Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having redirect issues


  • Please log in to reply
17 replies to this topic

#1 Decuma

Decuma

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 12 July 2012 - 03:27 AM

Hi,

I'm having problems with being directed to other sites in Mozilla Firefox. I've tried Scanning with Avast!, Norton, Malwarebytes, SUPERAntiSpyware, Microsoft Security Essentials, CCleaner, Hostman, ESET Scanner, Trend Micro House Call and none of them seem to be finding it.

I'm running the 32 bit Service Pack 2 of Windows Vista Home Version.

I would sincerely appreciate help in getting this off of my system. It's become a nightmare, as the only time I can really work on removing it is when I get home from working as a grad assistant.

Thanks,

Decuma

I'm listing the security check and Hijack This logs below:

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpyHunter
SUPERAntiSpyware
Secunia PSI (3.0.0.2004)
HostsMan 4.0.85 Beta6
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````


Hijack This Log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:24:52 AM, on 7/12/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\LockStatusTray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Lauren\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Users\Lauren\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\Lauren\Downloads\HijackThis.exe
C:\Users\Lauren\Desktop\HijackThis(1).exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LockStatusTray] C:\Windows\LockStatusTray.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Lauren\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 13601 bytes

BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 PM

Posted 12 July 2012 - 03:55 PM

Hello Decuma and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 Decuma

Decuma
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 13 July 2012 - 01:22 AM

Hey,


Thank you for getting back to me so quickly :-). I completed all the steps, and I will post the logs below. Unfortunately, I'm still having problems with redirect...this time the site was merchant circle or something similar. Where do I go from here?



TDSS Log File:


00:42:09.0000 5844 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
00:42:09.0452 5844 ============================================================
00:42:09.0452 5844 Current date / time: 2012/07/13 00:42:09.0452
00:42:09.0452 5844 SystemInfo:
00:42:09.0452 5844
00:42:09.0452 5844 OS Version: 6.0.6002 ServicePack: 2.0
00:42:09.0452 5844 Product type: Workstation
00:42:09.0452 5844 ComputerName: LAUREN-PC
00:42:09.0452 5844 UserName: Lauren
00:42:09.0452 5844 Windows directory: C:\Windows
00:42:09.0452 5844 System windows directory: C:\Windows
00:42:09.0452 5844 Processor architecture: Intel x86
00:42:09.0452 5844 Number of processors: 2
00:42:09.0452 5844 Page size: 0x1000
00:42:09.0452 5844 Boot type: Normal boot
00:42:09.0452 5844 ============================================================
00:42:09.0889 5844 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:42:09.0889 5844 ============================================================
00:42:09.0889 5844 \Device\Harddisk0\DR0:
00:42:09.0889 5844 MBR partitions:
00:42:09.0889 5844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
00:42:09.0889 5844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
00:42:09.0889 5844 ============================================================
00:42:09.0951 5844 C: <-> \Device\Harddisk0\DR0\Partition1
00:42:10.0170 5844 E: <-> \Device\Harddisk0\DR0\Partition0
00:42:10.0170 5844 ============================================================
00:42:10.0170 5844 Initialize success
00:42:10.0170 5844 ============================================================
00:42:24.0023 7100 ============================================================
00:42:24.0023 7100 Scan started
00:42:24.0023 7100 Mode: Manual;
00:42:24.0023 7100 ============================================================
00:42:24.0428 7100 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
00:42:24.0428 7100 !SASCORE - ok
00:42:24.0615 7100 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:42:24.0631 7100 ACPI - ok
00:42:24.0881 7100 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:42:24.0881 7100 AdobeARMservice - ok
00:42:24.0943 7100 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:42:24.0943 7100 AdobeFlashPlayerUpdateSvc - ok
00:42:25.0021 7100 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:42:25.0037 7100 adp94xx - ok
00:42:25.0068 7100 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:42:25.0068 7100 adpahci - ok
00:42:25.0099 7100 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:42:25.0099 7100 adpu160m - ok
00:42:25.0130 7100 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:42:25.0130 7100 adpu320 - ok
00:42:25.0177 7100 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
00:42:25.0177 7100 AeLookupSvc - ok
00:42:25.0286 7100 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\aestsrv.exe
00:42:25.0286 7100 AESTFilters - ok
00:42:25.0349 7100 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:42:25.0364 7100 AFD - ok
00:42:25.0411 7100 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:42:25.0411 7100 agp440 - ok
00:42:25.0442 7100 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:42:25.0442 7100 aic78xx - ok
00:42:25.0473 7100 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
00:42:25.0473 7100 ALG - ok
00:42:25.0489 7100 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
00:42:25.0489 7100 aliide - ok
00:42:25.0505 7100 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:42:25.0520 7100 amdagp - ok
00:42:25.0520 7100 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
00:42:25.0520 7100 amdide - ok
00:42:25.0536 7100 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:42:25.0536 7100 AmdK7 - ok
00:42:25.0551 7100 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:42:25.0551 7100 AmdK8 - ok
00:42:25.0629 7100 ApfiltrService (448da519f3b6ffa158c513156053181e) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:42:25.0645 7100 ApfiltrService - ok
00:42:25.0692 7100 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
00:42:25.0692 7100 Appinfo - ok
00:42:25.0973 7100 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:42:25.0973 7100 Apple Mobile Device - ok
00:42:26.0004 7100 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:42:26.0019 7100 arc - ok
00:42:26.0035 7100 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:42:26.0035 7100 arcsas - ok
00:42:26.0066 7100 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
00:42:26.0066 7100 aswFsBlk - ok
00:42:26.0129 7100 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
00:42:26.0129 7100 aswMonFlt - ok
00:42:26.0144 7100 aswRdr (982e275d1c5801042fe94209fb0160fb) C:\Windows\system32\drivers\aswRdr.sys
00:42:26.0160 7100 aswRdr - ok
00:42:26.0316 7100 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
00:42:26.0331 7100 aswSnx - ok
00:42:26.0409 7100 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
00:42:26.0441 7100 aswSP - ok
00:42:26.0487 7100 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
00:42:26.0487 7100 aswTdi - ok
00:42:26.0503 7100 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:42:26.0519 7100 AsyncMac - ok
00:42:26.0534 7100 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
00:42:26.0534 7100 atapi - ok
00:42:26.0612 7100 Ati External Event Utility (740b9b4140caccd0513d999eab488e48) C:\Windows\system32\Ati2evxx.exe
00:42:26.0643 7100 Ati External Event Utility - ok
00:42:27.0018 7100 atikmdag (7526ad10925d1aa9e4e6b0fb393b701f) C:\Windows\system32\DRIVERS\atikmdag.sys
00:42:27.0049 7100 atikmdag - ok
00:42:27.0252 7100 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:42:27.0267 7100 AudioEndpointBuilder - ok
00:42:27.0267 7100 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:42:27.0267 7100 Audiosrv - ok
00:42:27.0330 7100 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
00:42:27.0330 7100 avast! Antivirus - ok
00:42:27.0408 7100 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:42:27.0408 7100 Beep - ok
00:42:27.0501 7100 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
00:42:27.0501 7100 BFE - ok
00:42:27.0626 7100 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
00:42:27.0626 7100 BITS - ok
00:42:27.0673 7100 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:42:27.0673 7100 blbdrive - ok
00:42:27.0767 7100 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
00:42:27.0782 7100 Bonjour Service - ok
00:42:27.0813 7100 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:42:27.0829 7100 bowser - ok
00:42:27.0829 7100 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:42:27.0829 7100 BrFiltLo - ok
00:42:27.0860 7100 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:42:27.0860 7100 BrFiltUp - ok
00:42:27.0891 7100 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
00:42:27.0891 7100 Browser - ok
00:42:28.0172 7100 Browser Defender Update Service (ce37210c345f6c8b019625a1fbc8a011) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
00:42:28.0203 7100 Browser Defender Update Service - ok
00:42:28.0266 7100 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:42:28.0266 7100 Brserid - ok
00:42:28.0313 7100 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:42:28.0313 7100 BrSerWdm - ok
00:42:28.0359 7100 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:42:28.0359 7100 BrUsbMdm - ok
00:42:28.0359 7100 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:42:28.0375 7100 BrUsbSer - ok
00:42:28.0406 7100 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
00:42:28.0406 7100 BthEnum - ok
00:42:28.0453 7100 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
00:42:28.0453 7100 BTHMODEM - ok
00:42:28.0484 7100 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
00:42:28.0484 7100 BthPan - ok
00:42:28.0562 7100 BthPort (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
00:42:28.0578 7100 BthPort - ok
00:42:28.0609 7100 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
00:42:28.0609 7100 BthServ - ok
00:42:28.0640 7100 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
00:42:28.0640 7100 BTHUSB - ok
00:42:28.0703 7100 btwaudio (f2f7342742180d5060285499dee50f99) C:\Windows\system32\drivers\btwaudio.sys
00:42:28.0703 7100 btwaudio - ok
00:42:28.0749 7100 btwavdt (32f59f26a30cfc508da11db3ea0f8b77) C:\Windows\system32\drivers\btwavdt.sys
00:42:28.0749 7100 btwavdt - ok
00:42:28.0890 7100 btwdins (01e0fc08c2acefc2e3b0e75b8016be5c) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
00:42:28.0921 7100 btwdins - ok
00:42:28.0952 7100 btwl2cap - ok
00:42:28.0983 7100 btwrchid (03658734ef7d0f3b3f4636d3e8a38964) C:\Windows\system32\DRIVERS\btwrchid.sys
00:42:28.0983 7100 btwrchid - ok
00:42:29.0015 7100 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:42:29.0015 7100 cdfs - ok
00:42:29.0046 7100 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:42:29.0046 7100 cdrom - ok
00:42:29.0093 7100 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:42:29.0093 7100 CertPropSvc - ok
00:42:29.0124 7100 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:42:29.0124 7100 circlass - ok
00:42:29.0155 7100 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:42:29.0171 7100 CLFS - ok
00:42:29.0311 7100 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:42:29.0311 7100 clr_optimization_v2.0.50727_32 - ok
00:42:29.0405 7100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:42:29.0420 7100 clr_optimization_v4.0.30319_32 - ok
00:42:29.0436 7100 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:42:29.0436 7100 CmBatt - ok
00:42:29.0467 7100 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
00:42:29.0467 7100 cmdide - ok
00:42:29.0498 7100 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:42:29.0514 7100 Compbatt - ok
00:42:29.0514 7100 COMSysApp - ok
00:42:29.0529 7100 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:42:29.0529 7100 crcdisk - ok
00:42:29.0654 7100 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
00:42:29.0654 7100 Creative ALchemy AL6 Licensing Service - ok
00:42:29.0717 7100 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
00:42:29.0717 7100 Creative Audio Engine Licensing Service - ok
00:42:29.0748 7100 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:42:29.0748 7100 Crusoe - ok
00:42:29.0810 7100 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
00:42:29.0810 7100 CryptSvc - ok
00:42:29.0857 7100 CTAudSvcService (24b0b8d3cbb46ed5f16551974ae8d222) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
00:42:29.0873 7100 CTAudSvcService - ok
00:42:29.0919 7100 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
00:42:29.0919 7100 CVirtA - ok
00:42:30.0091 7100 CVPND (5ce32922f8f74a0d2d6ecc30cdad01e0) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
00:42:30.0153 7100 CVPND - ok
00:42:30.0325 7100 CVPNDRVA (d46b2e0eeaf349f2085f8b164e462156) C:\Windows\system32\Drivers\CVPNDRVA.sys
00:42:30.0341 7100 CVPNDRVA - ok
00:42:30.0419 7100 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:42:30.0450 7100 DcomLaunch - ok
00:42:30.0481 7100 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:42:30.0497 7100 DfsC - ok
00:42:30.0637 7100 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
00:42:30.0699 7100 DFSR - ok
00:42:30.0887 7100 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
00:42:30.0887 7100 Dhcp - ok
00:42:31.0027 7100 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:42:31.0027 7100 disk - ok
00:42:31.0058 7100 DNE (694616f813fb627a32c9e32dec133078) C:\Windows\system32\DRIVERS\dne2000.sys
00:42:31.0058 7100 DNE - ok
00:42:31.0121 7100 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
00:42:31.0121 7100 Dnscache - ok
00:42:31.0323 7100 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
00:42:31.0323 7100 DockLoginService - ok
00:42:31.0370 7100 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
00:42:31.0401 7100 dot3svc - ok
00:42:31.0433 7100 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
00:42:31.0448 7100 DPS - ok
00:42:31.0495 7100 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:42:31.0495 7100 drmkaud - ok
00:42:31.0573 7100 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:42:31.0604 7100 DXGKrnl - ok
00:42:31.0682 7100 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
00:42:31.0682 7100 e1express - ok
00:42:31.0729 7100 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:42:31.0729 7100 E1G60 - ok
00:42:31.0776 7100 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
00:42:31.0776 7100 EapHost - ok
00:42:31.0807 7100 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:42:31.0823 7100 Ecache - ok
00:42:31.0869 7100 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:42:31.0901 7100 elxstor - ok
00:42:32.0010 7100 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
00:42:32.0010 7100 EMDMgmt - ok
00:42:32.0072 7100 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
00:42:32.0072 7100 ErrDev - ok
00:42:32.0197 7100 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
00:42:32.0197 7100 esgiguard - ok
00:42:32.0259 7100 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
00:42:32.0259 7100 EventSystem - ok
00:42:32.0369 7100 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:42:32.0384 7100 exfat - ok
00:42:32.0415 7100 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:42:32.0431 7100 fastfat - ok
00:42:32.0447 7100 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:42:32.0447 7100 fdc - ok
00:42:32.0478 7100 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
00:42:32.0478 7100 fdPHost - ok
00:42:32.0509 7100 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
00:42:32.0509 7100 FDResPub - ok
00:42:32.0556 7100 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:42:32.0556 7100 FileInfo - ok
00:42:32.0556 7100 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:42:32.0571 7100 Filetrace - ok
00:42:32.0571 7100 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:42:32.0571 7100 flpydisk - ok
00:42:32.0618 7100 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:42:32.0634 7100 FltMgr - ok
00:42:32.0759 7100 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
00:42:32.0790 7100 FontCache - ok
00:42:32.0899 7100 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:42:32.0899 7100 FontCache3.0.0.0 - ok
00:42:32.0930 7100 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
00:42:32.0930 7100 Fs_Rec - ok
00:42:32.0961 7100 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:42:32.0961 7100 gagp30kx - ok
00:42:33.0055 7100 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
00:42:33.0071 7100 GamesAppService - ok
00:42:33.0117 7100 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:42:33.0117 7100 GEARAspiWDM - ok
00:42:33.0149 7100 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
00:42:33.0149 7100 GoToAssist - ok
00:42:33.0242 7100 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
00:42:33.0258 7100 gpsvc - ok
00:42:33.0367 7100 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:42:33.0367 7100 gupdate - ok
00:42:33.0367 7100 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:42:33.0367 7100 gupdatem - ok
00:42:33.0445 7100 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
00:42:33.0461 7100 HdAudAddService - ok
00:42:33.0523 7100 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:42:33.0539 7100 HDAudBus - ok
00:42:33.0585 7100 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:42:33.0585 7100 HidBth - ok
00:42:33.0601 7100 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:42:33.0601 7100 HidIr - ok
00:42:33.0648 7100 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
00:42:33.0648 7100 hidserv - ok
00:42:33.0679 7100 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:42:33.0679 7100 HidUsb - ok
00:42:33.0710 7100 HitmanProScheduler (da53819fbb21e6ff91d377283597a6c6) C:\Program Files\HitmanPro\hmpsched.exe
00:42:33.0710 7100 HitmanProScheduler - ok
00:42:33.0741 7100 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
00:42:33.0741 7100 hkmsvc - ok
00:42:33.0773 7100 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:42:33.0773 7100 HpCISSs - ok
00:42:33.0851 7100 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
00:42:33.0866 7100 HTTP - ok
00:42:33.0897 7100 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:42:33.0897 7100 i2omp - ok
00:42:33.0960 7100 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:42:33.0960 7100 i8042prt - ok
00:42:34.0038 7100 IAANTMON (7b96206e4bdd2fe582f0dbc46f5f410e) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
00:42:34.0069 7100 IAANTMON - ok
00:42:34.0147 7100 iaStor (4b80b97cbf0782b3bb3057f88d42c367) C:\Windows\system32\drivers\iastor.sys
00:42:34.0147 7100 iaStor - ok
00:42:34.0319 7100 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:42:34.0334 7100 iaStorV - ok
00:42:34.0475 7100 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:42:34.0490 7100 idsvc - ok
00:42:34.0506 7100 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:42:34.0506 7100 iirsp - ok
00:42:34.0568 7100 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
00:42:34.0568 7100 IKEEXT - ok
00:42:34.0615 7100 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:42:34.0615 7100 intelide - ok
00:42:34.0646 7100 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:42:34.0646 7100 intelppm - ok
00:42:34.0677 7100 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
00:42:34.0677 7100 IPBusEnum - ok
00:42:34.0693 7100 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:42:34.0693 7100 IpFilterDriver - ok
00:42:34.0740 7100 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
00:42:34.0771 7100 iphlpsvc - ok
00:42:34.0771 7100 IpInIp - ok
00:42:34.0818 7100 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:42:34.0818 7100 IPMIDRV - ok
00:42:34.0865 7100 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:42:34.0865 7100 IPNAT - ok
00:42:35.0021 7100 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
00:42:35.0036 7100 iPod Service - ok
00:42:35.0067 7100 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:42:35.0067 7100 IRENUM - ok
00:42:35.0099 7100 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:42:35.0114 7100 isapnp - ok
00:42:35.0145 7100 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:42:35.0145 7100 iScsiPrt - ok
00:42:35.0161 7100 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:42:35.0161 7100 iteatapi - ok
00:42:35.0177 7100 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:42:35.0177 7100 iteraid - ok
00:42:35.0192 7100 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:42:35.0192 7100 kbdclass - ok
00:42:35.0223 7100 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:42:35.0223 7100 kbdhid - ok
00:42:35.0255 7100 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:42:35.0255 7100 KeyIso - ok
00:42:35.0333 7100 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
00:42:35.0379 7100 KSecDD - ok
00:42:35.0426 7100 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
00:42:35.0426 7100 KtmRm - ok
00:42:35.0489 7100 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
00:42:35.0489 7100 LanmanServer - ok
00:42:35.0535 7100 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
00:42:35.0535 7100 LanmanWorkstation - ok
00:42:35.0582 7100 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:42:35.0582 7100 lltdio - ok
00:42:35.0613 7100 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
00:42:35.0676 7100 lltdsvc - ok
00:42:35.0691 7100 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
00:42:35.0707 7100 lmhosts - ok
00:42:35.0723 7100 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:42:35.0723 7100 LSI_FC - ok
00:42:35.0754 7100 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:42:35.0754 7100 LSI_SAS - ok
00:42:35.0785 7100 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:42:35.0785 7100 LSI_SCSI - ok
00:42:35.0801 7100 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:42:35.0801 7100 luafv - ok
00:42:35.0847 7100 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
00:42:35.0847 7100 MBAMProtector - ok
00:42:35.0957 7100 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:42:35.0957 7100 MBAMService - ok
00:42:36.0066 7100 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
00:42:36.0066 7100 MBAMSwissArmy - ok
00:42:36.0128 7100 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:42:36.0128 7100 megasas - ok
00:42:36.0175 7100 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:42:36.0175 7100 MegaSR - ok
00:42:36.0206 7100 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:42:36.0222 7100 MMCSS - ok
00:42:36.0222 7100 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:42:36.0222 7100 Modem - ok
00:42:36.0237 7100 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:42:36.0237 7100 monitor - ok
00:42:36.0253 7100 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:42:36.0253 7100 mouclass - ok
00:42:36.0253 7100 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:42:36.0253 7100 mouhid - ok
00:42:36.0269 7100 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:42:36.0269 7100 MountMgr - ok
00:42:36.0347 7100 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:42:36.0347 7100 MozillaMaintenance - ok
00:42:36.0378 7100 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:42:36.0378 7100 mpio - ok
00:42:36.0393 7100 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:42:36.0393 7100 mpsdrv - ok
00:42:36.0440 7100 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
00:42:36.0440 7100 MpsSvc - ok
00:42:36.0487 7100 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:42:36.0487 7100 Mraid35x - ok
00:42:36.0518 7100 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:42:36.0518 7100 MRxDAV - ok
00:42:36.0565 7100 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:42:36.0565 7100 mrxsmb - ok
00:42:36.0659 7100 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:42:36.0690 7100 mrxsmb10 - ok
00:42:36.0705 7100 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:42:36.0705 7100 mrxsmb20 - ok
00:42:36.0737 7100 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
00:42:36.0752 7100 msahci - ok
00:42:36.0768 7100 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:42:36.0768 7100 msdsm - ok
00:42:36.0815 7100 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
00:42:36.0815 7100 MSDTC - ok
00:42:36.0846 7100 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:42:36.0846 7100 Msfs - ok
00:42:36.0877 7100 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:42:36.0877 7100 msisadrv - ok
00:42:36.0908 7100 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
00:42:36.0908 7100 MSiSCSI - ok
00:42:36.0908 7100 msiserver - ok
00:42:36.0939 7100 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:42:36.0939 7100 MSKSSRV - ok
00:42:36.0955 7100 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:42:36.0955 7100 MSPCLOCK - ok
00:42:36.0955 7100 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:42:36.0971 7100 MSPQM - ok
00:42:37.0002 7100 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:42:37.0017 7100 MsRPC - ok
00:42:37.0033 7100 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:42:37.0033 7100 mssmbios - ok
00:42:37.0049 7100 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:42:37.0049 7100 MSTEE - ok
00:42:37.0064 7100 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:42:37.0064 7100 Mup - ok
00:42:37.0095 7100 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
00:42:37.0095 7100 napagent - ok
00:42:37.0142 7100 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:42:37.0142 7100 NativeWifiP - ok
00:42:37.0236 7100 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:42:37.0251 7100 NDIS - ok
00:42:37.0283 7100 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:42:37.0283 7100 NdisTapi - ok
00:42:37.0298 7100 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:42:37.0298 7100 Ndisuio - ok
00:42:37.0345 7100 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:42:37.0345 7100 NdisWan - ok
00:42:37.0361 7100 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:42:37.0361 7100 NDProxy - ok
00:42:37.0376 7100 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:42:37.0376 7100 NetBIOS - ok
00:42:37.0407 7100 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:42:37.0407 7100 netbt - ok
00:42:37.0439 7100 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:42:37.0439 7100 Netlogon - ok
00:42:37.0485 7100 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
00:42:37.0532 7100 Netman - ok
00:42:37.0548 7100 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
00:42:37.0563 7100 netprofm - ok
00:42:37.0626 7100 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:42:37.0688 7100 NetTcpPortSharing - ok
00:42:38.0109 7100 NETw5v32 (054ba4a208c7aaf4f787e4f5466755e6) C:\Windows\system32\DRIVERS\NETw5v32.sys
00:42:38.0156 7100 NETw5v32 - ok
00:42:38.0359 7100 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:42:38.0359 7100 nfrd960 - ok
00:42:38.0453 7100 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
00:42:38.0453 7100 NlaSvc - ok
00:42:38.0499 7100 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:42:38.0499 7100 Npfs - ok
00:42:38.0499 7100 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
00:42:38.0515 7100 nsi - ok
00:42:38.0546 7100 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:42:38.0546 7100 nsiproxy - ok
00:42:38.0811 7100 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:42:38.0811 7100 Ntfs - ok
00:42:38.0843 7100 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:42:38.0843 7100 ntrigdigi - ok
00:42:38.0843 7100 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:42:38.0858 7100 Null - ok
00:42:38.0921 7100 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:42:38.0921 7100 nvraid - ok
00:42:38.0952 7100 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:42:38.0967 7100 nvstor - ok
00:42:38.0983 7100 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:42:38.0983 7100 nv_agp - ok
00:42:38.0983 7100 NwlnkFlt - ok
00:42:38.0983 7100 NwlnkFwd - ok
00:42:39.0045 7100 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
00:42:39.0045 7100 ohci1394 - ok
00:42:39.0139 7100 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:42:39.0139 7100 ose - ok
00:42:39.0233 7100 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:42:39.0264 7100 p2pimsvc - ok
00:42:39.0279 7100 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:42:39.0279 7100 p2psvc - ok
00:42:39.0295 7100 Packet (9d80e0be979c3edaf2863f23b88f4de6) C:\Windows\system32\DRIVERS\packet.sys
00:42:39.0295 7100 Packet - ok
00:42:39.0342 7100 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:42:39.0342 7100 Parport - ok
00:42:39.0513 7100 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
00:42:39.0513 7100 partmgr - ok
00:42:39.0545 7100 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:42:39.0545 7100 Parvdm - ok
00:42:39.0576 7100 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
00:42:39.0576 7100 PcaSvc - ok
00:42:39.0638 7100 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
00:42:39.0638 7100 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
00:42:39.0669 7100 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:42:39.0669 7100 pci - ok
00:42:39.0701 7100 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
00:42:39.0701 7100 pciide - ok
00:42:39.0732 7100 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:42:39.0779 7100 pcmcia - ok
00:42:39.0825 7100 PCTBD (c6f3106f935dc7a93d131dae8744f805) C:\Windows\system32\Drivers\PCTBD.sys
00:42:39.0825 7100 PCTBD - ok
00:42:39.0935 7100 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:42:39.0950 7100 PEAUTH - ok
00:42:40.0091 7100 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
00:42:40.0153 7100 pla - ok
00:42:40.0278 7100 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
00:42:40.0293 7100 PlugPlay - ok
00:42:40.0340 7100 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:42:40.0356 7100 PNRPAutoReg - ok
00:42:40.0371 7100 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:42:40.0371 7100 PNRPsvc - ok
00:42:40.0403 7100 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
00:42:40.0403 7100 PolicyAgent - ok
00:42:40.0465 7100 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:42:40.0465 7100 PptpMiniport - ok
00:42:40.0465 7100 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:42:40.0465 7100 Processor - ok
00:42:40.0496 7100 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
00:42:40.0512 7100 ProfSvc - ok
00:42:40.0559 7100 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:42:40.0559 7100 ProtectedStorage - ok
00:42:40.0605 7100 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:42:40.0605 7100 PSched - ok
00:42:40.0652 7100 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
00:42:40.0652 7100 PSI - ok
00:42:40.0715 7100 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
00:42:40.0715 7100 PxHelp20 - ok
00:42:40.0855 7100 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:42:40.0871 7100 ql2300 - ok
00:42:40.0886 7100 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:42:40.0902 7100 ql40xx - ok
00:42:40.0949 7100 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
00:42:40.0964 7100 QWAVE - ok
00:42:40.0980 7100 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:42:40.0980 7100 QWAVEdrv - ok
00:42:41.0323 7100 R300 (7526ad10925d1aa9e4e6b0fb393b701f) C:\Windows\system32\DRIVERS\atikmdag.sys
00:42:41.0339 7100 R300 - ok
00:42:41.0541 7100 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:42:41.0541 7100 RasAcd - ok
00:42:41.0573 7100 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
00:42:41.0604 7100 RasAuto - ok
00:42:41.0635 7100 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:42:41.0635 7100 Rasl2tp - ok
00:42:41.0682 7100 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
00:42:41.0682 7100 RasMan - ok
00:42:41.0729 7100 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:42:41.0729 7100 RasPppoe - ok
00:42:41.0760 7100 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:42:41.0760 7100 RasSstp - ok
00:42:41.0822 7100 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:42:41.0838 7100 rdbss - ok
00:42:41.0885 7100 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:42:41.0885 7100 RDPCDD - ok
00:42:41.0916 7100 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:42:41.0931 7100 rdpdr - ok
00:42:41.0931 7100 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:42:41.0931 7100 RDPENCDD - ok
00:42:41.0978 7100 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
00:42:41.0994 7100 RDPWD - ok
00:42:42.0025 7100 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
00:42:42.0025 7100 RemoteAccess - ok
00:42:42.0072 7100 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
00:42:42.0072 7100 RemoteRegistry - ok
00:42:42.0103 7100 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
00:42:42.0119 7100 RFCOMM - ok
00:42:42.0197 7100 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
00:42:42.0212 7100 RpcLocator - ok
00:42:42.0259 7100 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:42:42.0259 7100 RpcSs - ok
00:42:42.0306 7100 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:42:42.0306 7100 rspndr - ok
00:42:42.0446 7100 RTSTOR (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS
00:42:42.0446 7100 RTSTOR - ok
00:42:42.0493 7100 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:42:42.0493 7100 SamSs - ok
00:42:42.0571 7100 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:42:42.0571 7100 SASDIFSV - ok
00:42:42.0602 7100 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:42:42.0602 7100 SASKUTIL - ok
00:42:42.0633 7100 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:42:42.0633 7100 sbp2port - ok
00:42:42.0711 7100 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
00:42:42.0711 7100 SCardSvr - ok
00:42:42.0821 7100 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
00:42:42.0836 7100 Schedule - ok
00:42:42.0883 7100 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:42:42.0883 7100 SCPolicySvc - ok
00:42:42.0914 7100 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
00:42:42.0914 7100 SDRSVC - ok
00:42:43.0039 7100 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:42:43.0055 7100 SeaPort - ok
00:42:43.0101 7100 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:42:43.0101 7100 secdrv - ok
00:42:43.0133 7100 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
00:42:43.0133 7100 seclogon - ok
00:42:43.0320 7100 Secunia PSI Agent (f70a51eb03ee7046784ef62efce9528e) C:\Program Files\Secunia\PSI\PSIA.exe
00:42:43.0367 7100 Secunia PSI Agent - ok
00:42:43.0460 7100 Secunia Update Agent (ad56ceb08eeb517332355fde9e5939c8) C:\Program Files\Secunia\PSI\sua.exe
00:42:43.0491 7100 Secunia Update Agent - ok
00:42:43.0647 7100 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
00:42:43.0647 7100 SENS - ok
00:42:43.0725 7100 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:42:43.0725 7100 Serenum - ok
00:42:43.0741 7100 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:42:43.0741 7100 Serial - ok
00:42:43.0757 7100 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:42:43.0772 7100 sermouse - ok
00:42:43.0803 7100 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
00:42:43.0819 7100 SessionEnv - ok
00:42:43.0835 7100 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
00:42:43.0835 7100 sffdisk - ok
00:42:43.0850 7100 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:42:43.0850 7100 sffp_mmc - ok
00:42:43.0866 7100 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
00:42:43.0866 7100 sffp_sd - ok
00:42:43.0881 7100 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:42:43.0881 7100 sfloppy - ok
00:42:43.0991 7100 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
00:42:43.0991 7100 SftService - ok
00:42:44.0100 7100 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
00:42:44.0100 7100 SharedAccess - ok
00:42:44.0240 7100 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
00:42:44.0256 7100 ShellHWDetection - ok
00:42:44.0303 7100 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:42:44.0318 7100 sisagp - ok
00:42:44.0318 7100 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:42:44.0318 7100 SiSRaid2 - ok
00:42:44.0349 7100 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:42:44.0349 7100 SiSRaid4 - ok
00:42:44.0771 7100 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
00:42:44.0864 7100 slsvc - ok
00:42:45.0020 7100 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
00:42:45.0020 7100 SLUINotify - ok
00:42:45.0067 7100 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:42:45.0083 7100 Smb - ok
00:42:45.0129 7100 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
00:42:45.0129 7100 SNMPTRAP - ok
00:42:45.0270 7100 Sound Blaster X-Fi MB Licensing Service (9b24dca429f819db314f30ee4c6c80fd) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
00:42:45.0270 7100 Sound Blaster X-Fi MB Licensing Service - ok
00:42:45.0301 7100 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:42:45.0301 7100 spldr - ok
00:42:45.0332 7100 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
00:42:45.0332 7100 Spooler - ok
00:42:45.0426 7100 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:42:45.0426 7100 srv - ok
00:42:45.0488 7100 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:42:45.0535 7100 srv2 - ok
00:42:45.0566 7100 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:42:45.0566 7100 srvnet - ok
00:42:45.0597 7100 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
00:42:45.0613 7100 SSDPSRV - ok
00:42:45.0675 7100 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
00:42:45.0691 7100 SstpSvc - ok
00:42:45.0925 7100 STacSV (bf8b7e3c4af6e29025519a70469061a6) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\STacSV.exe
00:42:45.0925 7100 STacSV - ok
00:42:46.0003 7100 STHDA (02b3ef45094f090e397eea46cbed7b9e) C:\Windows\system32\DRIVERS\stwrt.sys
00:42:46.0034 7100 STHDA - ok
00:42:46.0097 7100 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
00:42:46.0097 7100 stisvc - ok
00:42:46.0268 7100 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
00:42:46.0268 7100 stllssvr - ok
00:42:46.0299 7100 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:42:46.0299 7100 swenum - ok
00:42:46.0346 7100 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
00:42:46.0346 7100 swprv - ok
00:42:46.0393 7100 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:42:46.0393 7100 Symc8xx - ok
00:42:46.0440 7100 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:42:46.0440 7100 Sym_hi - ok
00:42:46.0455 7100 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:42:46.0455 7100 Sym_u3 - ok
00:42:46.0518 7100 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
00:42:46.0518 7100 SysMain - ok
00:42:46.0549 7100 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
00:42:46.0565 7100 TabletInputService - ok
00:42:46.0627 7100 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
00:42:46.0627 7100 TapiSrv - ok
00:42:46.0643 7100 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
00:42:46.0643 7100 TBS - ok
00:42:46.0767 7100 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
00:42:46.0799 7100 Tcpip - ok
00:42:46.0814 7100 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
00:42:46.0814 7100 Tcpip6 - ok
00:42:46.0830 7100 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
00:42:46.0830 7100 tcpipreg - ok
00:42:46.0923 7100 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:42:46.0923 7100 TDPIPE - ok
00:42:46.0939 7100 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:42:46.0939 7100 TDTCP - ok
00:42:47.0001 7100 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:42:47.0001 7100 tdx - ok
00:42:47.0033 7100 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:42:47.0033 7100 TermDD - ok
00:42:47.0095 7100 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
00:42:47.0095 7100 TermService - ok
00:42:47.0189 7100 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
00:42:47.0204 7100 Themes - ok
00:42:47.0235 7100 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:42:47.0235 7100 THREADORDER - ok
00:42:47.0267 7100 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
00:42:47.0282 7100 TrkWks - ok
00:42:47.0329 7100 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
00:42:47.0329 7100 TrustedInstaller - ok
00:42:47.0345 7100 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:42:47.0360 7100 tssecsrv - ok
00:42:47.0376 7100 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:42:47.0376 7100 tunmp - ok
00:42:47.0407 7100 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:42:47.0407 7100 tunnel - ok
00:42:47.0423 7100 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:42:47.0423 7100 uagp35 - ok
00:42:47.0454 7100 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:42:47.0454 7100 udfs - ok
00:42:47.0485 7100 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
00:42:47.0485 7100 UI0Detect - ok
00:42:47.0563 7100 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:42:47.0563 7100 uliagpkx - ok
00:42:47.0610 7100 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:42:47.0641 7100 uliahci - ok
00:42:47.0657 7100 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:42:47.0657 7100 UlSata - ok
00:42:47.0672 7100 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:42:47.0688 7100 ulsata2 - ok
00:42:47.0688 7100 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:42:47.0703 7100 umbus - ok
00:42:47.0719 7100 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
00:42:47.0750 7100 upnphost - ok
00:42:47.0797 7100 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
00:42:47.0797 7100 USBAAPL - ok
00:42:47.0813 7100 usbccgp (922b2ebd5118b9ab120410807131a921) C:\Windows\system32\DRIVERS\usbccgp.sys
00:42:47.0828 7100 usbccgp - ok
00:42:47.0844 7100 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:42:47.0844 7100 usbcir - ok
00:42:47.0891 7100 usbehci (3d045eaa73414be8f877f292a84abba2) C:\Windows\system32\DRIVERS\usbehci.sys
00:42:47.0891 7100 usbehci - ok
00:42:47.0937 7100 usbhub (1ae77a4c4e4f526ef9759c31a123f2b0) C:\Windows\system32\DRIVERS\usbhub.sys
00:42:47.0969 7100 usbhub - ok
00:42:47.0984 7100 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:42:47.0984 7100 usbohci - ok
00:42:48.0015 7100 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:42:48.0015 7100 usbprint - ok
00:42:48.0062 7100 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:42:48.0062 7100 USBSTOR - ok
00:42:48.0078 7100 usbuhci (f69c1aad04f28415f3fbe99fbe56030b) C:\Windows\system32\DRIVERS\usbuhci.sys
00:42:48.0078 7100 usbuhci - ok
00:42:48.0171 7100 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
00:42:48.0171 7100 UxSms - ok
00:42:48.0234 7100 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
00:42:48.0249 7100 vds - ok
00:42:48.0281 7100 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:42:48.0281 7100 vga - ok
00:42:48.0296 7100 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:42:48.0296 7100 VgaSave - ok
00:42:48.0327 7100 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:42:48.0327 7100 viaagp - ok
00:42:48.0343 7100 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:42:48.0343 7100 ViaC7 - ok
00:42:48.0359 7100 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
00:42:48.0359 7100 viaide - ok
00:42:48.0374 7100 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:42:48.0374 7100 volmgr - ok
00:42:48.0421 7100 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:42:48.0421 7100 volmgrx - ok
00:42:48.0468 7100 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:42:48.0483 7100 volsnap - ok
00:42:48.0530 7100 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:42:48.0530 7100 vsmraid - ok
00:42:48.0671 7100 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
00:42:48.0671 7100 VSS - ok
00:42:48.0749 7100 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
00:42:48.0749 7100 W32Time - ok
00:42:48.0827 7100 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:42:48.0827 7100 WacomPen - ok
00:42:48.0842 7100 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:42:48.0842 7100 Wanarp - ok
00:42:48.0842 7100 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:42:48.0842 7100 Wanarpv6 - ok
00:42:48.0905 7100 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
00:42:48.0905 7100 wcncsvc - ok
00:42:48.0967 7100 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
00:42:48.0967 7100 WcsPlugInService - ok
00:42:48.0998 7100 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:42:48.0998 7100 Wd - ok
00:42:49.0123 7100 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:42:49.0139 7100 Wdf01000 - ok
00:42:49.0185 7100 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:42:49.0201 7100 WdiServiceHost - ok
00:42:49.0201 7100 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:42:49.0201 7100 WdiSystemHost - ok
00:42:49.0295 7100 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
00:42:49.0310 7100 WebClient - ok
00:42:49.0419 7100 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
00:42:49.0419 7100 Wecsvc - ok
00:42:49.0451 7100 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
00:42:49.0451 7100 wercplsupport - ok
00:42:49.0513 7100 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
00:42:49.0529 7100 WerSvc - ok
00:42:49.0653 7100 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
00:42:49.0669 7100 WinDefend - ok
00:42:49.0685 7100 WinHttpAutoProxySvc - ok
00:42:49.0747 7100 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
00:42:49.0794 7100 Winmgmt - ok
00:42:49.0934 7100 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
00:42:49.0965 7100 WinRM - ok
00:42:50.0012 7100 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
00:42:50.0028 7100 Wlansvc - ok
00:42:50.0371 7100 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:42:50.0387 7100 wlidsvc - ok
00:42:50.0652 7100 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:42:50.0652 7100 WmiAcpi - ok
00:42:50.0730 7100 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
00:42:50.0730 7100 wmiApSrv - ok
00:42:50.0979 7100 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:42:51.0026 7100 WMPNetworkSvc - ok
00:42:51.0089 7100 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
00:42:51.0104 7100 WPCSvc - ok
00:42:51.0198 7100 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
00:42:51.0245 7100 WPDBusEnum - ok
00:42:51.0307 7100 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:42:51.0307 7100 WpdUsb - ok
00:42:51.0572 7100 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:42:51.0588 7100 WPFFontCache_v0400 - ok
00:42:51.0635 7100 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:42:51.0635 7100 ws2ifsl - ok
00:42:51.0666 7100 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
00:42:51.0666 7100 wscsvc - ok
00:42:51.0681 7100 WSearch - ok
00:42:51.0853 7100 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
00:42:51.0900 7100 wuauserv - ok
00:42:52.0087 7100 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:42:52.0087 7100 WUDFRd - ok
00:42:52.0134 7100 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
00:42:52.0149 7100 wudfsvc - ok
00:42:52.0165 7100 yksvc - ok
00:42:52.0212 7100 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
00:42:52.0243 7100 yukonwlh - ok
00:42:52.0259 7100 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
00:42:52.0649 7100 \Device\Harddisk0\DR0 - ok
00:42:52.0711 7100 Boot (0x1200) (bfc8dd62bcedc2f2e97a81c037a5313c) \Device\Harddisk0\DR0\Partition0
00:42:52.0711 7100 \Device\Harddisk0\DR0\Partition0 - ok
00:42:52.0727 7100 Boot (0x1200) (4fde9b96a7fc4db00afe4af03248344b) \Device\Harddisk0\DR0\Partition1
00:42:52.0727 7100 \Device\Harddisk0\DR0\Partition1 - ok
00:42:52.0727 7100 ============================================================
00:42:52.0727 7100 Scan finished
00:42:52.0727 7100 ============================================================
00:42:52.0742 7116 Detected object count: 0
00:42:52.0742 7116 Actual detected object count: 0
00:43:07.0235 5104 Deinitialize success


Combofix Log File:


ComboFix 12-07-13.01 - Lauren 07/13/2012 0:56.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3579.1921 [GMT -5:00]
Running from: c:\users\Lauren\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
E:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 06:04 . 2012-07-13 06:04 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-07-13 06:04 . 2012-07-13 06:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 16:02 . 2012-07-12 16:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FFEEDF4-619D-4E4A-98B9-43D4EC03AAC1}\offreg.dll
2012-07-12 15:52 . 2012-06-18 08:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FFEEDF4-619D-4E4A-98B9-43D4EC03AAC1}\mpengine.dll
2012-07-11 17:48 . 2012-07-11 17:48 -------- d-----w- c:\program files\ESET
2012-07-11 17:23 . 2012-07-11 17:23 -------- d-----w- c:\program files\HitmanPro
2012-07-11 17:22 . 2012-07-11 17:23 -------- d-----w- c:\programdata\HitmanPro
2012-07-11 17:20 . 2012-07-11 17:20 110080 ----a-r- c:\users\Lauren\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconD7F16134.exe
2012-07-11 17:20 . 2012-07-11 17:20 110080 ----a-r- c:\users\Lauren\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconCF33A0CE.exe
2012-07-11 17:20 . 2012-07-11 17:20 110080 ----a-r- c:\users\Lauren\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconF7A21AF7.exe
2012-07-11 17:20 . 2012-07-12 16:04 -------- d-----w- C:\sh4ldr
2012-07-11 17:20 . 2012-07-11 17:20 -------- d-----w- c:\program files\Enigma Software Group
2012-07-11 17:18 . 2012-07-11 17:20 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-07-11 17:12 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:02 . 2012-07-11 17:03 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-11 16:44 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 09:08 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 09:08 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 09:08 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 09:08 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 09:08 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 08:43 . 2012-07-11 17:12 -------- d-----w- c:\users\Lauren\AppData\Local\NPE
2012-07-11 08:40 . 2012-07-11 08:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-11 06:25 . 2012-06-14 17:31 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-07-11 06:25 . 2012-06-14 17:31 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-11 06:25 . 2012-06-14 17:31 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-11 06:25 . 2012-06-14 17:31 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-07-11 06:25 . 2012-06-14 17:31 1681368 ----a-w- c:\windows\PCTBDRes.dll
2012-07-11 06:21 . 2012-07-11 06:21 -------- d-----w- c:\program files\PC Tools
2012-07-11 06:16 . 2012-05-11 16:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-11 06:16 . 2012-07-11 16:49 -------- d-----w- c:\program files\Common Files\PC Tools
2012-07-11 06:15 . 2012-07-11 16:47 -------- d-----w- c:\programdata\PC Tools
2012-07-11 06:15 . 2012-07-11 06:15 -------- d-----w- c:\users\Lauren\AppData\Roaming\TestApp
2012-07-08 22:23 . 2012-07-08 23:11 -------- d-----w- c:\users\Lauren\DoctorWeb
2012-07-08 22:14 . 2012-07-08 22:14 -------- d-----w- c:\users\Lauren\AppData\Roaming\abelhadigital.com
2012-07-08 22:14 . 2012-07-08 22:14 -------- d-----w- c:\programdata\abelhadigital.com
2012-07-08 22:13 . 2012-07-08 22:13 -------- d-----w- c:\program files\HostsMan
2012-07-08 22:11 . 2012-07-08 22:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-08 20:53 . 2012-07-08 20:53 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-08 20:47 . 2012-07-08 20:47 -------- d-----w- c:\program files\Common Files\Java
2012-07-08 20:46 . 2012-07-08 20:46 -------- d-----w- c:\program files\Oracle
2012-07-08 20:19 . 2012-07-08 20:19 -------- d-----w- c:\users\Lauren\AppData\Roaming\SUPERAntiSpyware.com
2012-07-08 20:18 . 2012-07-08 20:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-08 20:18 . 2012-07-08 20:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-08 19:42 . 2012-05-05 00:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-08 18:54 . 2012-07-08 18:57 -------- d-----w- c:\program files\GIMP 2
2012-07-01 07:44 . 2012-07-08 05:53 -------- d-----w- c:\program files\CCleaner
2012-06-18 20:27 . 2012-06-18 20:27 -------- d-----w- c:\program files\iPod
2012-06-18 20:27 . 2012-06-18 20:28 -------- d-----w- c:\program files\iTunes
2012-06-13 15:05 . 2012-06-13 15:05 -------- d-----w- c:\users\Lauren\AppData\Local\Macromedia
2012-06-13 11:30 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 11:30 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 11:29 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 11:28 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 07:33 . 2012-04-11 12:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 07:33 . 2011-05-15 20:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 16:21 . 2010-03-17 00:01 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-04-02 17:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-03-17 00:01 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2010-03-17 00:01 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-03-17 00:01 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-03-17 00:01 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-06-29 11:19 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-03-17 00:00 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-14 16:03 . 2012-07-11 06:25 3488 ----a-w- c:\windows\UDB.zip
2012-06-14 16:03 . 2012-07-11 06:25 131 ----a-w- c:\windows\IDB.zip
2012-06-02 22:19 . 2012-06-09 01:02 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-09 01:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-09 01:02 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-09 01:02 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-09 01:01 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-09 01:01 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 17:25 . 2009-11-24 13:03 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-05 00:29 . 2011-02-12 14:53 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-15 19:31 . 2012-04-15 19:31 711240 ----a-w- c:\windows\is-5MUKF.exe
2012-06-14 22:20 . 2012-07-08 20:08 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Akamai NetSession Interface"="c:\users\Lauren\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 3906432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2008-12-17 14848]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"LockStatusTray"="c:\windows\LockStatusTray.exe" [2008-02-19 192512]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-26 495708]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-10-9 6144]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-01 19:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-10-15 09:10 498160 ----a-w- c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\aestsrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 99551057
*NewlyCreated* - ESGIGUARD
*Deregistered* - 99551057
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 07:33]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 03:38]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 03:38]
.
2012-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
2012-07-13 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{4749B771-F185-4BE8-8A95-30089A50D404}.job
- c:\windows\system32\msfeedssync.exe [2011-05-15 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\ifri84xx.default\
FF - prefs.js: browser.search.selectedEngine - Search Defender
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-44572530.sys
SafeBoot-Wdf01000.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-13 01:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
Completion time: 2012-07-13 01:06:47
ComboFix-quarantined-files.txt 2012-07-13 06:06
.
Pre-Run: 426,561,335,296 bytes free
Post-Run: 426,726,141,952 bytes free
.
- - End Of File - - 56701BA2CA0E8FBFE0653BA0796AB164

Security Check Log File:

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpyHunter
SUPERAntiSpyware
Secunia PSI (3.0.0.2004)
HostsMan 4.0.85 Beta6
CCleaner
JavaFX 2.1.1
Java™ 7 Update 5
Out of date Java installed!
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 PM

Posted 13 July 2012 - 01:32 PM

Thank you for getting back to me so quickly :-).

No problem! :)

I completed all the steps, and I will post the logs below. Unfortunately, I'm still having problems with redirect...this time the site was merchant circle or something similar. Where do I go from here?

We still have some more left to clean up. We'll attempt to clear those up in the next few steps.


Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::
99551057

File::
C:\Windows\System32\Drivers\99551057.sys

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 Decuma

Decuma
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 13 July 2012 - 11:40 PM

Hey,


I keep trying to run combofix after disabling all antivirus programs as stated in the instructions. However, despite not using the computer whatsoever while the scanner is running, it freezes and then crashes (I came home after leaving it running, while I went to run errands and it had frozen in hibernation). I had to use system restore the first time I tried to run it. Luckily, not so this go round. Any suggestions on how to keep this from happening?


Thanks,

Decuma

#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 PM

Posted 14 July 2012 - 12:02 PM

Try running the scan again, but from Safe Mode this time:

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Once you're in Safe Mode, run ComboFix again, and please post the newly-created C:\ComboFix.txt. Let me know how things go.

Edited by D-FRED-BROWN, 14 July 2012 - 12:02 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#7 Decuma

Decuma
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 15 July 2012 - 03:30 PM

Hey,

Sorry about disappearing, I managed to somehow get a bad case of food poisoning yesterday. Anyhow, I ran Combofix with the CFScript from safemode as directed, and below is the log.
I noticed when my computer was rebooted by combofix, my checkdisk was activated - would this have affected combofix's performance in anyway? The only other thing that happened is that combofix was mentioning needing administrative privileges for some things while it was running, but I am the administrator on this computer. At that point, I left it alone, not wanting it to stall.

Thanks,

Decuma

ComboFix 12-07-14.01 - Lauren 07/15/2012 14:58:14.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3579.2985 [GMT -5:00]
Running from: c:\users\Lauren\Desktop\Friday.exe.exe
Command switches used :: c:\users\Lauren\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\Drivers\99551057.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\windows\system32\regobj.dll
E:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_99551057
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 20:04 . 2012-07-15 20:18 -------- d-----w- c:\users\Lauren\AppData\Local\temp
2012-07-15 20:04 . 2012-07-15 20:04 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-07-15 20:04 . 2012-07-15 20:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 19:45 . 2012-07-15 19:45 -------- d-----w- C:\found.001
2012-07-15 18:11 . 2012-07-15 18:11 711240 ----a-w- c:\windows\isRS-000.tmp
2012-07-14 17:14 . 2012-06-18 08:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED3B6C88-6DA3-4D44-9BA6-5C139FE513F9}\mpengine.dll
2012-07-13 21:42 . 2012-07-13 21:43 -------- d-----w- C:\ComboFix(1)
2012-07-13 06:55 . 2012-07-13 06:55 -------- d-----w- c:\users\Lauren\AppData\Local\CrashDumps
2012-07-11 17:48 . 2012-07-11 17:48 -------- d-----w- c:\program files\ESET
2012-07-11 17:22 . 2012-07-11 17:23 -------- d-----w- c:\programdata\HitmanPro
2012-07-11 17:20 . 2012-07-14 04:43 -------- d-----w- C:\sh4ldr
2012-07-11 17:20 . 2012-07-11 17:20 -------- d-----w- c:\program files\Enigma Software Group
2012-07-11 17:18 . 2012-07-14 04:43 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-07-11 17:12 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 16:44 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 09:08 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 09:08 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 09:08 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 09:08 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 09:08 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 08:43 . 2012-07-11 17:12 -------- d-----w- c:\users\Lauren\AppData\Local\NPE
2012-07-11 08:40 . 2012-07-11 08:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-11 06:25 . 2012-06-14 17:31 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-07-11 06:25 . 2012-06-14 17:31 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-11 06:25 . 2012-06-14 17:31 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-11 06:25 . 2012-06-14 17:31 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-07-11 06:25 . 2012-06-14 17:31 1681368 ----a-w- c:\windows\PCTBDRes.dll
2012-07-11 06:21 . 2012-07-11 06:21 -------- d-----w- c:\program files\PC Tools
2012-07-11 06:16 . 2012-05-11 16:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-11 06:16 . 2012-07-11 16:49 -------- d-----w- c:\program files\Common Files\PC Tools
2012-07-11 06:15 . 2012-07-11 16:47 -------- d-----w- c:\programdata\PC Tools
2012-07-11 06:15 . 2012-07-11 06:15 -------- d-----w- c:\users\Lauren\AppData\Roaming\TestApp
2012-07-08 22:23 . 2012-07-08 23:11 -------- d-----w- c:\users\Lauren\DoctorWeb
2012-07-08 22:14 . 2012-07-08 22:14 -------- d-----w- c:\users\Lauren\AppData\Roaming\abelhadigital.com
2012-07-08 22:14 . 2012-07-08 22:14 -------- d-----w- c:\programdata\abelhadigital.com
2012-07-08 22:11 . 2012-07-08 22:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-08 20:53 . 2012-07-08 20:53 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-08 20:47 . 2012-07-08 20:47 -------- d-----w- c:\program files\Common Files\Java
2012-07-08 20:46 . 2012-07-08 20:46 -------- d-----w- c:\program files\Oracle
2012-07-08 20:18 . 2012-07-08 20:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-08 19:42 . 2012-05-05 00:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-08 18:54 . 2012-07-08 18:57 -------- d-----w- c:\program files\GIMP 2
2012-07-01 07:44 . 2012-07-08 05:53 -------- d-----w- c:\program files\CCleaner
2012-06-18 20:27 . 2012-06-18 20:27 -------- d-----w- c:\program files\iPod
2012-06-18 20:27 . 2012-06-18 20:28 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 07:33 . 2012-04-11 12:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 07:33 . 2011-05-15 20:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2009-08-18 01:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2010-03-17 00:01 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-04-02 17:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-03-17 00:01 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2010-03-17 00:01 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-03-17 00:01 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-03-17 00:01 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-06-29 11:19 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-03-17 00:00 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-14 16:03 . 2012-07-11 06:25 3488 ----a-w- c:\windows\UDB.zip
2012-06-14 16:03 . 2012-07-11 06:25 131 ----a-w- c:\windows\IDB.zip
2012-06-02 22:19 . 2012-06-09 01:02 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-09 01:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-09 01:02 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-09 01:02 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-09 01:01 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-09 01:01 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 17:25 . 2009-11-24 13:03 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-05 00:29 . 2011-02-12 14:53 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 14:03 . 2012-06-13 11:28 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-13 11:30 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 11:30 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-23 16:00 . 2012-06-13 11:29 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-14 22:20 . 2012-07-08 20:08 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Akamai NetSession Interface"="c:\users\Lauren\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2008-12-17 14848]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"LockStatusTray"="c:\windows\LockStatusTray.exe" [2008-02-19 192512]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-26 495708]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
.
c:\users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-10-9 6144]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-01 19:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-10-15 09:10 498160 ----a-w- c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 07:33]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 03:38]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 03:38]
.
2012-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
2012-07-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{4749B771-F185-4BE8-8A95-30089A50D404}.job
- c:\windows\system32\msfeedssync.exe [2011-05-15 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\ifri84xx.default\
FF - prefs.js: browser.search.selectedEngine - Search Defender
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5764)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\STacSV.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\Dell DataSafe Local Backup\sftservice.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2012-07-15 15:21:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 20:21
ComboFix2.txt 2012-07-13 06:06
.
Pre-Run: 416,647,680,000 bytes free
Post-Run: 412,548,706,304 bytes free
.
- - End Of File - - 80E4D043047CF2FAEA4A74C1FBF96E4E

#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 PM

Posted 15 July 2012 - 05:30 PM

Sorry about disappearing, I managed to somehow get a bad case of food poisoning yesterday.

No worries. I hope you're feeling better!

I noticed when my computer was rebooted by combofix, my checkdisk was activated - would this have affected combofix's performance in anyway? The only other thing that happened is that combofix was mentioning needing administrative privileges for some things while it was running, but I am the administrator on this computer. At that point, I left it alone, not wanting it to stall

It happens sometimes. I wouldn't worry about it. :thumbup2:

How is your system running now? Are there any signs of further issues? Please let me know.

------------

Your logs appear to be clean. Let's run this online scan to verify there isn't anything left that we may have missed:
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Edited by D-FRED-BROWN, 15 July 2012 - 05:31 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#9 Decuma

Decuma
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 15 July 2012 - 11:31 PM

Hey,


Well, after clicking some more links in google on firefox, I was still getting redirected, so I tried uninstalling and then reinstalling firefox. So far, it appears ok... *crosses fingers* However, I should probably open a handful of links again to be sure. But, in the meantime, I've tried switching to AVG antivirus instead of my normal for a little while, and AVG is telling me it's found a lot of inline hooks that it can't remove. After telling me that the files couldn't be removed, I reran the scan, and AVG is now telling me it isn't finding anything despite still having the results in the former scan log. I'll post the details of that in here following the ESET log.

ESET Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e0b5c70d5aaecb4f85996d6c56d835d3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-16 04:24:51
# local_time=2012-07-15 11:24:51 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 72696931 72696931 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 0 179010144 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=187752
# found=5
# cleaned=5
# scan_time=10119
C:\Program Files\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

AVG Log


"";"C:\Windows\System32\Drivers\aswSP.SYS";"Inline hook ntkrnlpa.exe PsQueryProcessExceptionFlags+0x3CB -> aswSP.SYS +0x24748";"Object is inaccessible."
"";"C:\Windows\System32\Drivers\aswSP.SYS";"IRP hook, \FileSystem\Ntfs IRP_MJ_CREATE -> aswSP.SYS +0x24262";"Object is inaccessible."
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtAddBootEntry hook -> aswSnx.SYS +0x16536";"Object is inaccessible."
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngGradientFill+0x60DE -> aswSnx.SYS +0x1B3E4";"Object is inaccessible."
"";"C:\Windows\System32\Drivers\aswSP.SYS";"Service function NtFreeVirtualMemory hook -> aswSP.SYS +0xC89E";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSP.SYS";"Service function NtAllocateVirtualMemory hook -> aswSP.SYS +0xC7BA";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSP.SYS";"Service function NtCreateSection hook -> aswSP.SYS +0xCBAC";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSP.SYS";"IRP hook, \FileSystem\Ntfs IRP_MJ_CLEANUP -> aswSP.SYS +0x24306";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSP.SYS";"IRP hook, \FileSystem\Ntfs IRP_MJ_SET_INFORMATION -> aswSP.SYS +0x243AA";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSP.SYS";"IRP hook, \FileSystem\Ntfs IRP_MJ_WRITE -> aswSP.SYS +0x2436A";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSP.SYS";"IRP hook, \FileSystem\Ntfs IRP_MJ_CLOSE -> aswSP.SYS +0x242A2";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSP.SYS";"Service function NtProtectVirtualMemory hook -> aswSP.SYS +0xCA1E";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys WNDOBJ_bEnum+0x248 -> aswSnx.SYS +0x1B664";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngPlgBlt+0x26D9 -> aswSnx.SYS +0x1CAE8";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngFillPath+0x375D -> aswSnx.SYS +0x1BE34";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngLineTo+0xA15 -> aswSnx.SYS +0x1B6B8";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngLineTo+0xD2AF -> aswSnx.SYS +0x1B8BC";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngLineTo+0x10D20 -> aswSnx.SYS +0x1B826";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngDeleteSemaphore+0xE80 -> aswSnx.SYS +0x1B790";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys STROBJ_vEnumStart+0x4728 -> aswSnx.SYS +0x1B4D4";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngCopyBits+0xB0F -> aswSnx.SYS +0x1C8C0";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngNineGrid+0x6F75 -> aswSnx.SYS +0x1C76A";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngNineGrid+0x8C4 -> aswSnx.SYS +0x1C972";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngAlphaBlend+0xB973 -> aswSnx.SYS +0x1BE1C";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngLpkInstalled+0x1D73 -> aswSnx.SYS +0x1C7B0";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtAssignProcessToJobObject hook -> aswSnx.SYS +0x16F52";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtCreateEvent hook -> aswSnx.SYS +0x21D7A";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtCreateEventPair hook -> aswSnx.SYS +0x21DC6";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtCreateIoCompletion hook -> aswSnx.SYS +0x21F48";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtCreateMutant hook -> aswSnx.SYS +0x21CE8";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngStrokePath+0x5FF -> aswSnx.SYS +0x1B3FC";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtCreateSemaphore hook -> aswSnx.SYS +0x21D30";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtCreateThread hook -> aswSnx.SYS +0x17146";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtCreateTimer hook -> aswSnx.SYS +0x21F02";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtDebugActiveProcess hook -> aswSnx.SYS +0x178CA";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtDeleteBootEntry hook -> aswSnx.SYS +0x16584";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngStretchBlt+0x2B44 -> aswSnx.SYS +0x1CC32";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtLoadDriver hook -> aswSnx.SYS +0x161EC";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtModifyBootEntry hook -> aswSnx.SYS +0x165D2";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtOpenEvent hook -> aswSnx.SYS +0x21DA4";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtOpenEventPair hook -> aswSnx.SYS +0x21DE8";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtOpenIoCompletion hook -> aswSnx.SYS +0x21F6C";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtOpenMutant hook -> aswSnx.SYS +0x21D0E";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtOpenSection hook -> aswSnx.SYS +0x21E8C";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtOpenSemaphore hook -> aswSnx.SYS +0x21D58";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtOpenTimer hook -> aswSnx.SYS +0x21F26";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Inline hook win32k.sys EngMulDiv+0x4D3F -> aswSnx.SYS +0x1B5A8";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtQueryObject hook -> aswSnx.SYS +0x1815E";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtQueueApcThread hook -> aswSnx.SYS +0x17D08";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtSetBootEntryOrder hook -> aswSnx.SYS +0x16620";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtSetBootOptions hook -> aswSnx.SYS +0x1666E";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtSetContextThread hook -> aswSnx.SYS +0x1774A";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtSetSystemInformation hook -> aswSnx.SYS +0x16276";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtSetSystemPowerState hook -> aswSnx.SYS +0x16426";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtShutdownSystem hook -> aswSnx.SYS +0x163CC";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtSuspendProcess hook -> aswSnx.SYS +0x17A2C";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtSuspendThread hook -> aswSnx.SYS +0x17B88";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtSystemDebugControl hook -> aswSnx.SYS +0x16496";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtVdmControl hook -> aswSnx.SYS +0x166BC";"Object is hidden"
"";"C:\Windows\System32\Drivers\aswSnx.SYS";"Service function NtCreateThreadEx hook -> aswSnx.SYS +0x172CE";"Object is hidden"

#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 PM

Posted 16 July 2012 - 12:37 PM

The AVG scan is picking up components left over from your Avast antivirus. Nothing to worry about. :wink:

Before we do anything else, have the redirects reappeared? Please let me know.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#11 Decuma

Decuma
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 July 2012 - 09:50 AM

Hey,


I've been testing searches on Mozilla, and Google, and so far, I haven't been redirected yet. :D


~Decuma

#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 PM

Posted 17 July 2012 - 01:15 PM

Looking good. I'd like to get one last online scan before we move on to the next step:

Please run a BitDefender Online Scan
  • After clicking Start Scanner and Scan Now, select I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

Edited by D-FRED-BROWN, 17 July 2012 - 01:17 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#13 Decuma

Decuma
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 18 July 2012 - 10:25 AM

Hey,

For some reason, BitDefender isn't giving me the option to export scan results, just to download the full product after it does the online scan. A quick note though, I may be MIA on here for the next couple of days due to some stuff that's come up at work.


Thanks,

Decuma

#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 PM

Posted 18 July 2012 - 12:31 PM

That's strange- do you recall if it detected anything? Also, take all the time you need. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#15 Decuma

Decuma
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 24 July 2012 - 08:51 PM

Hey,

I'm back :-). To answer your question, it gave me the answer "no active infections found."


~Decuma




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users