Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with various Trojans


  • Please log in to reply
29 replies to this topic

#1 nattermk1

nattermk1

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 16 April 2012 - 12:22 PM

When I unplug my computer from the internet, everything runs fine for about 5 minutes. then I start getting alerts from AVG saying I have trojan viruses and blackhole exploit kits. When the computer is connected to the internet I start getting these notices right away, plus I have a program running in the background that uses all of my memory and cpu. when I go into my task manager it says that its a "host process for windows services". I can "end process" but within 5 minutes it starts right back up. I have scanned my computer using AVG and super spyware remover, both find all kinds of trojans and spyware but after i do a restart they start popping up again. they never find the program thats eating all the memory though. the gmers program would stop running half way through its scan, and malwarebytes wont even run. here are my logs


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Matt at 12:25:31 on 2012-04-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2046.1112 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxedserv.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\lxedcoms.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Lexmark S600 Series\lxedmon.exe
C:\Program Files\Lexmark S600 Series\ezprint.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\SFT\GuardedID\GIDD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps04092012
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: H - No File
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwa0.dll
mURLSearchHooks: H - No File
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Updater For Comcast Toolbar 3.5: {164d3751-cac6-4a6d-becd-ea67df61d232} - c:\program files\comcasttb\auxi\comcastAu.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: ShopAtHome.com Toolbar: {66516a07-f617-488a-90cf-4e690cfb3c5f} - c:\program files\shopathome\tbcore3U.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwa0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwa0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: ShopAtHome.com Toolbar: {311b58dc-a4dc-4b04-b1b5-60299ad3d803} - c:\program files\shopathome\tbcore3U.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [lxedmon.exe] "c:\program files\lexmark s600 series\lxedmon.exe"
mRun: [EzPrint] "c:\program files\lexmark s600 series\ezprint.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A7D7FD5B-300A-4A3C-9568-A54481C58EE6} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2012-4-9 25232]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-3-30 65608]
R2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe -service --> c:\windows\system32\lxedcoms.exe -service [?]
R2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxedserv.exe [2010-12-25 193192]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-22 95200]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-11 2214504]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-13 30576]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-30 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-17 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-30 136176]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2008-3-26 136832]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-30 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-16 13:43:52 -------- d-----w- c:\users\matt\appdata\roaming\SUPERAntiSpyware.com
2012-04-16 13:43:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-16 13:43:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-15 14:57:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-15 14:57:11 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-15 14:57:11 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-15 14:57:10 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-09 23:30:37 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-09 22:55:12 -------- d-----w- c:\programdata\Norton
2012-04-09 22:46:05 -------- d-----w- c:\programdata\IsolatedStorage
2012-04-09 22:46:04 -------- d-----w- c:\users\matt\appdata\local\ID Vault
2012-04-09 22:37:31 -------- d-----w- c:\users\matt\appdata\roaming\ID Vault
2012-04-09 22:37:14 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2012-04-09 22:37:11 -------- d-----w- c:\programdata\GID
2012-04-09 22:37:09 -------- d-----w- c:\program files\SFT
2012-04-09 22:36:46 -------- d-----w- c:\program files\Constant Guard Protection Suite
2012-04-09 22:36:07 -------- d-----w- c:\programdata\White Sky, Inc
2012-03-31 22:32:46 -------- d-----w- c:\program files\iPod
2012-03-31 22:32:45 -------- d-----w- c:\program files\iTunes
2012-03-23 15:59:22 -------- d-----w- c:\windows\system32\SPReview
.
==================== Find3M ====================
.
2012-03-10 16:37:09 471170 ----a-w- c:\programdata\SPLD9DA.tmp
2012-03-10 16:34:12 471170 ----a-w- c:\programdata\SPL2AF7.tmp
2012-03-08 21:04:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-07 15:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:44:51 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:44:50 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:40:26 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 12:27:19.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:22 PM

Posted 18 April 2012 - 08:38 AM

Hello nattermk1 ,

My name is ratman and and I will be helping you with your computer problems.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================

Backdoor Warning

One or more of the identified infections (ZeroAccess) is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.

====================================================================================


Please download ComboFix from here:

Link


* IMPORTANT !!! Save ComboFix.exe to your Desktop.

  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Right click on ComboFix icon Posted Image and run as admin then follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

====================================================================================

I'd like you to run a scan with aswMBR
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

====================================================================================

In your next reply, please copy/paste the contents of the following:
  • C:\Combofix.txt
  • aswMBR Log

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 nattermk1

nattermk1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 20 April 2012 - 02:38 PM

well, I tried to run combo fix. it wouldnt finish. it would run for about an hour then it would say that it stopped working. I ran aswMBR just fine though.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-20 10:13:12
-----------------------------
10:13:12.614 OS Version: Windows 6.1.7600
10:13:12.614 Number of processors: 2 586 0xF0D
10:13:12.614 ComputerName: MATT-PC UserName: Matt
10:13:13.472 Initialize success
10:13:24.042 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:13:24.042 Disk 0 Vendor: SAMSUNG_HD321KJ CP100-12 Size: 305245MB BusType: 3
10:13:24.058 Disk 0 MBR read successfully
10:13:24.058 Disk 0 MBR scan
10:13:24.058 Disk 0 TDL4@MBR code has been found
10:13:24.058 Disk 0 Windows 7 default MBR code found via API
10:13:24.089 Disk 0 MBR hidden
10:13:24.089 Disk 0 Partition 1 00 DE Dell Utility 54 MB offset 63
10:13:24.120 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
10:13:24.120 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294949 MB offset 21084160
10:13:24.136 Disk 0 MBR [TDL4] **ROOTKIT**
10:13:24.136 Disk 0 trace - called modules:
10:13:24.151 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x866e049f]<<
10:13:24.151 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86232670]
10:13:24.167 3 CLASSPNP.SYS[8918159e] -> nt!IofCallDriver -> [0x85db3348]
10:13:24.167 5 ACPI.sys[8389f3b2] -> nt!IofCallDriver -> \IdeDeviceP0T0L0-0[0x85d5d908]
10:13:24.167 \Driver\atapi[0x86619670] -> IRP_MJ_CREATE -> 0x866e049f
10:13:24.182 Scan finished successfully
10:14:24.945 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Documents\MBR.dat"
10:14:24.945 The log file has been saved successfully to "C:\Users\Matt\Documents\aswMBR.txt"

#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:22 PM

Posted 21 April 2012 - 09:28 AM

Hello nattermk1 ,

I want you to run TDSSKiller:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

===================================================================================



In your next reply, please copy/paste the contents of the following:
  • TDSSKiller Log
How is your machine running now?

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 nattermk1

nattermk1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 22 April 2012 - 08:23 PM

when i start up the computer I keep getting a message saying that the recycle bin is corrupted. heres the report.






21:08:43.0700 5548 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
21:08:43.0747 5548 ============================================================
21:08:43.0747 5548 Current date / time: 2012/04/22 21:08:43.0747
21:08:43.0747 5548 SystemInfo:
21:08:43.0747 5548
21:08:43.0747 5548 OS Version: 6.1.7600 ServicePack: 0.0
21:08:43.0747 5548 Product type: Workstation
21:08:43.0747 5548 ComputerName: MATT-PC
21:08:43.0747 5548 UserName: Matt
21:08:43.0747 5548 Windows directory: C:\Windows
21:08:43.0747 5548 System windows directory: C:\Windows
21:08:43.0747 5548 Processor architecture: Intel x86
21:08:43.0747 5548 Number of processors: 2
21:08:43.0747 5548 Page size: 0x1000
21:08:43.0747 5548 Boot type: Normal boot
21:08:43.0747 5548 ============================================================
21:08:45.0525 5548 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:08:45.0556 5548 Drive \Device\Harddisk5\DR5 - Size: 0x1D197300000 (1862.36 Gb), SectorSize: 0x200, Cylinders: 0x3B5AB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:08:45.0556 5548 Drive \Device\Harddisk6\DR6 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:08:45.0556 5548 \Device\Harddisk0\DR0:
21:08:45.0572 5548 MBR partitions:
21:08:45.0572 5548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
21:08:45.0572 5548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x24012800
21:08:45.0572 5548 \Device\Harddisk5\DR5:
21:08:45.0572 5548 MBR partitions:
21:08:45.0572 5548 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8CB9000
21:08:45.0572 5548 \Device\Harddisk6\DR6:
21:08:45.0572 5548 MBR partitions:
21:08:45.0572 5548 \Device\Harddisk6\DR6\Partition0: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
21:08:45.0681 5548 C: <-> \Device\Harddisk0\DR0\Partition1
21:08:45.0728 5548 D: <-> \Device\Harddisk0\DR0\Partition0
21:08:45.0759 5548 L: <-> \Device\Harddisk5\DR5\Partition0
21:08:45.0759 5548 Initialize success
21:08:45.0759 5548 ============================================================
21:09:05.0602 3912 ============================================================
21:09:05.0602 3912 Scan started
21:09:05.0618 3912 Mode: Manual;
21:09:05.0618 3912 ============================================================
21:09:06.0928 3912 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:09:06.0928 3912 !SASCORE - ok
21:09:07.0225 3912 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
21:09:07.0225 3912 1394ohci - ok
21:09:07.0272 3912 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
21:09:07.0272 3912 ACPI - ok
21:09:07.0287 3912 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
21:09:07.0303 3912 AcpiPmi - ok
21:09:07.0350 3912 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:09:07.0350 3912 AdobeARMservice - ok
21:09:07.0396 3912 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:09:07.0412 3912 adp94xx - ok
21:09:07.0459 3912 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:09:07.0474 3912 adpahci - ok
21:09:07.0490 3912 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:09:07.0490 3912 adpu320 - ok
21:09:07.0537 3912 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:09:07.0537 3912 AeLookupSvc - ok
21:09:07.0584 3912 AERTFilters (330a1e4df07c2e29949ed8631cd8828e) C:\Windows\system32\AERTSrv.exe
21:09:07.0599 3912 AERTFilters - ok
21:09:07.0677 3912 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
21:09:07.0693 3912 AFD - ok
21:09:07.0708 3912 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
21:09:07.0708 3912 agp440 - ok
21:09:07.0740 3912 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:09:07.0740 3912 aic78xx - ok
21:09:07.0771 3912 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:09:07.0771 3912 ALG - ok
21:09:07.0786 3912 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
21:09:07.0786 3912 aliide - ok
21:09:07.0802 3912 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
21:09:07.0802 3912 amdagp - ok
21:09:07.0833 3912 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
21:09:07.0833 3912 amdide - ok
21:09:07.0849 3912 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:09:07.0849 3912 AmdK8 - ok
21:09:07.0864 3912 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:09:07.0880 3912 AmdPPM - ok
21:09:07.0911 3912 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
21:09:07.0911 3912 amdsata - ok
21:09:07.0942 3912 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:09:07.0942 3912 amdsbs - ok
21:09:07.0958 3912 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
21:09:07.0958 3912 amdxata - ok
21:09:08.0098 3912 AntiSpywareService (f9dac844b1d370da4c984d4c22f5e696) C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
21:09:08.0098 3912 AntiSpywareService - ok
21:09:08.0130 3912 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
21:09:08.0130 3912 AppID - ok
21:09:08.0176 3912 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:09:08.0176 3912 AppIDSvc - ok
21:09:08.0192 3912 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
21:09:08.0192 3912 Appinfo - ok
21:09:08.0286 3912 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:09:08.0286 3912 Apple Mobile Device - ok
21:09:08.0332 3912 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:09:08.0348 3912 arc - ok
21:09:08.0364 3912 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:09:08.0364 3912 arcsas - ok
21:09:08.0395 3912 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:09:08.0395 3912 AsyncMac - ok
21:09:08.0410 3912 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
21:09:08.0410 3912 atapi - ok
21:09:08.0457 3912 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
21:09:08.0473 3912 AudioEndpointBuilder - ok
21:09:08.0488 3912 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
21:09:08.0488 3912 Audiosrv - ok
21:09:08.0691 3912 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:09:08.0738 3912 AVGIDSAgent - ok
21:09:08.0800 3912 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:09:08.0800 3912 AVGIDSDriver - ok
21:09:08.0832 3912 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:09:08.0832 3912 AVGIDSEH - ok
21:09:08.0863 3912 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:09:08.0863 3912 AVGIDSFilter - ok
21:09:08.0878 3912 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
21:09:08.0878 3912 AVGIDSShim - ok
21:09:08.0910 3912 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
21:09:08.0910 3912 Avgldx86 - ok
21:09:08.0941 3912 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
21:09:08.0941 3912 Avgmfx86 - ok
21:09:08.0972 3912 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
21:09:08.0972 3912 Avgrkx86 - ok
21:09:08.0988 3912 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
21:09:08.0988 3912 Avgtdix - ok
21:09:09.0081 3912 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:09:09.0081 3912 avgwd - ok
21:09:09.0128 3912 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
21:09:09.0128 3912 AxInstSV - ok
21:09:09.0190 3912 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:09:09.0190 3912 b06bdrv - ok
21:09:09.0268 3912 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:09:09.0268 3912 b57nd60x - ok
21:09:09.0300 3912 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:09:09.0300 3912 BDESVC - ok
21:09:09.0315 3912 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:09:09.0315 3912 Beep - ok
21:09:09.0378 3912 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
21:09:09.0378 3912 BITS - ok
21:09:09.0424 3912 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:09:09.0424 3912 blbdrive - ok
21:09:09.0502 3912 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:09:09.0518 3912 Bonjour Service - ok
21:09:09.0565 3912 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
21:09:09.0565 3912 bowser - ok
21:09:09.0596 3912 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:09:09.0596 3912 BrFiltLo - ok
21:09:09.0612 3912 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:09:09.0612 3912 BrFiltUp - ok
21:09:09.0674 3912 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:09:09.0674 3912 BridgeMP - ok
21:09:09.0752 3912 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
21:09:09.0752 3912 Browser - ok
21:09:09.0768 3912 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:09:09.0783 3912 Brserid - ok
21:09:09.0799 3912 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:09:09.0799 3912 BrSerWdm - ok
21:09:09.0830 3912 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:09:09.0830 3912 BrUsbMdm - ok
21:09:09.0846 3912 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:09:09.0846 3912 BrUsbSer - ok
21:09:09.0861 3912 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:09:09.0861 3912 BTHMODEM - ok
21:09:09.0892 3912 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:09:09.0892 3912 bthserv - ok
21:09:09.0924 3912 c-dillasrv - ok
21:09:10.0048 3912 catchme - ok
21:09:10.0095 3912 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:09:10.0095 3912 cdfs - ok
21:09:10.0126 3912 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
21:09:10.0126 3912 cdrom - ok
21:09:10.0173 3912 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
21:09:10.0173 3912 CertPropSvc - ok
21:09:10.0189 3912 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:09:10.0204 3912 circlass - ok
21:09:10.0220 3912 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:09:10.0236 3912 CLFS - ok
21:09:10.0314 3912 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:10.0314 3912 clr_optimization_v2.0.50727_32 - ok
21:09:10.0360 3912 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:09:10.0360 3912 clr_optimization_v4.0.30319_32 - ok
21:09:10.0392 3912 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:09:10.0392 3912 CmBatt - ok
21:09:10.0407 3912 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
21:09:10.0407 3912 cmdide - ok
21:09:10.0438 3912 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
21:09:10.0454 3912 CNG - ok
21:09:10.0470 3912 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:09:10.0470 3912 Compbatt - ok
21:09:10.0501 3912 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:09:10.0501 3912 CompositeBus - ok
21:09:10.0532 3912 COMSysApp - ok
21:09:10.0548 3912 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:09:10.0548 3912 crcdisk - ok
21:09:10.0594 3912 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
21:09:10.0594 3912 CryptSvc - ok
21:09:10.0626 3912 CTSBLFX.DLL - ok
21:09:10.0672 3912 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
21:09:10.0672 3912 dc3d - ok
21:09:10.0750 3912 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
21:09:10.0750 3912 DcomLaunch - ok
21:09:10.0797 3912 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:09:10.0813 3912 defragsvc - ok
21:09:10.0844 3912 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
21:09:10.0844 3912 DfsC - ok
21:09:10.0875 3912 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
21:09:10.0875 3912 Dhcp - ok
21:09:10.0906 3912 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:09:10.0906 3912 discache - ok
21:09:10.0938 3912 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:09:10.0938 3912 Disk - ok
21:09:10.0984 3912 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
21:09:10.0984 3912 Dnscache - ok
21:09:11.0000 3912 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
21:09:11.0000 3912 dot3svc - ok
21:09:11.0016 3912 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
21:09:11.0031 3912 DPS - ok
21:09:11.0078 3912 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:09:11.0078 3912 drmkaud - ok
21:09:11.0125 3912 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
21:09:11.0140 3912 DXGKrnl - ok
21:09:11.0203 3912 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
21:09:11.0203 3912 e1express - ok
21:09:11.0234 3912 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:09:11.0234 3912 EapHost - ok
21:09:11.0343 3912 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:09:11.0374 3912 ebdrv - ok
21:09:11.0421 3912 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
21:09:11.0421 3912 EFS - ok
21:09:11.0499 3912 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
21:09:11.0499 3912 ehRecvr - ok
21:09:11.0530 3912 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:09:11.0546 3912 ehSched - ok
21:09:11.0577 3912 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:09:11.0593 3912 elxstor - ok
21:09:11.0608 3912 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
21:09:11.0608 3912 ErrDev - ok
21:09:11.0671 3912 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:09:11.0686 3912 EventSystem - ok
21:09:11.0702 3912 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:09:11.0702 3912 exfat - ok
21:09:11.0718 3912 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:09:11.0796 3912 fastfat - ok
21:09:11.0858 3912 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
21:09:11.0858 3912 Fax - ok
21:09:11.0889 3912 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:09:11.0889 3912 fdc - ok
21:09:11.0905 3912 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:09:11.0905 3912 fdPHost - ok
21:09:11.0920 3912 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:09:11.0920 3912 FDResPub - ok
21:09:11.0936 3912 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:09:11.0936 3912 FileInfo - ok
21:09:11.0952 3912 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:09:11.0952 3912 Filetrace - ok
21:09:11.0967 3912 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:09:11.0983 3912 flpydisk - ok
21:09:11.0998 3912 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:09:11.0998 3912 FltMgr - ok
21:09:12.0045 3912 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
21:09:12.0061 3912 FontCache - ok
21:09:12.0139 3912 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:09:12.0139 3912 FontCache3.0.0.0 - ok
21:09:12.0154 3912 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:09:12.0154 3912 FsDepends - ok
21:09:12.0201 3912 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
21:09:12.0201 3912 fssfltr - ok
21:09:12.0310 3912 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:09:12.0326 3912 fsssvc - ok
21:09:12.0373 3912 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
21:09:12.0373 3912 Fs_Rec - ok
21:09:12.0404 3912 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
21:09:12.0420 3912 fvevol - ok
21:09:12.0435 3912 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:09:12.0435 3912 gagp30kx - ok
21:09:12.0466 3912 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:09:12.0466 3912 GEARAspiWDM - ok
21:09:12.0529 3912 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\Windows\system32\drivers\GIDv2.sys
21:09:12.0529 3912 GIDv2 - ok
21:09:12.0591 3912 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
21:09:12.0591 3912 gpsvc - ok
21:09:12.0685 3912 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:09:12.0685 3912 gupdate - ok
21:09:12.0732 3912 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:09:12.0732 3912 gupdatem - ok
21:09:12.0778 3912 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:09:12.0778 3912 gusvc - ok
21:09:12.0794 3912 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:09:12.0810 3912 hcw85cir - ok
21:09:12.0856 3912 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:09:12.0856 3912 HDAudBus - ok
21:09:12.0872 3912 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:09:12.0872 3912 HidBatt - ok
21:09:12.0888 3912 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:09:12.0903 3912 HidBth - ok
21:09:12.0934 3912 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:09:12.0934 3912 HidIr - ok
21:09:12.0950 3912 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:09:12.0950 3912 hidserv - ok
21:09:12.0981 3912 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
21:09:12.0981 3912 HidUsb - ok
21:09:12.0997 3912 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
21:09:12.0997 3912 hkmsvc - ok
21:09:13.0028 3912 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
21:09:13.0028 3912 HomeGroupListener - ok
21:09:13.0075 3912 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
21:09:13.0075 3912 HomeGroupProvider - ok
21:09:13.0106 3912 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:09:13.0106 3912 HpSAMD - ok
21:09:13.0137 3912 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
21:09:13.0153 3912 HTTP - ok
21:09:13.0168 3912 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
21:09:13.0168 3912 hwpolicy - ok
21:09:13.0200 3912 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:09:13.0200 3912 i8042prt - ok
21:09:13.0246 3912 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
21:09:13.0246 3912 iaStorV - ok
21:09:13.0340 3912 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:09:13.0387 3912 IDriverT - ok
21:09:13.0480 3912 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:09:13.0496 3912 idsvc - ok
21:09:13.0590 3912 IDVaultSvc (9eb85e7ee5d408fbd7968e695d088570) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
21:09:13.0590 3912 IDVaultSvc - ok
21:09:13.0668 3912 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:09:13.0668 3912 iirsp - ok
21:09:13.0746 3912 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
21:09:13.0746 3912 IKEEXT - ok
21:09:13.0777 3912 imountsrv - ok
21:09:13.0870 3912 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
21:09:13.0902 3912 IntcAzAudAddService - ok
21:09:13.0933 3912 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
21:09:13.0933 3912 intelide - ok
21:09:13.0964 3912 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:09:13.0964 3912 intelppm - ok
21:09:14.0058 3912 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
21:09:14.0058 3912 IntuitUpdateService - ok
21:09:14.0089 3912 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:09:14.0089 3912 IPBusEnum - ok
21:09:14.0104 3912 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:14.0104 3912 IpFilterDriver - ok
21:09:14.0167 3912 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
21:09:14.0182 3912 iphlpsvc - ok
21:09:14.0229 3912 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:09:14.0229 3912 IPMIDRV - ok
21:09:14.0245 3912 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:09:14.0245 3912 IPNAT - ok
21:09:14.0307 3912 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:09:14.0323 3912 iPod Service - ok
21:09:14.0354 3912 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:09:14.0354 3912 IRENUM - ok
21:09:14.0385 3912 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
21:09:14.0385 3912 isapnp - ok
21:09:14.0401 3912 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
21:09:14.0416 3912 iScsiPrt - ok
21:09:14.0448 3912 ITMRTSVC (54f694c6cd3a1149ba3a8bdacc83badc) C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
21:09:14.0448 3912 ITMRTSVC - ok
21:09:14.0494 3912 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
21:09:14.0494 3912 ivusb - ok
21:09:14.0541 3912 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:14.0541 3912 kbdclass - ok
21:09:14.0557 3912 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
21:09:14.0557 3912 kbdhid - ok
21:09:14.0588 3912 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:09:14.0588 3912 KeyIso - ok
21:09:14.0635 3912 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
21:09:14.0635 3912 KSecDD - ok
21:09:14.0650 3912 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
21:09:14.0650 3912 KSecPkg - ok
21:09:14.0697 3912 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:09:14.0744 3912 KtmRm - ok
21:09:14.0791 3912 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
21:09:14.0791 3912 LanmanServer - ok
21:09:14.0838 3912 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
21:09:14.0838 3912 LanmanWorkstation - ok
21:09:15.0040 3912 LeapFrog Connect Device Service (24a7d535bd9e58e5bc1ac52ef7e2ec8e) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
21:09:15.0087 3912 LeapFrog Connect Device Service - ok
21:09:15.0165 3912 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:09:15.0165 3912 lltdio - ok
21:09:15.0212 3912 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:09:15.0259 3912 lltdsvc - ok
21:09:15.0274 3912 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:09:15.0290 3912 lmhosts - ok
21:09:15.0321 3912 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:09:15.0321 3912 LSI_FC - ok
21:09:15.0337 3912 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:09:15.0337 3912 LSI_SAS - ok
21:09:15.0368 3912 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:09:15.0368 3912 LSI_SAS2 - ok
21:09:15.0384 3912 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:09:15.0384 3912 LSI_SCSI - ok
21:09:15.0415 3912 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:09:15.0415 3912 luafv - ok
21:09:15.0493 3912 lxedCATSCustConnectService (1f37f74e1f719b0d75f0398f1f397f66) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxedserv.exe
21:09:15.0508 3912 lxedCATSCustConnectService - ok
21:09:15.0524 3912 lxed_device - ok
21:09:15.0633 3912 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
21:09:15.0633 3912 McAfee SiteAdvisor Service - ok
21:09:15.0711 3912 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
21:09:15.0727 3912 McComponentHostService - ok
21:09:15.0774 3912 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
21:09:15.0820 3912 Mcx2Svc - ok
21:09:15.0867 3912 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:09:15.0883 3912 megasas - ok
21:09:15.0914 3912 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:09:15.0930 3912 MegaSR - ok
21:09:15.0961 3912 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:09:15.0961 3912 MMCSS - ok
21:09:15.0992 3912 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:09:15.0992 3912 Modem - ok
21:09:16.0023 3912 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:09:16.0023 3912 monitor - ok
21:09:16.0054 3912 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:09:16.0054 3912 mouclass - ok
21:09:16.0086 3912 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:09:16.0086 3912 mouhid - ok
21:09:16.0101 3912 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
21:09:16.0101 3912 mountmgr - ok
21:09:16.0148 3912 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
21:09:16.0148 3912 mpio - ok
21:09:16.0164 3912 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:09:16.0164 3912 mpsdrv - ok
21:09:16.0195 3912 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
21:09:16.0195 3912 MRxDAV - ok
21:09:16.0257 3912 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:16.0257 3912 mrxsmb - ok
21:09:16.0304 3912 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:16.0304 3912 mrxsmb10 - ok
21:09:16.0320 3912 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:16.0335 3912 mrxsmb20 - ok
21:09:16.0351 3912 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
21:09:16.0351 3912 msahci - ok
21:09:16.0429 3912 MSCamSvc (b03e3f64b70f8031e65eb26da23de91a) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
21:09:16.0429 3912 MSCamSvc - ok
21:09:16.0460 3912 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
21:09:16.0460 3912 msdsm - ok
21:09:16.0507 3912 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:09:16.0569 3912 MSDTC - ok
21:09:16.0632 3912 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:09:16.0632 3912 Msfs - ok
21:09:16.0647 3912 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:09:16.0647 3912 mshidkmdf - ok
21:09:16.0663 3912 MSHUSBVideo (7a0f9cbdbdb135113b9a3c138e20c85d) C:\Windows\system32\Drivers\nx6000.sys
21:09:16.0678 3912 MSHUSBVideo - ok
21:09:16.0694 3912 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
21:09:16.0694 3912 msisadrv - ok
21:09:16.0741 3912 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:09:16.0756 3912 MSiSCSI - ok
21:09:16.0756 3912 msiserver - ok
21:09:16.0803 3912 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:09:16.0803 3912 MSKSSRV - ok
21:09:16.0819 3912 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:09:16.0819 3912 MSPCLOCK - ok
21:09:16.0834 3912 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:09:16.0834 3912 MSPQM - ok
21:09:16.0850 3912 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:09:16.0850 3912 MsRPC - ok
21:09:16.0881 3912 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:09:16.0881 3912 mssmbios - ok
21:09:16.0897 3912 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:09:16.0897 3912 MSTEE - ok
21:09:16.0912 3912 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:09:16.0912 3912 MTConfig - ok
21:09:16.0928 3912 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:09:16.0944 3912 Mup - ok
21:09:16.0944 3912 nalntservice - ok
21:09:17.0053 3912 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
21:09:17.0068 3912 napagent - ok
21:09:17.0412 3912 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:09:17.0443 3912 NativeWifiP - ok
21:09:17.0958 3912 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
21:09:17.0989 3912 NDIS - ok
21:09:18.0644 3912 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:09:18.0691 3912 NdisCap - ok
21:09:19.0174 3912 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:09:19.0190 3912 NdisTapi - ok
21:09:19.0252 3912 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
21:09:19.0268 3912 Ndisuio - ok
21:09:19.0346 3912 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:19.0362 3912 NdisWan - ok
21:09:19.0440 3912 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
21:09:19.0471 3912 NDProxy - ok
21:09:19.0611 3912 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:09:19.0627 3912 NetBIOS - ok
21:09:19.0720 3912 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:09:19.0736 3912 Netlogon - ok
21:09:19.0892 3912 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:09:19.0892 3912 Netman - ok
21:09:20.0110 3912 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:09:20.0126 3912 netprofm - ok
21:09:20.0313 3912 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:09:20.0344 3912 NetTcpPortSharing - ok
21:09:20.0500 3912 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:09:20.0516 3912 nfrd960 - ok
21:09:20.0625 3912 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
21:09:20.0641 3912 NlaSvc - ok
21:09:21.0000 3912 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
21:09:21.0015 3912 nmservice - ok
21:09:21.0124 3912 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:09:21.0140 3912 Npfs - ok
21:09:21.0218 3912 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:09:21.0234 3912 nsi - ok
21:09:21.0296 3912 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:09:21.0296 3912 nsiproxy - ok
21:09:21.0421 3912 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
21:09:21.0452 3912 Ntfs - ok
21:09:21.0514 3912 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:09:21.0530 3912 Null - ok
21:09:23.0605 3912 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:09:23.0823 3912 nvlddmkm - ok
21:09:24.0135 3912 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
21:09:24.0135 3912 nvraid - ok
21:09:24.0213 3912 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
21:09:24.0229 3912 nvstor - ok
21:09:24.0400 3912 NVSvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
21:09:24.0416 3912 NVSvc - ok
21:09:24.0900 3912 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:09:24.0931 3912 nvUpdatusService - ok
21:09:25.0243 3912 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
21:09:25.0274 3912 nv_agp - ok
21:09:25.0586 3912 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:09:25.0586 3912 odserv - ok
21:09:25.0945 3912 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
21:09:25.0945 3912 ohci1394 - ok
21:09:25.0992 3912 olcamsrv - ok
21:09:26.0070 3912 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:09:26.0101 3912 ose - ok
21:09:26.0132 3912 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:09:26.0210 3912 p2pimsvc - ok
21:09:26.0272 3912 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:09:26.0272 3912 p2psvc - ok
21:09:26.0319 3912 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:09:26.0319 3912 Parport - ok
21:09:26.0335 3912 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
21:09:26.0335 3912 partmgr - ok
21:09:26.0350 3912 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:09:26.0350 3912 Parvdm - ok
21:09:26.0382 3912 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:09:26.0382 3912 PcaSvc - ok
21:09:26.0397 3912 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
21:09:26.0413 3912 pci - ok
21:09:26.0428 3912 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
21:09:26.0428 3912 pciide - ok
21:09:26.0444 3912 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:09:26.0460 3912 pcmcia - ok
21:09:26.0475 3912 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:09:26.0475 3912 pcw - ok
21:09:26.0522 3912 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:09:26.0522 3912 PEAUTH - ok
21:09:26.0616 3912 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
21:09:26.0647 3912 pla - ok
21:09:26.0740 3912 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
21:09:26.0756 3912 PlugPlay - ok
21:09:26.0787 3912 pnarp (8092d881311b313c99099870f663f888) C:\Windows\system32\DRIVERS\pnarp.sys
21:09:26.0787 3912 pnarp - ok
21:09:26.0834 3912 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:09:26.0834 3912 PNRPAutoReg - ok
21:09:26.0865 3912 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:09:26.0881 3912 PNRPsvc - ok
21:09:26.0928 3912 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
21:09:26.0928 3912 Point32 - ok
21:09:26.0974 3912 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
21:09:26.0990 3912 PolicyAgent - ok
21:09:27.0037 3912 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
21:09:27.0052 3912 Power - ok
21:09:27.0084 3912 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:09:27.0084 3912 PptpMiniport - ok
21:09:27.0115 3912 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:09:27.0115 3912 Processor - ok
21:09:27.0146 3912 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
21:09:27.0146 3912 ProfSvc - ok
21:09:27.0193 3912 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:09:27.0208 3912 ProtectedStorage - ok
21:09:27.0224 3912 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:09:27.0240 3912 Psched - ok
21:09:27.0255 3912 PSI_SVC_2 - ok
21:09:27.0286 3912 purendis (9715050608550825b23507213cae0208) C:\Windows\system32\DRIVERS\purendis.sys
21:09:27.0302 3912 purendis - ok
21:09:27.0318 3912 pxfhbus - ok
21:09:27.0364 3912 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:09:27.0380 3912 ql2300 - ok
21:09:27.0411 3912 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:09:27.0411 3912 ql40xx - ok
21:09:27.0442 3912 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:09:27.0442 3912 QWAVE - ok
21:09:27.0458 3912 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:09:27.0474 3912 QWAVEdrv - ok
21:09:27.0474 3912 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:09:27.0474 3912 RasAcd - ok
21:09:27.0520 3912 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:09:27.0520 3912 RasAgileVpn - ok
21:09:27.0536 3912 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:09:27.0552 3912 RasAuto - ok
21:09:27.0567 3912 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:27.0567 3912 Rasl2tp - ok
21:09:27.0630 3912 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
21:09:27.0630 3912 RasMan - ok
21:09:27.0676 3912 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:27.0676 3912 RasPppoe - ok
21:09:27.0692 3912 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:09:27.0692 3912 RasSstp - ok
21:09:27.0786 3912 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
21:09:27.0817 3912 rdbss - ok
21:09:27.0848 3912 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:09:27.0864 3912 rdpbus - ok
21:09:27.0879 3912 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:27.0879 3912 RDPCDD - ok
21:09:27.0910 3912 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:09:27.0910 3912 RDPENCDD - ok
21:09:27.0926 3912 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:09:27.0926 3912 RDPREFMP - ok
21:09:27.0973 3912 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
21:09:27.0973 3912 RDPWD - ok
21:09:28.0004 3912 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
21:09:28.0004 3912 rdyboost - ok
21:09:28.0035 3912 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:09:28.0051 3912 RemoteAccess - ok
21:09:28.0082 3912 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:09:28.0082 3912 RemoteRegistry - ok
21:09:28.0144 3912 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:09:28.0144 3912 RpcEptMapper - ok
21:09:28.0160 3912 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:09:28.0176 3912 RpcLocator - ok
21:09:28.0207 3912 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
21:09:28.0207 3912 RpcSs - ok
21:09:28.0285 3912 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:09:28.0285 3912 rspndr - ok
21:09:28.0363 3912 SaiH0461 (dcefb50994bc5fb6d83be1977edbf897) C:\Windows\system32\DRIVERS\SaiH0461.sys
21:09:28.0363 3912 SaiH0461 - ok
21:09:28.0410 3912 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:09:28.0410 3912 SamSs - ok
21:09:28.0519 3912 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:09:28.0519 3912 SASDIFSV - ok
21:09:28.0550 3912 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:09:28.0550 3912 SASKUTIL - ok
21:09:28.0612 3912 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
21:09:28.0628 3912 sbp2port - ok
21:09:28.0659 3912 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:09:28.0675 3912 SCardSvr - ok
21:09:28.0690 3912 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
21:09:28.0690 3912 scfilter - ok
21:09:28.0737 3912 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
21:09:28.0753 3912 Schedule - ok
21:09:28.0784 3912 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
21:09:28.0784 3912 SCPolicySvc - ok
21:09:28.0815 3912 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
21:09:28.0815 3912 SDRSVC - ok
21:09:28.0846 3912 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:09:28.0846 3912 secdrv - ok
21:09:28.0862 3912 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:09:28.0862 3912 seclogon - ok
21:09:28.0893 3912 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:09:28.0893 3912 SENS - ok
21:09:28.0940 3912 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:09:28.0940 3912 SensrSvc - ok
21:09:28.0956 3912 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:09:28.0956 3912 Serenum - ok
21:09:28.0987 3912 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:09:28.0987 3912 Serial - ok
21:09:29.0018 3912 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:09:29.0018 3912 sermouse - ok
21:09:29.0049 3912 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
21:09:29.0049 3912 SessionEnv - ok
21:09:29.0080 3912 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:09:29.0080 3912 sffdisk - ok
21:09:29.0112 3912 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:09:29.0112 3912 sffp_mmc - ok
21:09:29.0127 3912 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys
21:09:29.0127 3912 sffp_sd - ok
21:09:29.0158 3912 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:09:29.0174 3912 sfloppy - ok
21:09:29.0221 3912 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:09:29.0236 3912 SharedAccess - ok
21:09:29.0268 3912 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
21:09:29.0283 3912 ShellHWDetection - ok
21:09:29.0299 3912 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
21:09:29.0299 3912 sisagp - ok
21:09:29.0330 3912 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:09:29.0330 3912 SiSRaid2 - ok
21:09:29.0361 3912 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:09:29.0361 3912 SiSRaid4 - ok
21:09:29.0470 3912 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
21:09:29.0470 3912 SkypeUpdate - ok
21:09:29.0502 3912 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:09:29.0502 3912 Smb - ok
21:09:29.0533 3912 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:09:29.0533 3912 SNMPTRAP - ok
21:09:29.0548 3912 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:09:29.0548 3912 spldr - ok
21:09:29.0626 3912 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
21:09:29.0626 3912 Spooler - ok
21:09:29.0736 3912 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
21:09:29.0767 3912 sppsvc - ok
21:09:29.0798 3912 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
21:09:29.0798 3912 sppuinotify - ok
21:09:29.0829 3912 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
21:09:29.0845 3912 srv - ok
21:09:29.0860 3912 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
21:09:29.0860 3912 srv2 - ok
21:09:29.0876 3912 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
21:09:29.0876 3912 srvnet - ok
21:09:29.0923 3912 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
21:09:29.0938 3912 ssadbus - ok
21:09:29.0970 3912 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:09:29.0970 3912 ssadmdfl - ok
21:09:30.0001 3912 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
21:09:30.0001 3912 ssadmdm - ok
21:09:30.0032 3912 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys
21:09:30.0048 3912 sscdbus - ok
21:09:30.0063 3912 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys
21:09:30.0063 3912 sscdmdfl - ok
21:09:30.0094 3912 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys
21:09:30.0094 3912 sscdmdm - ok
21:09:30.0110 3912 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\Windows\system32\DRIVERS\sscdserd.sys
21:09:30.0110 3912 sscdserd - ok
21:09:30.0141 3912 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:09:30.0141 3912 SSDPSRV - ok
21:09:30.0157 3912 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:09:30.0157 3912 SstpSvc - ok
21:09:30.0188 3912 stac97 - ok
21:09:30.0219 3912 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:09:30.0219 3912 stexstor - ok
21:09:30.0266 3912 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
21:09:30.0282 3912 StiSvc - ok
21:09:30.0297 3912 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:09:30.0297 3912 swenum - ok
21:09:30.0313 3912 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:09:30.0328 3912 swprv - ok
21:09:30.0360 3912 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
21:09:30.0391 3912 SysMain - ok
21:09:30.0406 3912 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
21:09:30.0406 3912 TabletInputService - ok
21:09:30.0438 3912 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
21:09:30.0438 3912 TapiSrv - ok
21:09:30.0453 3912 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:09:30.0453 3912 TBS - ok
21:09:30.0516 3912 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
21:09:30.0531 3912 Tcpip - ok
21:09:30.0578 3912 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
21:09:30.0594 3912 TCPIP6 - ok
21:09:30.0625 3912 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
21:09:30.0625 3912 tcpipreg - ok
21:09:30.0687 3912 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
21:09:30.0687 3912 TDPIPE - ok
21:09:30.0718 3912 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
21:09:30.0718 3912 TDTCP - ok
21:09:30.0765 3912 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
21:09:30.0765 3912 tdx - ok
21:09:30.0781 3912 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
21:09:30.0796 3912 TermDD - ok
21:09:30.0812 3912 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
21:09:30.0828 3912 TermService - ok
21:09:30.0859 3912 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:09:30.0859 3912 Themes - ok
21:09:30.0906 3912 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:09:30.0906 3912 THREADORDER - ok
21:09:30.0921 3912 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:09:30.0921 3912 TrkWks - ok
21:09:30.0984 3912 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
21:09:30.0984 3912 TrustedInstaller - ok
21:09:31.0015 3912 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:09:31.0015 3912 tssecsrv - ok
21:09:31.0046 3912 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
21:09:31.0062 3912 tunnel - ok
21:09:31.0077 3912 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:09:31.0077 3912 uagp35 - ok
21:09:31.0108 3912 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
21:09:31.0108 3912 udfs - ok
21:09:31.0140 3912 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:09:31.0155 3912 UI0Detect - ok
21:09:31.0186 3912 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:09:31.0186 3912 uliagpkx - ok
21:09:31.0218 3912 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
21:09:31.0218 3912 umbus - ok
21:09:31.0249 3912 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:09:31.0249 3912 UmPass - ok
21:09:31.0296 3912 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:09:31.0311 3912 upnphost - ok
21:09:31.0311 3912 ups - ok
21:09:31.0374 3912 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:09:31.0374 3912 USBAAPL - ok
21:09:31.0420 3912 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
21:09:31.0436 3912 usbaudio - ok
21:09:31.0467 3912 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
21:09:31.0467 3912 usbccgp - ok
21:09:31.0498 3912 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
21:09:31.0498 3912 usbcir - ok
21:09:31.0530 3912 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
21:09:31.0530 3912 usbehci - ok
21:09:31.0561 3912 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
21:09:31.0576 3912 usbhub - ok
21:09:31.0592 3912 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
21:09:31.0592 3912 usbohci - ok
21:09:31.0639 3912 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:09:31.0639 3912 usbprint - ok
21:09:31.0670 3912 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:09:31.0670 3912 usbscan - ok
21:09:31.0717 3912 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:09:31.0717 3912 USBSTOR - ok
21:09:31.0764 3912 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
21:09:31.0764 3912 usbuhci - ok
21:09:31.0795 3912 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
21:09:31.0795 3912 usbvideo - ok
21:09:31.0842 3912 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:09:31.0857 3912 UxSms - ok
21:09:31.0904 3912 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:09:31.0920 3912 VaultSvc - ok
21:09:31.0951 3912 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:09:31.0951 3912 vdrvroot - ok
21:09:31.0982 3912 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
21:09:31.0998 3912 vds - ok
21:09:32.0029 3912 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:09:32.0029 3912 vga - ok
21:09:32.0044 3912 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:09:32.0044 3912 VgaSave - ok
21:09:32.0076 3912 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
21:09:32.0076 3912 vhdmp - ok
21:09:32.0107 3912 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
21:09:32.0122 3912 viaagp - ok
21:09:32.0138 3912 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:09:32.0138 3912 ViaC7 - ok
21:09:32.0154 3912 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
21:09:32.0154 3912 viaide - ok
21:09:32.0169 3912 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
21:09:32.0185 3912 volmgr - ok
21:09:32.0200 3912 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:09:32.0200 3912 volmgrx - ok
21:09:32.0232 3912 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
21:09:32.0232 3912 volsnap - ok
21:09:32.0263 3912 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:09:32.0278 3912 vsmraid - ok
21:09:32.0325 3912 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
21:09:32.0341 3912 VSS - ok
21:09:32.0388 3912 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
21:09:32.0403 3912 VSTHWBS2 - ok
21:09:32.0450 3912 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:09:32.0466 3912 VST_DPV - ok
21:09:32.0481 3912 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:09:32.0481 3912 vwifibus - ok
21:09:32.0497 3912 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:09:32.0497 3912 W32Time - ok
21:09:32.0528 3912 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:09:32.0528 3912 WacomPen - ok
21:09:32.0559 3912 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:32.0559 3912 WANARP - ok
21:09:32.0559 3912 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:32.0559 3912 Wanarpv6 - ok
21:09:32.0653 3912 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:09:32.0949 3912 WatAdminSvc - ok
21:09:32.0996 3912 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
21:09:33.0027 3912 wbengine - ok
21:09:33.0043 3912 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:09:33.0043 3912 WbioSrvc - ok
21:09:33.0090 3912 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
21:09:33.0090 3912 wcncsvc - ok
21:09:33.0121 3912 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:09:33.0121 3912 WcsPlugInService - ok
21:09:33.0152 3912 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:09:33.0168 3912 Wd - ok
21:09:33.0214 3912 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
21:09:33.0214 3912 WDC_SAM - ok
21:09:33.0339 3912 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
21:09:33.0355 3912 WDDMService - ok
21:09:33.0495 3912 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:09:33.0495 3912 Wdf01000 - ok
21:09:33.0558 3912 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
21:09:33.0573 3912 WDFME - ok
21:09:33.0589 3912 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:09:33.0604 3912 WdiServiceHost - ok
21:09:33.0604 3912 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:09:33.0604 3912 WdiSystemHost - ok
21:09:33.0651 3912 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
21:09:33.0667 3912 WDSC - ok
21:09:33.0729 3912 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
21:09:33.0729 3912 WebClient - ok
21:09:33.0745 3912 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:09:33.0745 3912 Wecsvc - ok
21:09:33.0776 3912 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:09:33.0776 3912 wercplsupport - ok
21:09:33.0823 3912 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:09:33.0823 3912 WerSvc - ok
21:09:33.0854 3912 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:09:33.0854 3912 WfpLwf - ok
21:09:33.0870 3912 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:09:33.0870 3912 WIMMount - ok
21:09:33.0932 3912 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:09:33.0948 3912 winachsf - ok
21:09:34.0026 3912 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:09:34.0041 3912 WinDefend - ok
21:09:34.0057 3912 WinHttpAutoProxySvc - ok
21:09:34.0104 3912 WINIO - ok
21:09:34.0182 3912 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:09:34.0197 3912 Winmgmt - ok
21:09:34.0244 3912 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
21:09:34.0275 3912 WinRM - ok
21:09:34.0306 3912 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
21:09:34.0306 3912 WinUsb - ok
21:09:34.0369 3912 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:09:34.0384 3912 Wlansvc - ok
21:09:34.0416 3912 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:09:34.0416 3912 wlcrasvc - ok
21:09:34.0525 3912 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:09:34.0556 3912 wlidsvc - ok
21:09:34.0587 3912 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:09:34.0587 3912 WmiAcpi - ok
21:09:34.0666 3912 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:09:34.0666 3912 wmiApSrv - ok
21:09:34.0775 3912 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:09:34.0791 3912 WMPNetworkSvc - ok
21:09:34.0822 3912 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:09:34.0822 3912 WPCSvc - ok
21:09:34.0838 3912 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
21:09:34.0853 3912 WPDBusEnum - ok
21:09:34.0853 3912 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:09:34.0853 3912 ws2ifsl - ok
21:09:34.0931 3912 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
21:09:34.0931 3912 wscsvc - ok
21:09:34.0947 3912 WSearch - ok
21:09:35.0009 3912 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
21:09:35.0041 3912 wuauserv - ok
21:09:35.0056 3912 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
21:09:35.0056 3912 WudfPf - ok
21:09:35.0103 3912 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:35.0103 3912 WUDFRd - ok
21:09:35.0134 3912 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
21:09:35.0134 3912 wudfsvc - ok
21:09:35.0181 3912 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:09:35.0181 3912 WwanSvc - ok
21:09:35.0197 3912 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
21:09:35.0228 3912 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:09:35.0228 3912 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:09:35.0228 3912 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
21:09:35.0228 3912 \Device\Harddisk5\DR5 - ok
21:09:35.0243 3912 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6
21:09:35.0243 3912 \Device\Harddisk6\DR6 - ok
21:09:35.0275 3912 Boot (0x1200) (bc35d38756521210ae8b66c1c25039a3) \Device\Harddisk0\DR0\Partition0
21:09:35.0275 3912 \Device\Harddisk0\DR0\Partition0 - ok
21:09:35.0290 3912 Boot (0x1200) (d42a2ff3340303867245d30a8e931454) \Device\Harddisk0\DR0\Partition1
21:09:35.0290 3912 \Device\Harddisk0\DR0\Partition1 - ok
21:09:35.0290 3912 Boot (0x1200) (c095100c34b8be40fccd0ea917a9c9e0) \Device\Harddisk5\DR5\Partition0
21:09:35.0290 3912 \Device\Harddisk5\DR5\Partition0 - ok
21:09:35.0290 3912 Boot (0x1200) (c053e31732eb9900ef36e92ec7aefc0c) \Device\Harddisk6\DR6\Partition0
21:09:35.0306 3912 \Device\Harddisk6\DR6\Partition0 - ok
21:09:35.0306 3912 ============================================================
21:09:35.0306 3912 Scan finished
21:09:35.0306 3912 ============================================================
21:09:35.0306 2704 Detected object count: 1
21:09:35.0306 2704 Actual detected object count: 1
21:09:48.0301 2704 \Device\Harddisk0\DR0\# - copied to quarantine
21:09:48.0301 2704 \Device\Harddisk0\DR0 - copied to quarantine
21:09:48.0332 2704 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:09:48.0332 2704 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:09:48.0332 2704 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:09:48.0347 2704 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:09:48.0347 2704 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:09:48.0363 2704 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:09:48.0363 2704 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:09:48.0363 2704 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:09:48.0363 2704 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:09:48.0379 2704 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:09:48.0379 2704 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:09:48.0394 2704 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:09:48.0410 2704 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:09:48.0410 2704 \Device\Harddisk0\DR0 - ok
21:09:48.0488 2704 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:09:57.0723 5896 Deinitialize success

#6 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:22 PM

Posted 23 April 2012 - 08:39 AM

Hello nattermk1 ,

That looks better.

Can you try running a scan with ComboFix again and copy/paste it's log in your next reply.

========================================================================

I'd like you to run another scan with aswMBR and copy/paste it's log in your next reply.

========================================================================

We need to create an OTL Report
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

====================================================================================

In your next reply, please copy/paste the contents of the following:
  • OTL.txt
  • Extra.txt
  • C;\Combofix.txt
  • aswMBR.Log

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#7 nattermk1

nattermk1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 23 April 2012 - 11:04 AM

I went to fire up the computer today and I can't even get windows to load. I get a screen that says "BIOS not found" for a millisecond then it goes to a black screen with a little dash flashing in the corner.

#8 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:22 PM

Posted 23 April 2012 - 11:08 AM

Hi,

Can you boot into Safe Mode? ie press F8 key while booting up.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#9 nattermk1

nattermk1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 23 April 2012 - 11:54 AM

no safemode. it wont even get to that point. it just flashes "ACIM BIOS NOT INSTALLED" and goes to the blackscreen.

#10 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:22 PM

Posted 23 April 2012 - 05:12 PM

Hi nattermk1 ,

Hmm, seems possible malware may have infected your Master Boot Record.

I'd like to have a look at your Master Boot Record (MBR)

You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download dumpit to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

In your next reply, please copy/paste the contents of the following:
  • mbr.zip

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#11 nattermk1

nattermk1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 23 April 2012 - 08:44 PM

is dumpit a program or a .txt file? cause when i download it all i get is a text file. and when i went into the xPUD file directory under "mnt" the folders are "sda1,2,3" and when i click on 1 theres nothing there.

#12 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:22 PM

Posted 24 April 2012 - 07:43 AM

Hi,

Right click on dumpit and select Save Link As.. and save it to your USB.

when i went into the xPUD file directory under "mnt" the folders are "sda1,2,3" and when i click on 1 theres nothing there.

If sdb is not showing, look through other folders (sda1 etc) until you locate your USB and continue from there.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#13 nattermk1

nattermk1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 24 April 2012 - 10:28 AM

OK, I still could not find the folder. however, when i tried to reboot, windows started right up! so went ahead and ran comboFIX and aswMBR and OTL. here are the logs, starting with OTL

OTL logfile created on: 4/24/2012 11:17:44 AM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Matt\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.77% Memory free
4.00 Gb Paging File | 2.50 Gb Available in Paging File | 62.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 201.04 Gb Free Space | 69.80% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.12 Gb Free Space | 41.16% Space Free | Partition Type: NTFS
Drive M: | 7.47 Gb Total Space | 7.47 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 11:38:04 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2012/03/30 12:20:26 | 000,065,608 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2012/03/30 12:20:21 | 005,572,168 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2012/03/07 17:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/11/30 05:26:26 | 000,393,640 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files\SFT\GuardedID\GIDD.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/05/21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/23 19:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\lxedmon.exe
PRC - [2010/12/13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/04/14 16:00:56 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxedcoms.exe
PRC - [2010/04/14 16:00:47 | 000,193,192 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxedserv.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe
PRC - [2009/07/08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2008/01/17 08:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/24 11:05:50 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/24 11:05:50 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/16 09:44:02 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/16 09:44:02 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/03/30 12:20:25 | 000,104,008 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2012/02/15 04:36:26 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\83e604a790d14f761b938491d842e505\System.WorkflowServices.ni.dll
MOD - [2012/02/15 04:36:02 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\dbe077c5cdcef7f2165db3d73265272c\System.ServiceModel.Web.ni.dll
MOD - [2012/02/15 04:34:48 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll
MOD - [2012/02/15 04:33:41 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\44d15a5bcd3143d53fd67b871c728616\System.IdentityModel.ni.dll
MOD - [2012/02/15 04:33:40 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a221123a83601a4a964218b3bd3f4fa6\System.Runtime.Serialization.ni.dll
MOD - [2012/02/15 04:33:38 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb46ff3a7098925dd3f0552901668735\SMDiagnostics.ni.dll
MOD - [2012/02/15 04:33:37 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3623247db0c19cd14589e6f4d6cfb290\System.ServiceModel.ni.dll
MOD - [2012/02/15 04:32:58 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a0cec0099a537e10af5be76457a27db1\WindowsFormsIntegration.ni.dll
MOD - [2012/02/15 04:29:04 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 04:29:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5ca17001998a75ca774d2b80eead5579\System.ServiceProcess.ni.dll
MOD - [2012/02/15 04:28:55 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e0dbdfca9d4a65b1189481a168295866\System.Web.Services.ni.dll
MOD - [2012/02/15 04:28:53 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll
MOD - [2012/02/15 04:28:44 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll
MOD - [2012/02/15 04:28:34 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8435718626a24beaeefc98d45ae77127\PresentationFramework.ni.dll
MOD - [2012/02/15 04:28:17 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/02/15 04:28:09 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/02/15 04:28:07 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c0508b05f5c28e37711f447a66368e75\PresentationCore.ni.dll
MOD - [2012/02/15 04:27:55 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/15 04:27:52 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\2726e2ab6218f17a1bef5fe81130078c\System.Security.ni.dll
MOD - [2012/02/15 04:27:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/15 04:27:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/15 04:27:41 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/11/30 05:26:26 | 000,393,640 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
MOD - [2011/10/12 03:28:37 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fccf285ecdd9091a3f8d5e73d79c3300\UIAutomationProvider.ni.dll
MOD - [2011/10/12 03:27:21 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/23 19:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\lxedmon.exe
MOD - [2010/11/30 17:33:16 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/11/11 05:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll
MOD - [2010/07/13 09:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtGui4.dll
MOD - [2010/07/05 05:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MOD - [2010/06/23 21:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtCore4.dll
MOD - [2010/06/02 01:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll
MOD - [2010/06/02 00:38:06 | 009,837,568 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll
MOD - [2010/06/01 22:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\phonon4.dll
MOD - [2010/06/01 22:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll
MOD - [2010/06/01 22:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll
MOD - [2010/06/01 22:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtXml4.dll
MOD - [2010/04/01 14:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\lxeddrs.dll
MOD - [2010/04/01 14:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\lxedscw.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/06/12 16:32:16 | 000,104,456 | ---- | M] () -- C:\Windows\System32\EasyHook32.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/05/27 09:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeddatr.dll
MOD - [2009/03/10 02:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\lxedcaps.dll
MOD - [2009/02/20 04:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\System32\LXEDsmr.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXEDsm.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Wdf01000.dll -- (WINIO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\el90xbc.dll -- (ups)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\StarOpen.dll -- (stac97)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\admservice.dll -- (pxfhbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSTAPE.dll -- (PSI_SVC_2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvusbsta.dll -- (olcamsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amsint.dll -- (nalntservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\us30sys.dll -- (imountsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSSQL$MSSMLBIZ.dll -- (CTSBLFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Hotkey.dll -- (c-dillasrv)
SRV - [2012/03/30 12:20:26 | 000,065,608 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/12/13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/11/30 10:39:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/14 16:00:56 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxedcoms.exe -- (lxed_device)
SRV - [2010/04/14 16:00:47 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxedserv.exe -- (lxedCATSCustConnectService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:14:41 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\NETMDUSB.dll -- (cpqarray)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Matt\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Matt\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - File not found [File_System | Disabled | Stopped] -- system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Matt\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (02553041)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/05 10:24:24 | 000,025,232 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\gidv2.sys -- (GIDv2)
DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/12/13 15:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/04/26 22:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 22:25:20 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2010/04/26 22:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/26 22:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:12:21 | 000,187,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/07/07 15:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/02/13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/26 11:47:30 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH0461.sys -- (SaiH0461)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=cgps04092012
IE - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD FC 34 6C 1E F7 CB 01 [binary data]
IE - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\..\SearchScopes\{55959F61-BD92-49DC-8351-B17151A89BE3}: "URL" = http://search.avg.com/route/?d=4cf45eea&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\..\SearchScopes\{893FB03E-607F-4DAD-8F83-72F8A649F509}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002YYUS&apn_uid=a6b70f15-a5a9-40a4-b573-038f6adbd723&apn_sauid=A2D42184-07DC-412C-A9BD-737E12EEE3CF
IE - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/23 19:09:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/04/24 10:57:00 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.119.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\npSkypeChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AutocompletePro plugin for chrome = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.0_0\
CHR - Extension: SiteAdvisor = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.119.1_0\
CHR - Extension: AVG Safe Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\

O1 HOSTS File: ([2012/04/24 11:05:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll File not found
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Updater For Comcast Toolbar 3.5) - {164d3751-cac6-4a6d-becd-ea67df61d232} - C:\Program Files\comcasttb\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (ShopAtHome.com Toolbar) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll (WhiteSky)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S600 Series\ezprint.exe ()
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxedmon.exe] C:\Program Files\Lexmark S600 Series\lxedmon.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-660373997-1225777646-2978209373-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-660373997-1225777646-2978209373-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-660373997-1225777646-2978209373-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-660373997-1225777646-2978209373-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-660373997-1225777646-2978209373-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab (CanvasX Class)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab (DinerDash Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7D7FD5B-300A-4A3C-9568-A54481C58EE6}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1901570e-5f2b-11e1-81b9-001aa09b1879}\Shell - "" = AutoRun
O33 - MountPoints2\{1901570e-5f2b-11e1-81b9-001aa09b1879}\Shell\AutoRun\command - "" = M:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{6f47ce16-34ee-11e0-b93c-001aa09b1879}\Shell - "" = AutoRun
O33 - MountPoints2\{6f47ce16-34ee-11e0-b93c-001aa09b1879}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{7157fa06-fc26-11df-9f0c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7157fa06-fc26-11df-9f0c-806e6f6e6963}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{94a16f61-63b5-11e0-85e6-001aa09b1879}\Shell - "" = AutoRun
O33 - MountPoints2\{94a16f61-63b5-11e0-85e6-001aa09b1879}\Shell\AutoRun\command - "" = M:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/24 11:17:10 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012/04/24 11:09:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/24 11:03:19 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\temp
[2012/04/24 10:59:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/24 10:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/04/23 11:42:00 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/23 11:41:59 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/22 21:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/04/22 21:09:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/22 21:08:32 | 002,072,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2012/04/18 21:50:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/18 21:50:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/18 21:50:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/18 21:50:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/18 21:37:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/18 21:37:21 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR.exe
[2012/04/18 21:37:15 | 004,467,856 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2012/04/16 12:23:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\dds.scr
[2012/04/16 09:43:52 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/16 09:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/16 09:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/16 09:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/16 09:42:48 | 015,916,816 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Matt\Desktop\SUPERAntiSpyware.exe
[2012/04/15 11:02:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/15 11:02:23 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/15 11:02:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/15 11:02:22 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/15 11:02:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/15 11:02:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/09 18:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/04/09 18:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2012/04/09 18:46:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\ID Vault
[2012/04/09 18:37:31 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\ID Vault
[2012/04/09 18:37:14 | 000,025,232 | ---- | C] (StrikeForce Technologies, Inc.) -- C:\Windows\System32\drivers\gidv2.sys
[2012/04/09 18:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\GID
[2012/04/09 18:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\SFT
[2012/04/09 18:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Constant Guard Protection Suite
[2012/04/09 18:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2012/03/31 18:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/31 18:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/31 18:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/24 11:16:45 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/24 11:16:45 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/24 11:05:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/24 11:05:14 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/24 11:04:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/24 11:04:50 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/23 11:42:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/23 11:38:04 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012/04/22 21:03:40 | 002,072,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2012/04/20 23:19:45 | 389,365,014 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/20 10:14:24 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Documents\MBR.dat
[2012/04/18 21:20:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR.exe
[2012/04/18 21:18:26 | 004,467,856 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2012/04/17 17:56:54 | 095,422,623 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/04/16 12:24:30 | 000,000,000 | ---- | M] () -- C:\Users\Matt\defogger_reenable
[2012/04/16 12:15:00 | 000,294,216 | ---- | M] () -- C:\Users\Matt\Desktop\gmer.zip
[2012/04/16 12:11:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\dds.scr
[2012/04/16 12:11:04 | 000,050,477 | ---- | M] () -- C:\Users\Matt\Desktop\Defogger.exe
[2012/04/16 09:43:27 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/16 09:42:31 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/16 09:42:31 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/16 09:25:06 | 015,916,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Matt\Desktop\SUPERAntiSpyware.exe
[2012/04/11 17:02:16 | 000,313,201 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/04/10 17:33:29 | 000,001,362 | ---- | M] () -- C:\Users\Matt\Desktop\Norton Installation Files.lnk
[2012/04/09 19:29:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/09 19:29:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/04/09 18:36:55 | 000,002,251 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/04/09 18:36:55 | 000,002,233 | ---- | M] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2012/04/05 22:44:37 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/31 18:34:04 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/20 10:14:24 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Documents\MBR.dat
[2012/04/18 21:50:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/18 21:50:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/18 21:50:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/18 21:50:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/18 21:50:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/16 12:24:30 | 000,000,000 | ---- | C] () -- C:\Users\Matt\defogger_reenable
[2012/04/16 12:23:58 | 000,294,216 | ---- | C] () -- C:\Users\Matt\Desktop\gmer.zip
[2012/04/16 12:23:50 | 000,050,477 | ---- | C] () -- C:\Users\Matt\Desktop\Defogger.exe
[2012/04/16 09:43:27 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/09 19:29:50 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/04/09 19:29:50 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/04/09 18:55:13 | 000,001,362 | ---- | C] () -- C:\Users\Matt\Desktop\Norton Installation Files.lnk
[2012/04/09 18:36:55 | 000,002,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/04/09 18:36:55 | 000,002,245 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
[2012/04/09 18:36:55 | 000,002,233 | ---- | C] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2012/03/31 18:34:04 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/10 23:32:33 | 000,001,560 | -HS- | C] () -- C:\Users\Matt\AppData\Local\jrt7jb0fvccjf46i51qaw86
[2012/01/10 23:32:33 | 000,001,560 | -HS- | C] () -- C:\ProgramData\jrt7jb0fvccjf46i51qaw86
[2012/01/05 17:50:28 | 000,001,534 | -HS- | C] () -- C:\Users\Matt\AppData\Local\ge7026ra3qqi13x33p636mk4a0h3lsvbd103cmxt3n47kl
[2012/01/05 17:50:28 | 000,001,534 | -HS- | C] () -- C:\ProgramData\ge7026ra3qqi13x33p636mk4a0h3lsvbd103cmxt3n47kl
[2011/12/22 23:17:26 | 000,001,106 | -HS- | C] () -- C:\Users\Matt\AppData\Local\825464l2s864n588q817j4buq4w1
[2011/12/22 23:17:26 | 000,001,106 | -HS- | C] () -- C:\ProgramData\825464l2s864n588q817j4buq4w1
[2011/11/09 12:27:13 | 000,041,472 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/08 18:01:58 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2010/12/25 13:32:01 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxedvs.dll
[2010/12/25 13:31:59 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxedcoin.dll
[2010/12/25 13:31:56 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxedcui.dll
[2010/12/25 13:31:56 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxedcuir.dll
[2010/12/25 13:31:56 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxedgcfg.dll
[2010/12/25 13:30:42 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxedrwrd.ini
[2010/12/25 13:30:29 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEDinst.dll
[2010/12/25 13:30:28 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxedserv.dll
[2010/12/25 13:30:28 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxedusb1.dll
[2010/12/25 13:30:28 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxedcomc.dll
[2010/12/25 13:30:28 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxedhbn3.dll
[2010/12/25 13:30:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxedpmui.dll
[2010/12/25 13:30:28 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxedcoms.exe
[2010/12/25 13:30:28 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxedlmpm.dll
[2010/12/25 13:30:28 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxedcomm.dll
[2010/12/25 13:30:28 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxedinpa.dll
[2010/12/25 13:30:28 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEDhcp.dll
[2010/12/25 13:30:28 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxediesc.dll
[2010/12/25 13:30:28 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxedih.exe
[2010/12/25 13:30:28 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxedins.dll
[2010/12/25 13:30:28 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxedinsb.dll
[2010/12/25 13:30:28 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxedcu.dll
[2010/12/25 13:30:28 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxedgrd.dll
[2010/12/25 13:30:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxedinsr.dll
[2010/12/25 13:30:28 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxedcub.dll
[2010/12/25 13:30:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxedjswr.dll
[2010/12/25 13:30:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxedcur.dll
[2010/12/25 13:30:27 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxedcfg.exe
[2010/12/25 13:26:29 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEDsmr.dll
[2010/12/25 13:26:28 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEDsm.dll
[2010/12/09 22:27:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/09 17:45:51 | 000,007,597 | ---- | C] () -- C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
[2010/11/29 22:13:28 | 000,000,278 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/11/29 21:42:00 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB28027$] -> -> Unknown point type

< End of report >



OTL Extras logfile created on: 4/24/2012 11:17:44 AM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Matt\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.77% Memory free
4.00 Gb Paging File | 2.50 Gb Available in Paging File | 62.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 201.04 Gb Free Space | 69.80% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.12 Gb Free Space | 41.16% Space Free | Partition Type: NTFS
Drive M: | 7.47 Gb Total Space | 7.47 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74B65337-CCF1-4664-A7FC-954A288A4C72}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC_AR)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{854F7259-6FF4-445C-B322-1DBA16B567D2}" = TurboTax 2010 wmeiper
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DD62FB6-083D-40B9-9D7D-48449FDDDED5}" = Microsoft Windows Debugging Symbols
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9191979D-821C-4EA8-B021-2DA1D859A7C5}" = GuardedID
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C14201FD-245D-4CA9-A582-47D842C6AC59}" = TurboTax 2010 wmiiper
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E703EE04-8A31-470B-BA16-24D890589917}" = LeapFrog Leapster2 Plugin
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"AVG" = AVG 2012
"comcasttb" = Comcast Toolbar 3.5
"conduitEngine" = Conduit Engine
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ID Vault" = Constant Guard Protection Suite
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"Lexmark S600 Series" = Lexmark S600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Network MagicUninstall" = Network Magic
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Picasa 3" = Picasa 3
"Precision" = EVGA Precision 1.3.1
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"ShopAtHome.com Toolbar" = ShopAtHome.com Toolbar
"Swag_Bucks Toolbar" = Swag Bucks Toolbar
"SystemRequirementsLab" = System Requirements Lab
"TurboTax 2010" = TurboTax 2010
"UPCShell" = LeapFrog Connect
"VTechDownloadManager" = Learning Lodge Navigator
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-660373997-1225777646-2978209373-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/28/2011 1:30:21 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 1. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 12/30/2011 5:26:33 PM | Computer Name = Matt-PC | Source = EventSystem | ID = 4621
Description =

Error - 1/3/2012 12:19:54 AM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time
stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x0002fa7b Faulting process
id: 0x16fc Faulting application start time: 0x01ccc9a6f059613d Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 2f6590c1-35c2-11e1-ab6b-001aa09b1879

Error - 1/3/2012 1:30:10 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 1. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 1/7/2012 1:30:37 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 1. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 1/8/2012 6:33:51 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 1.8003388470965847E7.tmp, version: 3.0.89.0,
time stamp: 0x00000000 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0043971e Faulting process id:
0x1a3c Faulting application start time: 0x01ccce55937c4d1b Faulting application path:
C:\Users\Matt\AppData\Local\Temp\1.8003388470965847E7.tmp Faulting module path:
unknown Report Id: d687154a-3a48-11e1-ab6b-001aa09b1879

Error - 1/10/2012 1:30:08 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 1. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 1/10/2012 6:34:30 PM | Computer Name = Matt-PC | Source = EventSystem | ID = 4621
Description =

Error - 1/10/2012 10:36:42 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time
stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x0002fa7b Faulting process
id: 0x15a0 Faulting application start time: 0x01cccfe8560537b7 Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 18347894-3bfd-11e1-8959-001aa09b1879

Error - 1/10/2012 11:47:23 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x356a1e93 Faulting process id: 0x1b1c Faulting application
start time: 0x01ccd01329f795c1 Faulting application path: C:\Windows\System32\ping.exe
Faulting
module path: unknown Report Id: f838e2bd-3c06-11e1-8959-001aa09b1879

[ System Events ]
Error - 4/24/2012 11:05:08 AM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7023
Description = The Uisp service terminated with the following error: %%126

Error - 4/24/2012 11:05:16 AM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Pure
Networks Platform Service service to connect.

Error - 4/24/2012 11:05:16 AM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description = The Pure Networks Platform Service service failed to start due to
the following error: %%1053

Error - 4/24/2012 11:11:13 AM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 4/24/2012 11:12:33 AM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 4/24/2012 11:12:33 AM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 4/24/2012 11:12:34 AM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 4/24/2012 11:12:34 AM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 4/24/2012 11:16:57 AM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR6.

Error - 4/24/2012 11:16:58 AM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR6.


< End of report >



ComboFix 12-04-18.02 - Matt 04/24/2012 11:00:40.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2046.1088 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\64\AutocompletePro64.dll
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 15:03 . 2012-04-24 15:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-24 15:03 . 2012-04-24 15:03 -------- d-----w- c:\users\Kendra\AppData\Local\temp
2012-04-24 15:03 . 2012-04-24 15:06 -------- d-----w- c:\users\Matt\AppData\Local\temp
2012-04-24 15:03 . 2012-04-24 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-23 15:42 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-23 15:41 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-23 01:18 . 2012-04-23 01:19 -------- d-----w- c:\programdata\SUPERSetup
2012-04-23 01:09 . 2012-04-23 01:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-16 13:43 . 2012-04-16 13:43 -------- d-----w- c:\users\Matt\AppData\Roaming\SUPERAntiSpyware.com
2012-04-16 13:43 . 2012-04-16 13:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-16 13:43 . 2012-04-16 13:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-15 14:57 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-15 14:57 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-15 14:57 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-15 14:57 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 00:36 . 2012-04-12 00:37 -------- d-----w- c:\users\Kendra\AppData\Local\ID Vault
2012-04-12 00:35 . 2012-04-12 00:36 -------- d-----w- c:\users\Kendra\AppData\Roaming\ID Vault
2012-04-09 22:55 . 2012-04-10 21:36 -------- d-----w- c:\programdata\Norton
2012-04-09 22:46 . 2012-04-09 22:46 -------- d-----w- c:\programdata\IsolatedStorage
2012-04-09 22:46 . 2012-04-09 22:48 -------- d-----w- c:\users\Matt\AppData\Local\ID Vault
2012-04-09 22:37 . 2012-04-09 22:54 -------- d-----w- c:\users\Matt\AppData\Roaming\ID Vault
2012-04-09 22:37 . 2011-07-05 14:24 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2012-04-09 22:37 . 2012-04-09 22:37 -------- d-----w- c:\programdata\GID
2012-04-09 22:37 . 2012-04-09 22:37 -------- d-----w- c:\program files\SFT
2012-04-09 22:36 . 2012-04-09 22:38 -------- d-----w- c:\program files\Constant Guard Protection Suite
2012-04-09 22:36 . 2012-04-09 22:36 -------- d-----w- c:\programdata\White Sky, Inc
2012-03-31 22:32 . 2012-03-31 22:32 -------- d-----w- c:\program files\iPod
2012-03-31 22:32 . 2012-03-31 22:34 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 16:37 . 2012-03-10 16:37 471170 ----a-w- c:\programdata\SPLD9DA.tmp
2012-03-10 16:34 . 2012-03-10 16:34 471170 ----a-w- c:\programdata\SPL2AF7.tmp
2012-03-08 21:04 . 2011-05-16 16:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 05:44 . 2012-03-14 00:15 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 00:15 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 00:15 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41 . 2012-03-14 00:16 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-14 00:16 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 00:16 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 00:16 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 00:16 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 04:01 . 2012-03-14 00:16 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-02-01 02:02 . 2012-02-01 02:02 232960 ----a-w- c:\programdata\Microsoft\Windows\DRM\EE33.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}]
2011-10-26 16:27 3974040 ----a-w- c:\program files\ShopAtHome\tbcore3U.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\program files\ShopAtHome\tbcore3U.dll" [2011-10-26 3974040]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-30 39408]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"lxedmon.exe"="c:\program files\Lexmark S600 Series\lxedmon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files\Lexmark S600 Series\ezprint.exe" [2011-01-23 148280]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-11-30 393640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-3-30 5572168]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 02553041;02553041; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys [2008-03-26 136832]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 GIDv2;GIDv2; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [2012-03-30 65608]
S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe [2010-04-14 598696]
S2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxedserv.exe [2010-04-14 193192]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 95200]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGLDX86
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nalntservice
WINIO
imountsrv
CTSBLFX.DLL
c-dillasrv
cpqarray
stac97
olcamsrv
pxfhbus
PSI_SVC_2
ups
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1901570e-5f2b-11e1-81b9-001aa09b1879}]
\shell\AutoRun\command - M:\ToolLauncher-Bootstrap.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f47ce16-34ee-11e0-b93c-001aa09b1879}]
\shell\AutoRun\command - "G:\WD SmartWare.exe" autoplay=true
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7157fa06-fc26-11df-9f0c-806e6f6e6963}]
\shell\AutoRun\command - "G:\WD SmartWare.exe" autoplay=true
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94a16f61-63b5-11e0-85e6-001aa09b1879}]
\shell\AutoRun\command - M:\ToolLauncher-Bootstrap.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 10:49]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 10:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps04092012
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} - c:\programdata\{168F2BF3-5528-4D9C-A12E-B02CA5A44257}\iMesh_V11_en_Setup.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(520)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
- - - - - - - > 'lsass.exe'(580)
c:\windows\system32\mswsock.dll
mswsock.dll 74b30000 245760 \\.\globalroot\systemroot\system32\mswsock.dll
.
- - - - - - - > 'explorer.exe'(3848)
c:\windows\system32\GIDHook.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\EasyHook32.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\lxedserv.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\RtHDVCpl.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\\.\globalroot\SystemRoot\system32\svchost.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2012-04-24 11:11:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-24 15:11
.
Pre-Run: 204,747,653,120 bytes free
Post-Run: 215,807,840,256 bytes free
.
- - End Of File - - 7CE630F65AB29394C5B2C487863BB3D0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-24 11:14:15
-----------------------------
11:14:15.982 OS Version: Windows 6.1.7600
11:14:15.982 Number of processors: 2 586 0xF0D
11:14:15.982 ComputerName: MATT-PC UserName: Matt
11:14:30.287 Initialize success
11:14:39.315 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:14:39.315 Disk 0 Vendor: SAMSUNG_HD321KJ CP100-12 Size: 305245MB BusType: 3
11:14:39.331 Disk 0 MBR read successfully
11:14:39.331 Disk 0 MBR scan
11:14:39.346 Disk 0 Windows 7 default MBR code
11:14:39.346 Disk 0 Partition 1 00 DE Dell Utility 54 MB offset 63
11:14:39.362 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
11:14:39.378 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294949 MB offset 21084160
11:14:39.378 Disk 0 scanning sectors +625139712
11:14:39.424 Disk 0 scanning C:\Windows\system32\drivers
11:14:45.337 Service scanning
11:15:00.282 Modules scanning
11:15:01.514 Module: C:\Windows\system32\drivers\netbt.sys **SUSPICIOUS**
11:15:07.863 Disk 0 trace - called modules:
11:15:07.894 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862d0fd0]<<
11:15:07.894 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e37460]
11:15:07.910 3 CLASSPNP.SYS[8917f59e] -> nt!IofCallDriver -> [0x86352768]
11:15:07.926 \Driver\00000695[0x862e01c8] -> IRP_MJ_CREATE -> 0x862d0fd0
11:15:07.926 Scan finished successfully
11:15:41.889 Disk 0 MBR has been saved successfully to "M:\MBR.dat"
11:15:41.889 The log file has been saved successfully to "M:\aswMBR.txt"

#14 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:22 PM

Posted 24 April 2012 - 11:34 AM

Hello nattermk1 ,

Thanks for the logs.

aswMBR has shown a suspicious file.

I'd like you to send this to VirusTotal for checking:
  • Go to VirusTotal
  • Click on Browse... button on the open page
  • Navigate to C:\Windows\system32\drivers\netbt.sys in File Upload window
  • Click Open
  • File location should now appear in VirusTotal Browse window
  • Click Send

Can you copy the page address of VirusTotal's response in your next reply.

=================================================================

I'd still like to have a look at your Master Boot Record.

Please boot into xPud from your USB. open mnt directory. If you still cannot see your USB(sdb1), remove the USB device from your computer and then replace it. Hopefully you should see it now.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#15 nattermk1

nattermk1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 24 April 2012 - 05:00 PM

here is the url for virus total. and i attatched the zip file of my master boot record.



https://www.virustotal.com/file/b94be6c238b5f7862e7907dee3854e41ded46f2ac93efe7dc4218053fc7fba4d/analysis/1335304549/

Attached Files

  • Attached File  mbr.zip   2.24KB   4 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users