1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win 32 alurean.fo

Discussion in 'Virus & Other Malware Removal' started by PaGrrl, Jul 31, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. PaGrrl

    PaGrrl Thread Starter

    Joined:
    May 8, 2007
    Messages:
    34
    Hi there, My computer found this virus it wouldnt let me delete it so I had to quarantine it. But I still seem to be having trouble with the computer. Slow and acts different. Also redirects me when I try to go somewhere it takes me another place.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:26:12 AM, on 7/31/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Constant Guard Protection Suite\IDVault.exe
    C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Tanya\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/?a=DgVJWLEGFh
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.716.0\NativeBHO.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
    O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll
    O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [EPSON NX110 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE /FU "C:\Users\Tanya\AppData\Local\Temp\E_S5C0D.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [EPSON NX110 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE /FU "C:\Windows\TEMP\E_S3481.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Tanya\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

    --
    End of file - 7458 bytes




    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Tanya at 1:27:59 on 2012-07-31
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3573.1044 [GMT -4:00]
    .
    AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Constant Guard Protection Suite\IDVault.exe
    C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conhost.exe
    C:\Users\Tanya\AppData\Local\Facebook\Update\FacebookUpdate.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mystart.incredimail.com/?a=DgVJWLEGFh
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\programdata\white sky, inc\id vault\iebho1.1.716.0\NativeBHO.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: TBSB07898 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\coupons.com couponbar\tbcore3.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
    TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - c:\program files\coupons.com couponbar\tbcore3.dll
    TB: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [AdobeBridge]
    uRun: [EPSON NX110 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifba.exe /fu "c:\users\tanya\appdata\local\temp\E_S5C0D.tmp" /EF "HKCU"
    uRun: [EPSON NX110 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifba.exe /fu "c:\windows\temp\E_S3481.tmp" /EF "HKCU"
    uRun: [Facebook Update] "c:\users\tanya\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{ED7302B1-BE3B-45A3-B442-C03EF67E3CE3} : DhcpNameServer = 75.75.76.76 75.75.75.75
    mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\tanya\appdata\roaming\mozilla\firefox\profiles\flca98ga.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
    FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?src_id=30182&client_id=f8b8ba561f641a9b9c5e4ca8&camp_id=3353&install_time=2012-06-04T02:54:09Z&pr=auto&tb_version=1.0.17000(G)&q=
    FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\users\tanya\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-1-22 56496]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-1-22 12464]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
    R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2012-1-11 25232]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120728.001\IDSvix86.sys [2012-7-30 382624]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0502020.003\symnets.sys [2012-7-16 299640]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-6-7 176128]
    R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-7-18 66160]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-9-23 641832]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-6-1 185856]
    R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-6-4 115808]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-5-22 148800]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-1-11 394856]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-21 1262400]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2012-1-11 70272]
    S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-10-26 8853504]
    S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-10-26 264192]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2012-1-11 149632]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-1-11 211984]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 113120]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-13 1343400]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
    .
    =============== Created Last 30 ================
    .
    2012-07-29 15:24:30 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3d45e049-1138-4efe-abd6-266fed836f46}\mpengine.dll
    2012-07-27 15:20:30 -------- d-----w- c:\users\tanya\appdata\local\Symantec
    2012-07-17 01:47:15 -------- d-----w- c:\users\tanya\appdata\roaming\Microsoft Games
    2012-07-17 01:47:09 60200 ------r- c:\program files\microsoft games\zoo tycoon 2\SetupENU3.dll
    2012-07-17 01:47:08 -------- d-----w- c:\program files\common files\Microsoft Games
    2012-07-17 01:43:15 60216 ------w- c:\program files\microsoft games\zoo tycoon 2\SetupENU2.dll
    2012-07-17 01:40:03 -------- d-----w- c:\programdata\Microsoft Games
    2012-07-16 20:05:40 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys
    2012-07-16 20:05:40 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys
    2012-07-16 20:05:40 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys
    2012-07-16 20:05:40 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys
    2012-07-16 20:05:40 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys
    2012-07-16 20:05:40 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys
    2012-07-16 20:05:29 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003
    2012-07-11 07:00:55 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-07-09 03:31:46 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
    2012-07-09 03:31:38 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    ==================== Find3M ====================
    .
    2012-07-27 12:10:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-27 12:10:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll
    2012-05-15 09:28:49 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll
    2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll
    2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll
    2012-05-15 06:21:50 423744 ----a-w- c:\windows\system32\nvStreaming.exe
    .
    ============= FINISH: 1:29:16.91 ===============





    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-31 01:46:25
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD5000AADS-00S9B0 rev.01.00A01
    Running: mmvsr5ug.exe; Driver: C:\Users\Tanya\AppData\Local\Temp\ugloapod.sys


    ---- System - GMER 1.0.15 ----

    SSDT 88DFD3C8 ZwAlertResumeThread
    SSDT 89260788 ZwAlertThread
    SSDT 892613E8 ZwAllocateVirtualMemory
    SSDT 87D69AB8 ZwAlpcConnectPort
    SSDT 89259160 ZwAssignProcessToJobObject
    SSDT 88DFD480 ZwCreateMutant
    SSDT 8926C2B0 ZwCreateSymbolicLinkObject
    SSDT 89266868 ZwCreateThread
    SSDT 8926C340 ZwCreateThreadEx
    SSDT 8925E368 ZwDebugActiveProcess
    SSDT 8797AD10 ZwDuplicateObject
    SSDT 89084988 ZwFreeVirtualMemory
    SSDT 884B4280 ZwImpersonateAnonymousToken
    SSDT 8797EDC0 ZwImpersonateThread
    SSDT 87D6AFD0 ZwLoadDriver
    SSDT 8926AEF0 ZwMapViewOfSection
    SSDT 8790A6C0 ZwOpenEvent
    SSDT 891815A8 ZwOpenProcess
    SSDT 87AC4490 ZwOpenProcessToken
    SSDT 8926A4D0 ZwOpenSection
    SSDT 891FEB50 ZwOpenThread
    SSDT 89266990 ZwProtectVirtualMemory
    SSDT 89260DE0 ZwResumeThread
    SSDT 89253610 ZwSetContextThread
    SSDT 89255AC8 ZwSetInformationProcess
    SSDT 8925B7E0 ZwSetSystemInformation
    SSDT 891295B0 ZwSuspendProcess
    SSDT 89258380 ZwSuspendThread
    SSDT 891765D0 ZwTerminateProcess
    SSDT 89255130 ZwTerminateThread
    SSDT 891AB5A8 ZwUnmapViewOfSection
    SSDT 89263758 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 830793C9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B2D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 830B9D90 6 Bytes [C8, D3, DF, 88, 88, 07] {ENTER 0xdfd3, 0x88; MOV [EDI], AL}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10E2 830B9D97 1 Byte [89]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 830B9DA8 2 Bytes CALL C494C3C0
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10F6 830B9DAB 1 Byte [89]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 830B9DB4 4 Bytes [B8, 9A, D6, 87]
    .text ...
    ? C:\Users\Tanya\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    .text autochk.exe 003211D3 5 Bytes [FF, D5, 03, 10, 53] {CALL EBP; ADD EDX, [EAX]; PUSH EBX}
    .text autochk.exe 003211DA 1 Byte [2F]
    .text autochk.exe 003211DA 3 Bytes [2F, 00, 10] {DAS ; ADD [EAX], DL}
    .text autochk.exe 003211E0 1 Byte [07]
    .text autochk.exe 003211E4 1 Byte [09]
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[2192] ntdll.dll!NtWriteFile 77036A68 5 Bytes JMP 00013E39
    .text C:\Windows\system32\svchost.exe[2192] kernel32.dll!SetUnhandledExceptionFilter 754FF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Windows\system32\svchost.exe[2192] USER32.dll!GetCursorPos 76ABA4B3 5 Bytes JMP 000147A7
    .text C:\Windows\system32\svchost.exe[2192] USER32.dll!GetForegroundWindow 76AC335D 5 Bytes JMP 00014856
    .text C:\Windows\system32\svchost.exe[2192] USER32.dll!IsWindowVisible 76AC4D69 5 Bytes JMP 0001487D
    .text C:\Windows\system32\svchost.exe[2192] USER32.dll!WindowFromPoint 76AE6BE9 5 Bytes JMP 000147F6
    .text C:\Windows\system32\svchost.exe[2192] USER32.dll!MessageBoxIndirectW 76B0E963 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
    .text C:\Windows\system32\svchost.exe[2192] WS2_32.dll!GetAddrInfoW 76C64889 5 Bytes JMP 00014743
    .text C:\Windows\system32\svchost.exe[2192] ole32.dll!CoGetClassObject 756A54AD 5 Bytes JMP 0001494A
    .text C:\Windows\system32\svchost.exe[2192] ole32.dll!CoCreateInstance 756B9D0B 5 Bytes JMP 00014974
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3816] ntdll.dll!LdrGetProcedureAddress + 26 77052239 7 Bytes JMP 5E0AB52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3816] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 754F93D6 7 Bytes JMP 5E35B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3816] kernel32.dll!QueryPerformanceCounter + 13 754FC435 7 Bytes JMP 5E35B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3816] GDI32.dll!GetViewportOrgEx + 26C 76F1884B 7 Bytes JMP 5E35B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. PaGrrl

    PaGrrl Thread Starter

    Joined:
    May 8, 2007
    Messages:
    34
    Now its starting to freeze shut down and do things it shouldnt be doing. So does anyone have any ideas? I posted a couple of days ago and still have not got a reply
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Hello PaGrrl and welcome to TSG,

    I'm kevinf80 and I will be helping with any malware issues you may have with your system.

    • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
    • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
    • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
    • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.

    Please proceed as follows :-

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Doubleclick on [​IMG] to run the application.
    • The "Ready to scan" window will open, Click on "Change parameters"


      [​IMG]

    • Place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.



      [​IMG]

    • Select "Start Scan"


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Kevin
     
  4. PaGrrl

    PaGrrl Thread Starter

    Joined:
    May 8, 2007
    Messages:
    34
    Hey Kevin thanks for taking the time to help me. I did what you asked and here is the log.


    22:43:05.0985 7992 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    22:43:06.0552 7992 ============================================================
    22:43:06.0552 7992 Current date / time: 2012/08/02 22:43:06.0552
    22:43:06.0552 7992 SystemInfo:
    22:43:06.0552 7992
    22:43:06.0552 7992 OS Version: 6.1.7601 ServicePack: 1.0
    22:43:06.0552 7992 Product type: Workstation
    22:43:06.0552 7992 ComputerName: PIXIE-PC
    22:43:06.0552 7992 UserName: Tanya
    22:43:06.0552 7992 Windows directory: C:\Windows
    22:43:06.0552 7992 System windows directory: C:\Windows
    22:43:06.0552 7992 Processor architecture: Intel x86
    22:43:06.0552 7992 Number of processors: 2
    22:43:06.0552 7992 Page size: 0x1000
    22:43:06.0552 7992 Boot type: Normal boot
    22:43:06.0552 7992 ============================================================
    22:43:08.0807 7992 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    22:43:08.0808 7992 ============================================================
    22:43:08.0808 7992 \Device\Harddisk0\DR0:
    22:43:08.0808 7992 MBR partitions:
    22:43:08.0808 7992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
    22:43:08.0808 7992 ============================================================
    22:43:08.0827 7992 C: <-> \Device\Harddisk0\DR0\Partition0
    22:43:08.0827 7992 ============================================================
    22:43:08.0827 7992 Initialize success
    22:43:08.0827 7992 ============================================================
    22:43:44.0787 6220 ============================================================
    22:43:44.0787 6220 Scan started
    22:43:44.0787 6220 Mode: Manual;
    22:43:44.0787 6220 ============================================================
    22:43:45.0283 6220 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    22:43:45.0285 6220 1394ohci - ok
    22:43:45.0311 6220 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    22:43:45.0314 6220 ACPI - ok
    22:43:45.0332 6220 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    22:43:45.0333 6220 AcpiPmi - ok
    22:43:45.0421 6220 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    22:43:45.0422 6220 AdobeARMservice - ok
    22:43:45.0529 6220 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    22:43:45.0531 6220 AdobeFlashPlayerUpdateSvc - ok
    22:43:45.0578 6220 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
    22:43:45.0583 6220 adp94xx - ok
    22:43:45.0610 6220 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
    22:43:45.0614 6220 adpahci - ok
    22:43:45.0636 6220 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
    22:43:45.0638 6220 adpu320 - ok
    22:43:45.0691 6220 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    22:43:45.0693 6220 AeLookupSvc - ok
    22:43:45.0730 6220 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    22:43:45.0734 6220 AFD - ok
    22:43:45.0761 6220 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    22:43:45.0763 6220 agp440 - ok
    22:43:45.0818 6220 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
    22:43:45.0820 6220 aic78xx - ok
    22:43:45.0846 6220 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    22:43:45.0847 6220 ALG - ok
    22:43:45.0866 6220 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    22:43:45.0867 6220 aliide - ok
    22:43:45.0908 6220 AMD External Events Utility (89dd6104e542552daf25f42a30f75e08) C:\Windows\system32\atiesrxx.exe
    22:43:45.0911 6220 AMD External Events Utility - ok
    22:43:45.0930 6220 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    22:43:45.0932 6220 amdagp - ok
    22:43:45.0999 6220 amdhub30 (9e5ece4c5a036b159f949dcdad2728ea) C:\Windows\system32\DRIVERS\amdhub30.sys
    22:43:46.0001 6220 amdhub30 - ok
    22:43:46.0005 6220 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    22:43:46.0006 6220 amdide - ok
    22:43:46.0010 6220 amdiox86 - ok
    22:43:46.0023 6220 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
    22:43:46.0025 6220 AmdK8 - ok
    22:43:46.0689 6220 amdkmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys
    22:43:46.0800 6220 amdkmdag - ok
    22:43:46.0923 6220 amdkmdap (f566c90e4bbe387e905130b6e490dccd) C:\Windows\system32\DRIVERS\atikmpag.sys
    22:43:46.0927 6220 amdkmdap - ok
    22:43:46.0967 6220 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    22:43:46.0968 6220 AmdPPM - ok
    22:43:47.0007 6220 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    22:43:47.0009 6220 amdsata - ok
    22:43:47.0038 6220 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
    22:43:47.0041 6220 amdsbs - ok
    22:43:47.0061 6220 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    22:43:47.0061 6220 amdxata - ok
    22:43:47.0128 6220 amdxhc (2668791b83ed50f38e8f08c95c54ae1c) C:\Windows\system32\DRIVERS\amdxhc.sys
    22:43:47.0130 6220 amdxhc - ok
    22:43:47.0146 6220 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    22:43:47.0147 6220 AppID - ok
    22:43:47.0244 6220 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    22:43:47.0246 6220 AppIDSvc - ok
    22:43:47.0272 6220 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    22:43:47.0274 6220 Appinfo - ok
    22:43:47.0298 6220 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
    22:43:47.0300 6220 arc - ok
    22:43:47.0313 6220 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
    22:43:47.0315 6220 arcsas - ok
    22:43:47.0335 6220 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:43:47.0336 6220 AsyncMac - ok
    22:43:47.0354 6220 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    22:43:47.0355 6220 atapi - ok
    22:43:47.0414 6220 AtiHDAudioService (84faf3d287d56d210f84db7c1349d43b) C:\Windows\system32\drivers\AtihdW73.sys
    22:43:47.0417 6220 AtiHDAudioService - ok
    22:43:47.0495 6220 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    22:43:47.0511 6220 AudioEndpointBuilder - ok
    22:43:47.0517 6220 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    22:43:47.0520 6220 Audiosrv - ok
    22:43:47.0547 6220 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    22:43:47.0549 6220 AxInstSV - ok
    22:43:47.0578 6220 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
    22:43:47.0583 6220 b06bdrv - ok
    22:43:47.0629 6220 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    22:43:47.0633 6220 b57nd60x - ok
    22:43:47.0676 6220 BazisVirtualCDBus (1bab373a270207f600c9cf8f167f3f03) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
    22:43:47.0678 6220 BazisVirtualCDBus - ok
    22:43:47.0701 6220 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    22:43:47.0703 6220 BDESVC - ok
    22:43:47.0719 6220 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    22:43:47.0720 6220 Beep - ok
    22:43:47.0765 6220 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
    22:43:47.0774 6220 BFE - ok
    22:43:47.0939 6220 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
    22:43:47.0947 6220 BHDrvx86 - ok
    22:43:48.0091 6220 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
    22:43:48.0109 6220 BITS - ok
    22:43:48.0160 6220 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    22:43:48.0161 6220 blbdrive - ok
    22:43:48.0185 6220 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    22:43:48.0186 6220 bowser - ok
    22:43:48.0201 6220 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
    22:43:48.0202 6220 BrFiltLo - ok
    22:43:48.0208 6220 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
    22:43:48.0209 6220 BrFiltUp - ok
    22:43:48.0262 6220 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    22:43:48.0264 6220 Browser - ok
    22:43:48.0300 6220 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    22:43:48.0303 6220 Brserid - ok
    22:43:48.0319 6220 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    22:43:48.0320 6220 BrSerWdm - ok
    22:43:48.0337 6220 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:43:48.0338 6220 BrUsbMdm - ok
    22:43:48.0352 6220 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    22:43:48.0353 6220 BrUsbSer - ok
    22:43:48.0378 6220 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
    22:43:48.0380 6220 BTHMODEM - ok
    22:43:48.0413 6220 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    22:43:48.0415 6220 bthserv - ok
    22:43:48.0426 6220 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    22:43:48.0428 6220 cdfs - ok
    22:43:48.0467 6220 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    22:43:48.0470 6220 cdrom - ok
    22:43:48.0529 6220 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    22:43:48.0531 6220 CertPropSvc - ok
    22:43:48.0544 6220 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
    22:43:48.0545 6220 circlass - ok
    22:43:48.0579 6220 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    22:43:48.0582 6220 CLFS - ok
    22:43:48.0650 6220 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:43:48.0652 6220 clr_optimization_v2.0.50727_32 - ok
    22:43:48.0717 6220 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:43:48.0719 6220 clr_optimization_v4.0.30319_32 - ok
    22:43:48.0739 6220 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
    22:43:48.0741 6220 CmBatt - ok
    22:43:48.0748 6220 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    22:43:48.0749 6220 cmdide - ok
    22:43:48.0814 6220 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
    22:43:48.0818 6220 CNG - ok
    22:43:48.0828 6220 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
    22:43:48.0829 6220 Compbatt - ok
    22:43:48.0856 6220 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
    22:43:48.0857 6220 CompositeBus - ok
    22:43:48.0861 6220 COMSysApp - ok
    22:43:48.0882 6220 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
    22:43:48.0883 6220 crcdisk - ok
    22:43:48.0964 6220 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
    22:43:48.0967 6220 CryptSvc - ok
    22:43:49.0031 6220 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    22:43:49.0037 6220 DcomLaunch - ok
    22:43:49.0088 6220 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    22:43:49.0091 6220 defragsvc - ok
    22:43:49.0102 6220 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    22:43:49.0104 6220 DfsC - ok
    22:43:49.0137 6220 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    22:43:49.0140 6220 Dhcp - ok
    22:43:49.0145 6220 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    22:43:49.0146 6220 discache - ok
    22:43:49.0182 6220 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
    22:43:49.0183 6220 Disk - ok
    22:43:49.0212 6220 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    22:43:49.0215 6220 Dnscache - ok
    22:43:49.0301 6220 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    22:43:49.0305 6220 dot3svc - ok
    22:43:49.0333 6220 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    22:43:49.0335 6220 DPS - ok
    22:43:49.0387 6220 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    22:43:49.0388 6220 drmkaud - ok
    22:43:49.0435 6220 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    22:43:49.0447 6220 DXGKrnl - ok
    22:43:49.0460 6220 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    22:43:49.0463 6220 EapHost - ok
    22:43:49.0633 6220 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
    22:43:49.0664 6220 ebdrv - ok
    22:43:49.0795 6220 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    22:43:49.0799 6220 eeCtrl - ok
    22:43:49.0904 6220 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
    22:43:49.0906 6220 EFS - ok
    22:43:50.0004 6220 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    22:43:50.0011 6220 ehRecvr - ok
    22:43:50.0038 6220 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    22:43:50.0041 6220 ehSched - ok
    22:43:50.0119 6220 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
    22:43:50.0125 6220 elxstor - ok
    22:43:50.0194 6220 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    22:43:50.0197 6220 EPSON_EB_RPCV4_01 - ok
    22:43:50.0242 6220 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    22:43:50.0244 6220 EPSON_PM_RPCV4_01 - ok
    22:43:50.0397 6220 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    22:43:50.0399 6220 EraserUtilRebootDrv - ok
    22:43:50.0412 6220 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    22:43:50.0413 6220 ErrDev - ok
    22:43:50.0474 6220 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    22:43:50.0479 6220 EventSystem - ok
    22:43:50.0508 6220 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    22:43:50.0512 6220 exfat - ok
    22:43:50.0526 6220 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    22:43:50.0529 6220 fastfat - ok
    22:43:50.0621 6220 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    22:43:50.0639 6220 Fax - ok
    22:43:50.0661 6220 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
    22:43:50.0663 6220 fdc - ok
    22:43:50.0672 6220 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    22:43:50.0674 6220 fdPHost - ok
    22:43:50.0691 6220 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    22:43:50.0694 6220 FDResPub - ok
    22:43:50.0705 6220 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    22:43:50.0705 6220 FileInfo - ok
    22:43:50.0728 6220 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    22:43:50.0729 6220 Filetrace - ok
    22:43:50.0743 6220 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
    22:43:50.0744 6220 flpydisk - ok
    22:43:50.0770 6220 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    22:43:50.0772 6220 FltMgr - ok
    22:43:50.0833 6220 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    22:43:50.0854 6220 FontCache - ok
    22:43:50.0956 6220 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    22:43:50.0957 6220 FontCache3.0.0.0 - ok
    22:43:50.0969 6220 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    22:43:50.0971 6220 FsDepends - ok
    22:43:51.0010 6220 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
    22:43:51.0011 6220 Fs_Rec - ok
    22:43:51.0048 6220 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    22:43:51.0051 6220 fvevol - ok
    22:43:51.0082 6220 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
    22:43:51.0084 6220 gagp30kx - ok
    22:43:51.0111 6220 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:43:51.0112 6220 GEARAspiWDM - ok
    22:43:51.0157 6220 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\Windows\system32\drivers\GIDv2.sys
    22:43:51.0158 6220 GIDv2 - ok
    22:43:51.0208 6220 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    22:43:51.0224 6220 gpsvc - ok
    22:43:51.0240 6220 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    22:43:51.0241 6220 hcw85cir - ok
    22:43:51.0322 6220 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    22:43:51.0326 6220 HdAudAddService - ok
    22:43:51.0356 6220 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:43:51.0358 6220 HDAudBus - ok
    22:43:51.0371 6220 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
    22:43:51.0372 6220 HidBatt - ok
    22:43:51.0397 6220 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
    22:43:51.0399 6220 HidBth - ok
    22:43:51.0434 6220 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
    22:43:51.0435 6220 HidIr - ok
    22:43:51.0443 6220 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
    22:43:51.0445 6220 hidserv - ok
    22:43:51.0461 6220 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    22:43:51.0463 6220 HidUsb - ok
    22:43:51.0520 6220 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    22:43:51.0523 6220 hkmsvc - ok
    22:43:51.0546 6220 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    22:43:51.0550 6220 HomeGroupListener - ok
    22:43:51.0610 6220 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    22:43:51.0614 6220 HomeGroupProvider - ok
    22:43:51.0628 6220 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    22:43:51.0629 6220 HpSAMD - ok
    22:43:51.0748 6220 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    22:43:51.0754 6220 HTTP - ok
    22:43:51.0767 6220 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    22:43:51.0768 6220 hwpolicy - ok
    22:43:51.0793 6220 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    22:43:51.0795 6220 i8042prt - ok
    22:43:51.0825 6220 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    22:43:51.0829 6220 iaStorV - ok
    22:43:51.0923 6220 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    22:43:51.0925 6220 IDriverT - ok
    22:43:52.0044 6220 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    22:43:52.0063 6220 idsvc - ok
    22:43:52.0200 6220 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120802.001\IDSvix86.sys
    22:43:52.0204 6220 IDSVix86 - ok
    22:43:52.0263 6220 IDVaultSvc (a744324e96d6c12a007a4a11e910afdb) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
    22:43:52.0271 6220 IDVaultSvc - ok
    22:43:52.0383 6220 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
    22:43:52.0384 6220 iirsp - ok
    22:43:52.0482 6220 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    22:43:52.0500 6220 IKEEXT - ok
    22:43:52.0716 6220 IntcAzAudAddService (6bea3c6c9b0dc7bb92a54154796895b7) C:\Windows\system32\drivers\RTKVHDA.sys
    22:43:52.0759 6220 IntcAzAudAddService - ok
    22:43:52.0888 6220 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    22:43:52.0889 6220 intelide - ok
    22:43:52.0922 6220 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
    22:43:52.0924 6220 intelppm - ok
    22:43:52.0974 6220 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    22:43:52.0976 6220 IPBusEnum - ok
    22:43:53.0003 6220 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:43:53.0005 6220 IpFilterDriver - ok
    22:43:53.0045 6220 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
    22:43:53.0054 6220 iphlpsvc - ok
    22:43:53.0074 6220 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    22:43:53.0076 6220 IPMIDRV - ok
    22:43:53.0088 6220 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    22:43:53.0090 6220 IPNAT - ok
    22:43:53.0117 6220 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    22:43:53.0118 6220 IRENUM - ok
    22:43:53.0134 6220 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    22:43:53.0136 6220 isapnp - ok
    22:43:53.0166 6220 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    22:43:53.0170 6220 iScsiPrt - ok
    22:43:53.0206 6220 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    22:43:53.0207 6220 kbdclass - ok
    22:43:53.0219 6220 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    22:43:53.0220 6220 kbdhid - ok
    22:43:53.0241 6220 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    22:43:53.0242 6220 KeyIso - ok
    22:43:53.0294 6220 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
    22:43:53.0295 6220 KSecDD - ok
    22:43:53.0307 6220 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
    22:43:53.0308 6220 KSecPkg - ok
    22:43:53.0398 6220 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    22:43:53.0402 6220 KtmRm - ok
    22:43:53.0472 6220 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
    22:43:53.0476 6220 LanmanServer - ok
    22:43:53.0524 6220 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    22:43:53.0528 6220 LanmanWorkstation - ok
    22:43:53.0549 6220 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    22:43:53.0550 6220 lltdio - ok
    22:43:53.0615 6220 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    22:43:53.0619 6220 lltdsvc - ok
    22:43:53.0636 6220 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    22:43:53.0638 6220 lmhosts - ok
    22:43:53.0674 6220 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
    22:43:53.0676 6220 LSI_FC - ok
    22:43:53.0705 6220 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
    22:43:53.0707 6220 LSI_SAS - ok
    22:43:53.0718 6220 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
    22:43:53.0720 6220 LSI_SAS2 - ok
    22:43:53.0741 6220 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
    22:43:53.0743 6220 LSI_SCSI - ok
    22:43:53.0759 6220 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    22:43:53.0761 6220 luafv - ok
    22:43:53.0812 6220 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    22:43:53.0815 6220 Mcx2Svc - ok
    22:43:53.0826 6220 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
    22:43:53.0827 6220 megasas - ok
    22:43:53.0850 6220 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
    22:43:53.0853 6220 MegaSR - ok
    22:43:53.0903 6220 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    22:43:53.0905 6220 MMCSS - ok
    22:43:53.0926 6220 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    22:43:53.0927 6220 Modem - ok
    22:43:53.0960 6220 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    22:43:53.0961 6220 monitor - ok
    22:43:53.0966 6220 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    22:43:53.0967 6220 mouclass - ok
    22:43:53.0990 6220 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    22:43:53.0991 6220 mouhid - ok
    22:43:54.0012 6220 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    22:43:54.0014 6220 mountmgr - ok
    22:43:54.0118 6220 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    22:43:54.0119 6220 MozillaMaintenance - ok
    22:43:54.0146 6220 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    22:43:54.0148 6220 mpio - ok
    22:43:54.0168 6220 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    22:43:54.0169 6220 mpsdrv - ok
    22:43:54.0204 6220 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
    22:43:54.0211 6220 MpsSvc - ok
    22:43:54.0238 6220 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    22:43:54.0240 6220 MRxDAV - ok
    22:43:54.0287 6220 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:43:54.0288 6220 mrxsmb - ok
    22:43:54.0315 6220 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:43:54.0317 6220 mrxsmb10 - ok
    22:43:54.0334 6220 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:43:54.0336 6220 mrxsmb20 - ok
    22:43:54.0358 6220 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    22:43:54.0360 6220 msahci - ok
    22:43:54.0407 6220 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    22:43:54.0410 6220 msdsm - ok
    22:43:54.0453 6220 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    22:43:54.0457 6220 MSDTC - ok
    22:43:54.0481 6220 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    22:43:54.0482 6220 Msfs - ok
    22:43:54.0494 6220 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    22:43:54.0495 6220 mshidkmdf - ok
    22:43:54.0500 6220 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    22:43:54.0500 6220 msisadrv - ok
    22:43:54.0559 6220 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    22:43:54.0561 6220 MSiSCSI - ok
    22:43:54.0564 6220 msiserver - ok
    22:43:54.0578 6220 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    22:43:54.0579 6220 MSKSSRV - ok
    22:43:54.0586 6220 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:43:54.0587 6220 MSPCLOCK - ok
    22:43:54.0597 6220 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    22:43:54.0598 6220 MSPQM - ok
    22:43:54.0620 6220 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    22:43:54.0622 6220 MsRPC - ok
    22:43:54.0623 6220 Scan interrupted by user!
    22:43:54.0623 6220 Scan interrupted by user!
    22:43:54.0623 6220 Scan interrupted by user!
    22:43:54.0623 6220 ============================================================
    22:43:54.0623 6220 Scan finished
    22:43:54.0623 6220 ============================================================
    22:43:54.0635 6236 Detected object count: 0
    22:43:54.0635 6236 Actual detected object count: 0
    22:44:38.0024 7884 ============================================================
    22:44:38.0024 7884 Scan started
    22:44:38.0024 7884 Mode: Manual; SigCheck; TDLFS;
    22:44:38.0024 7884 ============================================================
    22:44:38.0384 7884 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    22:44:38.0498 7884 1394ohci - ok
    22:44:38.0533 7884 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    22:44:38.0548 7884 ACPI - ok
    22:44:38.0565 7884 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    22:44:38.0621 7884 AcpiPmi - ok
    22:44:38.0691 7884 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    22:44:38.0701 7884 AdobeARMservice - ok
    22:44:38.0774 7884 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    22:44:38.0787 7884 AdobeFlashPlayerUpdateSvc - ok
    22:44:38.0836 7884 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
    22:44:38.0853 7884 adp94xx - ok
    22:44:38.0893 7884 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
    22:44:38.0907 7884 adpahci - ok
    22:44:38.0930 7884 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
    22:44:38.0943 7884 adpu320 - ok
    22:44:38.0997 7884 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    22:44:39.0114 7884 AeLookupSvc - ok
    22:44:39.0145 7884 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    22:44:39.0238 7884 AFD - ok
    22:44:39.0259 7884 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    22:44:39.0271 7884 agp440 - ok
    22:44:39.0327 7884 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
    22:44:39.0339 7884 aic78xx - ok
    22:44:39.0356 7884 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    22:44:39.0431 7884 ALG - ok
    22:44:39.0448 7884 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    22:44:39.0458 7884 aliide - ok
    22:44:39.0497 7884 AMD External Events Utility (89dd6104e542552daf25f42a30f75e08) C:\Windows\system32\atiesrxx.exe
    22:44:39.0664 7884 AMD External Events Utility - ok
    22:44:39.0750 7884 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    22:44:39.0761 7884 amdagp - ok
    22:44:39.0869 7884 amdhub30 (9e5ece4c5a036b159f949dcdad2728ea) C:\Windows\system32\DRIVERS\amdhub30.sys
    22:44:39.0883 7884 amdhub30 - ok
    22:44:39.0892 7884 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    22:44:39.0903 7884 amdide - ok
    22:44:39.0906 7884 amdiox86 - ok
    22:44:39.0929 7884 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
    22:44:39.0960 7884 AmdK8 - ok
    22:44:40.0385 7884 amdkmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys
    22:44:40.0506 7884 amdkmdag - ok
    22:44:40.0637 7884 amdkmdap (f566c90e4bbe387e905130b6e490dccd) C:\Windows\system32\DRIVERS\atikmpag.sys
    22:44:40.0679 7884 amdkmdap - ok
    22:44:40.0705 7884 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    22:44:40.0736 7884 AmdPPM - ok
    22:44:40.0781 7884 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    22:44:40.0793 7884 amdsata - ok
    22:44:40.0824 7884 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
    22:44:40.0837 7884 amdsbs - ok
    22:44:40.0859 7884 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    22:44:40.0870 7884 amdxata - ok
    22:44:40.0926 7884 amdxhc (2668791b83ed50f38e8f08c95c54ae1c) C:\Windows\system32\DRIVERS\amdxhc.sys
    22:44:40.0937 7884 amdxhc - ok
    22:44:40.0956 7884 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    22:44:40.0978 7884 AppID - ok
    22:44:41.0018 7884 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    22:44:41.0041 7884 AppIDSvc - ok
    22:44:41.0058 7884 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    22:44:41.0097 7884 Appinfo - ok
    22:44:41.0119 7884 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
    22:44:41.0131 7884 arc - ok
    22:44:41.0147 7884 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
    22:44:41.0158 7884 arcsas - ok
    22:44:41.0162 7884 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:44:41.0281 7884 AsyncMac - ok
    22:44:41.0308 7884 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    22:44:41.0319 7884 atapi - ok
    22:44:41.0380 7884 AtiHDAudioService (84faf3d287d56d210f84db7c1349d43b) C:\Windows\system32\drivers\AtihdW73.sys
    22:44:41.0392 7884 AtiHDAudioService - ok
    22:44:41.0424 7884 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    22:44:41.0476 7884 AudioEndpointBuilder - ok
    22:44:41.0482 7884 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    22:44:41.0524 7884 Audiosrv - ok
    22:44:41.0549 7884 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    22:44:41.0616 7884 AxInstSV - ok
    22:44:41.0652 7884 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
    22:44:41.0676 7884 b06bdrv - ok
    22:44:41.0703 7884 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    22:44:41.0750 7884 b57nd60x - ok
    22:44:41.0786 7884 BazisVirtualCDBus (1bab373a270207f600c9cf8f167f3f03) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
    22:44:41.0797 7884 BazisVirtualCDBus - ok
    22:44:41.0823 7884 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    22:44:41.0912 7884 BDESVC - ok
    22:44:41.0925 7884 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    22:44:41.0977 7884 Beep - ok
    22:44:42.0032 7884 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
    22:44:42.0081 7884 BFE - ok
    22:44:42.0241 7884 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
    22:44:42.0266 7884 BHDrvx86 - ok
    22:44:42.0406 7884 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
    22:44:42.0467 7884 BITS - ok
    22:44:42.0545 7884 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    22:44:42.0582 7884 blbdrive - ok
    22:44:42.0613 7884 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    22:44:42.0662 7884 bowser - ok
    22:44:42.0671 7884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
    22:44:42.0703 7884 BrFiltLo - ok
    22:44:42.0726 7884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
    22:44:42.0766 7884 BrFiltUp - ok
    22:44:42.0792 7884 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    22:44:42.0815 7884 Browser - ok
    22:44:42.0842 7884 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    22:44:42.0869 7884 Brserid - ok
    22:44:42.0884 7884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    22:44:42.0898 7884 BrSerWdm - ok
    22:44:42.0915 7884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:44:42.0946 7884 BrUsbMdm - ok
    22:44:42.0966 7884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    22:44:43.0000 7884 BrUsbSer - ok
    22:44:43.0029 7884 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
    22:44:43.0061 7884 BTHMODEM - ok
    22:44:43.0087 7884 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    22:44:43.0110 7884 bthserv - ok
    22:44:43.0124 7884 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    22:44:43.0169 7884 cdfs - ok
    22:44:43.0201 7884 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    22:44:43.0214 7884 cdrom - ok
    22:44:43.0235 7884 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    22:44:43.0284 7884 CertPropSvc - ok
    22:44:43.0314 7884 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
    22:44:43.0353 7884 circlass - ok
    22:44:43.0385 7884 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    22:44:43.0399 7884 CLFS - ok
    22:44:43.0480 7884 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:44:43.0491 7884 clr_optimization_v2.0.50727_32 - ok
    22:44:43.0535 7884 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:44:43.0546 7884 clr_optimization_v4.0.30319_32 - ok
    22:44:43.0557 7884 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
    22:44:43.0569 7884 CmBatt - ok
    22:44:43.0578 7884 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    22:44:43.0588 7884 cmdide - ok
    22:44:43.0655 7884 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
    22:44:43.0721 7884 CNG - ok
    22:44:43.0741 7884 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
    22:44:43.0752 7884 Compbatt - ok
    22:44:43.0769 7884 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
    22:44:43.0806 7884 CompositeBus - ok
    22:44:43.0809 7884 COMSysApp - ok
    22:44:43.0843 7884 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
    22:44:43.0854 7884 crcdisk - ok
    22:44:43.0914 7884 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
    22:44:44.0000 7884 CryptSvc - ok
    22:44:44.0066 7884 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    22:44:44.0110 7884 DcomLaunch - ok
    22:44:44.0157 7884 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    22:44:44.0206 7884 defragsvc - ok
    22:44:44.0232 7884 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    22:44:44.0280 7884 DfsC - ok
    22:44:44.0339 7884 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    22:44:44.0384 7884 Dhcp - ok
    22:44:44.0408 7884 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    22:44:44.0449 7884 discache - ok
    22:44:44.0496 7884 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
    22:44:44.0507 7884 Disk - ok
    22:44:44.0534 7884 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    22:44:44.0630 7884 Dnscache - ok
    22:44:44.0684 7884 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    22:44:44.0731 7884 dot3svc - ok
    22:44:44.0762 7884 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    22:44:44.0818 7884 DPS - ok
    22:44:44.0854 7884 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    22:44:44.0892 7884 drmkaud - ok
    22:44:44.0975 7884 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    22:44:44.0994 7884 DXGKrnl - ok
    22:44:45.0011 7884 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    22:44:45.0053 7884 EapHost - ok
    22:44:45.0215 7884 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
    22:44:45.0272 7884 ebdrv - ok
    22:44:45.0358 7884 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    22:44:45.0372 7884 eeCtrl - ok
    22:44:45.0479 7884 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
    22:44:45.0557 7884 EFS - ok
    22:44:45.0664 7884 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    22:44:45.0719 7884 ehRecvr - ok
    22:44:45.0745 7884 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    22:44:45.0777 7884 ehSched - ok
    22:44:45.0863 7884 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
    22:44:45.0879 7884 elxstor - ok
    22:44:45.0937 7884 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    22:44:45.0993 7884 EPSON_EB_RPCV4_01 - ok
    22:44:46.0009 7884 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    22:44:46.0049 7884 EPSON_PM_RPCV4_01 - ok
    22:44:46.0152 7884 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    22:44:46.0162 7884 EraserUtilRebootDrv - ok
    22:44:46.0179 7884 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    22:44:46.0218 7884 ErrDev - ok
    22:44:46.0265 7884 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    22:44:46.0313 7884 EventSystem - ok
    22:44:46.0343 7884 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    22:44:46.0366 7884 exfat - ok
    22:44:46.0389 7884 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    22:44:46.0432 7884 fastfat - ok
    22:44:46.0501 7884 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    22:44:46.0582 7884 Fax - ok
    22:44:46.0596 7884 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
    22:44:46.0624 7884 fdc - ok
    22:44:46.0655 7884 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    22:44:46.0705 7884 fdPHost - ok
    22:44:46.0734 7884 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    22:44:46.0780 7884 FDResPub - ok
    22:44:46.0808 7884 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    22:44:46.0819 7884 FileInfo - ok
    22:44:46.0831 7884 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    22:44:46.0853 7884 Filetrace - ok
    22:44:46.0869 7884 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
    22:44:46.0881 7884 flpydisk - ok
    22:44:46.0909 7884 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    22:44:46.0922 7884 FltMgr - ok
    22:44:46.0973 7884 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    22:44:47.0049 7884 FontCache - ok
    22:44:47.0143 7884 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    22:44:47.0152 7884 FontCache3.0.0.0 - ok
    22:44:47.0168 7884 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    22:44:47.0179 7884 FsDepends - ok
    22:44:47.0221 7884 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
    22:44:47.0231 7884 Fs_Rec - ok
    22:44:47.0248 7884 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    22:44:47.0263 7884 fvevol - ok
    22:44:47.0281 7884 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
    22:44:47.0293 7884 gagp30kx - ok
    22:44:47.0310 7884 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:44:47.0319 7884 GEARAspiWDM - ok
    22:44:47.0344 7884 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\Windows\system32\drivers\GIDv2.sys
    22:44:47.0354 7884 GIDv2 - ok
    22:44:47.0431 7884 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    22:44:47.0487 7884 gpsvc - ok
    22:44:47.0511 7884 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    22:44:47.0567 7884 hcw85cir - ok
    22:44:47.0646 7884 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    22:44:47.0679 7884 HdAudAddService - ok
    22:44:47.0711 7884 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:44:47.0745 7884 HDAudBus - ok
    22:44:47.0773 7884 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
    22:44:47.0808 7884 HidBatt - ok
    22:44:47.0836 7884 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
    22:44:47.0873 7884 HidBth - ok
    22:44:47.0897 7884 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
    22:44:47.0933 7884 HidIr - ok
    22:44:47.0966 7884 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
    22:44:48.0010 7884 hidserv - ok
    22:44:48.0032 7884 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    22:44:48.0062 7884 HidUsb - ok
    22:44:48.0102 7884 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    22:44:48.0142 7884 hkmsvc - ok
    22:44:48.0177 7884 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    22:44:48.0209 7884 HomeGroupListener - ok
    22:44:48.0265 7884 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    22:44:48.0311 7884 HomeGroupProvider - ok
    22:44:48.0342 7884 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    22:44:48.0354 7884 HpSAMD - ok
    22:44:48.0390 7884 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    22:44:48.0415 7884 HTTP - ok
    22:44:48.0422 7884 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    22:44:48.0433 7884 hwpolicy - ok
    22:44:48.0448 7884 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    22:44:48.0461 7884 i8042prt - ok
    22:44:48.0498 7884 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    22:44:48.0512 7884 iaStorV - ok
    22:44:48.0602 7884 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    22:44:48.0625 7884 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    22:44:48.0625 7884 IDriverT - detected UnsignedFile.Multi.Generic (1)
    22:44:48.0761 7884 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    22:44:48.0780 7884 idsvc - ok
    22:44:48.0916 7884 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120802.001\IDSvix86.sys
    22:44:48.0930 7884 IDSVix86 - ok
    22:44:48.0977 7884 IDVaultSvc (a744324e96d6c12a007a4a11e910afdb) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
    22:44:48.0987 7884 IDVaultSvc - ok
    22:44:49.0072 7884 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
    22:44:49.0084 7884 iirsp - ok
    22:44:49.0161 7884 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    22:44:49.0217 7884 IKEEXT - ok
    22:44:49.0420 7884 IntcAzAudAddService (6bea3c6c9b0dc7bb92a54154796895b7) C:\Windows\system32\drivers\RTKVHDA.sys
    22:44:49.0473 7884 IntcAzAudAddService - ok
    22:44:49.0614 7884 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    22:44:49.0625 7884 intelide - ok
    22:44:49.0636 7884 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
    22:44:49.0671 7884 intelppm - ok
    22:44:49.0700 7884 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    22:44:49.0723 7884 IPBusEnum - ok
    22:44:49.0741 7884 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:44:49.0765 7884 IpFilterDriver - ok
    22:44:49.0796 7884 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
    22:44:49.0823 7884 iphlpsvc - ok
    22:44:49.0836 7884 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    22:44:49.0848 7884 IPMIDRV - ok
    22:44:49.0862 7884 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    22:44:49.0908 7884 IPNAT - ok
    22:44:49.0939 7884 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    22:44:49.0977 7884 IRENUM - ok
    22:44:50.0004 7884 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    22:44:50.0015 7884 isapnp - ok
    22:44:50.0036 7884 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    22:44:50.0050 7884 iScsiPrt - ok
    22:44:50.0064 7884 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    22:44:50.0075 7884 kbdclass - ok
    22:44:50.0088 7884 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    22:44:50.0122 7884 kbdhid - ok
    22:44:50.0159 7884 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    22:44:50.0170 7884 KeyIso - ok
    22:44:50.0224 7884 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
    22:44:50.0235 7884 KSecDD - ok
    22:44:50.0249 7884 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
    22:44:50.0261 7884 KSecPkg - ok
    22:44:50.0329 7884 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    22:44:50.0376 7884 KtmRm - ok
    22:44:50.0426 7884 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
    22:44:50.0476 7884 LanmanServer - ok
    22:44:50.0516 7884 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    22:44:50.0540 7884 LanmanWorkstation - ok
    22:44:50.0550 7884 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    22:44:50.0596 7884 lltdio - ok
    22:44:50.0665 7884 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    22:44:50.0690 7884 lltdsvc - ok
    22:44:50.0709 7884 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    22:44:50.0752 7884 lmhosts - ok
    22:44:50.0784 7884 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
    22:44:50.0796 7884 LSI_FC - ok
    22:44:50.0814 7884 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
    22:44:50.0826 7884 LSI_SAS - ok
    22:44:50.0840 7884 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
    22:44:50.0851 7884 LSI_SAS2 - ok
    22:44:50.0875 7884 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
    22:44:50.0887 7884 LSI_SCSI - ok
    22:44:50.0905 7884 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    22:44:50.0929 7884 luafv - ok
    22:44:50.0982 7884 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    22:44:50.0995 7884 Mcx2Svc - ok
    22:44:51.0008 7884 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
    22:44:51.0019 7884 megasas - ok
    22:44:51.0043 7884 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
    22:44:51.0057 7884 MegaSR - ok
    22:44:51.0097 7884 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    22:44:51.0149 7884 MMCSS - ok
    22:44:51.0179 7884 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    22:44:51.0229 7884 Modem - ok
    22:44:51.0262 7884 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    22:44:51.0301 7884 monitor - ok
    22:44:51.0332 7884 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    22:44:51.0343 7884 mouclass - ok
    22:44:51.0352 7884 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    22:44:51.0387 7884 mouhid - ok
    22:44:51.0422 7884 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    22:44:51.0434 7884 mountmgr - ok
    22:44:51.0519 7884 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    22:44:51.0530 7884 MozillaMaintenance - ok
    22:44:51.0556 7884 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    22:44:51.0568 7884 mpio - ok
    22:44:51.0589 7884 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    22:44:51.0635 7884 mpsdrv - ok
    22:44:51.0700 7884 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
    22:44:51.0755 7884 MpsSvc - ok
    22:44:51.0791 7884 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    22:44:51.0806 7884 MRxDAV - ok
    22:44:51.0840 7884 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:44:51.0868 7884 mrxsmb - ok
    22:44:51.0893 7884 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:44:51.0905 7884 mrxsmb10 - ok
    22:44:51.0924 7884 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:44:51.0953 7884 mrxsmb20 - ok
    22:44:51.0984 7884 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    22:44:51.0995 7884 msahci - ok
    22:44:52.0010 7884 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    22:44:52.0022 7884 msdsm - ok
    22:44:52.0043 7884 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    22:44:52.0078 7884 MSDTC - ok
    22:44:52.0107 7884 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    22:44:52.0130 7884 Msfs - ok
    22:44:52.0144 7884 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    22:44:52.0166 7884 mshidkmdf - ok
    22:44:52.0186 7884 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    22:44:52.0197 7884 msisadrv - ok
    22:44:52.0256 7884 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    22:44:52.0304 7884 MSiSCSI - ok
    22:44:52.0307 7884 msiserver - ok
    22:44:52.0336 7884 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    22:44:52.0379 7884 MSKSSRV - ok
    22:44:52.0404 7884 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:44:52.0454 7884 MSPCLOCK - ok
    22:44:52.0487 7884 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    22:44:52.0510 7884 MSPQM - ok
    22:44:52.0534 7884 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    22:44:52.0547 7884 MsRPC - ok
    22:44:52.0600 7884 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    22:44:52.0611 7884 mssmbios - ok
    22:44:52.0632 7884 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    22:44:52.0654 7884 MSTEE - ok
    22:44:52.0674 7884 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
    22:44:52.0707 7884 MTConfig - ok
    22:44:52.0733 7884 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    22:44:52.0745 7884 Mup - ok
    22:44:52.0867 7884 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
    22:44:52.0879 7884 N360 - ok
    22:44:53.0006 7884 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    22:44:53.0034 7884 napagent - ok
    22:44:53.0076 7884 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    22:44:53.0094 7884 NativeWifiP - ok
    22:44:53.0290 7884 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files\Nero\Update\NASvc.exe
    22:44:53.0310 7884 NAUpdate - ok
    22:44:53.0463 7884 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120802.008\NAVENG.SYS
    22:44:53.0473 7884 NAVENG - ok
    22:44:53.0616 7884 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120802.008\NAVEX15.SYS
    22:44:53.0652 7884 NAVEX15 - ok
    22:44:53.0843 7884 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\Windows\system32\DRIVERS\NBVol.sys
    22:44:53.0853 7884 NBVol - ok
    22:44:53.0867 7884 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\Windows\system32\DRIVERS\NBVolUp.sys
    22:44:53.0876 7884 NBVolUp - ok
    22:44:53.0965 7884 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    22:44:53.0987 7884 NDIS - ok
    22:44:54.0010 7884 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    22:44:54.0061 7884 NdisCap - ok
    22:44:54.0107 7884 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    22:44:54.0148 7884 NdisTapi - ok
    22:44:54.0196 7884 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    22:44:54.0237 7884 Ndisuio - ok
    22:44:54.0286 7884 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    22:44:54.0336 7884 NdisWan - ok
    22:44:54.0359 7884 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    22:44:54.0381 7884 NDProxy - ok
    22:44:54.0449 7884 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
    22:44:54.0456 7884 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    22:44:54.0456 7884 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    22:44:54.0463 7884 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    22:44:54.0511 7884 NetBIOS - ok
    22:44:54.0548 7884 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    22:44:54.0572 7884 NetBT - ok
    22:44:54.0587 7884 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    22:44:54.0599 7884 Netlogon - ok
    22:44:54.0664 7884 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    22:44:54.0691 7884 Netman - ok
    22:44:54.0720 7884 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    22:44:54.0769 7884 netprofm - ok
    22:44:54.0868 7884 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:44:54.0879 7884 NetTcpPortSharing - ok
    22:44:54.0898 7884 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
    22:44:54.0910 7884 nfrd960 - ok
    22:44:54.0941 7884 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    22:44:54.0988 7884 NlaSvc - ok
    22:44:55.0013 7884 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    22:44:55.0036 7884 Npfs - ok
    22:44:55.0092 7884 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    22:44:55.0117 7884 nsi - ok
    22:44:55.0134 7884 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    22:44:55.0180 7884 nsiproxy - ok
    22:44:55.0273 7884 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    22:44:55.0313 7884 Ntfs - ok
    22:44:55.0328 7884 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    22:44:55.0375 7884 Null - ok
    22:44:55.0424 7884 NVHDA (a0a9e53b4aac3c6534a063aba69bc19f) C:\Windows\system32\drivers\nvhda32v.sys
    22:44:55.0437 7884 NVHDA - ok
    22:44:56.0007 7884 nvlddmkm (afb33a823aabc112fc7bd62afbcdb0cd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    22:44:56.0207 7884 nvlddmkm - ok
    22:44:56.0355 7884 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    22:44:56.0368 7884 nvraid - ok
    22:44:56.0387 7884 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    22:44:56.0401 7884 nvstor - ok
    22:44:56.0458 7884 NVSvc (782945716ad010ac3d41758e8e52c735) C:\Windows\system32\nvvsvc.exe
    22:44:56.0505 7884 NVSvc - ok
    22:44:56.0639 7884 nvUpdatusService (a974e5c310b9b00894070ceb055d467f) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    22:44:56.0703 7884 nvUpdatusService - ok
    22:44:56.0786 7884 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    22:44:56.0799 7884 nv_agp - ok
    22:44:56.0823 7884 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    22:44:56.0863 7884 ohci1394 - ok
    22:44:56.0913 7884 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    22:44:57.0002 7884 p2pimsvc - ok
    22:44:57.0057 7884 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    22:44:57.0075 7884 p2psvc - ok
    22:44:57.0104 7884 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    22:44:57.0117 7884 Parport - ok
    22:44:57.0143 7884 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
    22:44:57.0155 7884 partmgr - ok
    22:44:57.0168 7884 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    22:44:57.0200 7884 Parvdm - ok
    22:44:57.0236 7884 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    22:44:57.0253 7884 PcaSvc - ok
    22:44:57.0265 7884 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    22:44:57.0278 7884 pci - ok
    22:44:57.0290 7884 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    22:44:57.0301 7884 pciide - ok
    22:44:57.0330 7884 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
    22:44:57.0344 7884 pcmcia - ok
    22:44:57.0384 7884 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    22:44:57.0437 7884 pcouffin - ok
    22:44:57.0452 7884 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    22:44:57.0463 7884 pcw - ok
    22:44:57.0517 7884 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    22:44:57.0574 7884 PEAUTH - ok
    22:44:57.0669 7884 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    22:44:57.0739 7884 pla - ok
    22:44:57.0870 7884 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
    22:44:57.0955 7884 PlugPlay - ok
    22:44:58.0032 7884 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
    22:44:58.0065 7884 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    22:44:58.0065 7884 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    22:44:58.0090 7884 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    22:44:58.0121 7884 PNRPAutoReg - ok
    22:44:58.0173 7884 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    22:44:58.0188 7884 PNRPsvc - ok
    22:44:58.0240 7884 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
    22:44:58.0250 7884 Point32 - ok
    22:44:58.0310 7884 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    22:44:58.0359 7884 PolicyAgent - ok
    22:44:58.0413 7884 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    22:44:58.0437 7884 Power - ok
    22:44:58.0499 7884 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    22:44:58.0545 7884 PptpMiniport - ok
    22:44:58.0591 7884 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
    22:44:58.0627 7884 Processor - ok
    22:44:58.0668 7884 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
    22:44:58.0729 7884 ProfSvc - ok
    22:44:58.0758 7884 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    22:44:58.0770 7884 ProtectedStorage - ok
    22:44:58.0828 7884 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    22:44:58.0853 7884 Psched - ok
    22:44:58.0934 7884 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
    22:44:58.0980 7884 ql2300 - ok
    22:44:59.0098 7884 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
    22:44:59.0111 7884 ql40xx - ok
    22:44:59.0168 7884 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    22:44:59.0213 7884 QWAVE - ok
    22:44:59.0246 7884 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    22:44:59.0261 7884 QWAVEdrv - ok
    22:44:59.0278 7884 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    22:44:59.0320 7884 RasAcd - ok
    22:44:59.0405 7884 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:44:59.0455 7884 RasAgileVpn - ok
    22:44:59.0495 7884 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    22:44:59.0544 7884 RasAuto - ok
    22:44:59.0574 7884 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:44:59.0620 7884 Rasl2tp - ok
    22:44:59.0669 7884 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    22:44:59.0720 7884 RasMan - ok
    22:44:59.0755 7884 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    22:44:59.0779 7884 RasPppoe - ok
    22:44:59.0832 7884 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    22:44:59.0877 7884 RasSstp - ok
    22:44:59.0919 7884 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    22:44:59.0962 7884 rdbss - ok
    22:44:59.0992 7884 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
    22:45:00.0005 7884 rdpbus - ok
    22:45:00.0022 7884 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:45:00.0066 7884 RDPCDD - ok
    22:45:00.0112 7884 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    22:45:00.0152 7884 RDPENCDD - ok
    22:45:00.0176 7884 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    22:45:00.0197 7884 RDPREFMP - ok
    22:45:00.0254 7884 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
    22:45:00.0326 7884 RDPWD - ok
    22:45:00.0348 7884 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    22:45:00.0363 7884 rdyboost - ok
    22:45:00.0415 7884 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    22:45:00.0438 7884 RemoteAccess - ok
    22:45:00.0492 7884 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    22:45:00.0518 7884 RemoteRegistry - ok
    22:45:00.0570 7884 RkHit - ok
    22:45:00.0585 7884 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    22:45:00.0630 7884 RpcEptMapper - ok
    22:45:00.0665 7884 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    22:45:00.0702 7884 RpcLocator - ok
    22:45:00.0747 7884 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    22:45:00.0772 7884 RpcSs - ok
    22:45:00.0819 7884 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    22:45:00.0862 7884 rspndr - ok
    22:45:00.0928 7884 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
    22:45:00.0945 7884 RTL8167 - ok
    22:45:00.0970 7884 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    22:45:00.0982 7884 SamSs - ok
    22:45:01.0012 7884 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    22:45:01.0024 7884 sbp2port - ok
    22:45:01.0041 7884 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    22:45:01.0089 7884 SCardSvr - ok
    22:45:01.0112 7884 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    22:45:01.0134 7884 scfilter - ok
    22:45:01.0216 7884 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    22:45:01.0278 7884 Schedule - ok
    22:45:01.0320 7884 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    22:45:01.0341 7884 SCPolicySvc - ok
    22:45:01.0403 7884 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\DRIVERS\sdbus.sys
    22:45:01.0442 7884 sdbus - ok
    22:45:01.0477 7884 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    22:45:01.0554 7884 SDRSVC - ok
    22:45:01.0580 7884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    22:45:01.0626 7884 secdrv - ok
    22:45:01.0657 7884 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    22:45:01.0707 7884 seclogon - ok
    22:45:01.0731 7884 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
    22:45:01.0780 7884 SENS - ok
    22:45:01.0839 7884 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    22:45:01.0890 7884 SensrSvc - ok
    22:45:01.0920 7884 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    22:45:01.0932 7884 Serenum - ok
    22:45:01.0958 7884 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    22:45:01.0971 7884 Serial - ok
    22:45:01.0992 7884 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
    22:45:02.0005 7884 sermouse - ok
    22:45:02.0040 7884 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    22:45:02.0086 7884 SessionEnv - ok
    22:45:02.0115 7884 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    22:45:02.0152 7884 sffdisk - ok
    22:45:02.0182 7884 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    22:45:02.0195 7884 sffp_mmc - ok
    22:45:02.0210 7884 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    22:45:02.0253 7884 sffp_sd - ok
    22:45:02.0276 7884 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
    22:45:02.0308 7884 sfloppy - ok
    22:45:02.0366 7884 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    22:45:02.0414 7884 SharedAccess - ok
    22:45:02.0453 7884 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    22:45:02.0481 7884 ShellHWDetection - ok
    22:45:02.0505 7884 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    22:45:02.0518 7884 sisagp - ok
    22:45:02.0554 7884 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
    22:45:02.0566 7884 SiSRaid2 - ok
    22:45:02.0595 7884 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
    22:45:02.0608 7884 SiSRaid4 - ok
    22:45:02.0651 7884 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    22:45:02.0675 7884 Smb - ok
    22:45:02.0743 7884 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    22:45:02.0756 7884 SNMPTRAP - ok
    22:45:02.0764 7884 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    22:45:02.0775 7884 spldr - ok
    22:45:02.0813 7884 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    22:45:02.0868 7884 Spooler - ok
    22:45:03.0035 7884 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    22:45:03.0123 7884 sppsvc - ok
    22:45:03.0231 7884 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    22:45:03.0278 7884 sppuinotify - ok
    22:45:03.0434 7884 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS
    22:45:03.0463 7884 SRTSP - ok
    22:45:03.0479 7884 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS
    22:45:03.0492 7884 SRTSPX - ok
    22:45:03.0532 7884 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    22:45:03.0587 7884 srv - ok
    22:45:03.0618 7884 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    22:45:03.0658 7884 srv2 - ok
    22:45:03.0685 7884 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    22:45:03.0718 7884 srvnet - ok
    22:45:03.0749 7884 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    22:45:03.0775 7884 SSDPSRV - ok
    22:45:03.0833 7884 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    22:45:03.0885 7884 SstpSvc - ok
    22:45:04.0045 7884 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    22:45:04.0061 7884 Stereo Service - ok
    22:45:04.0130 7884 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
    22:45:04.0142 7884 stexstor - ok
    22:45:04.0221 7884 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    22:45:04.0297 7884 StiSvc - ok
    22:45:04.0329 7884 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    22:45:04.0341 7884 swenum - ok
    22:45:04.0478 7884 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    22:45:04.0496 7884 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
    22:45:04.0496 7884 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
    22:45:04.0561 7884 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    22:45:04.0589 7884 swprv - ok
    22:45:04.0712 7884 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS
    22:45:04.0728 7884 SymDS - ok
    22:45:04.0772 7884 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS
    22:45:04.0794 7884 SymEFA - ok
    22:45:04.0831 7884 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
    22:45:04.0843 7884 SymEvent - ok
    22:45:04.0906 7884 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS
    22:45:04.0918 7884 SymIRON - ok
    22:45:04.0986 7884 SymNetS (2c688094650d23b62b0a809decd0b12f) C:\Windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS
    22:45:05.0000 7884 SymNetS - ok
    22:45:05.0090 7884 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    22:45:05.0121 7884 SysMain - ok
    22:45:05.0144 7884 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    22:45:05.0182 7884 TabletInputService - ok
    22:45:05.0221 7884 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    22:45:05.0269 7884 TapiSrv - ok
    22:45:05.0296 7884 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    22:45:05.0321 7884 TBS - ok
    22:45:05.0445 7884 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
    22:45:05.0483 7884 Tcpip - ok
    22:45:05.0621 7884 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
    22:45:05.0647 7884 TCPIP6 - ok
    22:45:05.0717 7884 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    22:45:05.0747 7884 tcpipreg - ok
    22:45:05.0773 7884 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    22:45:05.0810 7884 TDPIPE - ok
    22:45:05.0850 7884 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
    22:45:05.0862 7884 TDTCP - ok
    22:45:05.0878 7884 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    22:45:05.0928 7884 tdx - ok
    22:45:05.0960 7884 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
    22:45:05.0972 7884 TermDD - ok
    22:45:06.0011 7884 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    22:45:06.0050 7884 TermService - ok
    22:45:06.0076 7884 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    22:45:06.0120 7884 Themes - ok
    22:45:06.0157 7884 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    22:45:06.0181 7884 THREADORDER - ok
    22:45:06.0199 7884 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    22:45:06.0247 7884 TrkWks - ok
    22:45:06.0325 7884 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    22:45:06.0372 7884 TrustedInstaller - ok
    22:45:06.0407 7884 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:45:06.0455 7884 tssecsrv - ok
    22:45:06.0493 7884 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    22:45:06.0565 7884 TsUsbFlt - ok
    22:45:06.0583 7884 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
    22:45:06.0614 7884 TsUsbGD - ok
    22:45:06.0667 7884 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    22:45:06.0708 7884 tunnel - ok
    22:45:06.0743 7884 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
    22:45:06.0755 7884 uagp35 - ok
    22:45:06.0788 7884 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    22:45:06.0831 7884 udfs - ok
    22:45:06.0867 7884 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    22:45:06.0898 7884 UI0Detect - ok
    22:45:06.0933 7884 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    22:45:06.0945 7884 uliagpkx - ok
    22:45:06.0974 7884 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
    22:45:06.0986 7884 umbus - ok
    22:45:07.0018 7884 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
    22:45:07.0031 7884 UmPass - ok
    22:45:07.0091 7884 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    22:45:07.0147 7884 upnphost - ok
    22:45:07.0197 7884 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    22:45:07.0220 7884 usbccgp - ok
    22:45:07.0242 7884 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    22:45:07.0256 7884 usbcir - ok
    22:45:07.0283 7884 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    22:45:07.0295 7884 usbehci - ok
    22:45:07.0322 7884 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    22:45:07.0337 7884 usbhub - ok
    22:45:07.0348 7884 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
    22:45:07.0386 7884 usbohci - ok
    22:45:07.0418 7884 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    22:45:07.0431 7884 usbprint - ok
    22:45:07.0469 7884 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    22:45:07.0483 7884 usbscan - ok
    22:45:07.0516 7884 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:45:07.0596 7884 USBSTOR - ok
    22:45:07.0613 7884 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
    22:45:07.0625 7884 usbuhci - ok
    22:45:07.0642 7884 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    22:45:07.0665 7884 UxSms - ok
    22:45:07.0691 7884 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    22:45:07.0703 7884 VaultSvc - ok
    22:45:07.0713 7884 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    22:45:07.0725 7884 vdrvroot - ok
    22:45:07.0762 7884 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    22:45:07.0822 7884 vds - ok
    22:45:07.0850 7884 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    22:45:07.0884 7884 vga - ok
    22:45:07.0915 7884 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    22:45:07.0938 7884 VgaSave - ok
    22:45:07.0959 7884 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    22:45:07.0973 7884 vhdmp - ok
    22:45:07.0996 7884 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    22:45:08.0008 7884 viaagp - ok
    22:45:08.0030 7884 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
    22:45:08.0064 7884 ViaC7 - ok
    22:45:08.0088 7884 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    22:45:08.0099 7884 viaide - ok
    22:45:08.0113 7884 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    22:45:08.0125 7884 volmgr - ok
    22:45:08.0149 7884 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    22:45:08.0165 7884 volmgrx - ok
    22:45:08.0186 7884 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    22:45:08.0201 7884 volsnap - ok
    22:45:08.0234 7884 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
    22:45:08.0248 7884 vsmraid - ok
    22:45:08.0339 7884 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    22:45:08.0416 7884 VSS - ok
    22:45:08.0450 7884 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    22:45:08.0495 7884 vwifibus - ok
    22:45:08.0539 7884 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    22:45:08.0568 7884 W32Time - ok
    22:45:08.0588 7884 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
    22:45:08.0629 7884 WacomPen - ok
    22:45:08.0665 7884 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    22:45:08.0687 7884 WANARP - ok
    22:45:08.0691 7884 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    22:45:08.0713 7884 Wanarpv6 - ok
    22:45:08.0830 7884 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    22:45:08.0879 7884 WatAdminSvc - ok
    22:45:09.0023 7884 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    22:45:09.0072 7884 wbengine - ok
    22:45:09.0102 7884 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    22:45:09.0120 7884 WbioSrvc - ok
    22:45:09.0147 7884 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    22:45:09.0166 7884 wcncsvc - ok
    22:45:09.0191 7884 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    22:45:09.0267 7884 WcsPlugInService - ok
    22:45:09.0334 7884 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
    22:45:09.0346 7884 Wd - ok
    22:45:09.0386 7884 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    22:45:09.0407 7884 Wdf01000 - ok
    22:45:09.0422 7884 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    22:45:09.0501 7884 WdiServiceHost - ok
    22:45:09.0504 7884 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    22:45:09.0519 7884 WdiSystemHost - ok
    22:45:09.0648 7884 Web Assistant Updater (f70d9dbf55cbf7f0b5705bd5fe79d907) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    22:45:09.0680 7884 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning
    22:45:09.0681 7884 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)
    22:45:09.0716 7884 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    22:45:09.0750 7884 WebClient - ok
    22:45:09.0780 7884 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    22:45:09.0807 7884 Wecsvc - ok
    22:45:09.0821 7884 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    22:45:09.0871 7884 wercplsupport - ok
    22:45:09.0916 7884 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    22:45:09.0941 7884 WerSvc - ok
    22:45:10.0020 7884 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    22:45:10.0042 7884 WfpLwf - ok
    22:45:10.0064 7884 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    22:45:10.0075 7884 WIMMount - ok
    22:45:10.0164 7884 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
    22:45:10.0219 7884 WinDefend - ok
    22:45:10.0224 7884 WinHttpAutoProxySvc - ok
    22:45:10.0323 7884 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    22:45:10.0347 7884 Winmgmt - ok
    22:45:10.0448 7884 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    22:45:10.0509 7884 WinRM - ok
    22:45:10.0593 7884 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    22:45:10.0607 7884 WinUsb - ok
    22:45:10.0685 7884 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    22:45:10.0721 7884 Wlansvc - ok
    22:45:10.0897 7884 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:45:10.0940 7884 wlidsvc - ok
    22:45:11.0072 7884 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    22:45:11.0084 7884 WmiAcpi - ok
    22:45:11.0168 7884 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    22:45:11.0206 7884 wmiApSrv - ok
    22:45:11.0329 7884 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    22:45:11.0393 7884 WMPNetworkSvc - ok
    22:45:11.0496 7884 WMZuneComm (017695393afffed8de58abd1b085be6d) C:\Program Files\Zune\WMZuneComm.exe
    22:45:11.0512 7884 WMZuneComm - ok
    22:45:11.0601 7884 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    22:45:11.0629 7884 WPCSvc - ok
    22:45:11.0643 7884 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    22:45:11.0708 7884 WPDBusEnum - ok
    22:45:11.0738 7884 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    22:45:11.0781 7884 ws2ifsl - ok
    22:45:11.0807 7884 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
    22:45:11.0848 7884 wscsvc - ok
    22:45:11.0851 7884 WSearch - ok
    22:45:11.0993 7884 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
    22:45:12.0051 7884 wuauserv - ok
    22:45:12.0104 7884 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    22:45:12.0150 7884 WudfPf - ok
    22:45:12.0197 7884 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:45:12.0245 7884 WUDFRd - ok
    22:45:12.0286 7884 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    22:45:12.0310 7884 wudfsvc - ok
    22:45:12.0374 7884 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    22:45:12.0393 7884 WwanSvc - ok
    22:45:12.0794 7884 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) C:\Program Files\Zune\ZuneNss.exe
    22:45:12.0921 7884 ZuneNetworkSvc - ok
    22:45:13.0007 7884 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
    22:45:13.0026 7884 ZuneWlanCfgSvc - ok
    22:45:13.0050 7884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    22:45:13.0078 7884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    22:45:13.0078 7884 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    22:45:13.0108 7884 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    22:45:13.0108 7884 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    22:45:13.0112 7884 Boot (0x1200) (131553dc1021501ce03885c65e453940) \Device\Harddisk0\DR0\Partition0
    22:45:13.0114 7884 \Device\Harddisk0\DR0\Partition0 - ok
    22:45:13.0115 7884 ============================================================
    22:45:13.0115 7884 Scan finished
    22:45:13.0115 7884 ============================================================
    22:45:13.0124 7888 Detected object count: 7
    22:45:13.0124 7888 Actual detected object count: 7
    22:47:16.0736 7888 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    22:47:16.0736 7888 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    22:47:16.0736 7888 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
    22:47:16.0736 7888 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    22:47:16.0738 7888 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
    22:47:16.0738 7888 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    22:47:16.0740 7888 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
    22:47:16.0740 7888 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
    22:47:16.0743 7888 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user
    22:47:16.0743 7888 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
    22:47:17.0476 7888 \Device\Harddisk0\DR0\# - copied to quarantine
    22:47:17.0477 7888 \Device\Harddisk0\DR0 - copied to quarantine
    22:47:17.0508 7888 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    22:47:17.0517 7888 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    22:47:17.0520 7888 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    22:47:17.0525 7888 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    22:47:17.0530 7888 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    22:47:17.0541 7888 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    22:47:17.0548 7888 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    22:47:17.0551 7888 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    22:47:17.0553 7888 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    22:47:17.0555 7888 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    22:47:17.0558 7888 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    22:47:17.0561 7888 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    22:47:17.0563 7888 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    22:47:17.0565 7888 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    22:47:17.0568 7888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    22:47:17.0569 7888 \Device\Harddisk0\DR0 - ok
    22:47:17.0580 7888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    22:47:17.0581 7888 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    22:47:17.0581 7888 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    22:47:20.0761 7920 Deinitialize success
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Glad to help, OK do the following and post the produced logs. Please also give an update on current issues/concerns:

    Step 1

    Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • [​IMG] Please download
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Step 2

    Download OTL from any of the following links and save to your desktop.

    Link 1
    Link 2
    Link3

    Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

    • Please check the box next to "LOP check" and "Purtiy check"
    • Click Run Scan and let the program run uninterrupted.
    • When the scan is complete, two text files will be created on your Desktop.
    • OTL.Txt <- this one will be opened
    • Extras.txt <- this one will be minimized

    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

    Kevin
     
  6. PaGrrl

    PaGrrl Thread Starter

    Joined:
    May 8, 2007
    Messages:
    34
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.04.10

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Tanya :: PIXIE-PC [administrator]

    8/4/2012 10:31:12 PM
    mbam-log-2012-08-04 (22-31-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 233633
    Time elapsed: 7 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Tanya\Downloads\dvdburning_1289.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

    (end)




    OTL logfile created on: 8/4/2012 10:44:45 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Tanya\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.49 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 60.75% Memory free
    6.98 Gb Paging File | 5.39 Gb Available in Paging File | 77.23% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 76.43 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 671.57 Gb Free Space | 72.09% Space Free | Partition Type: NTFS

    Computer Name: PIXIE-PC | User Name: Tanya | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/04 22:41:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Tanya\Desktop\OTL.com
    PRC - [2012/07/18 10:03:39 | 000,066,160 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
    PRC - [2012/07/18 10:03:37 | 006,536,304 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
    PRC - [2012/07/13 20:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012/06/01 10:33:54 | 000,366,536 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    PRC - [2012/06/01 10:33:53 | 000,264,136 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
    PRC - [2012/05/15 05:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2012/05/15 05:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/05/08 15:14:30 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/10/26 03:01:20 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2011/10/26 03:00:48 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
    PRC - [2011/06/24 04:27:04 | 006,044,264 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
    PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
    PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/18 10:03:39 | 000,104,048 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
    MOD - [2012/07/18 10:00:32 | 000,548,040 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\sqlite3.dll
    MOD - [2012/07/13 20:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2012/06/14 03:36:49 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
    MOD - [2012/06/14 03:36:46 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
    MOD - [2012/06/14 03:30:39 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
    MOD - [2012/06/14 03:30:34 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
    MOD - [2012/06/14 03:30:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012/06/14 03:30:22 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/06/14 03:30:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 03:30:01 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/14 03:29:54 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/06/01 10:33:54 | 000,268,232 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImLookExU.dll
    MOD - [2012/06/01 10:33:54 | 000,133,064 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
    MOD - [2012/06/01 10:33:54 | 000,079,816 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImAppRU.dll
    MOD - [2012/06/01 10:33:54 | 000,071,624 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\wlessfp1.dll
    MOD - [2012/06/01 10:33:54 | 000,032,648 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
    MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
    MOD - [2012/05/12 14:48:16 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
    MOD - [2012/05/12 14:47:12 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
    MOD - [2012/05/12 14:46:15 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
    MOD - [2012/05/12 14:46:14 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/12 14:46:12 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
    MOD - [2012/05/12 14:46:11 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
    MOD - [2012/05/12 14:23:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/12 14:23:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
    MOD - [2012/05/12 14:22:52 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
    MOD - [2012/05/12 14:22:42 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/12 14:22:40 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
    MOD - [2012/05/12 14:22:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/12 14:22:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/12 14:22:32 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/12 14:22:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/12/19 18:50:40 | 000,107,896 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\PMC.dll
    MOD - [2011/05/28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2010/11/20 17:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/08/02 23:50:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/19 11:11:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/18 10:03:39 | 000,066,160 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
    SRV - [2012/05/15 06:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/05/08 15:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
    SRV - [2012/01/13 04:03:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/10/26 03:00:48 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
    SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\RKHit.sys -- (RkHit)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\amdiox86.sys -- (amdiox86)
    DRV - [2012/07/27 17:01:36 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120804.009\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/07/27 17:01:36 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120804.009\NAVENG.SYS -- (NAVENG)
    DRV - [2012/06/18 20:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2012/06/14 14:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120803.002\IDSvix86.sys -- (IDSVix86)
    DRV - [2012/05/31 10:55:02 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/05/31 10:55:02 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/05/15 06:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2012/04/18 13:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2012/01/11 01:19:28 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/10/26 04:03:50 | 008,853,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2011/10/26 02:21:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2011/07/13 14:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
    DRV - [2011/07/13 14:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
    DRV - [2011/07/05 11:24:24 | 000,025,232 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\gidv2.sys -- (GIDv2)
    DRV - [2011/06/20 07:36:10 | 000,115,808 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
    DRV - [2011/06/06 06:06:54 | 000,211,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
    DRV - [2011/04/20 21:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symnets.sys -- (SymNetS)
    DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
    DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
    DRV - [2011/03/17 08:04:18 | 000,149,632 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdxhc.sys -- (amdxhc)
    DRV - [2011/03/17 08:04:16 | 000,070,272 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdhub30.sys -- (amdhub30)
    DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
    DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS)
    DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/?a=DgVJWLEGFh
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D A9 A9 1D 88 D0 CC 01 [binary data]
    IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s1122&geo=US&ver=5
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=DgVJWLEGFh
    IE - HKCU\..\SearchScopes\{E77B06D4-F131-4169-9957-86324858B784}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
    FF - prefs.js..keyword.URL: "http://search.alot.com/web?src_id=30182&client_id=f8b8ba561f641a9b9c5e4ca8&camp_id=3353&install_time=2012-06-04T02:54:09Z&pr=auto&tb_version=1.0.17000(G)&q="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tanya\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 08:31:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_10_1 [2012/08/04 20:10:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 13:18:46 | 000,185,164 | ---- | M] ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/01 10:33:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/01 22:12:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 07:34:47 | 000,000,000 | ---D | M]

    [2012/01/11 14:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanya\AppData\Roaming\Mozilla\Extensions
    [2012/07/30 23:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\flca98ga.default\extensions
    [2012/07/30 23:33:39 | 000,001,635 | ---- | M] () -- C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\flca98ga.default\searchplugins\firefox-add-ons.xml
    [2012/08/01 22:12:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/06/01 10:33:42 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
    [2012/07/30 23:33:26 | 000,368,105 | ---- | M] () (No name found) -- C:\USERS\TANYA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FLCA98GA.DEFAULT\EXTENSIONS\[email protected]
    [2012/07/16 20:38:01 | 000,113,603 | ---- | M] () (No name found) -- C:\USERS\TANYA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FLCA98GA.DEFAULT\EXTENSIONS\[email protected]
    [2012/07/13 20:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/22 18:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/02/20 13:15:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/22 18:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2011/10/26 14:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
    [2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/03/19 17:10:02 | 000,000,825 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts:
    O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.716.0\NativeBHO.dll (WhiteSky)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [EPSON NX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKCU..\Run: [EPSON NX110 Series (Copy 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Tanya\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED7302B1-BE3B-45A3-B442-C03EF67E3CE3}: DhcpNameServer = 75.75.76.76 75.75.75.75
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\Shell\AutoRun\command - "" = V:\Autorun.exe
    O33 - MountPoints2\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\Shell\AutoRun\command - "" = W:\Autorun.exe
    O33 - MountPoints2\{0f352201-3f54-11e1-8dd3-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{0f352201-3f54-11e1-8dd3-8c89a559a309}\Shell\AutoRun\command - "" = X:\Autorun.exe
    O33 - MountPoints2\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
    O33 - MountPoints2\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\Shell\AutoRun\command - "" = G:\autorun.exe Launch.hta
    O33 - MountPoints2\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\Shell\AutoRun\command - "" = G:\autorun.exe Launch.hta
    O33 - MountPoints2\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = Y:\Autorun.exe
    O33 - MountPoints2\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = Z:\Autorun.exe
    O33 - MountPoints2\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = F:\Autorun.exe
    O33 - MountPoints2\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
    O33 - MountPoints2\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
    O33 - MountPoints2\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
    O33 - MountPoints2\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\Shell\AutoRun\command - "" = G:\CD_Start.exe
    O33 - MountPoints2\{c4cd636f-69e4-11e1-b055-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{c4cd636f-69e4-11e1-b055-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
    O33 - MountPoints2\{c4cd6371-69e4-11e1-b055-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{c4cd6371-69e4-11e1-b055-8c89a559a309}\Shell\AutoRun\command - "" = H:\autorun.exe Launch.hta
    O33 - MountPoints2\{e1e77233-983a-11e1-be29-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{e1e77233-983a-11e1-be29-8c89a559a309}\Shell\AutoRun\command - "" = G:\setup.exe
    O33 - MountPoints2\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\Shell - "" = AutoRun
    O33 - MountPoints2\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/04 22:41:52 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Tanya\Desktop\OTL.com
    [2012/08/04 22:29:58 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Roaming\Malwarebytes
    [2012/08/04 22:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/04 22:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/04 22:29:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/08/04 22:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/04 22:28:19 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tanya\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/02 22:47:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/02 22:42:29 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tanya\Desktop\tdsskiller.exe
    [2012/08/01 22:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/08/01 22:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
    [2012/08/01 22:33:59 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
    [2012/08/01 22:33:59 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/08/01 22:33:39 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/08/01 22:33:39 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/08/01 22:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/07/31 01:27:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tanya\Desktop\dds.com
    [2012/07/31 01:24:51 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tanya\Desktop\HijackThis.exe
    [2012/07/27 11:20:30 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\Symantec
    [2012/07/16 21:47:15 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Roaming\Microsoft Games
    [2012/07/16 21:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Games
    [2012/07/16 21:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
    [2012/07/11 03:03:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/07/11 03:03:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/07/11 03:03:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/07/11 03:03:13 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/07/11 03:03:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/07/11 03:03:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/07/11 03:03:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/07/11 03:00:55 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012/07/10 16:30:40 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2012/07/10 16:30:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
    [2012/07/10 16:30:36 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
    [2012/07/08 23:31:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [2012/01/15 20:04:11 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Tanya\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/08/04 22:41:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Tanya\Desktop\OTL.com
    [2012/08/04 22:29:39 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/04 22:28:22 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tanya\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/04 22:28:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2499311016-898022518-1243461680-1000UA.job
    [2012/08/04 21:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/04 20:18:10 | 000,021,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/04 20:18:10 | 000,021,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/04 20:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/04 20:10:23 | 2810,290,176 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/04 19:28:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2499311016-898022518-1243461680-1000Core.job
    [2012/08/03 00:56:44 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/08/03 00:56:44 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/08/02 23:50:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/08/02 23:50:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/08/02 22:42:41 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tanya\Desktop\tdsskiller.exe
    [2012/08/01 22:33:18 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/08/01 22:33:18 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/07/31 01:34:27 | 000,302,592 | ---- | M] () -- C:\Users\Tanya\Desktop\mmvsr5ug.exe
    [2012/07/31 01:27:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tanya\Desktop\dds.com
    [2012/07/31 01:25:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tanya\Desktop\HijackThis.exe
    [2012/07/30 23:48:07 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
    [2012/07/27 16:56:43 | 289,164,778 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/07/23 21:13:15 | 000,002,153 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
    [2012/07/23 21:13:14 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Constant Guard.lnk
    [2012/07/16 22:37:02 | 000,002,432 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
    [2012/07/16 22:36:36 | 001,211,442 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502020.003\Cat.DB
    [2012/07/16 22:22:30 | 000,001,596 | ---- | M] () -- C:\Users\Tanya\Desktop\ZOO TYCOON.lnk
    [2012/07/16 21:36:02 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
    [2012/07/11 21:25:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502020.003\isolate.ini
    [2012/07/11 03:20:46 | 003,723,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/07/09 14:05:24 | 000,001,146 | ---- | M] () -- C:\Users\Tanya\Desktop\BitTorrent.lnk

    ========== Files Created - No Company Name ==========

    [2012/08/04 22:29:39 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/31 01:34:25 | 000,302,592 | ---- | C] () -- C:\Users\Tanya\Desktop\mmvsr5ug.exe
    [2012/07/30 23:48:07 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
    [2012/07/23 21:13:13 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Constant Guard.lnk
    [2012/07/16 22:37:02 | 000,002,432 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
    [2012/07/16 22:21:47 | 000,001,596 | ---- | C] () -- C:\Users\Tanya\Desktop\ZOO TYCOON.lnk
    [2012/07/16 21:36:02 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
    [2012/07/09 14:04:09 | 000,001,146 | ---- | C] () -- C:\Users\Tanya\Desktop\BitTorrent.lnk
    [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2012/05/14 21:01:36 | 000,202,094 | ---- | C] () -- C:\Users\Tanya\da Boys birth certificates.JPG
    [2012/03/30 23:11:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/03/16 10:35:34 | 000,327,166 | ---- | C] () -- C:\Users\Tanya\wwtracker.jpg
    [2012/02/21 10:55:48 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
    [2012/01/27 17:39:11 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
    [2012/01/21 16:03:40 | 000,330,260 | ---- | C] () -- C:\Users\Tanya\Boys birth certificates kn.JPG
    [2012/01/18 01:14:09 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2012/01/18 00:02:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2012/01/15 23:17:53 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2012/01/15 23:17:53 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2012/01/15 23:17:53 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2012/01/15 23:17:53 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2012/01/15 23:17:53 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2012/01/15 23:17:53 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2012/01/15 23:17:53 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2012/01/15 23:17:53 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2012/01/15 23:17:53 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2012/01/15 23:17:53 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2012/01/15 23:17:53 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2012/01/15 23:17:53 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2012/01/15 23:17:53 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2012/01/15 23:17:53 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2012/01/15 23:17:53 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2012/01/15 23:17:52 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2012/01/15 20:05:00 | 000,000,671 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\vso_ts_preview.xml
    [2012/01/15 20:04:11 | 000,087,608 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\inst.exe
    [2012/01/15 20:04:11 | 000,007,887 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\pcouffin.cat
    [2012/01/15 20:04:11 | 000,001,144 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\pcouffin.inf
    [2012/01/11 13:39:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/01/11 13:33:23 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2012/01/11 01:41:15 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{8474a8d8-a5af-bd38-9cd5-f5bd335edbe1}\@
    [2011/10/26 02:59:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\amdverag.dll
    [2011/10/26 02:20:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2011/08/30 15:33:12 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/06/07 23:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll

    ========== LOP Check ==========

    [2012/03/03 20:41:39 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\.minecraft
    [2012/07/18 00:21:08 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\BitTorrent
    [2012/05/01 19:08:44 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\EPSON
    [2012/08/04 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\ID Vault
    [2012/05/02 21:24:42 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\RipIt4Me
    [2012/03/02 19:31:27 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/05/27 14:50:12 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Tific
    [2012/07/27 23:01:31 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\Vso
    [2012/08/04 19:28:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2499311016-898022518-1243461680-1000Core.job
    [2012/08/04 22:28:00 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2499311016-898022518-1243461680-1000UA.job
    [2012/08/02 06:11:41 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >




    OTL Extras logfile created on: 8/4/2012 10:44:45 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Tanya\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.49 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 60.75% Memory free
    6.98 Gb Paging File | 5.39 Gb Available in Paging File | 77.23% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 76.43 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 671.57 Gb Free Space | 72.09% Space Free | Partition Type: NTFS

    Computer Name: PIXIE-PC | User Name: Tanya | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0A2AEE7D-5FF9-4166-BF15-43747B263E9B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{11BEDC0E-AC27-4CB6-B01F-E2309744110A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1EB30D64-D563-40B7-BD13-AF561B27862A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{34CBA3A3-CAD8-4AC2-8FA5-14B5757B25B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{65C72A6C-20C1-4E91-8037-39B4121CBFC9}" = rport=139 | protocol=6 | dir=out | app=system |
    "{70B4FEF2-3D72-42D5-9B6F-7946CE7327EE}" = lport=138 | protocol=17 | dir=in | app=system |
    "{99496F93-1156-4D2D-A283-9F110215DAE5}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A1B0C4D6-3056-462D-91B9-D9E002C1588A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{B52BF570-5168-455E-9C9C-4845B2FADE3F}" = rport=138 | protocol=17 | dir=out | app=system |
    "{BB31CA34-4761-4AA9-964F-68CCA59F3712}" = lport=139 | protocol=6 | dir=in | app=system |
    "{BEAB5131-14D1-4A71-A0C9-EC6557170402}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{FC703947-54DC-43AB-B130-B1EDFCDC316E}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3A8B8AD2-463D-4B63-9479-8422F4D4BC2A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{3DC6087D-6083-486D-B0A0-EEF9FEBA305A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{4006DD2B-23A6-4495-BCC8-3AD3BEBD5B05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{63B12F14-2312-468F-98D4-2A884FA75788}" = protocol=17 | dir=in | app=c:\users\tanya\downloads\bittorrent-7.6.exe |
    "{6D1837B8-E476-48AF-8B02-BD2E7118DD7D}" = dir=in | app=c:\users\tanya\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{6FB1016C-45AD-4B18-93F4-113A5C79F692}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{73A7CFFE-564A-4B68-89FF-51D5875BBDE9}" = protocol=6 | dir=in | app=c:\users\tanya\downloads\bittorrent-7.6.exe |
    "{82F53E06-6BAF-4009-AD09-64CA60CB35E0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{BD965A49-8AA0-451A-9360-B58E28EF5810}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{C558186F-6638-4F66-A653-2BF3F0E7B048}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{D5B93534-6476-41F2-930C-58C9D287C6AF}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
    "{EE90C35F-8E89-433E-9C8E-E1217A5554EB}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
    "TCP Query User{255E319E-CD43-472B-AB8A-36328A8934B8}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
    "TCP Query User{7D45141C-B0D1-40A7-9F75-33F5DE5E0DC0}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "UDP Query User{EE7911D0-F8CE-49F0-8D33-2218DA5D3C92}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "UDP Query User{F12A7377-81E7-472A-8F20-04F0F2136306}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
    "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims&#8482; 3 Outdoor Living Stuff
    "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
    "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.441
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims&#8482; 3 Late Night
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{5332A981-2332-55C4-FE31-7BCAAB16CAE2}" = Catalyst Control Center InstallProxy
    "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
    "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
    "{562817EC-0640-4947-9513-570A53D55877}" = Grey's Anatomy
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
    "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims&#8482; 3 High-End Loft Stuff
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.107
    "{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
    "{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims&#8482; 3 Town Life Stuff
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
    "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8777089A-4CF4-44BA-910B-9A4580669DED}" = Hallmark Card Studio 2012 Deluxe
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims&#8482; 3 Ambitions
    "{9191979D-821C-4EA8-B021-2DA1D859A7C5}" = GuardedID
    "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2C948AC-CA5B-1921-E1CC-73DAAAD7ED15}" = Catalyst Control Center InstallProxy
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims&#8482; 3 World Adventures
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
    "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims&#8482; 3
    "{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims&#8482; 3 Pets
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1" = Ares 3.1.7.3042
    "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
    "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
    "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
    "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims&#8482; 3 Generations
    "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
    "{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims&#8482; 3 Fast Lane Stuff
    "{F021D637-BBDA-486B-96F0-225B62596C3B}" = Nero 11
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
    "{F49AC447-8ED0-0C8A-8622-4737B2EE4248}" = ATI Catalyst Install Manager
    "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
    "{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
    "{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
    "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "BitTorrent" = BitTorrent
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Cool Timer_is1" = Cool Timer 3.7
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "CouponBar5.0.0.5" = CouponBar
    "EPSON NX110 Series" = EPSON NX110 Series Printer Uninstall
    "EPSON Scanner" = EPSON Scan
    "Guild Wars" = Guild Wars
    "ID Vault" = Constant Guard Protection Suite
    "IncrediMail" = IncrediMail 2.0
    "InstallShield_{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
    "Magic DVD Ripper_is1" = Magic DVD Ripper V6.0.2 Standard
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "N360" = Norton Security Suite
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
    "WBFS Manager 3.0" = WBFS Manager 3.0
    "Winamp" = Winamp
    "WinCDEmu" = WinCDEmu
    "WinRAR archiver" = WinRAR 4.01 (32-bit)
    "Zune" = Zune

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "AIM" = AIM for Windows
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/2/2012 12:22:38 PM | Computer Name = Pixie-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/2/2012 2:40:06 PM | Computer Name = Pixie-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Users\Tanya\downloads\any
    dvd cloner platinum 1.1.6 + serials\SETUP.EXE". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/2/2012 2:40:48 PM | Computer Name = Pixie-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\WinCDEmu\vmnt64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/2/2012 2:42:09 PM | Computer Name = Pixie-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\Nero\Nero
    11\nero backitup\NBVSSTool_x64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/2/2012 10:50:26 PM | Computer Name = Pixie-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/3/2012 2:11:23 AM | Computer Name = Pixie-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Users\Tanya\downloads\any
    dvd cloner platinum 1.1.6 + serials\SETUP.EXE". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/3/2012 2:11:48 AM | Computer Name = Pixie-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\WinCDEmu\vmnt64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/3/2012 2:12:40 AM | Computer Name = Pixie-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\Nero\Nero
    11\nero backitup\NBVSSTool_x64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/4/2012 11:48:56 AM | Computer Name = Pixie-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/4/2012 8:11:55 PM | Computer Name = Pixie-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 5/19/2012 7:46:11 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
    Description = 7:46:06 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/20/2012 8:42:37 AM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
    Description = 8:42:37 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/20/2012 8:42:42 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
    Description = 8:42:37 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/21/2012 7:54:25 AM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
    Description = 7:54:25 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/22/2012 12:02:08 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
    Description = 12:02:08 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/22/2012 1:02:40 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
    Description = 1:02:37 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/22/2012 2:03:04 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
    Description = 2:03:00 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/22/2012 3:06:30 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
    Description = 3:06:26 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/22/2012 7:42:27 PM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
    Description = 7:42:22 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/23/2012 7:23:13 AM | Computer Name = Pixie-PC | Source = MCUpdate | ID = 0
    Description = 7:23:13 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    [ System Events ]
    Error - 7/14/2012 3:57:35 PM | Computer Name = Pixie-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 7/15/2012 12:01:17 AM | Computer Name = Pixie-PC | Source = DCOM | ID = 10010
    Description =

    Error - 7/15/2012 12:56:44 AM | Computer Name = Pixie-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 7/15/2012 12:56:44 AM | Computer Name = Pixie-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 7/16/2012 9:55:17 AM | Computer Name = Pixie-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 7/16/2012 9:55:17 AM | Computer Name = Pixie-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 7/16/2012 1:30:55 PM | Computer Name = Pixie-PC | Source = Microsoft-Windows-HAL | ID = 12
    Description = The platform firmware has corrupted memory across the previous system
    power transition. Please check for updated firmware for your system.

    Error - 7/16/2012 1:53:29 PM | Computer Name = Pixie-PC | Source = Disk | ID = 262159
    Description = The device, \Device\Harddisk1\DR1, is not ready for access yet.

    Error - 7/16/2012 1:53:29 PM | Computer Name = Pixie-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort2.

    Error - 7/16/2012 1:53:29 PM | Computer Name = Pixie-PC | Source = Disk | ID = 262159
    Description = The device, \Device\Harddisk1\DR1, is not ready for access yet.


    < End of report >
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Continue as follows:-

    Re-Run [​IMG] by double left click, Vista and Widows 7 users accept UAC alert.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2012/06/01 10:33:54 | 000,366,536 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
      PRC - [2012/06/01 10:33:53 | 000,264,136 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
      PRC - [2012/05/08 15:14:30 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
      MOD - [2012/06/01 10:33:54 | 000,268,232 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImLookExU.dll
      MOD - [2012/06/01 10:33:54 | 000,133,064 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
      MOD - [2012/06/01 10:33:54 | 000,079,816 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImAppRU.dll
      MOD - [2012/06/01 10:33:54 | 000,071,624 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\wlessfp1.dll
      MOD - [2012/06/01 10:33:54 | 000,032,648 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
      MOD - [2011/12/19 18:50:40 | 000,107,896 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\PMC.dll
      SRV - [2012/05/08 15:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/?a=DgVJWLEGFh
      IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s1122&geo=US&ver=5
      IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=DgVJWLEGFh
      FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 13:18:46 | 000,185,164 | ---- | M] ()
      [2012/06/01 10:33:42 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
      O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
      O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
      O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O33 - MountPoints2\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\Shell\AutoRun\command - "" = V:\Autorun.exe
      O33 - MountPoints2\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\Shell\AutoRun\command - "" = W:\Autorun.exe
      O33 - MountPoints2\{0f352201-3f54-11e1-8dd3-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{0f352201-3f54-11e1-8dd3-8c89a559a309}\Shell\AutoRun\command - "" = X:\Autorun.exe
      O33 - MountPoints2\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
      O33 - MountPoints2\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\Shell\AutoRun\command - "" = G:\autorun.exe Launch.hta
      O33 - MountPoints2\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\Shell\AutoRun\command - "" = G:\autorun.exe Launch.hta
      O33 - MountPoints2\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = Y:\Autorun.exe
      O33 - MountPoints2\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = Z:\Autorun.exe
      O33 - MountPoints2\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = F:\Autorun.exe
      O33 - MountPoints2\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
      O33 - MountPoints2\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
      O33 - MountPoints2\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
      O33 - MountPoints2\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\Shell\AutoRun\command - "" = G:\CD_Start.exe
      O33 - MountPoints2\{c4cd636f-69e4-11e1-b055-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{c4cd636f-69e4-11e1-b055-8c89a559a309}\Shell\AutoRun\command - "" = G:\Autorun.exe
      O33 - MountPoints2\{c4cd6371-69e4-11e1-b055-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{c4cd6371-69e4-11e1-b055-8c89a559a309}\Shell\AutoRun\command - "" = H:\autorun.exe Launch.hta
      O33 - MountPoints2\{e1e77233-983a-11e1-be29-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{e1e77233-983a-11e1-be29-8c89a559a309}\Shell\AutoRun\command - "" = G:\setup.exe
      O33 - MountPoints2\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\Shell - "" = AutoRun
      O33 - MountPoints2\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{18DB3375-0649-4EA3-959A-44F1ACD278BA}"=-
      "{26A24AE4-039D-4CA4-87B4-2F83217005FF}"=-
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [emptytemp]
      [CREATERESTOREPOINT]
      [Reboot]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
    • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Also give an update on any remaining issues or concerns....

    Kevin
     
  8. PaGrrl

    PaGrrl Thread Starter

    Joined:
    May 8, 2007
    Messages:
    34
    The computer seems to be running better. Only thing I have a problem with is games loading on FB but Im sure its FB





    All processes killed
    ========== OTL ==========
    No active process named IncMail.exe was found!
    No active process named ImApp.exe was found!
    Process ExtensionUpdaterService.exe killed successfully!
    Service Web Assistant Updater stopped successfully!
    Service Web Assistant Updater deleted successfully!
    C:\Program Files\Web Assistant\ExtensionUpdaterService.exe moved successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
    Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 13:18:46 | 000,185,164 | ---- | M] () not found.
    C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\defaults\preferences folder moved successfully.
    C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\defaults folder moved successfully.
    C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\skin folder moved successfully.
    C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\locale\en-US folder moved successfully.
    C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\locale folder moved successfully.
    C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\content\resources folder moved successfully.
    C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\content\libraries folder moved successfully.
    C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\content folder moved successfully.
    C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome folder moved successfully.
    C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
    C:\Program Files\Web Assistant\Extension32.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
    C:\Program Files\Coupons.com CouponBar\tbcore3.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ deleted successfully.
    File C:\Program Files\Coupons.com CouponBar\tbcore3.dll not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f35200f-3f54-11e1-8dd3-8c89a559a309}\ not found.
    File V:\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f3521ec-3f54-11e1-8dd3-8c89a559a309}\ not found.
    File W:\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f352201-3f54-11e1-8dd3-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f352201-3f54-11e1-8dd3-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f352201-3f54-11e1-8dd3-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f352201-3f54-11e1-8dd3-8c89a559a309}\ not found.
    File X:\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{255e7f6d-5df7-11e1-8fd8-8c89a559a309}\ not found.
    File G:\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f66cd2d-75a7-11e1-bff1-8c89a559a309}\ not found.
    File G:\autorun.exe Launch.hta not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eb7d967-67f7-11e1-afbc-8c89a559a309}\ not found.
    File G:\autorun.exe Launch.hta not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1c2-4c0b-11e1-807d-8c89a559a309}\ not found.
    File Y:\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1ca-4c0b-11e1-807d-8c89a559a309}\ not found.
    File Z:\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1d8-4c0b-11e1-807d-8c89a559a309}\ not found.
    File F:\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1e5-4c0b-11e1-807d-8c89a559a309}\ not found.
    File G:\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1f1-4c0b-11e1-807d-8c89a559a309}\ not found.
    File G:\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5807c1fb-4c0b-11e1-807d-8c89a559a309}\ not found.
    File G:\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e9ffedd-cf4d-11e1-af58-8c89a559a309}\ not found.
    File G:\CD_Start.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4cd636f-69e4-11e1-b055-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4cd636f-69e4-11e1-b055-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4cd636f-69e4-11e1-b055-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4cd636f-69e4-11e1-b055-8c89a559a309}\ not found.
    File G:\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4cd6371-69e4-11e1-b055-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4cd6371-69e4-11e1-b055-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4cd6371-69e4-11e1-b055-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4cd6371-69e4-11e1-b055-8c89a559a309}\ not found.
    File H:\autorun.exe Launch.hta not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1e77233-983a-11e1-be29-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e77233-983a-11e1-be29-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1e77233-983a-11e1-be29-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e77233-983a-11e1-be29-8c89a559a309}\ not found.
    File G:\setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe87c5ac-b28e-11e1-aeb0-8c89a559a309}\ not found.
    File E:\TL_Bootstrap.exe not found.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{18DB3375-0649-4EA3-959A-44F1ACD278BA} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DB3375-0649-4EA3-959A-44F1ACD278BA}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{26A24AE4-039D-4CA4-87B4-2F83217005FF} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A24AE4-039D-4CA4-87B4-2F83217005FF}\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Tanya\Desktop\cmd.bat deleted successfully.
    C:\Users\Tanya\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Tanya
    ->Temp folder emptied: 1745575 bytes
    ->Temporary Internet Files folder emptied: 29888444 bytes
    ->Java cache emptied: 15952 bytes
    ->FireFox cache emptied: 109361381 bytes
    ->Flash cache emptied: 5049372 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    User: UpdatusUser.Pixie-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 305637795 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 10653208 bytes

    Total Files Cleaned = 441.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.55.0 log created on 08052012_180144

    Files\Folders moved on Reboot...
    File\Folder C:\Windows\temp\TMP00000088D02F58813E9B5381 not found!

    PendingFileRenameOperations files...
    File C:\Windows\temp\TMP00000088D02F58813E9B5381 not found!

    Registry entries deleted on Reboot...
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    We`ve not done anything that would affect FaceBook, not sure whats wrong there? Do the following:

    Step 1

    • Re-open [​IMG] to run it. (Vista and Win 7 users accept UAC alert)
    • Click on the [​IMG] button.
    • Click Yes to begin the cleanup process and remove tools, including this application
    • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

    Step 2

    Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates.
    If Java or Adobe as updated please check under Start > Control Panel > Programs and Featues, ensure any old versions are removed. <--- Very Important

    Step 3

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

    Step 4

    Create a new restore point:

    1. Right-click on Computer and go to Properties.
    2. Next click on the System Protection link.
    3. The System Properties dialog screen opens up and you will want to click on Create.
    4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.
    5. You should see the message "The restore point was created successfully

    To remove all but the most recent restore point do the following:

    1. Open Disk Cleanup by clicking the Start button [​IMG]. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
    2. If prompted, select the drive that you want to clean up, and then click OK.
    3. In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
    4. If prompted, select the drive that you want to clean up, and then click OK.
    5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
    6. In the Disk Cleanup dialog box, click Delete.
    7. Click Delete Files, and then click OK. Re-Boot your PC.

    Let me know if those steps complete OK..

    Kevin
     
  10. PaGrrl

    PaGrrl Thread Starter

    Joined:
    May 8, 2007
    Messages:
    34
    I have done those steps
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Is FaceBook ok now? Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.

    Here are some tips to reduce the potential for malware infection in the future;

    Make proper use of your antivirus and firewall

    Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

    You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

    Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system.

    WinPatrol features explained Here

    Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates.
    If Java or Adobe as updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed.
    Use a safer web browser

    Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

    Firefox,

    Opera, and

    Chrome.

    All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

    These browser add-ons will help to make your browser safer:

    Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

    Available for Firefox and Internet Explorer.

    Green to go,
    Yellow for caution, and
    Red to stop.


    Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

    These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

    Here a couple of links by two security experts that will give some excellent tips and advice.

    So how did I get infected in the first place by Tony Klein

    How to prevent Malware by Miekiemoes

    Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

    Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

    If no remaining issues hit the “Mark Solved” tab at the top of the thread,

    Take care,

    Kevin
     
  12. PaGrrl

    PaGrrl Thread Starter

    Joined:
    May 8, 2007
    Messages:
    34
    The system is running well. FB still wont load a game on my account but it does on my partners account and we share the same computers so I would say it would be facebook. Thank you for all your help
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    OK, thanks for letting me know, can you mark the thread solved.

    Thanks,

    Kevin :)
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1063244