserid - ok
    03:48:07.0179 2648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    03:48:07.0180 2648 BrSerWdm - ok
    03:48:07.0183 2648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    03:48:07.0184 2648 BrUsbMdm - ok
    03:48:07.0187 2648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    03:48:07.0187 2648 BrUsbSer - ok
    03:48:07.0221 2648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    03:48:07.0286 2648 BTHMODEM - ok
    03:48:07.0313 2648 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    03:48:07.0314 2648 bthserv - ok
    03:48:07.0402 2648 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
    03:48:07.0404 2648 ccSet_N360 - ok
    03:48:07.0421 2648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    03:48:07.0422 2648 cdfs - ok
    03:48:07.0448 2648 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    03:48:07.0450 2648 cdrom - ok
    03:48:07.0470 2648 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    03:48:07.0471 2648 CertPropSvc - ok
    03:48:07.0475 2648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    03:48:07.0476 2648 circlass - ok
    03:48:07.0500 2648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    03:48:07.0503 2648 CLFS - ok
    03:48:07.0562 2648 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    03:48:07.0564 2648 clr_optimization_v2.0.50727_32 - ok
    03:48:07.0589 2648 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    03:48:07.0591 2648 clr_optimization_v2.0.50727_64 - ok
    03:48:07.0648 2648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    03:48:07.0712 2648 clr_optimization_v4.0.30319_32 - ok
    03:48:07.0734 2648 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    03:48:07.0737 2648 clr_optimization_v4.0.30319_64 - ok
    03:48:07.0769 2648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    03:48:07.0770 2648 CmBatt - ok
    03:48:07.0773 2648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    03:48:07.0773 2648 cmdide - ok
    03:48:07.0824 2648 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    03:48:07.0838 2648 CNG - ok
    03:48:07.0846 2648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    03:48:07.0847 2648 Compbatt - ok
    03:48:07.0874 2648 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    03:48:07.0874 2648 CompositeBus - ok
    03:48:07.0885 2648 COMSysApp - ok
    03:48:07.0950 2648 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe
    03:48:08.0057 2648 cphs - ok
    03:48:08.0060 2648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    03:48:08.0060 2648 crcdisk - ok
    03:48:08.0094 2648 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    03:48:08.0095 2648 CryptSvc - ok
    03:48:08.0138 2648 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    03:48:08.0151 2648 DcomLaunch - ok
    03:48:08.0187 2648 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    03:48:08.0189 2648 defragsvc - ok
    03:48:08.0227 2648 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    03:48:08.0228 2648 DfsC - ok
    03:48:08.0246 2648 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    03:48:08.0248 2648 Dhcp - ok
    03:48:08.0265 2648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    03:48:08.0266 2648 discache - ok
    03:48:08.0290 2648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    03:48:08.0291 2648 Disk - ok
    03:48:08.0310 2648 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    03:48:08.0311 2648 Dnscache - ok
    03:48:08.0332 2648 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    03:48:08.0334 2648 dot3svc - ok
    03:48:08.0343 2648 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    03:48:08.0344 2648 DPS - ok
    03:48:08.0365 2648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    03:48:08.0366 2648 drmkaud - ok
    03:48:08.0416 2648 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    03:48:08.0434 2648 DXGKrnl - ok
    03:48:08.0481 2648 EagleX64 - ok
    03:48:08.0500 2648 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    03:48:08.0502 2648 EapHost - ok
    03:48:08.0667 2648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    03:48:08.0720 2648 ebdrv - ok
    03:48:08.0844 2648 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    03:48:08.0848 2648 eeCtrl - ok
    03:48:08.0945 2648 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    03:48:08.0946 2648 EFS - ok
    03:48:09.0024 2648 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    03:48:09.0053 2648 ehRecvr - ok
    03:48:09.0095 2648 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    03:48:09.0096 2648 ehSched - ok
    03:48:09.0164 2648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    03:48:09.0176 2648 elxstor - ok
    03:48:09.0278 2648 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    03:48:09.0279 2648 EraserUtilRebootDrv - ok
    03:48:09.0282 2648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    03:48:09.0282 2648 ErrDev - ok
    03:48:09.0313 2648 EtronHub3 (cfba28fab72e6a39add71d958f219648) C:\Windows\system32\Drivers\EtronHub3.sys
    03:48:09.0314 2648 EtronHub3 - ok
    03:48:09.0333 2648 EtronXHCI (0241ce183139ff15cea7234058ccf995) C:\Windows\system32\Drivers\EtronXHCI.sys
    03:48:09.0334 2648 EtronXHCI - ok
    03:48:09.0367 2648 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    03:48:09.0370 2648 EventSystem - ok
    03:48:09.0395 2648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    03:48:09.0396 2648 exfat - ok
    03:48:09.0411 2648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    03:48:09.0413 2648 fastfat - ok
    03:48:09.0453 2648 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    03:48:09.0483 2648 Fax - ok
    03:48:09.0487 2648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    03:48:09.0488 2648 fdc - ok
    03:48:09.0507 2648 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    03:48:09.0507 2648 fdPHost - ok
    03:48:09.0513 2648 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    03:48:09.0513 2648 FDResPub - ok
    03:48:09.0523 2648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    03:48:09.0524 2648 FileInfo - ok
    03:48:09.0636 2648 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
    03:48:09.0637 2648 FileMonitor - ok
    03:48:09.0650 2648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    03:48:09.0651 2648 Filetrace - ok
    03:48:09.0654 2648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    03:48:09.0654 2648 flpydisk - ok
    03:48:09.0687 2648 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    03:48:09.0690 2648 FltMgr - ok
    03:48:09.0753 2648 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    03:48:09.0785 2648 FontCache - ok
    03:48:09.0853 2648 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    03:48:09.0854 2648 FontCache3.0.0.0 - ok
    03:48:09.0892 2648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    03:48:09.0893 2648 FsDepends - ok
    03:48:09.0914 2648 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    03:48:09.0914 2648 Fs_Rec - ok
    03:48:09.0925 2648 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    03:48:09.0927 2648 fvevol - ok
    03:48:09.0946 2648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    03:48:09.0947 2648 gagp30kx - ok
    03:48:10.0000 2648 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    03:48:10.0002 2648 GamesAppService - ok
    03:48:10.0047 2648 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    03:48:10.0047 2648 GEARAspiWDM - ok
    03:48:10.0098 2648 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    03:48:10.0123 2648 gpsvc - ok
    03:48:10.0169 2648 GREGService (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    03:48:10.0170 2648 GREGService - ok
    03:48:10.0256 2648 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    03:48:10.0257 2648 gupdate - ok
    03:48:10.0263 2648 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    03:48:10.0264 2648 gupdatem - ok
    03:48:10.0300 2648 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    03:48:10.0302 2648 gusvc - ok
    03:48:10.0310 2648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    03:48:10.0311 2648 hcw85cir - ok
    03:48:10.0352 2648 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    03:48:10.0355 2648 HdAudAddService - ok
    03:48:10.0385 2648 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    03:48:10.0386 2648 HDAudBus - ok
    03:48:10.0388 2648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    03:48:10.0389 2648 HidBatt - ok
    03:48:10.0395 2648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    03:48:10.0396 2648 HidBth - ok
    03:48:10.0414 2648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    03:48:10.0415 2648 HidIr - ok
    03:48:10.0438 2648 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    03:48:10.0439 2648 hidserv - ok
    03:48:10.0457 2648 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    03:48:10.0457 2648 HidUsb - ok
    03:48:10.0479 2648 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    03:48:10.0481 2648 hkmsvc - ok
    03:48:10.0501 2648 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    03:48:10.0503 2648 HomeGroupListener - ok
    03:48:10.0540 2648 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    03:48:10.0542 2648 HomeGroupProvider - ok
    03:48:10.0547 2648 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    03:48:10.0548 2648 HpSAMD - ok
    03:48:10.0606 2648 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    03:48:10.0632 2648 HTTP - ok
    03:48:10.0661 2648 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    03:48:10.0662 2648 hwpolicy - ok
    03:48:10.0684 2648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    03:48:10.0685 2648 i8042prt - ok
    03:48:10.0711 2648 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
    03:48:10.0713 2648 iaStor - ok
    03:48:10.0770 2648 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    03:48:10.0772 2648 IAStorDataMgrSvc - ok
    03:48:10.0818 2648 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    03:48:10.0821 2648 iaStorV - ok
    03:48:10.0922 2648 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    03:48:10.0955 2648 idsvc - ok
    03:48:11.0124 2648 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSvia64.sys
    03:48:11.0137 2648 IDSVia64 - ok
    03:48:11.0701 2648 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys
    03:48:11.0901 2648 igfx - ok
    03:48:11.0966 2648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    03:48:11.0967 2648 iirsp - ok
    03:48:12.0049 2648 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    03:48:12.0051 2648 IJPLMSVC - ok
    03:48:12.0114 2648 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    03:48:12.0128 2648 IKEEXT - ok
    03:48:12.0216 2648 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    03:48:12.0222 2648 IMFservice - ok
    03:48:12.0392 2648 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
    03:48:12.0402 2648 IntcAzAudAddService - ok
    03:48:12.0484 2648 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    03:48:12.0486 2648 IntcDAud - ok
    03:48:12.0499 2648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    03:48:12.0499 2648 intelide - ok
    03:48:12.0526 2648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    03:48:12.0527 2648 intelppm - ok
    03:48:12.0549 2648 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    03:48:12.0551 2648 IPBusEnum - ok
    03:48:12.0556 2648 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    03:48:12.0557 2648 IpFilterDriver - ok
    03:48:12.0567 2648 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    03:48:12.0568 2648 IPMIDRV - ok
    03:48:12.0574 2648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    03:48:12.0575 2648 IPNAT - ok
    03:48:12.0674 2648 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
    03:48:12.0685 2648 iPod Service - ok
    03:48:12.0712 2648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    03:48:12.0713 2648 IRENUM - ok
    03:48:12.0727 2648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    03:48:12.0728 2648 isapnp - ok
    03:48:12.0747 2648 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    03:48:12.0750 2648 iScsiPrt - ok
    03:48:12.0765 2648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    03:48:12.0765 2648 kbdclass - ok
    03:48:12.0783 2648 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    03:48:12.0783 2648 kbdhid - ok
    03:48:12.0809 2648 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    03:48:12.0810 2648 KeyIso - ok
    03:48:12.0836 2648 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    03:48:12.0838 2648 KSecDD - ok
    03:48:12.0859 2648 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    03:48:12.0860 2648 KSecPkg - ok
    03:48:12.0873 2648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    03:48:12.0874 2648 ksthunk - ok
    03:48:12.0908 2648 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    03:48:12.0911 2648 KtmRm - ok
    03:48:12.0935 2648 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    03:48:12.0938 2648 LanmanServer - ok
    03:48:12.0965 2648 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    03:48:12.0967 2648 LanmanWorkstation - ok
    03:48:13.0011 2648 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    03:48:13.0013 2648 Live Updater Service - ok
    03:48:13.0029 2648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    03:48:13.0030 2648 lltdio - ok
    03:48:13.0053 2648 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    03:48:13.0056 2648 lltdsvc - ok
    03:48:13.0063 2648 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    03:48:13.0064 2648 lmhosts - ok
    03:48:13.0135 2648 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    03:48:13.0138 2648 LMS - ok
    03:48:13.0178 2648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    03:48:13.0179 2648 LSI_FC - ok
    03:48:13.0186 2648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    03:48:13.0187 2648 LSI_SAS - ok
    03:48:13.0192 2648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    03:48:13.0193 2648 LSI_SAS2 - ok
    03:48:13.0199 2648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    03:48:13.0201 2648 LSI_SCSI - ok
    03:48:13.0224 2648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    03:48:13.0225 2648 luafv - ok
    03:48:13.0245 2648 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    03:48:13.0247 2648 Mcx2Svc - ok
    03:48:13.0251 2648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    03:48:13.0252 2648 megasas - ok
    03:48:13.0265 2648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    03:48:13.0267 2648 MegaSR - ok
    03:48:13.0283 2648 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    03:48:13.0283 2648 MEIx64 - ok
    03:48:13.0299 2648 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    03:48:13.0300 2648 MMCSS - ok
    03:48:13.0304 2648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    03:48:13.0304 2648 Modem - ok
    03:48:13.0347 2648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    03:48:13.0347 2648 monitor - ok
    03:48:13.0359 2648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    03:48:13.0360 2648 mouclass - ok
    03:48:13.0380 2648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    03:48:13.0380 2648 mouhid - ok
    03:48:13.0396 2648 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    03:48:13.0397 2648 mountmgr - ok
    03:48:13.0464 2648 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    03:48:13.0466 2648 MozillaMaintenance - ok
    03:48:13.0480 2648 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    03:48:13.0481 2648 mpio - ok
    03:48:13.0503 2648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    03:48:13.0504 2648 mpsdrv - ok
    03:48:13.0511 2648 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    03:48:13.0512 2648 MRxDAV - ok
    03:48:13.0540 2648 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    03:48:13.0542 2648 mrxsmb - ok
    03:48:13.0569 2648 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    03:48:13.0571 2648 mrxsmb10 - ok
    03:48:13.0589 2648 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    03:48:13.0590 2648 mrxsmb20 - ok
    03:48:13.0598 2648 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    03:48:13.0599 2648 msahci - ok
    03:48:13.0607 2648 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    03:48:13.0609 2648 msdsm - ok
    03:48:13.0641 2648 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    03:48:13.0643 2648 MSDTC - ok
    03:48:13.0666 2648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    03:48:13.0667 2648 Msfs - ok
    03:48:13.0679 2648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    03:48:13.0680 2648 mshidkmdf - ok
    03:48:13.0682 2648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    03:48:13.0683 2648 msisadrv - ok
    03:48:13.0714 2648 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    03:48:13.0716 2648 MSiSCSI - ok
    03:48:13.0718 2648 msiserver - ok
    03:48:13.0740 2648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    03:48:13.0741 2648 MSKSSRV - ok
    03:48:13.0749 2648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    03:48:13.0750 2648 MSPCLOCK - ok
    03:48:13.0752 2648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    03:48:13.0753 2648 MSPQM - ok
    03:48:13.0783 2648 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    03:48:13.0786 2648 MsRPC - ok
    03:48:13.0801 2648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    03:48:13.0802 2648 mssmbios - ok
    03:48:13.0826 2648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    03:48:13.0827 2648 MSTEE - ok
    03:48:13.0829 2648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    03:48:13.0830 2648 MTConfig - ok
    03:48:13.0847 2648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    03:48:13.0848 2648 Mup - ok
    03:48:13.0990 2648 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
    03:48:13.0993 2648 N360 - ok
    03:48:14.0034 2648 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    03:48:14.0048 2648 napagent - ok
    03:48:14.0085 2648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    03:48:14.0088 2648 NativeWifiP - ok
    03:48:14.0152 2648 NAUpdate (13aa2130f2a104dd775ead0f0ee5417b) C:\Program Files (x86)\Nero\Update\NASvc.exe
    03:48:14.0185 2648 NAUpdate - ok
    03:48:14.0348 2648 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120714.017\ENG64.SYS
    03:48:14.0350 2648 NAVENG - ok
    03:48:14.0438 2648 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120714.017\EX64.SYS
    03:48:14.0457 2648 NAVEX15 - ok
    03:48:14.0599 2648 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    03:48:14.0605 2648 NDIS - ok
    03:48:14.0625 2648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    03:48:14.0626 2648 NdisCap - ok
    03:48:14.0646 2648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    03:48:14.0646 2648 NdisTapi - ok
    03:48:14.0666 2648 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    03:48:14.0666 2648 Ndisuio - ok
    03:48:14.0675 2648 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    03:48:14.0676 2648 NdisWan - ok
    03:48:14.0687 2648 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    03:48:14.0688 2648 NDProxy - ok
    03:48:14.0704 2648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    03:48:14.0704 2648 NetBIOS - ok
    03:48:14.0717 2648 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    03:48:14.0719 2648 NetBT - ok
    03:48:14.0743 2648 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    03:48:14.0744 2648 Netlogon - ok
    03:48:14.0789 2648 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    03:48:14.0792 2648 Netman - ok
    03:48:14.0810 2648 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    03:48:14.0813 2648 netprofm - ok
    03:48:14.0894 2648 netr28x (5758fd37bf31e759f8610311e4d08eca) C:\Windows\system32\DRIVERS\netr28x.sys
    03:48:14.0900 2648 netr28x - ok
    03:48:14.0952 2648 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    03:48:14.0953 2648 NetTcpPortSharing - ok
    03:48:15.0023 2648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    03:48:15.0024 2648 nfrd960 - ok
    03:48:15.0055 2648 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    03:48:15.0058 2648 NlaSvc - ok
    03:48:15.0092 2648 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
    03:48:15.0093 2648 NPF - ok
    03:48:15.0107 2648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    03:48:15.0108 2648 Npfs - ok
    03:48:15.0114 2648 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    03:48:15.0115 2648 nsi - ok
    03:48:15.0138 2648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    03:48:15.0138 2648 nsiproxy - ok
    03:48:15.0231 2648 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    03:48:15.0243 2648 Ntfs - ok
    03:48:15.0275 2648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    03:48:15.0281 2648 Null - ok
    03:48:15.0323 2648 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    03:48:15.0324 2648 nvraid - ok
    03:48:15.0346 2648 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    03:48:15.0347 2648 nvstor - ok
    03:48:15.0378 2648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    03:48:15.0379 2648 nv_agp - ok
    03:48:15.0385 2648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    03:48:15.0385 2648 ohci1394 - ok
    03:48:15.0412 2648 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    03:48:15.0415 2648 p2pimsvc - ok
    03:48:15.0440 2648 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    03:48:15.0456 2648 p2psvc - ok
    03:48:15.0461 2648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    03:48:15.0462 2648 Parport - ok
    03:48:15.0496 2648 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    03:48:15.0497 2648 partmgr - ok
    03:48:15.0506 2648 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    03:48:15.0508 2648 PcaSvc - ok
    03:48:15.0529 2648 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    03:48:15.0531 2648 pci - ok
    03:48:15.0533 2648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    03:48:15.0534 2648 pciide - ok
    03:48:15.0555 2648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    03:48:15.0594 2648 pcmcia - ok
    03:48:15.0606 2648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    03:48:15.0607 2648 pcw - ok
    03:48:15.0633 2648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    03:48:15.0638 2648 PEAUTH - ok
    03:48:15.0699 2648 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    03:48:15.0716 2648 PerfHost - ok
    03:48:15.0864 2648 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    03:48:15.0880 2648 pla - ok
    03:48:15.0927 2648 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    03:48:15.0930 2648 PlugPlay - ok
    03:48:15.0942 2648 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    03:48:15.0943 2648 PNRPAutoReg - ok
    03:48:15.0979 2648 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    03:48:15.0980 2648 PNRPsvc - ok
    03:48:16.0024 2648 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    03:48:16.0037 2648 PolicyAgent - ok
    03:48:16.0060 2648 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    03:48:16.0062 2648 Power - ok
    03:48:16.0111 2648 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    03:48:16.0112 2648 PptpMiniport - ok
    03:48:16.0131 2648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    03:48:16.0132 2648 Processor - ok
    03:48:16.0159 2648 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    03:48:16.0162 2648 ProfSvc - ok
    03:48:16.0188 2648 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    03:48:16.0188 2648 ProtectedStorage - ok
    03:48:16.0209 2648 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    03:48:16.0210 2648 Psched - ok
    03:48:16.0284 2648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    03:48:16.0305 2648 ql2300 - ok
    03:48:16.0384 2648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    03:48:16.0385 2648 ql40xx - ok
    03:48:16.0408 2648 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    03:48:16.0410 2648 QWAVE - ok
    03:48:16.0430 2648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    03:48:16.0431 2648 QWAVEdrv - ok
    03:48:16.0434 2648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    03:48:16.0434 2648 RasAcd - ok
    03:48:16.0463 2648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    03:48:16.0464 2648 RasAgileVpn - ok
    03:48:16.0480 2648 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    03:48:16.0482 2648 RasAuto - ok
    03:48:16.0496 2648 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    03:48:16.0497 2648 Rasl2tp - ok
    03:48:16.0513 2648 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    03:48:16.0515 2648 RasMan - ok
    03:48:16.0551 2648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    03:48:16.0552 2648 RasPppoe - ok
    03:48:16.0564 2648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    03:48:16.0565 2648 RasSstp - ok
    03:48:16.0593 2648 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    03:48:16.0595 2648 rdbss - ok
    03:48:16.0608 2648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    03:48:16.0609 2648 rdpbus - ok
    03:48:16.0630 2648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    03:48:16.0630 2648 RDPCDD - ok
    03:48:16.0649 2648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    03:48:16.0650 2648 RDPENCDD - ok
    03:48:16.0653 2648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    03:48:16.0654 2648 RDPREFMP - ok
    03:48:16.0693 2648 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    03:48:16.0694 2648 RDPWD - ok
    03:48:16.0705 2648 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    03:48:16.0706 2648 rdyboost - ok
    03:48:16.0827 2648 RegFilter (5f9ac3243c206ec95f32e4348ae67c13) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
    03:48:16.0828 2648 RegFilter - ok
    03:48:16.0868 2648 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    03:48:16.0869 2648 RemoteAccess - ok
    03:48:16.0883 2648 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    03:48:16.0884 2648 RemoteRegistry - ok
    03:48:16.0954 2648 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
    03:48:16.0955 2648 rpcapd - ok
    03:48:16.0969 2648 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    03:48:16.0970 2648 RpcEptMapper - ok
    03:48:16.0983 2648 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    03:48:16.0984 2648 RpcLocator - ok
    03:48:17.0015 2648 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    03:48:17.0018 2648 RpcSs - ok
    03:48:17.0031 2648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    03:48:17.0033 2648 rspndr - ok
    03:48:17.0084 2648 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys
    03:48:17.0086 2648 RTL8167 - ok
    03:48:17.0102 2648 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    03:48:17.0102 2648 SamSs - ok
    03:48:17.0122 2648 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    03:48:17.0123 2648 sbp2port - ok
    03:48:17.0140 2648 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    03:48:17.0143 2648 SCardSvr - ok
    03:48:17.0157 2648 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    03:48:17.0157 2648 scfilter - ok
    03:48:17.0209 2648 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    03:48:17.0227 2648 Schedule - ok
    03:48:17.0249 2648 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    03:48:17.0249 2648 SCPolicySvc - ok
    03:48:17.0269 2648 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    03:48:17.0271 2648 SDRSVC - ok
    03:48:17.0318 2648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    03:48:17.0319 2648 secdrv - ok
    03:48:17.0337 2648 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    03:48:17.0338 2648 seclogon - ok
    03:48:17.0352 2648 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    03:48:17.0353 2648 SENS - ok
    03:48:17.0373 2648 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    03:48:17.0374 2648 SensrSvc - ok
    03:48:17.0390 2648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    03:48:17.0390 2648 Serenum - ok
    03:48:17.0398 2648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    03:48:17.0399 2648 Serial - ok
    03:48:17.0415 2648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    03:48:17.0416 2648 sermouse - ok
    03:48:17.0440 2648 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    03:48:17.0442 2648 SessionEnv - ok
    03:48:17.0445 2648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    03:48:17.0446 2648 sffdisk - ok
    03:48:17.0448 2648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    03:48:17.0449 2648 sffp_mmc - ok
    03:48:17.0451 2648 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    03:48:17.0452 2648 sffp_sd - ok
    03:48:17.0454 2648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    03:48:17.0455 2648 sfloppy - ok
    03:48:17.0486 2648 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    03:48:17.0489 2648 ShellHWDetection - ok
    03:48:17.0500 2648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    03:48:17.0501 2648 SiSRaid2 - ok
    03:48:17.0506 2648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    03:48:17.0506 2648 SiSRaid4 - ok
    03:48:17.0588 2648 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
    03:48:17.0589 2648 SkypeUpdate - ok
    03:48:17.0605 2648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    03:48:17.0607 2648 Smb - ok
    03:48:17.0626 2648 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    03:48:17.0627 2648 SNMPTRAP - ok
    03:48:17.0640 2648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    03:48:17.0641 2648 spldr - ok
    03:48:17.0672 2648 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    03:48:17.0691 2648 Spooler - ok
    03:48:17.0792 2648 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    03:48:17.0847 2648 sppsvc - ok
    03:48:17.0942 2648 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    03:48:17.0944 2648 sppuinotify - ok
    03:48:18.0074 2648 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSP64.SYS
    03:48:18.0080 2648 SRTSP - ok
    03:48:18.0108 2648 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
    03:48:18.0109 2648 SRTSPX - ok
    03:48:18.0149 2648 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    03:48:18.0164 2648 srv - ok
    03:48:18.0192 2648 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    03:48:18.0196 2648 srv2 - ok
    03:48:18.0213 2648 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    03:48:18.0215 2648 srvnet - ok
    03:48:18.0237 2648 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    03:48:18.0239 2648 SSDPSRV - ok
    03:48:18.0255 2648 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    03:48:18.0256 2648 SstpSvc - ok
    03:48:18.0291 2648 Steam Client Service - ok
    03:48:18.0318 2648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    03:48:18.0319 2648 stexstor - ok
    03:48:18.0370 2648 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    03:48:18.0392 2648 stisvc - ok
    03:48:18.0403 2648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    03:48:18.0403 2648 swenum - ok
    03:48:18.0441 2648 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    03:48:18.0454 2648 swprv - ok
    03:48:18.0552 2648 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
    03:48:18.0556 2648 SymDS - ok
    03:48:18.0698 2648 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
    03:48:18.0710 2648 SymEFA - ok
    03:48:18.0763 2648 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    03:48:18.0765 2648 SymEvent - ok
    03:48:18.0820 2648 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
    03:48:18.0822 2648 SymIRON - ok
    03:48:18.0873 2648 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS
    03:48:18.0876 2648 SymNetS - ok
    03:48:18.0958 2648 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    03:48:18.0977 2648 SysMain - ok
    03:48:19.0067 2648 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    03:48:19.0069 2648 TabletInputService - ok
    03:48:19.0291 2648 TabletServicePen (25999f2134be3ea656d1f8d50fa089e6) C:\Windows\system32\Pen_Tablet.exe
    03:48:19.0370 2648 TabletServicePen - ok
    03:48:19.0428 2648 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    03:48:19.0431 2648 TapiSrv - ok
    03:48:19.0448 2648 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    03:48:19.0449 2648 TBS - ok
    03:48:19.0568 2648 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    03:48:19.0581 2648 Tcpip - ok
    03:48:19.0683 2648 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    03:48:19.0690 2648 TCPIP6 - ok
    03:48:19.0742 2648 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    03:48:19.0743 2648 tcpipreg - ok
    03:48:19.0760 2648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    03:48:19.0760 2648 TDPIPE - ok
    03:48:19.0786 2648 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    03:48:19.0787 2648 TDTCP - ok
    03:48:19.0801 2648 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    03:48:19.0802 2648 tdx - ok
    03:48:19.0819 2648 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    03:48:19.0819 2648 TermDD - ok
    03:48:19.0863 2648 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    03:48:19.0872 2648 TermService - ok
    03:48:19.0885 2648 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    03:48:19.0886 2648 Themes - ok
    03:48:19.0900 2648 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    03:48:19.0901 2648 THREADORDER - ok
    03:48:19.0910 2648 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    03:48:19.0912 2648 TrkWks - ok
    03:48:19.0946 2648 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    03:48:19.0948 2648 TrustedInstaller - ok
    03:48:19.0965 2648 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    03:48:19.0966 2648 tssecsrv - ok
    03:48:19.0989 2648 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    03:48:19.0990 2648 TsUsbFlt - ok
    03:48:19.0994 2648 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    03:48:19.0995 2648 TsUsbGD - ok
    03:48:20.0022 2648 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    03:48:20.0023 2648 tunnel - ok
    03:48:20.0027 2648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    03:48:20.0028 2648 uagp35 - ok
    03:48:20.0058 2648 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    03:48:20.0120 2648 udfs - ok
    03:48:20.0156 2648 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    03:48:20.0157 2648 UI0Detect - ok
    03:48:20.0161 2648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    03:48:20.0162 2648 uliagpkx - ok
    03:48:20.0187 2648 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    03:48:20.0188 2648 umbus - ok
    03:48:20.0190 2648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    03:48:20.0191 2648 UmPass - ok
    03:48:20.0367 2648 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    03:48:20.0405 2648 UNS - ok
    03:48:20.0505 2648 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    03:48:20.0508 2648 upnphost - ok
    03:48:20.0589 2648 UrlFilter (241080f1b28e68f0d00f8f1066a3780d) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
    03:48:20.0590 2648 UrlFilter - ok
    03:48:20.0654 2648 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
    03:48:20.0655 2648 USBAAPL64 - ok
    03:48:20.0678 2648 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    03:48:20.0679 2648 usbccgp - ok
    03:48:20.0708 2648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    03:48:20.0709 2648 usbcir - ok
    03:48:20.0727 2648 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    03:48:20.0728 2648 usbehci - ok
    03:48:20.0763 2648 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    03:48:20.0765 2648 usbhub - ok
    03:48:20.0781 2648 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    03:48:20.0782 2648 usbohci - ok
    03:48:20.0794 2648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    03:48:20.0795 2648 usbprint - ok
    03:48:20.0827 2648 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    03:48:20.0828 2648 usbscan - ok
    03:48:20.0849 2648 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    03:48:20.0850 2648 USBSTOR - ok
    03:48:20.0875 2648 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    03:48:20.0876 2648 usbuhci - ok
    03:48:20.0889 2648 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    03:48:20.0891 2648 UxSms - ok
    03:48:20.0901 2648 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    03:48:20.0902 2648 VaultSvc - ok
    03:48:20.0938 2648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    03:48:20.0939 2648 vdrvroot - ok
    03:48:20.0977 2648 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    03:48:20.0989 2648 vds - ok
    03:48:20.0996 2648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    03:48:20.0997 2648 vga - ok
    03:48:21.0007 2648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    03:48:21.0008 2648 VgaSave - ok
    03:48:21.0018 2648 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    03:48:21.0020 2648 vhdmp - ok
    03:48:21.0022 2648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    03:48:21.0023 2648 viaide - ok
    03:48:21.0032 2648 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    03:48:21.0033 2648 volmgr - ok
    03:48:21.0057 2648 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    03:48:21.0060 2648 volmgrx - ok
    03:48:21.0072 2648 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    03:48:21.0075 2648 volsnap - ok
    03:48:21.0105 2648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    03:48:21.0106 2648 vsmraid - ok
    03:48:21.0167 2648 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    03:48:21.0192 2648 VSS - ok
    03:48:21.0282 2648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    03:48:21.0282 2648 vwifibus - ok
    03:48:21.0312 2648 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    03:48:21.0313 2648 vwififlt - ok
    03:48:21.0350 2648 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    03:48:21.0351 2648 vwifimp - ok
    03:48:21.0368 2648 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    03:48:21.0371 2648 W32Time - ok
    03:48:21.0397 2648 wacmoumonitor (37e4600e2cdad3c1a3613a25b97d457c) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    03:48:21.0398 2648 wacmoumonitor - ok
    03:48:21.0434 2648 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
    03:48:21.0434 2648 wacommousefilter - ok
    03:48:21.0437 2648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    03:48:21.0438 2648 WacomPen - ok
    03:48:21.0447 2648 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys
    03:48:21.0447 2648 wacomvhid - ok
    03:48:21.0462 2648 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys
    03:48:21.0462 2648 WacomVKHid - ok
    03:48:21.0494 2648 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    03:48:21.0495 2648 WANARP - ok
    03:48:21.0497 2648 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    03:48:21.0498 2648 Wanarpv6 - ok
    03:48:21.0594 2648 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    03:48:21.0606 2648 WatAdminSvc - ok
    03:48:21.0666 2648 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    03:48:21.0688 2648 wbengine - ok
    03:48:21.0781 2648 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    03:48:21.0783 2648 WbioSrvc - ok
    03:48:21.0809 2648 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    03:48:21.0812 2648 wcncsvc - ok
    03:48:21.0826 2648 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    03:48:21.0828 2648 WcsPlugInService - ok
    03:48:21.0861 2648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    03:48:21.0861 2648 Wd - ok
    03:48:21.0899 2648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    03:48:21.0908 2648 Wdf01000 - ok
    03:48:21.0918 2648 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    03:48:21.0919 2648 WdiServiceHost - ok
    03:48:21.0925 2648 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    03:48:21.0927 2648 WdiSystemHost - ok
    03:48:21.0939 2648 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    03:48:21.0955 2648 WebClient - ok
    03:48:21.0986 2648 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    03:48:21.0989 2648 Wecsvc - ok
    03:48:22.0000 2648 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    03:48:22.0002 2648 wercplsupport - ok
    03:48:22.0021 2648 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    03:48:22.0023 2648 WerSvc - ok
    03:48:22.0036 2648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    03:48:22.0037 2648 WfpLwf - ok
    03:48:22.0056 2648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    03:48:22.0089 2648 WIMMount - ok
    03:48:22.0092 2648 WinHttpAutoProxySvc - ok
    03:48:22.0170 2648 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    03:48:22.0171 2648 Winmgmt - ok
    03:48:22.0278 2648 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    03:48:22.0296 2648 WinRM - ok
    03:48:22.0414 2648 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    03:48:22.0415 2648 WinUsb - ok
    03:48:22.0464 2648 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    03:48:22.0478 2648 Wlansvc - ok
    03:48:22.0525 2648 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    03:48:22.0527 2648 wlcrasvc - ok
    03:48:22.0657 2648 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    03:48:22.0692 2648 wlidsvc - ok
    03:48:22.0741 2648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    03:48:22.0742 2648 WmiAcpi - ok
    03:48:22.0799 2648 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    03:48:22.0801 2648 wmiApSrv - ok
    03:48:22.0825 2648 WMPNetworkSvc - ok
    03:48:22.0845 2648 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    03:48:22.0847 2648 WPCSvc - ok
    03:48:22.0862 2648 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    03:48:22.0864 2648 WPDBusEnum - ok
    03:48:22.0878 2648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    03:48:22.0878 2648 ws2ifsl - ok
    03:48:22.0880 2648 WSearch - ok
    03:48:22.0950 2648 WTouchService (21903f2fc8f70c1fc2aaaa2f06c2c665) C:\Program Files\WTouch\WTouchService.exe
    03:48:22.0952 2648 WTouchService - ok
    03:48:23.0078 2648 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    03:48:23.0120 2648 wuauserv - ok
    03:48:23.0214 2648 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    03:48:23.0215 2648 WudfPf - ok
    03:48:23.0232 2648 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    03:48:23.0234 2648 WUDFRd - ok
    03:48:23.0250 2648 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    03:48:23.0252 2648 wudfsvc - ok
    03:48:23.0275 2648 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    03:48:23.0333 2648 WwanSvc - ok
    03:48:23.0392 2648 X6va005 - ok
    03:48:23.0435 2648 X6va008 - ok
    03:48:23.0453 2648 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
    03:48:23.0455 2648 xusb21 - ok
    03:48:23.0491 2648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    03:48:23.0659 2648 \Device\Harddisk0\DR0 - ok
    03:48:23.0660 2648 Boot (0x1200) (c7e6f22c8c0781caa951123ce1e23175) \Device\Harddisk0\DR0\Partition0
    03:48:23.0661 2648 \Device\Harddisk0\DR0\Partition0 - ok
    03:48:23.0668 2648 Boot (0x1200) (a994c9a0cf4a5376a3d827b6e8dbd8ce) \Device\Harddisk0\DR0\Partition1
    03:48:23.0670 2648 \Device\Harddisk0\DR0\Partition1 - ok
    03:48:23.0670 2648 ============================================================
    03:48:23.0670 2648 Scan finished
    03:48:23.0670 2648 ============================================================
    03:48:23.0675 2640 Detected object count: 0
    03:48:23.0675 2640 Actual detected object count: 0
    03:51:10.0030 2560 ============================================================
    03:51:10.0030 2560 Scan started
    03:51:10.0030 2560 Mode: Manual;
    03:51:10.0030 2560 ============================================================
    03:51:11.0175 2560 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    03:51:11.0176 2560 1394ohci - ok
    03:51:11.0256 2560 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    03:51:11.0258 2560 ACPI - ok
    03:51:11.0363 2560 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    03:51:11.0363 2560 AcpiPmi - ok
    03:51:11.0533 2560 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    03:51:11.0534 2560 AdobeARMservice - ok
    03:51:12.0114 2560 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    03:51:12.0115 2560 AdobeFlashPlayerUpdateSvc - ok
    03:51:12.0157 2560 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    03:51:12.0159 2560 adp94xx - ok
    03:51:12.0182 2560 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    03:51:12.0184 2560 adpahci - ok
    03:51:12.0193 2560 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    03:51:12.0193 2560 adpu320 - ok
    03:51:12.0225 2560 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    03:51:12.0226 2560 AeLookupSvc - ok
    03:51:12.0272 2560 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    03:51:12.0274 2560 AFD - ok
    03:51:12.0296 2560 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    03:51:12.0297 2560 agp440 - ok
    03:51:12.0308 2560 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    03:51:12.0308 2560 ALG - ok
    03:51:12.0317 2560 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    03:51:12.0317 2560 aliide - ok
    03:51:12.0319 2560 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    03:51:12.0320 2560 amdide - ok
    03:51:12.0324 2560 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    03:51:12.0325 2560 AmdK8 - ok
    03:51:12.0329 2560 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    03:51:12.0329 2560 AmdPPM - ok
    03:51:12.0356 2560 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    03:51:12.0357 2560 amdsata - ok
    03:51:12.0375 2560 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    03:51:12.0375 2560 amdsbs - ok
    03:51:12.0394 2560 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    03:51:12.0395 2560 amdxata - ok
    03:51:12.0418 2560 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    03:51:12.0419 2560 AppID - ok
    03:51:12.0431 2560 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    03:51:12.0431 2560 AppIDSvc - ok
    03:51:12.0452 2560 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    03:51:12.0452 2560 Appinfo - ok
    03:51:12.0547 2560 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    03:51:12.0548 2560 Apple Mobile Device - ok
    03:51:12.0553 2560 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    03:51:12.0554 2560 arc - ok
    03:51:12.0559 2560 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    03:51:12.0559 2560 arcsas - ok
    03:51:12.0571 2560 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    03:51:12.0571 2560 AsyncMac - ok
    03:51:12.0578 2560 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    03:51:12.0578 2560 atapi - ok
    03:51:12.0630 2560 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    03:51:12.0632 2560 AudioEndpointBuilder - ok
    03:51:12.0637 2560 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    03:51:12.0640 2560 AudioSrv - ok
    03:51:12.0667 2560 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    03:51:12.0667 2560 AxInstSV - ok
    03:51:12.0710 2560 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    03:51:12.0712 2560 b06bdrv - ok
    03:51:12.0739 2560 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    03:51:12.0740 2560 b57nd60a - ok
    03:51:12.0759 2560 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    03:51:12.0760 2560 BDESVC - ok
    03:51:12.0773 2560 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    03:51:12.0773 2560 Beep - ok
    03:51:12.0946 2560 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
    03:51:12.0951 2560 BHDrvx64 - ok
    03:51:13.0008 2560 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    03:51:13.0012 2560 BITS - ok
    03:51:13.0063 2560 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
    03:51:13.0063 2560 blbdrive - ok
    03:51:13.0150 2560 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    03:51:13.0152 2560 Bonjour Service - ok
    03:51:13.0171 2560 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    03:51:13.0171 2560 bowser - ok
    03:51:13.0187 2560 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    03:51:13.0188 2560 BrFiltLo - ok
    03:51:13.0190 2560 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    03:51:13.0190 2560 BrFiltUp - ok
    03:51:13.0215 2560 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    03:51:13.0216 2560 Browser - ok
    03:51:13.0229 2560 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    03:51:13.0230 2560 Brserid - ok
    03:51:13.0233 2560 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    03:51:13.0234 2560 BrSerWdm - ok
    03:51:13.0237 2560 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    03:51:13.0237 2560 BrUsbMdm - ok
    03:51:13.0240 2560 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    03:51:13.0240 2560 BrUsbSer - ok
    03:51:13.0266 2560 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    03:51:13.0266 2560 BTHMODEM - ok
    03:51:13.0292 2560 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    03:51:13.0292 2560 bthserv - ok
    03:51:13.0358 2560 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
    03:51:13.0359 2560 ccSet_N360 - ok
    03:51:13.0377 2560 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    03:51:13.0377 2560 cdfs - ok
    03:51:13.0393 2560 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    03:51:13.0394 2560 cdrom - ok
    03:51:13.0658 2560 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    03:51:13.0658 2560 CertPropSvc - ok
    03:51:13.0680 2560 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    03:51:13.0680 2560 circlass - ok
    03:51:13.0820 2560 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    03:51:13.0821 2560 CLFS - ok
    03:51:14.0493 2560 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    03:51:14.0494 2560 clr_optimization_v2.0.50727_32 - ok
    03:51:14.0811 2560 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    03:51:14.0812 2560 clr_optimization_v2.0.50727_64 - ok
    03:51:14.0881 2560 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    03:51:14.0882 2560 clr_optimization_v4.0.30319_32 - ok
    03:51:14.0935 2560 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    03:51:14.0936 2560 clr_optimization_v4.0.30319_64 - ok
    03:51:14.0959 2560 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    03:51:14.0959 2560 CmBatt - ok
    03:51:14.0963 2560 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    03:51:14.0963 2560 cmdide - ok
    03:51:15.0013 2560 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    03:51:15.0014 2560 CNG - ok
    03:51:15.0046 2560 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    03:51:15.0047 2560 Compbatt - ok
    03:51:15.0118 2560 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    03:51:15.0118 2560 CompositeBus - ok
    03:51:15.0121 2560 COMSysApp - ok
    03:51:15.0195 2560 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe
    03:51:15.0196 2560 cphs - ok
    03:51:15.0200 2560 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    03:51:15.0200 2560 crcdisk - ok
    03:51:15.0271 2560 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    03:51:15.0272 2560 CryptSvc - ok
    03:51:15.0316 2560 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    03:51:15.0318 2560 DcomLaunch - ok
    03:51:15.0376 2560 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    03:51:15.0377 2560 defragsvc - ok
    03:51:15.0405 2560 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    03:51:15.0405 2560 DfsC - ok
    03:51:15.0419 2560 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    03:51:15.0421 2560 Dhcp - ok
    03:51:15.0598 2560 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    03:51:15.0598 2560 discache - ok
    03:51:15.0690 2560 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    03:51:15.0690 2560 Disk - ok
    03:51:15.0710 2560 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    03:51:15.0711 2560 Dnscache - ok
    03:51:16.0328 2560 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    03:51:16.0329 2560 dot3svc - ok
    03:51:16.0679 2560 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    03:51:16.0680 2560 DPS - ok
    03:51:16.0699 2560 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    03:51:16.0699 2560 drmkaud - ok
    03:51:16.0784 2560 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    03:51:16.0788 2560 DXGKrnl - ok
    03:51:16.0790 2560 EagleX64 - ok
    03:51:17.0385 2560 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    03:51:17.0386 2560 EapHost - ok
    03:51:17.0736 2560 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    03:51:17.0749 2560 ebdrv - ok
    03:51:18.0077 2560 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    03:51:18.0079 2560 eeCtrl - ok
    03:51:18.0187 2560 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    03:51:18.0188 2560 EFS - ok
    03:51:18.0258 2560 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    03:51:18.0261 2560 ehRecvr - ok
    03:51:18.0295 2560 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    03:51:18.0296 2560 ehSched - ok
    03:51:18.0343 2560 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    03:51:18.0345 2560 elxstor - ok
    03:51:18.0423 2560 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    03:51:18.0423 2560 EraserUtilRebootDrv - ok
    03:51:18.0426 2560 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    03:51:18.0427 2560 ErrDev - ok
    03:51:18.0446 2560 EtronHub3 (cfba28fab72e6a39add71d958f219648) C:\Windows\system32\Drivers\EtronHub3.sys
    03:51:18.0447 2560 EtronHub3 - ok
    03:51:18.0467 2560 EtronXHCI (0241ce183139ff15cea7234058ccf995) C:\Windows\system32\Drivers\EtronXHCI.sys
    03:51:18.0467 2560 EtronXHCI - ok
    03:51:18.0501 2560 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    03:51:18.0503 2560 EventSystem - ok
    03:51:18.0539 2560 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    03:51:18.0540 2560 exfat - ok
    03:51:18.0556 2560 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    03:51:18.0557 2560 fastfat - ok
    03:51:18.0598 2560 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    03:51:18.0601 2560 Fax - ok
    03:51:18.0604 2560 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    03:51:18.0604 2560 fdc - ok
    03:51:18.0629 2560 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    03:51:18.0629 2560 fdPHost - ok
    03:51:18.0635 2560 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    03:51:18.0636 2560 FDResPub - ok
    03:51:18.0657 2560 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    03:51:18.0657 2560 FileInfo - ok
    03:51:18.0781 2560 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
    03:51:18.0781 2560 FileMonitor - ok
    03:51:18.0816 2560 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    03:51:18.0817 2560 Filetrace - ok
    03:51:18.0927 2560 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    03:51:18.0927 2560 flpydisk - ok
    03:51:18.0998 2560 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    03:51:18.0999 2560 FltMgr - ok
    03:51:19.0085 2560 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    03:51:19.0089 2560 FontCache - ok
    03:51:19.0164 2560 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    03:51:19.0164 2560 FontCache3.0.0.0 - ok
    03:51:19.0203 2560 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    03:51:19.0203 2560 FsDepends - ok
    03:51:19.0225 2560 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    03:51:19.0225 2560 Fs_Rec - ok
    03:51:19.0244 2560 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    03:51:19.0245 2560 fvevol - ok
    03:51:19.0269 2560 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    03:51:19.0269 2560 gagp30kx - ok
    03:51:19.0322 2560 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    03:51:19.0323 2560 GamesAppService - ok
    03:51:19.0358 2560 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    03:51:19.0358 2560 GEARAspiWDM - ok
    03:51:19.0409 2560 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    03:51:19.0412 2560 gpsvc - ok
    03:51:19.0469 2560 GREGService (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    03:51:19.0469 2560 GREGService - ok
    03:51:19.0600 2560 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    03:51:19.0601 2560 gupdate - ok
    03:51:19.0603 2560 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    03:51:19.0604 2560 gupdatem - ok
    03:51:20.0202 2560 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    03:51:20.0203 2560 gusvc - ok
    03:51:20.0665 2560 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    03:51:20.0665 2560 hcw85cir - ok
    03:51:20.0743 2560 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    03:51:20.0744 2560 HdAudAddService - ok
    03:51:20.0762 2560 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    03:51:20.0763 2560 HDAudBus - ok
    03:51:20.0766 2560 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    03:51:20.0766 2560 HidBatt - ok
    03:51:20.0773 2560 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    03:51:20.0773 2560 HidBth - ok
    03:51:20.0777 2560 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    03:51:20.0777 2560 HidIr - ok
    03:51:20.0794 2560 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    03:51:20.0795 2560 hidserv - ok
    03:51:20.0801 2560 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    03:51:20.0801 2560 HidUsb - ok
    03:51:20.0824 2560 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    03:51:20.0825 2560 hkmsvc - ok
    03:51:20.0845 2560 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    03:51:20.0847 2560 HomeGroupListener - ok
    03:51:20.0873 2560 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    03:51:20.0874 2560 HomeGroupProvider - ok
    03:51:20.0880 2560 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    03:51:20.0880 2560 HpSAMD - ok
    03:51:20.0928 2560 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    03:51:20.0931 2560 HTTP - ok
    03:51:20.0961 2560 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    03:51:20.0962 2560 hwpolicy - ok
    03:51:20.0968 2560 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    03:51:20.0968 2560 i8042prt - ok
    03:51:20.0988 2560 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
    03:51:20.0990 2560 iaStor - ok
    03:51:21.0059 2560 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    03:51:21.0059 2560 IAStorDataMgrSvc - ok
    03:51:21.0195 2560 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    03:51:21.0197 2560 iaStorV - ok
    03:51:22.0407 2560 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    03:51:22.0410 2560 idsvc - ok
    03:51:22.0568 2560 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSvia64.sys
    03:51:22.0570 2560 IDSVia64 - ok
    03:51:23.0284 2560 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys
    03:51:23.0341 2560 igfx - ok
    03:51:23.0410 2560 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    03:51:23.0411 2560 iirsp - ok
    03:51:24.0179 2560 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    03:51:24.0179 2560 IJPLMSVC - ok
    03:51:24.0325 2560 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    03:51:24.0329 2560 IKEEXT - ok
    03:51:24.0405 2560 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    03:51:24.0409 2560 IMFservice - ok
    03:51:24.0592 2560 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
    03:51:24.0602 2560 IntcAzAudAddService - ok
    03:51:24.0684 2560 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    03:51:24.0686 2560 IntcDAud - ok
    03:51:24.0699 2560 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    03:51:24.0699 2560 intelide - ok
    03:51:24.0715 2560 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    03:51:24.0715 2560 intelppm - ok
    03:51:24.0739 2560 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    03:51:24.0740 2560 IPBusEnum - ok
    03:51:24.0745 2560 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    03:51:24.0745 2560 IpFilterDriver - ok
    03:51:24.0750 2560 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    03:51:24.0751 2560 IPMIDRV - ok
    03:51:24.0762 2560 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    03:51:24.0763 2560 IPNAT - ok
    03:51:24.0874 2560 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
    03:51:24.0878 2560 iPod Service - ok
    03:51:24.0890 2560 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    03:51:24.0890 2560 IRENUM - ok
    03:51:24.0893 2560 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    03:51:24.0894 2560 isapnp - ok
    03:51:24.0914 2560 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    03:51:24.0916 2560 iScsiPrt - ok
    03:51:24.0931 2560 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    03:51:24.0932 2560 kbdclass - ok
    03:51:24.0938 2560 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    03:51:24.0939 2560 kbdhid - ok
    03:51:25.0020 2560 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    03:51:25.0021 2560 KeyIso - ok
    03:51:25.0047 2560 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    03:51:25.0048 2560 KSecDD - ok
    03:51:25.0069 2560 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    03:51:25.0070 2560 KSecPkg - ok
    03:51:25.0084 2560 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    03:51:25.0085 2560 ksthunk - ok
    03:51:25.0119 2560 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    03:51:25.0122 2560 KtmRm - ok
    03:51:25.0158 2560 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    03:51:25.0160 2560 LanmanServer - ok
    03:51:25.0177 2560 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    03:51:25.0178 2560 LanmanWorkstation - ok
    03:51:25.0221 2560 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    03:51:25.0222 2560 Live Updater Service - ok
    03:51:25.0240 2560 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    03:51:25.0241 2560 lltdio - ok
    03:51:25.0264 2560 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    03:51:25.0266 2560 lltdsvc - ok
    03:51:25.0274 2560 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    03:51:25.0275 2560 lmhosts - ok
    03:51:25.0346 2560 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    03:51:25.0347 2560 LMS - ok
    03:51:25.0367 2560 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    03:51:25.0368 2560 LSI_FC - ok
    03:51:25.0375 2560 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    03:51:25.0375 2560 LSI_SAS - ok
    03:51:25.0385 2560 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    03:51:25.0385 2560 LSI_SAS2 - ok
    03:51:25.0391 2560 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    03:51:25.0392 2560 LSI_SCSI - ok
    03:51:25.0435 2560 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    03:51:25.0436 2560 luafv - ok
    03:51:25.0457 2560 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    03:51:25.0457 2560 Mcx2Svc - ok
    03:51:25.0461 2560 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    03:51:25.0461 2560 megasas - ok
    03:51:25.0474 2560 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    03:51:25.0475 2560 MegaSR - ok
    03:51:25.0493 2560 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    03:51:25.0494 2560 MEIx64 - ok
    03:51:25.0522 2560 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    03:51:25.0522 2560 MMCSS - ok
    03:51:25.0526 2560 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    03:51:25.0526 2560 Modem - ok
    03:51:25.0558 2560 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    03:51:25.0558 2560 monitor - ok
    03:51:25.0570 2560 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    03:51:25.0571 2560 mouclass - ok
    03:51:25.0580 2560 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    03:51:25.0580 2560 mouhid - ok
    03:51:25.0596 2560 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    03:51:25.0596 2560 mountmgr - ok
    03:51:25.0631 2560 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    03:51:25.0631 2560 MozillaMaintenance - ok
    03:51:25.0646 2560 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    03:51:25.0647 2560 mpio - ok
    03:51:25.0658 2560 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    03:51:25.0659 2560 mpsdrv - ok
    03:51:25.0666 2560 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    03:51:25.0667 2560 MRxDAV - ok
    03:51:26.0216 2560 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    03:51:26.0216 2560 mrxsmb - ok
    03:51:26.0236 2560 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    03:51:26.0237 2560 mrxsmb10 - ok
    03:51:26.0255 2560 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    03:51:26.0256 2560 mrxsmb20 - ok
    03:51:26.0264 2560 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    03:51:26.0265 2560 msahci - ok
    03:51:26.0273 2560 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    03:51:26.0274 2560 msdsm - ok
    03:51:26.0297 2560 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    03:51:26.0298 2560 MSDTC - ok
    03:51:26.0311 2560 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    03:51:26.0311 2560 Msfs - ok
    03:51:26.0323 2560 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    03:51:26.0324 2560 mshidkmdf - ok
    03:51:26.0326 2560 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    03:51:26.0326 2560 msisadrv - ok
    03:51:26.0347 2560 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    03:51:26.0349 2560 MSiSCSI - ok
    03:51:26.0357 2560 msiserver - ok
    03:51:26.0360 2560 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    03:51:26.0361 2560 MSKSSRV - ok
    03:51:26.0363 2560 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    03:51:26.0363 2560 MSPCLOCK - ok
    03:51:26.0367 2560 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    03:51:26.0367 2560 MSPQM - ok
    03:51:26.0406 2560 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    03:51:26.0407 2560 MsRPC - ok
    03:51:26.0424 2560 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    03:51:26.0424 2560 mssmbios - ok
    03:51:26.0437 2560 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    03:51:26.0437 2560 MSTEE - ok
    03:51:26.0445 2560 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    03:51:26.0445 2560 MTConfig - ok
    03:51:26.0458 2560 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    03:51:26.0458 2560 Mup - ok
    03:51:26.0590 2560 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
    03:51:26.0591 2560 N360 - ok
    03:51:26.0689 2560 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    03:51:26.0692 2560 napagent - ok
    03:51:26.0730 2560 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    03:51:26.0731 2560 NativeWifiP - ok
    03:51:26.0796 2560 NAUpdate (13aa2130f2a104dd775ead0f0ee5417b) C:\Program Files (x86)\Nero\Update\NASvc.exe
    03:51:26.0798 2560 NAUpdate - ok
    03:51:27.0003 2560 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120714.017\ENG64.SYS
    03:51:27.0004 2560 NAVENG - ok
    03:51:27.0103 2560 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120714.017\EX64.SYS
    03:51:27.0111 2560 NAVEX15 - ok
    03:51:27.0254 2560 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    03:51:27.0258 2560 NDIS - ok
    03:51:27.0270 2560 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    03:51:27.0270 2560 NdisCap - ok
    03:51:27.0279 2560 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    03:51:27.0279 2560 NdisTapi - ok
    03:51:27.0288 2560 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    03:51:27.0288 2560 Ndisuio - ok
    03:51:27.0296 2560 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    03:51:27.0297 2560 NdisWan - ok
    03:51:27.0309 2560 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    03:51:27.0310 2560 NDProxy - ok
    03:51:27.0326 2560 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    03:51:27.0326 2560 NetBIOS - ok
    03:51:27.0338 2560 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    03:51:27.0339 2560 NetBT - ok
    03:51:27.0365 2560 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    03:51:27.0366 2560 Netlogon - ok
    03:51:27.0400 2560 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    03:51:27.0402 2560 Netman - ok
    03:51:27.0420 2560 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    03:51:27.0423 2560 netprofm - ok
    03:51:27.0495 2560 netr28x (5758fd37bf31e759f8610311e4d08eca) C:\Windows\system32\DRIVERS\netr28x.sys
    03:51:27.0501 2560 netr28x - ok
    03:51:27.0563 2560 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    03:51:27.0564 2560 NetTcpPortSharing - ok
    03:51:27.0601 2560 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    03:51:27.0602 2560 nfrd960 - ok
    03:51:27.0632 2560 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    03:51:27.0634 2560 NlaSvc - ok
    03:51:27.0659 2560 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
    03:51:27.0659 2560 NPF - ok
    03:51:27.0674 2560 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    03:51:27.0674 2560 Npfs - ok
    03:51:27.0692 2560 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    03:51:27.0692 2560 nsi - ok
    03:51:27.0704 2560 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    03:51:27.0705 2560 nsiproxy - ok
    03:51:27.0803 2560 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    03:51:27.0809 2560 Ntfs - ok
    03:51:27.0836 2560 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    03:51:27.0837 2560 Null - ok
    03:51:27.0867 2560 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    03:51:27.0868 2560 nvraid - ok
    03:51:27.0901 2560 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    03:51:27.0902 2560 nvstor - ok
    03:51:27.0923 2560 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    03:51:27.0924 2560 nv_agp - ok
    03:51:27.0929 2560 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    03:51:27.0929 2560 ohci1394 - ok
    03:51:27.0956 2560 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    03:51:27.0958 2560 p2pimsvc - ok
    03:51:27.0984 2560 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    03:51:27.0986 2560 p2psvc - ok
    03:51:27.0991 2560 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    03:51:27.0992 2560 Parport - ok
    03:51:28.0018 2560 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    03:51:28.0019 2560 partmgr - ok
    03:51:28.0028 2560 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    03:51:28.0029 2560 PcaSvc - ok
    03:51:28.0051 2560 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    03:51:28.0052 2560 pci - ok
    03:51:28.0054 2560 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    03:51:28.0055 2560 pciide - ok
    03:51:28.0099 2560 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    03:51:28.0100 2560 pcmcia - ok
    03:51:28.0118 2560 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    03:51:28.0118 2560 pcw - ok
    03:51:28.0153 2560 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    03:51:28.0155 2560 PEAUTH - ok
    03:51:28.0287 2560 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    03:51:28.0288 2560 PerfHost - ok
    03:51:28.0456 2560 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    03:51:28.0463 2560 pla - ok
    03:51:28.0517 2560 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    03:51:28.0519 2560 PlugPlay - ok
    03:51:28.0531 2560 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    03:51:28.0532 2560 PNRPAutoReg - ok
    03:51:28.0568 2560 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    03:51:28.0569 2560 PNRPsvc - ok
    03:51:28.0613 2560 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    03:51:28.0615 2560 PolicyAgent - ok
    03:51:28.0638 2560 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    03:51:28.0639 2560 Power - ok
    03:51:28.0666 2560 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    03:51:28.0667 2560 PptpMiniport - ok
    03:51:28.0686 2560 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    03:51:28.0687 2560 Processor - ok
    03:51:28.0715 2560 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    03:51:28.0716 2560 ProfSvc - ok
    03:51:28.0743 2560 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    03:51:28.0744 2560 ProtectedStorage - ok
    03:51:28.0764 2560 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    03:51:28.0765 2560 Psched - ok
    03:51:28.0835 2560 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    03:51:28.0842 2560 ql2300 - ok
    03:51:28.0918 2560 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    03:51:28.0919 2560 ql40xx - ok
    03:51:28.0942 2560 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    03:51:28.0943 2560 QWAVE - ok
    03:51:28.0964 2560 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    03:51:28.0964 2560 QWAVEdrv - ok
    03:51:28.0967 2560 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    03:51:28.0967 2560 RasAcd - ok
    03:51:28.0997 2560 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    03:51:28.0997 2560 RasAgileVpn - ok
    03:51:29.0013 2560 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    03:51:29.0014 2560 RasAuto - ok
    03:51:29.0030 2560 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    03:51:29.0031 2560 Rasl2tp - ok
    03:51:29.0047 2560 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    03:51:29.0049 2560 RasMan - ok
    03:51:29.0062 2560 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    03:51:29.0063 2560 RasPppoe - ok
    03:51:29.0075 2560 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    03:51:29.0076 2560 RasSstp - ok
    03:51:29.0115 2560 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    03:51:29.0116 2560 rdbss - ok
    03:51:29.0130 2560 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    03:51:29.0130 2560 rdpbus - ok
    03:51:29.0141 2560 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    03:51:29.0141 2560 RDPCDD - ok
    03:51:29.0149 2560 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    03:51:29.0150 2560 RDPENCDD - ok
    03:51:29.0153 2560 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    03:51:29.0153 2560 RDPREFMP - ok
    03:51:29.0192 2560 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    03:51:29.0193 2560 RDPWD - ok
    03:51:29.0204 2560 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    03:51:29.0205 2560 rdyboost - ok
    03:51:29.0305 2560 RegFilter (5f9ac3243c206ec95f32e4348ae67c13) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
    03:51:29.0305 2560 RegFilter - ok
    03:51:29.0334 2560 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    03:51:29.0335 2560 RemoteAccess - ok
    03:51:29.0349 2560 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    03:51:29.0351 2560 RemoteRegistry - ok
    03:51:29.0376 2560 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
    03:51:29.0376 2560 rpcapd - ok
    03:51:29.0391 2560 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    03:51:29.0392 2560 RpcEptMapper - ok
    03:51:29.0405 2560 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    03:51:29.0406 2560 RpcLocator - ok
    03:51:29.0438 2560 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    03:51:29.0440 2560 RpcSs - ok
    03:51:29.0454 2560 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    03:51:29.0454 2560 rspndr - ok
    03:51:29.0506 2560 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys
    03:51:29.0508 2560 RTL8167 - ok
    03:51:29.0524 2560 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    03:51:29.0525 2560 SamSs - ok
    03:51:29.0544 2560 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    03:51:29.0545 2560 sbp2port - ok
    03:51:29.0563 2560 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    03:51:29.0564 2560 SCardSvr - ok
    03:51:29.0579 2560 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    03:51:29.0579 2560 scfilter - ok
    03:51:29.0642 2560 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    03:51:29.0647 2560 Schedule - ok
    03:51:29.0671 2560 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    03:51:29.0671 2560 SCPolicySvc - ok
    03:51:29.0692 2560 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    03:51:29.0693 2560 SDRSVC - ok
    03:51:29.0729 2560 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    03:51:29.0729 2560 secdrv - ok
    03:51:29.0748 2560 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    03:51:29.0749 2560 seclogon - ok
    03:51:29.0763 2560 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    03:51:29.0764 2560 SENS - ok
    03:51:29.0784 2560 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    03:51:29.0785 2560 SensrSvc - ok
    03:51:29.0787 2560 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    03:51:29.0788 2560 Serenum - ok
    03:51:29.0804 2560 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    03:51:29.0804 2560 Serial - ok
    03:51:29.0807 2560 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    03:51:29.0808 2560 sermouse - ok
    03:51:29.0829 2560 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    03:51:29.0831 2560 SessionEnv - ok
    03:51:29.0833 2560 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    03:51:29.0834 2560 sffdisk - ok
    03:51:29.0836 2560 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    03:51:29.0836 2560 sffp_mmc - ok
    03:51:29.0839 2560 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    03:51:29.0839 2560 sffp_sd - ok
    03:51:29.0842 2560 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    03:51:29.0842 2560 sfloppy - ok
    03:51:29.0875 2560 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    03:51:29.0877 2560 ShellHWDetection - ok
    03:51:29.0881 2560 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    03:51:29.0881 2560 SiSRaid2 - ok
    03:51:29.0886 2560 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    03:51:29.0886 2560 SiSRaid4 - ok
    03:51:29.0943 2560 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
    03:51:29.0944 2560 SkypeUpdate - ok
    03:51:29.0950 2560 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    03:51:29.0950 2560 Smb - ok
    03:51:29.0970 2560 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    03:51:29.0971 2560 SNMPTRAP - ok
    03:51:29.0984 2560 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    03:51:29.0985 2560 spldr - ok
    03:51:30.0006 2560 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    03:51:30.0009 2560 Spooler - ok
    03:51:30.0194 2560 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    03:51:30.0209 2560 sppsvc - ok
    03:51:30.0320 2560 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    03:51:30.0321 2560 sppuinotify - ok
    03:51:30.0442 2560 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSP64.SYS
    03:51:30.0444 2560 SRTSP - ok
    03:51:30.0474 2560 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
    03:51:30.0475 2560 SRTSPX - ok
    03:51:30.0516 2560 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    03:51:30.0517 2560 srv - ok
    03:51:30.0570 2560 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    03:51:30.0571 2560 srv2 - ok
    03:51:30.0591 2560 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    03:51:30.0592 2560 srvnet - ok
    03:51:30.0601 2560 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    03:51:30.0603 2560 SSDPSRV - ok
    03:51:30.0621 2560 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    03:51:30.0622 2560 SstpSvc - ok
    03:51:30.0669 2560 Steam Client Service - ok
    03:51:30.0729 2560 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    03:51:30.0729 2560 stexstor - ok
    03:51:30.0854 2560 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    03:51:30.0857 2560 stisvc - ok
    03:51:30.0903 2560 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    03:51:30.0903 2560 swenum - ok
    03:51:30.0942 2560 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    03:51:30.0944 2560 swprv - ok
    03:51:31.0053 2560 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
    03:51:31.0055 2560 SymDS - ok
    03:51:31.0209 2560 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
    03:51:31.0213 2560 SymEFA - ok
    03:51:31.0253 2560 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    03:51:31.0254 2560 SymEvent - ok
    03:51:31.0308 2560 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
    03:51:31.0309 2560 SymIRON - ok
    03:51:31.0362 2560 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS
    03:51:31.0364 2560 SymNetS - ok
    03:51:31.0445 2560 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    03:51:31.0453 2560 SysMain - ok
    03:51:31.0545 2560 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    03:51:31.0546 2560 TabletInputService - ok
    03:51:31.0749 2560 TabletServicePen (25999f2134be3ea656d1f8d50fa089e6) C:\Windows\system32\Pen_Tablet.exe
    03:51:31.0770 2560 TabletServicePen - ok
    03:51:31.0828 2560 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    03:51:31.0829 2560 TapiSrv - ok
    03:51:31.0837 2560 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    03:51:31.0838 2560 TBS - ok
    03:51:31.0957 2560 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    03:51:31.0965 2560 Tcpip - ok
    03:51:32.0097 2560 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    03:51:32.0105 2560 TCPIP6 - ok
    03:51:32.0197 2560 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    03:51:32.0198 2560 tcpipreg - ok
    03:51:32.0215 2560 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    03:51:32.0216 2560 TDPIPE - ok
    03:51:32.0242 2560 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    03:51:32.0242 2560 TDTCP - ok
    03:51:32.0257 2560 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    03:51:32.0257 2560 tdx - ok
    03:51:32.0274 2560 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    03:51:32.0275 2560 TermDD - ok
    03:51:32.0321 2560 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    03:51:32.0324 2560 TermService - ok
    03:51:32.0395 2560 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    03:51:32.0396 2560 Themes - ok
    03:51:32.0444 2560 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    03:51:32.0445 2560 THREADORDER - ok
    03:51:32.0466 2560 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    03:51:32.0467 2560 TrkWks - ok
    03:51:32.0523 2560 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    03:51:32.0524 2560 TrustedInstaller - ok
    03:51:32.0543 2560 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    03:51:32.0543 2560 tssecsrv - ok
    03:51:32.0556 2560 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    03:51:32.0556 2560 TsUsbFlt - ok
    03:51:32.0560 2560 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    03:51:32.0560 2560 TsUsbGD - ok
    03:51:32.0577 2560 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    03:51:32.0578 2560 tunnel - ok
    03:51:32.0583 2560 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    03:51:32.0583 2560 uagp35 - ok
    03:51:32.0598 2560 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    03:51:32.0599 2560 udfs - ok
    03:51:32.0644 2560 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    03:51:32.0646 2560 UI0Detect - ok
    03:51:32.0650 2560 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    03:51:32.0650 2560 uliagpkx - ok
    03:51:32.0665 2560 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    03:51:32.0665 2560 umbus - ok
    03:51:32.0668 2560 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    03:51:32.0668 2560 UmPass - ok
    03:51:32.0879 2560 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    03:51:32.0889 2560 UNS - ok
    03:51:33.0017 2560 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    03:51:33.0019 2560 upnphost - ok
    03:51:33.0100 2560 UrlFilter (241080f1b28e68f0d00f8f1066a3780d) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
    03:51:33.0100 2560 UrlFilter - ok
    03:51:33.0363 2560 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
    03:51:33.0364 2560 USBAAPL64 - ok
    03:51:33.0411 2560 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    03:51:33.0412 2560 usbccgp - ok
    03:51:33.0761 2560 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    03:51:33.0761 2560 usbcir - ok
    03:51:33.0782 2560 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    03:51:33.0783 2560 usbehci - ok
    03:51:33.0850 2560 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    03:51:33.0851 2560 usbhub - ok
    03:51:33.0870 2560 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    03:51:33.0870 2560 usbohci - ok
    03:51:33.0894 2560 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    03:51:33.0895 2560 usbprint - ok
    03:51:33.0949 2560 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    03:51:33.0950 2560 usbscan - ok
    03:51:33.0971 2560 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    03:51:33.0972 2560 USBSTOR - ok
    03:51:34.0008 2560 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    03:51:34.0008 2560 usbuhci - ok
    03:51:34.0045 2560 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    03:51:34.0046 2560 UxSms - ok
    03:51:34.0065 2560 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    03:51:34.0066 2560 VaultSvc - ok
    03:51:34.0072 2560 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    03:51:34.0072 2560 vdrvroot - ok
    03:51:34.0110 2560 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    03:51:34.0113 2560 vds - ok
    03:51:34.0174 2560 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    03:51:34.0175 2560 vga - ok
    03:51:34.0196 2560 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    03:51:34.0196 2560 VgaSave - ok
    03:51:34.0207 2560 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    03:51:34.0208 2560 vhdmp - ok
    03:51:34.0211 2560 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    03:51:34.0211 2560 viaide - ok
    03:51:34.0221 2560 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    03:51:34.0221 2560 volmgr - ok
    03:51:34.0247 2560 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    03:51:34.0249 2560 volmgrx - ok
    03:51:34.0284 2560 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    03:51:34.0285 2560 volsnap - ok
    03:51:34.0327 2560 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    03:51:34.0328 2560 vsmraid - ok
    03:51:34.0398 2560 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    03:51:34.0405 2560 VSS - ok
    03:51:34.0560 2560 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    03:51:34.0560 2560 vwifibus - ok
    03:51:34.0568 2560 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    03:51:34.0568 2560 vwififlt - ok
    03:51:34.0584 2560 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    03:51:34.0584 2560 vwifimp - ok
    03:51:34.0601 2560 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    03:51:34.0603 2560 W32Time - ok
    03:51:34.0630 2560 wacmoumonitor (37e4600e2cdad3c1a3613a25b97d457c) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    03:51:34.0631 2560 wacmoumonitor - ok
    03:51:34.0656 2560 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
    03:51:34.0656 2560 wacommousefilter - ok
    03:51:34.0659 2560 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    03:51:34.0660 2560 WacomPen - ok
    03:51:34.0669 2560 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys
    03:51:34.0670 2560 wacomvhid - ok
    03:51:34.0706 2560 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys
    03:51:34.0706 2560 WacomVKHid - ok
    03:51:34.0728 2560 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    03:51:34.0728 2560 WANARP - ok
    03:51:34.0730 2560 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    03:51:34.0730 2560 Wanarpv6 - ok
    03:51:34.0828 2560 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    03:51:34.0833 2560 WatAdminSvc - ok
    03:51:34.0913 2560 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    03:51:34.0919 2560 wbengine - ok
    03:51:35.0003 2560 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    03:51:35.0005 2560 WbioSrvc - ok
    03:51:35.0031 2560 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    03:51:35.0033 2560 wcncsvc - ok
    03:51:35.0048 2560 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    03:51:35.0049 2560 WcsPlugInService - ok
    03:51:35.0067 2560 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    03:51:35.0067 2560 Wd - ok
    03:51:35.0099 2560 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    03:51:35.0102 2560 Wdf01000 - ok
    03:51:35.0117 2560 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    03:51:35.0119 2560 WdiServiceHost - ok
    03:51:35.0121 2560 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    03:51:35.0122 2560 WdiSystemHost - ok
    03:51:35.0134 2560 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    03:51:35.0136 2560 WebClient - ok
    03:51:35.0184 2560 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    03:51:35.0186 2560 Wecsvc - ok
    03:51:35.0288 2560 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    03:51:35.0290 2560 wercplsupport - ok
    03:51:35.0299 2560 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    03:51:35.0300 2560 WerSvc - ok
    03:51:35.0314 2560 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    03:51:35.0314 2560 WfpLwf - ok
    03:51:35.0317 2560 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    03:51:35.0318 2560 WIMMount - ok
    03:51:35.0321 2560 WinHttpAutoProxySvc - ok
    03:51:35.0370 2560 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    03:51:35.0371 2560 Winmgmt - ok
    03:51:35.0477 2560 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    03:51:35.0486 2560 WinRM - ok
    03:51:35.0647 2560 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    03:51:35.0648 2560 WinUsb - ok
    03:51:35.0698 2560 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    03:51:35.0702 2560 Wlansvc - ok
    03:51:35.0770 2560 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    03:51:35.0770 2560 wlcrasvc - ok
    03:51:35.0902 2560 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    03:51:35.0911 2560 wlidsvc - ok
    03:51:35.0963 2560 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    03:51:35.0964 2560 WmiAcpi - ok
    03:51:36.0021 2560 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    03:51:36.0022 2560 wmiApSrv - ok
    03:51:36.0052 2560 WMPNetworkSvc - ok
    03:51:36.0090 2560 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    03:51:36.0091 2560 WPCSvc - ok
    03:51:36.0106 2560 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    03:51:36.0108 2560 WPDBusEnum - ok
    03:51:36.0188 2560 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    03:51:36.0189 2560 ws2ifsl - ok
    03:51:36.0191 2560 WSearch - ok
    03:51:36.0250 2560 WTouchService (21903f2fc8f70c1fc2aaaa2f06c2c665) C:\Program Files\WTouch\WTouchService.exe
    03:51:36.0251 2560 WTouchService - ok
    03:51:36.0433 2560 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    03:51:36.0444 2560 wuauserv - ok
    03:51:36.0536 2560 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    03:51:36.0536 2560 WudfPf - ok
    03:51:36.0554 2560 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    03:51:36.0555 2560 WUDFRd - ok
    03:51:36.0572 2560 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    03:51:36.0573 2560 wudfsvc - ok
    03:51:36.0597 2560 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    03:51:36.0599 2560 WwanSvc - ok
    03:51:36.0628 2560 X6va005 - ok
    03:51:36.0669 2560 X6va008 - ok
    03:51:36.0698 2560 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
    03:51:36.0698 2560 xusb21 - ok
    03:51:36.0713 2560 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    03:51:36.0882 2560 \Device\Harddisk0\DR0 - ok
    03:51:36.0884 2560 Boot (0x1200) (c7e6f22c8c0781caa951123ce1e23175) \Device\Harddisk0\DR0\Partition0
    03:51:36.0885 2560 \Device\Harddisk0\DR0\Partition0 - ok
    03:51:36.0891 2560 Boot (0x1200) (a994c9a0cf4a5376a3d827b6e8dbd8ce) \Device\Harddisk0\DR0\Partition1
    03:51:36.0892 2560 \Device\Harddisk0\DR0\Partition1 - ok
    03:51:36.0892 2560 ============================================================
    03:51:36.0892 2560 Scan finished
    03:51:36.0892 2560 ============================================================
    03:51:36.0897 2056 Detected object count: 0
    03:51:36.0897 2056 Actual detected object count: 0
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,847
    next step

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  6. Sotike

    Sotike Thread Starter

    Joined:
    Jul 18, 2012
    Messages:
    12
    ComboFix 12-07-21.01 - Sotike 07/22/2012 1:09.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6048.4801 [GMT -5:00]
    Running from: c:\users\Sotike\Desktop\username123.exe.exe
    Command switches used :: c:\users\Sotike\Desktop\username123.exe.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\I Want This
    c:\program files (x86)\I Want This\I Want This.ico
    c:\users\Sotike\AppData\Local\tubhmifm.exe
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\chrome.manifest
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\chrome\content\background.html
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\chrome\content\browser.xul
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\chrome\content\crossrider.js
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\chrome\content\crossriderapi.js
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\chrome\content\dialog.js
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\chrome\content\options.js
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\chrome\content\options.xul
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\chrome\content\search_dialog.xul
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\chrome\content\update.html
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\defaults\preferences\prefs.js
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\install.rdf
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\locale\en-US\translations.dtd
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\button1.png
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\button2.png
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\button3.png
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\button4.png
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\button5.png
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\crossrider_statusbar.png
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\icon128.png
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\icon16.png
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\icon24.png
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\icon48.png
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\panelarrow-up.png
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\popup.html
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\popup_binding.xml
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\skin.css
    c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\extensions\[email protected]\skin\update.css
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\@
    c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\L\00000004.@
    c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\L\1afb2d56
    c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\L\201d3dde
    c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\00000004.@
    c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\00000008.@
    c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\000000cb.@
    c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\80000000.@
    c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\80000032.@
    c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\80000064.@
    .
    Infected copy of c:\windows\system32\services.exe was found and disinfected
    Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy1_!Windows!System32!services.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-22 06:21 . 2012-07-22 06:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-13 05:16 . 2012-07-13 05:16 -------- d-----w- c:\users\Sotike\AppData\Roaming\IObit
    2012-07-13 05:16 . 2012-07-13 05:16 -------- d-----w- c:\program files (x86)\IObit
    2012-07-13 03:23 . 2012-07-13 03:23 -------- d-----w- c:\users\Sotike\AppData\Local\ElevatedDiagnostics
    2012-07-12 17:53 . 2012-07-12 17:53 -------- d-----w- c:\windows\SysWow64\drivers\AVG
    2012-07-11 05:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 04:22 . 2012-07-13 04:41 -------- d-----w- c:\users\Sotike\AppData\Local\NPE
    2012-07-11 04:21 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-07-11 04:14 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 04:14 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 04:14 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-11 04:14 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-07-11 04:14 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2012-07-11 04:14 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2012-07-11 04:12 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-07-11 04:12 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 04:12 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-07-11 04:12 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 04:12 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-11 04:12 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-07-11 04:12 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-07-11 04:12 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-07-11 04:12 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-07-11 02:46 . 2012-07-11 02:46 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\program files\Symantec
    2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\windows\system32\drivers\N360x64
    2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\program files (x86)\Norton 360
    2012-07-11 01:00 . 2012-07-11 01:00 -------- d-----w- c:\program files (x86)\NortonInstaller
    2012-07-09 07:16 . 2012-07-09 07:16 -------- d-----w- c:\users\Sotike\AppData\Local\libimobiledevice
    2012-07-09 06:52 . 2012-07-09 06:52 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    2012-07-05 05:26 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-05 05:26 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-07-03 19:50 . 2012-07-03 19:50 -------- d-----w- c:\users\Mari\AppData\Roaming\TuneUp Software
    2012-07-03 09:46 . 2012-07-03 09:46 -------- d-----w- c:\users\Sotike\AppData\Roaming\TuneUp Software
    2012-07-03 09:46 . 2012-07-03 09:46 -------- d-----w- c:\programdata\TuneUp Software
    2012-07-03 09:46 . 2012-07-03 09:46 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 04:41 . 2012-04-03 02:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-12 04:41 . 2011-07-15 08:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 05:19 . 2011-12-16 03:31 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-04 09:25 . 2012-06-04 09:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F8B20A0-5A56-453D-A1D0-7FF15B4D193D}\offreg.dll
    2012-06-02 22:19 . 2012-06-21 22:13 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 22:14 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 22:14 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 22:14 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 22:13 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 22:14 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 22:13 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-21 22:13 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:15 . 2012-06-21 22:13 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-08 17:02 . 2012-06-01 16:37 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F8B20A0-5A56-453D-A1D0-7FF15B4D193D}\mpengine.dll
    2012-05-04 11:06 . 2012-06-14 01:04 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-14 01:04 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-14 01:04 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40 . 2012-06-14 01:04 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 03:55 . 2012-06-14 01:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:41 . 2012-06-14 01:04 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 05:41 . 2012-06-14 01:04 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:34 . 2012-06-14 01:04 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 05:37 . 2012-06-14 01:04 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 05:37 . 2012-06-14 01:04 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-24 05:37 . 2012-06-14 01:04 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36 . 2012-06-14 01:04 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36 . 2012-06-14 01:04 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36 . 2012-06-14 01:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
    "Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-07-02 4473728]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
    @="[6cFgE][S?û?d, ?ìdeô ??d gª?è ¢o?tr?l?è?š !!! !!! !]"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
    @="Portable Media Devices"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
    R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-25 18216]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736]
    R3 X6va005;X6va005;c:\users\Sotike\AppData\Local\Temp\0055FD6.tmp [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSvia64.sys [2012-07-10 509088]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-05-30 36456]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
    S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
    S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-07-15 5414184]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-07-15 127272]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-11 138912]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-06-30 54784]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-06-30 77696]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-19 1488448]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 04:41]
    .
    2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000Core.job
    - c:\users\Sotike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 04:48]
    .
    2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000UA.job
    - c:\users\Sotike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 04:48]
    .
    2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 05:42]
    .
    2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 05:42]
    .
    2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000Core.job
    - c:\users\Sotike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 02:56]
    .
    2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000UA.job
    - c:\users\Sotike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 02:56]
    .
    2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1003Core.job
    - c:\users\Mari\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26 18:39]
    .
    2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1003UA.job
    - c:\users\Mari\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26 18:39]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.babylon.com/?affID=109936&tt=100512_4_&babsrc=HP_ss&mntrId=9ef66ed300000000000074de2b170474
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.bing.com/?pc=MAGW
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &Compress Image Using Image Compressor 2008 - c:\program files (x86)\MasRizal\IMC2008\imcieex_compress.html
    TCP: DhcpNameServer = 192.168.15.1
    FF - ProfilePath - c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109936&tt=100512_4_
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 9ef66ed300000000000074de2b170474
    FF - user.js: extensions.BabylonToolbar_i.hardId - 9ef66ed300000000000074de2b170474
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15472
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:15
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    SafeBoot-drmkaud
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Sotike\AppData\Local\Temp\0055FD6.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-22 01:35:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-22 06:35
    .
    Pre-Run: 874,964,787,200 bytes free
    Post-Run: 875,076,337,664 bytes free
    .
    - - End Of File - - 4D85C92C29B22C808C8B6D92CF023263
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,847
    that should have cleared the patched trojan and rootkit you had
    now to clear up teh adware junk it dropped ( babylon & datamanager)
    you appear to have MBAM installed so update it & run a full scan & let it fix everything it finds
    post back with its log
     
  8. Sotike

    Sotike Thread Starter

    Joined:
    Jul 18, 2012
    Messages:
    12
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.22.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Sotike :: MITZUKI [administrator]

    7/22/2012 8:17:13 AM
    mbam-log-2012-07-22 (08-17-13).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 416407
    Time elapsed: 52 minute(s), 12 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Qoobox\Quarantine\C\Users\Sotike\AppData\Local\tubhmifm.exe.vir (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Users\Sotike\Downloads\quicktime setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
    C:\Users\Sotike\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

    (end)
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,847
    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
     

    Attached Files:

  10. Sotike

    Sotike Thread Starter

    Joined:
    Jul 18, 2012
    Messages:
    12
    ComboFix 12-07-21.01 - Sotike 07/22/2012 14:07:08.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6048.4343 [GMT -5:00]
    Running from: c:\users\Sotike\Desktop\username123.exe.exe
    Command switches used :: c:\users\Sotike\Desktop\CFScript.txt
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\progra~2\WI3C8A~1
    c:\progra~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
    c:\progra~2\WI3C8A~1\Datamngr\BrowserConnection.dll
    c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll
    c:\progra~2\WI3C8A~1\Datamngr\datamngrUI.exe
    c:\progra~2\WI3C8A~1\Datamngr\DnsBHO.dll
    c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\as_guid.dat
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\bandoocode.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\data\search\engines.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\data\search\search.xsl
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\about.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\external.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\vmncode.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\neterror.xhtml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\partner.coupons.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\preferences.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\radiobeta.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\template.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\toolbar.htm
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\toolbar.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\vmncode.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\babylon_logo.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\bandoo.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\bluelite.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\bluesky.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-search-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-search.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-settings.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-widgets.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn_settings.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\ca.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\dictionary.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\divider.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\downloadcom.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\dtxlogo.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\ebay.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\email.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\email_on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\facebook.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\games.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred0.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred0_5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred1.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred1_5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred2.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred2_5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred3.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred3_5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred4.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred4_5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphredna.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\grey.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\ico-shield.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_games.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_radio_png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_seperator_png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_twitter.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_youtube.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\images.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\imesh.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\add.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\aol.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\blank.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\chevron.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\collapse.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\comcast.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\dtx.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\expand.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\found.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\gmail.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\imap.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\lock.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\modify.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\move.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\pop.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\reload.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\remove.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\rename.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\rss.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\search-go.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\search.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lichen.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\logo-about.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\logo-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\logo-separator.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\logo.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\mail.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\maps.bmp
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\modify-save.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\modify.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\modifyhot.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\music.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\news.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-main.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-search.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-weather.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\orange.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\pixsy.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\protect-id.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta.ico
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\relatedlinks.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-collapse.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-delete.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-expand.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-feed.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-folder.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-found.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-reload.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rssback.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rsstopback.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\search-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\search.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\search_button_over_png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\search_button_png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\settings.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\shopping.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\siteinfo.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-lichen.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-orange.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-yellow.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\technorati.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\throbber.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\translate.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\video.bmp
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\vmn.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\vmn.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\weather.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\web.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\wikipedia.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\yahoosearch.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\yellow.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\youtube.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\zoom.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\components\windowmediator.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\dtUser.exe
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\manifest.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchquband.dll
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\uninstall.exe
    c:\progra~2\WI3C8A~1\Datamngr\x64\BrowserConnection.dll
    c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll
    c:\progra~2\WI3C8A~1\Datamngr\x64\datamngrUI.exe
    c:\progra~2\WI3C8A~1\Datamngr\x64\DnsBHO.dll
    c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
    c:\progra~2\WI3C8A~1\sysid.ini
    c:\progra~2\WI3C8A~1\uninstall.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-22 19:16 . 2012-07-22 19:16 -------- d-----w- c:\users\Mari\AppData\Local\temp
    2012-07-22 19:16 . 2012-07-22 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-22 19:16 . 2012-07-22 19:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-07-13 05:16 . 2012-07-13 05:16 -------- d-----w- c:\users\Sotike\AppData\Roaming\IObit
    2012-07-13 05:16 . 2012-07-13 05:16 -------- d-----w- c:\program files (x86)\IObit
    2012-07-13 03:23 . 2012-07-13 03:23 -------- d-----w- c:\users\Sotike\AppData\Local\ElevatedDiagnostics
    2012-07-12 17:53 . 2012-07-12 17:53 -------- d-----w- c:\windows\SysWow64\drivers\AVG
    2012-07-11 05:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 04:22 . 2012-07-13 04:41 -------- d-----w- c:\users\Sotike\AppData\Local\NPE
    2012-07-11 04:21 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-07-11 04:14 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 04:14 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 04:14 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-11 04:14 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-07-11 04:14 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2012-07-11 04:14 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2012-07-11 04:12 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-07-11 04:12 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 04:12 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-07-11 04:12 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 04:12 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-11 04:12 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-07-11 04:12 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-07-11 04:12 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-07-11 04:12 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-07-11 02:46 . 2012-07-11 02:46 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\program files\Symantec
    2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\windows\system32\drivers\N360x64
    2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\program files (x86)\Norton 360
    2012-07-11 01:00 . 2012-07-11 01:00 -------- d-----w- c:\program files (x86)\NortonInstaller
    2012-07-09 07:16 . 2012-07-09 07:16 -------- d-----w- c:\users\Sotike\AppData\Local\libimobiledevice
    2012-07-09 06:52 . 2012-07-09 06:52 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    2012-07-05 05:26 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-05 05:26 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-07-03 19:50 . 2012-07-03 19:50 -------- d-----w- c:\users\Mari\AppData\Roaming\TuneUp Software
    2012-07-03 09:46 . 2012-07-03 09:46 -------- d-----w- c:\users\Sotike\AppData\Roaming\TuneUp Software
    2012-07-03 09:46 . 2012-07-03 09:46 -------- d-----w- c:\programdata\TuneUp Software
    2012-07-03 09:46 . 2012-07-03 09:46 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 04:41 . 2012-04-03 02:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-12 04:41 . 2011-07-15 08:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 05:19 . 2011-12-16 03:31 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-03 18:46 . 2012-06-03 20:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-04 09:25 . 2012-06-04 09:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F8B20A0-5A56-453D-A1D0-7FF15B4D193D}\offreg.dll
    2012-06-02 22:19 . 2012-06-21 22:13 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 22:14 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 22:14 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 22:14 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 22:13 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 22:14 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 22:13 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-21 22:13 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:15 . 2012-06-21 22:13 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-08 17:02 . 2012-06-01 16:37 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F8B20A0-5A56-453D-A1D0-7FF15B4D193D}\mpengine.dll
    2012-05-04 11:06 . 2012-06-14 01:04 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-14 01:04 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-14 01:04 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40 . 2012-06-14 01:04 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 03:55 . 2012-06-14 01:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:41 . 2012-06-14 01:04 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 05:41 . 2012-06-14 01:04 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:34 . 2012-06-14 01:04 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 05:37 . 2012-06-14 01:04 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 05:37 . 2012-06-14 01:04 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-24 05:37 . 2012-06-14 01:04 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36 . 2012-06-14 01:04 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36 . 2012-06-14 01:04 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36 . 2012-06-14 01:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-22_06.23.07 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2012-07-22 19:00 74116 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-22 19:00 36534 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2012-07-22 06:05 36534 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-12-07 05:09 . 2012-07-22 19:00 18842 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3035520170-2446295505-2384992205-1000_UserData.bin
    + 2011-12-22 01:54 . 2012-07-22 06:37 3046 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    - 2012-07-22 06:22 . 2012-07-22 06:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-22 19:17 . 2012-07-22 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-07-22 06:22 . 2012-07-22 06:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-22 19:17 . 2012-07-22 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:01 . 2012-07-22 06:22 285152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-22 19:16 285152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-07-17 22:32 . 2012-07-17 22:32 7919616 c:\windows\Installer\adbf.msi
    + 2011-12-07 08:31 . 2012-07-22 19:16 32651140 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3035520170-2446295505-2384992205-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
    "Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-07-02 4473728]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
    @="[6cFgE][S?û?d, ?ìdeô ??d gª?è ¢o?tr?l?è?š !!! !!! !]"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
    @="Portable Media Devices"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
    R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-25 18216]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736]
    R3 X6va005;X6va005;c:\users\Sotike\AppData\Local\Temp\0055FD6.tmp [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120720.001\IDSvia64.sys [2012-07-10 509088]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-05-30 36456]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
    S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
    S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-07-15 5414184]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-07-15 127272]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-11 138912]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-06-30 54784]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-06-30 77696]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-19 1488448]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 04:41]
    .
    2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000Core.job
    - c:\users\Sotike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 04:48]
    .
    2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000UA.job
    - c:\users\Sotike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 04:48]
    .
    2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 05:42]
    .
    2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 05:42]
    .
    2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000Core.job
    - c:\users\Sotike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 02:56]
    .
    2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000UA.job
    - c:\users\Sotike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 02:56]
    .
    2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1003Core.job
    - c:\users\Mari\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26 18:39]
    .
    2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1003UA.job
    - c:\users\Mari\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26 18:39]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.bing.com/?pc=MAGW
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &Compress Image Using Image Compressor 2008 - c:\program files (x86)\MasRizal\IMC2008\imcieex_compress.html
    TCP: DhcpNameServer = 192.168.15.1
    FF - ProfilePath - c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
    AddRemove-Windows Searchqu Toolbar - c:\program files (x86)\Windows iLivid Toolbar\uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Sotike\AppData\Local\Temp\0055FD6.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-22 14:22:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-22 19:22
    ComboFix2.txt 2012-07-22 06:35
    .
    Pre-Run: 874,150,375,424 bytes free
    Post-Run: 874,069,962,752 bytes free
    .
    - - End Of File - - C6B1800238A8A7093076981A5AAED148
     
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,847
    that should have got it all

    are you having any problems still
     
  12. Sotike

    Sotike Thread Starter

    Joined:
    Jul 18, 2012
    Messages:
    12
    No, no troubles whatsoever to report!
    Thank you so much for taking the time to help me solve this problem!
    I am really grateful for what you did, Thanks so much!
     
  13. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,847
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/online/ for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  14. Sotike

    Sotike Thread Starter

    Joined:
    Jul 18, 2012
    Messages:
    12
    I tried uninstalling Combofix with the method prescribed but instead it launched the program and asked if I wanted to update to the newest version and for me to turn off my antivirus protection. Also when I tried doing it instead in my start menu (I have a Window 7 computer) it tells me "Windows cannot find 'username123.exe.exe'. Make sure you typed the name correctly, and then try again." and when I typed out username123.exe.exe /uninstall, nothing shows up.
     
  15. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,847
    use this line in the run boix

    "c:\users\Sotike\Desktop\username123.exe.exe" /uninstall
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1061532