Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with IRP Hook & Google keeps redirecting


  • This topic is locked This topic is locked
24 replies to this topic

#1 Paranon

Paranon

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 August 2012 - 09:20 PM

Web browser is constantly being redirected to random sites.

AVG Internet Security scan produces no returns.

AVG Internet Security Anti-Rootkit Scan produces 1 return:

"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xFFFFFA8005090334";"Object is hidden"

On attempt to remove AVG reports object is "hidden by rootkit technique" - "Threat cannot be removed by standard user rights" - Removing threat as power user and reboot proves unsuccessful as IRP Hook is present on follow up scan.

Malwarebytes is IP blocking outgoing access to "a potentially malicious website" - "206.161.121.3" process - "explorer.exe"

Sometimes Malwarebytes appears to prevent the redirect, but not every time.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19272 BrowserJavaVersion: 1.6.0_21
Run by Shaun at 20:38:23 on 2012-08-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.1437 [GMT 1:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\PROGRA~2\WinTV\EPG Services\System\EPGService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehRecvr.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (X86)\Hotkey_Driver\HotkeyDriver.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Aurora\firefox.exe
C:\Program Files (x86)\Aurora\plugin-container.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mURLSearchHooks: H - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Shaun\AppData\Local\Akamai\netsession_win.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [MFARestart] "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-explorer: DisableThumbnailsOnNetworkFolders = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
mPolicies-system: DisableStartupSound = 1 (0x1)
mPolicies-system: DisplayLastLogonInfo = 1 (0x1)
IE: &Download All with FlashGet - C:\PROGRA~2\FlashGet\jc_all.htm
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - C:\PROGRA~2\FlashGet\jc_link.htm
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_01-win.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://register3.valueactive.com/mpp_236/webolr/OCX/FlashAX.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A7A81881-8143-4276-8472-5956723EC40E} : NameServer = 141.1.1.1 195.27.1.1
TCP: Interfaces\{E99BF2E9-2F5E-4176-A8C3-C2850F8B32F3} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO-X64: flashget urlcatch - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [MFARestart] "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE-X64: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
IE-X64: {FBD0E841-69E5-453A-8124-335C1F71E349} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\e8xcrlvj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B367cbafd-117b-4f4a-8d32-16804edb963c%7D&mid=1ca2e30b9b639d6a5b8b22a9af81f5fd-aa404916a2f545999c2644c97f3278f08741b8bf&ds=AVG&v=10.0.0.7&lang=en&pr=pr&d=2011-10-25%2017%3A10%3A10&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\e8xcrlvj.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\plugins\npagent.dll
FF - plugin: C:\Users\Shaun\Program Files (x86)\DNA\plugins\npbtdna.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys --> C:\Windows\system32\Drivers\BtHidBus.sys [?]
R0 iaNvStor;Intel® Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys --> C:\Windows\system32\DRIVERS\iaNvStor.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-9 397720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-7-29 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-7-29 297240]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-5-3 21504]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-10-24 2391832]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 BsMobileCS;BsMobileCS;C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-1-7 143467]
R2 EPGService;EPGService;C:\PROGRA~2\WinTV\EPG Services\System\EPGService.exe [2008-5-17 431104]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-3 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-7 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-13 2348352]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-9-19 65536]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-7-29 976728]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe --> C:\Windows\System32\StkCSrv.exe [?]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\system32\Drivers\btnetBus.sys --> C:\Windows\system32\Drivers\btnetBus.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys --> C:\Windows\system32\Drivers\IvtBtBus.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw4v64.sys --> C:\Windows\system32\DRIVERS\NETw4v64.sys [?]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;C:\Windows\system32\Drivers\StkCMini.sys --> C:\Windows\system32\Drivers\StkCMini.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
R4 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-23 136176]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-23 136176]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~2\WinTV\HCWTVS~1.EXE [2008-5-17 815104]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\Windows\system32\Drivers\hcw95bda.sys --> C:\Windows\system32\Drivers\hcw95bda.sys [?]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\Windows\system32\DRIVERS\hcw95rc.sys --> C:\Windows\system32\DRIVERS\hcw95rc.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-2-29 942080]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-2-5 115184]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-10-23 19544]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys --> C:\Windows\system32\Drivers\PCAMp50a64.sys [?]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-5-3 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WNDA31vx.sys --> C:\Windows\system32\DRIVERS\WNDA31vx.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-5-27 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-09 18:44:07 -------- d-s---w- C:\ComboFix
2012-08-09 17:24:45 98816 ----a-w- C:\Windows\sed.exe
2012-08-09 17:24:45 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-09 17:24:45 256000 ----a-w- C:\Windows\PEV.exe
2012-08-09 17:24:45 208896 ----a-w- C:\Windows\MBR.exe
2012-08-08 16:39:37 -------- d-----w- C:\Program Files (x86)\Aurora
2012-08-07 15:25:54 -------- d-----w- C:\OLDGAMES
2012-08-07 15:05:05 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
2012-08-07 13:18:05 -------- d-----w- C:\Users\Shaun\AppData\Roaming\Malwarebytes
2012-08-07 13:17:45 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-07 13:17:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-07 13:17:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-16 20:40:35 -------- d-----w- C:\Program Files\iPod
2012-07-16 20:40:33 -------- d-----w- C:\Program Files\iTunes
2012-07-16 20:40:33 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-11 23:42:18 2769408 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-08-02 22:14:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 22:14:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-29 19:52:38 101688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 14:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-15 06:37:49 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-15 06:32:25 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-05-15 06:32:00 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-15 06:31:44 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-05-15 06:31:43 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-05-15 05:01:56 385024 ----a-w- C:\Windows\SysWow64\html.iec
2012-05-15 03:26:05 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-15 03:23:41 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 02:19:57 1147392 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 02:15:14 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2012-05-15 02:14:53 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-15 02:14:26 77312 ----a-w- C:\Windows\System32\iesetup.dll
2012-05-15 02:14:26 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2012-05-15 01:21:55 479232 ----a-w- C:\Windows\System32\html.iec
2012-05-15 00:40:32 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-15 00:39:13 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
.
============= FINISH: 20:47:26.99 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 11 August 2012 - 01:24 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Paranon

Paranon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 11 August 2012 - 12:23 PM

Hi Gringo, thanks for your help.

Requested logs included, Firefox seems to be running slowly, not sure if that's subjective or not because I know there's a problem.

Google is still being redirected, (5+ attempts to get to bleeping computer before being successful).

Malwarebytes is still blocking access to "206.161.121.3" during redirects. Although it doesn't actually stop the redirect itself.

Running Combofix the initial message suggested 10-20minutes for the scan. Not sure whether its important but my scan was over 2.5 hours before completion. I set it off and let it run without interference.


Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Emsisoft Anti-Malware
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
AVG PC Tuneup 2011
Java™ 6 Update 21
Java™ 6 Update 5
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.0_01
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (7.0.1)
Google Chrome 17.0.963.79
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Emsisoft Anti-Malware a2service.exe
EMSISOFT ANTI-MALWARE a2guard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````



ComboFix 12-08-09.01 - Shaun 08/11/2012 15:45:12.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.1500 [GMT 1:00]
Running from: c:\users\Shaun\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Shaun\AppData\Roaming\.#
c:\windows\SysWow64\AegisI5Installer.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 16:32 . 2012-08-11 16:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-11 16:32 . 2012-08-11 16:32 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-08-11 16:32 . 2012-08-11 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 00:15 . 2012-08-11 14:36 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-08-10 12:15 . 2012-08-10 12:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-10 12:15 . 2012-08-10 12:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-08 16:39 . 2012-08-08 16:39 -------- d-----w- c:\program files (x86)\Aurora
2012-08-07 15:05 . 2012-08-07 15:05 -------- d-----w- c:\program files (x86)\DOSBox-0.74
2012-08-07 13:18 . 2012-08-07 13:18 -------- d-----w- c:\users\Shaun\AppData\Roaming\Malwarebytes
2012-08-07 13:17 . 2012-08-08 14:23 -------- d-----w- c:\programdata\Malwarebytes
2012-08-07 13:17 . 2012-08-07 13:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-07 13:17 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-16 20:40 . 2012-07-16 20:40 -------- d-----w- c:\program files\iPod
2012-07-16 20:40 . 2012-07-16 20:41 -------- d-----w- c:\program files\iTunes
2012-07-16 20:40 . 2012-07-16 20:41 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 22:14 . 2012-04-09 12:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 22:14 . 2011-09-11 15:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-29 19:52 . 2011-04-27 22:49 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-07-11 23:43 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-06-13 13:58 . 2012-07-11 23:42 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 17:59 . 2012-07-11 15:18 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-11 15:18 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 15:18 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 15:18 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 15:18 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 15:18 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 13:56 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 13:57 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 13:57 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 13:57 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 13:56 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-19 13:56 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 13:56 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-19 13:57 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 13:56 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-19 13:56 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 14:19 . 2012-06-19 13:56 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:19 . 2012-06-19 13:56 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 14:15 . 2012-06-19 13:56 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 14:12 . 2012-06-19 13:56 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 00:22 . 2012-07-11 15:18 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 15:18 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 15:18 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 15:18 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 15:18 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-05-15 06:37 . 2012-06-13 20:58 916992 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-15 06:32 . 2012-06-13 20:58 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-15 06:32 . 2012-06-13 20:58 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-15 06:31 . 2012-06-13 20:58 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-15 06:31 . 2012-06-13 20:58 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-15 05:01 . 2012-06-13 20:58 385024 ----a-w- c:\windows\SysWow64\html.iec
2012-05-15 03:26 . 2012-06-13 20:58 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-15 03:23 . 2012-06-13 20:58 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 02:19 . 2012-06-13 20:58 1147392 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 02:19 . 2012-06-13 20:58 1488384 ----a-w- c:\windows\system32\urlmon.dll
2012-05-15 02:19 . 2012-06-13 20:58 108032 ----a-w- c:\windows\system32\url.dll
2012-05-15 02:18 . 2012-06-13 20:58 243712 ----a-w- c:\windows\system32\occache.dll
2012-05-15 02:16 . 2012-06-13 20:58 1062912 ----a-w- c:\windows\system32\mstime.dll
2012-05-15 02:15 . 2012-06-13 20:58 9328640 ----a-w- c:\windows\system32\mshtml.dll
2012-05-15 02:15 . 2012-06-13 20:58 98304 ----a-w- c:\windows\system32\mshtmled.dll
2012-05-15 02:15 . 2012-06-13 20:58 742912 ----a-w- c:\windows\system32\msfeeds.dll
2012-05-15 02:15 . 2012-06-13 20:58 71680 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-05-15 02:15 . 2012-06-13 20:58 56832 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 02:15 . 2012-06-13 20:58 31744 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 02:14 . 2012-06-13 20:58 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 02:14 . 2012-06-13 20:58 2350592 ----a-w- c:\windows\system32\iertutil.dll
2012-05-15 02:14 . 2012-06-13 20:58 77312 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 02:14 . 2012-06-13 20:58 219136 ----a-w- c:\windows\system32\ieui.dll
2012-05-15 02:14 . 2012-06-13 20:58 132096 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 02:14 . 2012-06-13 20:58 72192 ----a-w- c:\windows\system32\iernonce.dll
2012-05-15 02:14 . 2012-06-13 20:58 12508672 ----a-w- c:\windows\system32\ieframe.dll
2012-05-15 02:14 . 2012-06-13 20:58 252416 ----a-w- c:\windows\system32\iepeers.dll
2012-05-15 02:14 . 2012-06-13 20:58 459776 ----a-w- c:\windows\system32\iedkcs32.dll
2012-05-15 01:21 . 2012-06-13 20:58 479232 ----a-w- c:\windows\system32\html.iec
2012-05-15 00:40 . 2012-06-13 20:58 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 00:40 . 2012-06-13 20:58 70656 ----a-w- c:\windows\system32\ie4uinit.exe
2012-05-15 00:39 . 2012-06-13 20:58 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-05-15 00:39 . 2012-06-13 20:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 19:54 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2012-01-31 221184]
"Steam"="c:\program files (x86)\steam\steam.exe" [2012-08-04 1353080]
"Akamai NetSession Interface"="c:\users\Shaun\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2012-01-31 81920]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-19 36960]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2012-07-30 3408288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"DisableStartupSound"= 1 (0x1)
"DisplayLastLogonInfo"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - A2ACC
*NewlyCreated* - A2DDA
*NewlyCreated* - A2INJECTIONDRIVER
*NewlyCreated* - A2UTIL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 22:14]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-23 21:15]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-23 21:15]
.
2012-08-10 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2012-08-11 c:\windows\Tasks\User_Feed_Synchronization-{5DC8FE4C-AD59-49C2-9973-75665B76725B}.job
- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2010-02-21 20:07 266752 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2010-02-21 20:07 266752 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-20 1219368]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"RtHDVCpl"="RAVCpl64.exe" [2007-06-12 5178368]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: &Download All with FlashGet - c:\progra~2\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\progra~2\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
TCP: DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{A7A81881-8143-4276-8472-5956723EC40E}: NameServer = 141.1.1.1 195.27.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\e8xcrlvj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B367cbafd-117b-4f4a-8d32-16804edb963c%7D&mid=1ca2e30b9b639d6a5b8b22a9af81f5fd-aa404916a2f545999c2644c97f3278f08741b8bf&ds=AVG&v=10.0.0.7&lang=en&pr=pr&d=2011-10-25%2017%3A10%3A10&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-MFARestart - c:\programdata\MFAData\pack\avgrunasx.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ladbrokes (Poker) - c:\microgaming\Poker\LadbrokesMPP\install.exe
AddRemove-1638179825.go.sky.com - c:\program files (x86)\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2211988414-2933488153-336652813-1000\Software\SecuROM\License information*]
"datasecu"=hex:15,a7,5b,97,9f,6c,63,c3,77,2f,ab,5d,4f,32,a6,21,58,fe,18,49,31,
6b,98,e6,ad,03,dc,54,a5,a3,ae,e3,f9,a4,78,ff,13,1d,03,93,9e,2f,43,c5,d1,ba,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-08-11 17:59:05
ComboFix-quarantined-files.txt 2012-08-11 16:58
.
Pre-Run: 10,722,611,200 bytes free
Post-Run: 10,289,590,272 bytes free
.
- - End Of File - - 987430A3453AB34960E73348C205B1A6

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 11 August 2012 - 12:58 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Paranon

Paranon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 11 August 2012 - 02:11 PM

I'm having trouble running TDSSKiller. It's successfully downloaded to the desktop, however on double click nothing happens.

I've tried running the program as an administrator without success.

I've tried shutting down all the anti-virus/malware programs, still nothing.

Any ideas?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 11 August 2012 - 02:28 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Paranon

Paranon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 11 August 2012 - 03:39 PM

Gringo,

I've tried running fixTDSS, just like TDSSKiller it won't run.

Double click, then nothing.

It won't run with admin rights and neither program will run in Safemode.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 11 August 2012 - 03:49 PM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Paranon

Paranon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 11 August 2012 - 05:42 PM

Ok, took me a while to figure it out.

Attached is the screenshot you requested.

Attached Files



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 11 August 2012 - 05:46 PM

Greetings


I need you to boot back into GParted and right click on the first partition and select "manage flags" then select boot

close out gparted saving things as you leave and boot back into windows and report here


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Paranon

Paranon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 11 August 2012 - 06:10 PM

Reporting.

Also.

Big change in firefox speed (for the better) and no redirects since the reboot.

Edited by Paranon, 11 August 2012 - 06:18 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 11 August 2012 - 08:21 PM

that is good news


Now I want you to boot back into GParted and right click on the hidden partition and select delete


boot back into windows and report back here again



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Paranon

Paranon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 12 August 2012 - 06:49 AM

Ok, I've deleted the hidden partition.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 12 August 2012 - 12:37 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Paranon

Paranon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 12 August 2012 - 06:41 PM

TDSSKiller scan complete, logs included.

aswMBR has scanned, but I'm not sure if it was complete, it seemed to stall for over an hour. I had the option to save a log, so I did and it's also included.

20:35:53.0149 6080 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:35:53.0367 6080 ============================================================
20:35:53.0367 6080 Current date / time: 2012/08/12 20:35:53.0367
20:35:53.0367 6080 SystemInfo:
20:35:53.0367 6080
20:35:53.0367 6080 OS Version: 6.0.6002 ServicePack: 2.0
20:35:53.0367 6080 Product type: Workstation
20:35:53.0367 6080 ComputerName: MOJAVEXI
20:35:53.0367 6080 UserName: Shaun
20:35:53.0367 6080 Windows directory: C:\Windows
20:35:53.0367 6080 System windows directory: C:\Windows
20:35:53.0367 6080 Running under WOW64
20:35:53.0367 6080 Processor architecture: Intel x64
20:35:53.0367 6080 Number of processors: 2
20:35:53.0367 6080 Page size: 0x1000
20:35:53.0367 6080 Boot type: Normal boot
20:35:53.0367 6080 ============================================================
20:35:54.0319 6080 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:35:54.0334 6080 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:35:54.0334 6080 ============================================================
20:35:54.0334 6080 \Device\Harddisk0\DR0:
20:35:54.0334 6080 MBR partitions:
20:35:54.0334 6080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1749E000
20:35:54.0334 6080 \Device\Harddisk2\DR2:
20:35:54.0334 6080 MBR partitions:
20:35:54.0334 6080 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
20:35:54.0334 6080 ============================================================
20:35:54.0366 6080 C: <-> \Device\Harddisk0\DR0\Partition0
20:35:54.0381 6080 F: <-> \Device\Harddisk2\DR2\Partition0
20:35:54.0381 6080 ============================================================
20:35:54.0381 6080 Initialize success
20:35:54.0381 6080 ============================================================
20:36:02.0696 5876 ============================================================
20:36:02.0696 5876 Scan started
20:36:02.0696 5876 Mode: Manual;
20:36:02.0696 5876 ============================================================
20:36:03.0476 5876 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
20:36:03.0476 5876 ACPI - ok
20:36:03.0601 5876 AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
20:36:03.0601 5876 AdobeActiveFileMonitor9.0 - ok
20:36:03.0772 5876 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:36:03.0788 5876 AdobeFlashPlayerUpdateSvc - ok
20:36:03.0913 5876 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
20:36:03.0928 5876 adp94xx - ok
20:36:03.0975 5876 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
20:36:03.0991 5876 adpahci - ok
20:36:04.0038 5876 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
20:36:04.0038 5876 adpu160m - ok
20:36:04.0084 5876 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
20:36:04.0100 5876 adpu320 - ok
20:36:04.0131 5876 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
20:36:04.0147 5876 AeLookupSvc - ok
20:36:04.0209 5876 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
20:36:04.0225 5876 AFD - ok
20:36:04.0256 5876 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
20:36:04.0256 5876 agp440 - ok
20:36:04.0287 5876 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
20:36:04.0287 5876 aic78xx - ok
20:36:04.0693 5876 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
20:36:04.0693 5876 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
20:36:04.0708 5876 Akamai ( HiddenFile.Multi.Generic ) - warning
20:36:04.0708 5876 Akamai - detected HiddenFile.Multi.Generic (1)
20:36:04.0818 5876 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
20:36:04.0818 5876 ALG - ok
20:36:04.0849 5876 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
20:36:04.0849 5876 aliide - ok
20:36:04.0864 5876 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
20:36:04.0864 5876 amdide - ok
20:36:04.0880 5876 AmdK8 (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys
20:36:04.0880 5876 AmdK8 - ok
20:36:04.0927 5876 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
20:36:04.0927 5876 Appinfo - ok
20:36:05.0036 5876 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:36:05.0036 5876 Apple Mobile Device - ok
20:36:05.0114 5876 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
20:36:05.0114 5876 arc - ok
20:36:05.0145 5876 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
20:36:05.0161 5876 arcsas - ok
20:36:05.0301 5876 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:36:05.0317 5876 aspnet_state - ok
20:36:05.0348 5876 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
20:36:05.0348 5876 AsyncMac - ok
20:36:05.0410 5876 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
20:36:05.0410 5876 atapi - ok
20:36:05.0488 5876 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:36:05.0488 5876 AudioEndpointBuilder - ok
20:36:05.0504 5876 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:36:05.0520 5876 AudioSrv - ok
20:36:05.0566 5876 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
20:36:05.0566 5876 Avgfwfd - ok
20:36:05.0832 5876 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
20:36:05.0863 5876 avgfws - ok
20:36:06.0284 5876 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
20:36:06.0346 5876 AVGIDSAgent - ok
20:36:06.0487 5876 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:36:06.0487 5876 AVGIDSDriver - ok
20:36:06.0518 5876 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:36:06.0534 5876 AVGIDSEH - ok
20:36:06.0549 5876 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:36:06.0549 5876 AVGIDSFilter - ok
20:36:06.0612 5876 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
20:36:06.0612 5876 Avgldx64 - ok
20:36:06.0627 5876 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:36:06.0627 5876 Avgmfx64 - ok
20:36:06.0690 5876 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:36:06.0690 5876 Avgrkx64 - ok
20:36:06.0768 5876 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
20:36:06.0783 5876 Avgtdia - ok
20:36:06.0908 5876 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:36:06.0908 5876 avgwd - ok
20:36:06.0955 5876 Beep - ok
20:36:07.0033 5876 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
20:36:07.0048 5876 BFE - ok
20:36:07.0173 5876 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
20:36:07.0204 5876 BITS - ok
20:36:07.0220 5876 blbdrive - ok
20:36:07.0267 5876 BlueletAudio (00676b9ca4cd1abab2a53496ddcbb258) C:\Windows\system32\DRIVERS\blueletaudio.sys
20:36:07.0267 5876 BlueletAudio - ok
20:36:07.0298 5876 BlueletSCOAudio (97176276e8c701633e5f2eca212c262d) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
20:36:07.0298 5876 BlueletSCOAudio - ok
20:36:07.0423 5876 BlueSoleilCS (6b9a05142c22133dc48c3474a4b1a252) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
20:36:07.0438 5876 BlueSoleilCS - ok
20:36:07.0532 5876 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:36:07.0548 5876 Bonjour Service - ok
20:36:07.0672 5876 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
20:36:07.0688 5876 bowser - ok
20:36:07.0719 5876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
20:36:07.0719 5876 BrFiltLo - ok
20:36:07.0766 5876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
20:36:07.0766 5876 BrFiltUp - ok
20:36:07.0813 5876 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
20:36:07.0813 5876 Browser - ok
20:36:07.0844 5876 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
20:36:07.0844 5876 Brserid - ok
20:36:07.0860 5876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
20:36:07.0860 5876 BrSerWdm - ok
20:36:07.0875 5876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
20:36:07.0875 5876 BrUsbMdm - ok
20:36:07.0891 5876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
20:36:07.0891 5876 BrUsbSer - ok
20:36:07.0969 5876 BsHelpCS (52ce2bc8108e8934e4a3269c627db9b7) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
20:36:07.0969 5876 BsHelpCS - ok
20:36:08.0016 5876 BsMobileCS (3c2f29009c343d21596ae6a4dcd7c9dd) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
20:36:08.0016 5876 BsMobileCS - ok
20:36:08.0047 5876 BT (b418ccb9936e5b693dace8035915a077) C:\Windows\system32\DRIVERS\btnetdrv.sys
20:36:08.0047 5876 BT - ok
20:36:08.0078 5876 Btcsrusb (118dc6a465a42559b2d778db234b0904) C:\Windows\system32\Drivers\btcusb.sys
20:36:08.0078 5876 Btcsrusb - ok
20:36:08.0125 5876 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
20:36:08.0125 5876 BthEnum - ok
20:36:08.0203 5876 BtHidBus (992d8c032884dc4c837c40bf52cb5c89) C:\Windows\system32\Drivers\BtHidBus.sys
20:36:08.0218 5876 BtHidBus - ok
20:36:08.0234 5876 BTHidEnum - ok
20:36:08.0234 5876 BTHidMgr - ok
20:36:08.0265 5876 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
20:36:08.0281 5876 BTHMODEM - ok
20:36:08.0312 5876 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
20:36:08.0328 5876 BthPan - ok
20:36:08.0374 5876 BTHPORT (e76f40c8dffd33b6f142de90d3cabb73) C:\Windows\system32\Drivers\BTHport.sys
20:36:08.0390 5876 BTHPORT - ok
20:36:08.0437 5876 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
20:36:08.0437 5876 BthServ - ok
20:36:08.0468 5876 BTHUSB (cd52602d1884c6867269babcb67849c5) C:\Windows\system32\Drivers\BTHUSB.sys
20:36:08.0484 5876 BTHUSB - ok
20:36:08.0499 5876 btnetBUs (40aaab64465e42c72b6411aaeb3eef0f) C:\Windows\system32\Drivers\btnetBus.sys
20:36:08.0499 5876 btnetBUs - ok
20:36:08.0655 5876 catchme - ok
20:36:08.0702 5876 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
20:36:08.0702 5876 cdfs - ok
20:36:08.0749 5876 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
20:36:08.0764 5876 cdrom - ok
20:36:08.0796 5876 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:36:08.0796 5876 CertPropSvc - ok
20:36:08.0842 5876 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
20:36:08.0842 5876 circlass - ok
20:36:08.0920 5876 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
20:36:08.0920 5876 CLFS - ok
20:36:09.0030 5876 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:36:09.0030 5876 clr_optimization_v2.0.50727_32 - ok
20:36:09.0092 5876 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:36:09.0108 5876 clr_optimization_v2.0.50727_64 - ok
20:36:09.0186 5876 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:36:09.0217 5876 clr_optimization_v4.0.30319_32 - ok
20:36:09.0279 5876 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:36:09.0279 5876 clr_optimization_v4.0.30319_64 - ok
20:36:09.0326 5876 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
20:36:09.0342 5876 CmBatt - ok
20:36:09.0357 5876 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
20:36:09.0373 5876 cmdide - ok
20:36:09.0404 5876 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
20:36:09.0404 5876 Compbatt - ok
20:36:09.0420 5876 COMSysApp - ok
20:36:09.0435 5876 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
20:36:09.0435 5876 crcdisk - ok
20:36:09.0482 5876 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
20:36:09.0498 5876 CryptSvc - ok
20:36:09.0591 5876 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:36:09.0622 5876 DcomLaunch - ok
20:36:09.0685 5876 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
20:36:09.0685 5876 DfsC - ok
20:36:09.0997 5876 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
20:36:10.0090 5876 DFSR - ok
20:36:10.0200 5876 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
20:36:10.0215 5876 Dhcp - ok
20:36:10.0324 5876 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
20:36:10.0387 5876 disk - ok
20:36:10.0418 5876 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
20:36:10.0418 5876 Dnscache - ok
20:36:10.0465 5876 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
20:36:10.0465 5876 dot3svc - ok
20:36:10.0496 5876 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
20:36:10.0496 5876 DPS - ok
20:36:10.0527 5876 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
20:36:10.0527 5876 drmkaud - ok
20:36:10.0636 5876 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
20:36:10.0652 5876 DXGKrnl - ok
20:36:10.0699 5876 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:36:10.0699 5876 E1G60 - ok
20:36:10.0730 5876 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
20:36:10.0730 5876 EapHost - ok
20:36:10.0792 5876 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
20:36:10.0808 5876 Ecache - ok
20:36:10.0886 5876 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
20:36:10.0886 5876 ehRecvr - ok
20:36:10.0933 5876 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
20:36:10.0933 5876 ehSched - ok
20:36:10.0964 5876 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
20:36:10.0964 5876 ehstart - ok
20:36:11.0011 5876 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
20:36:11.0011 5876 elxstor - ok
20:36:11.0073 5876 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
20:36:11.0089 5876 EMDMgmt - ok
20:36:11.0120 5876 EMSCR (4307767194f81ab7705f53387089ab17) C:\Windows\system32\DRIVERS\EMS7SK.sys
20:36:11.0120 5876 EMSCR - ok
20:36:11.0276 5876 EPGService (9a36b191233e6a8f0b9d8d1c4846c253) C:\PROGRA~2\WinTV\EPG Services\System\EPGService.exe
20:36:11.0276 5876 EPGService - ok
20:36:11.0307 5876 ESDCR (c7ff8bb6ee6446da8040cccc1b08049e) C:\Windows\system32\DRIVERS\ESD7SK.sys
20:36:11.0307 5876 ESDCR - ok
20:36:11.0385 5876 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
20:36:11.0401 5876 EventSystem - ok
20:36:11.0479 5876 EvtEng (ac5203b9e89312644f5475be4c38522f) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:36:11.0510 5876 EvtEng - ok
20:36:11.0557 5876 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
20:36:11.0557 5876 exfat - ok
20:36:11.0619 5876 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
20:36:11.0635 5876 fastfat - ok
20:36:11.0666 5876 fdc (61b6dbd1ad1143f008364d4e9a96b224) C:\Windows\system32\DRIVERS\fdc.sys
20:36:11.0666 5876 fdc - ok
20:36:11.0713 5876 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
20:36:11.0713 5876 fdPHost - ok
20:36:11.0760 5876 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
20:36:11.0760 5876 FDResPub - ok
20:36:11.0806 5876 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
20:36:11.0806 5876 FileInfo - ok
20:36:11.0853 5876 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
20:36:11.0853 5876 Filetrace - ok
20:36:11.0900 5876 flpydisk (12c3d1b4d0ce49e1ce343ba2f22f15e0) C:\Windows\system32\DRIVERS\flpydisk.sys
20:36:11.0900 5876 flpydisk - ok
20:36:11.0994 5876 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
20:36:11.0994 5876 FltMgr - ok
20:36:12.0134 5876 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
20:36:12.0165 5876 FontCache - ok
20:36:12.0259 5876 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:36:12.0259 5876 FontCache3.0.0.0 - ok
20:36:12.0321 5876 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
20:36:12.0337 5876 Fs_Rec - ok
20:36:12.0368 5876 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
20:36:12.0384 5876 gagp30kx - ok
20:36:12.0415 5876 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:36:12.0430 5876 GEARAspiWDM - ok
20:36:12.0524 5876 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
20:36:12.0524 5876 GoToAssist - ok
20:36:12.0618 5876 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
20:36:12.0649 5876 gpsvc - ok
20:36:12.0727 5876 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:36:12.0727 5876 gupdate - ok
20:36:12.0758 5876 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:36:12.0758 5876 gupdatem - ok
20:36:12.0805 5876 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:36:12.0820 5876 gusvc - ok
20:36:12.0930 5876 HauppaugeTVServer (71116b7caa23da5ef53d905f2b50e0bb) C:\PROGRA~2\WinTV\HCWTVS~1.EXE
20:36:12.0961 5876 HauppaugeTVServer - ok
20:36:13.0164 5876 hcw95bda (4587d194f9a8bfd193624589c847b30e) C:\Windows\system32\Drivers\hcw95bda.sys
20:36:13.0179 5876 hcw95bda - ok
20:36:13.0210 5876 hcw95rc (901a70f9085101266efb28d05671b5cd) C:\Windows\system32\DRIVERS\hcw95rc.sys
20:36:13.0210 5876 hcw95rc - ok
20:36:13.0273 5876 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
20:36:13.0288 5876 HdAudAddService - ok
20:36:13.0398 5876 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:36:13.0413 5876 HDAudBus - ok
20:36:13.0444 5876 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
20:36:13.0444 5876 HidBth - ok
20:36:13.0476 5876 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
20:36:13.0476 5876 HidIr - ok
20:36:13.0522 5876 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
20:36:13.0522 5876 hidserv - ok
20:36:13.0538 5876 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
20:36:13.0538 5876 HidUsb - ok
20:36:13.0585 5876 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
20:36:13.0600 5876 hkmsvc - ok
20:36:13.0616 5876 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
20:36:13.0632 5876 HpCISSs - ok
20:36:13.0694 5876 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
20:36:13.0710 5876 HTTP - ok
20:36:13.0725 5876 hwdatacard - ok
20:36:13.0772 5876 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
20:36:13.0772 5876 i2omp - ok
20:36:13.0803 5876 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
20:36:13.0819 5876 i8042prt - ok
20:36:13.0928 5876 IAANTMON (68431db6633ed4c9d18226384498310a) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:36:13.0928 5876 IAANTMON - ok
20:36:14.0022 5876 iaNvStor (5e3996fb84cb827c959de9a928786b63) C:\Windows\system32\DRIVERS\iaNvStor.sys
20:36:14.0037 5876 iaNvStor - ok
20:36:14.0100 5876 iaStor (6e9bedaefa5a3f86cecf40f4963f3021) C:\Windows\system32\DRIVERS\iaStor.sys
20:36:14.0100 5876 iaStor - ok
20:36:14.0146 5876 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
20:36:14.0146 5876 iaStorV - ok
20:36:14.0224 5876 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:36:14.0224 5876 IDriverT - ok
20:36:14.0365 5876 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:36:14.0380 5876 idsvc - ok
20:36:14.0412 5876 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
20:36:14.0427 5876 iirsp - ok
20:36:14.0490 5876 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
20:36:14.0505 5876 IKEEXT - ok
20:36:14.0599 5876 IntcAzAudAddService (9d81aa3e717e02db58f86c79abbc63cf) C:\Windows\system32\drivers\RTKVHD64.sys
20:36:14.0630 5876 IntcAzAudAddService - ok
20:36:14.0661 5876 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
20:36:14.0661 5876 intelide - ok
20:36:14.0692 5876 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
20:36:14.0708 5876 intelppm - ok
20:36:14.0739 5876 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
20:36:14.0739 5876 IPBusEnum - ok
20:36:14.0786 5876 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:36:14.0786 5876 IpFilterDriver - ok
20:36:14.0833 5876 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
20:36:14.0833 5876 iphlpsvc - ok
20:36:14.0833 5876 IpInIp - ok
20:36:14.0864 5876 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
20:36:14.0864 5876 IPMIDRV - ok
20:36:14.0911 5876 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
20:36:14.0911 5876 IPNAT - ok
20:36:15.0067 5876 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
20:36:15.0082 5876 iPod Service - ok
20:36:15.0129 5876 irda (86583188c7157ffda249529423fc3e6f) C:\Windows\system32\DRIVERS\irda.sys
20:36:15.0145 5876 irda - ok
20:36:15.0176 5876 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
20:36:15.0176 5876 IRENUM - ok
20:36:15.0207 5876 Irmon (b78af3c5820c0ac3183549ef8c671e67) C:\Windows\System32\irmon.dll
20:36:15.0223 5876 Irmon - ok
20:36:15.0238 5876 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
20:36:15.0238 5876 isapnp - ok
20:36:15.0301 5876 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
20:36:15.0301 5876 iScsiPrt - ok
20:36:15.0332 5876 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
20:36:15.0332 5876 iteatapi - ok
20:36:15.0379 5876 itecir (e157d6b89d87a1b467ecdd66d280a1c2) C:\Windows\system32\DRIVERS\itecir.sys
20:36:15.0394 5876 itecir - ok
20:36:15.0426 5876 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
20:36:15.0426 5876 iteraid - ok
20:36:15.0472 5876 IvtBtBUs (1c6d68a0bf108a5b3d40b2e84ae3ccda) C:\Windows\system32\Drivers\IvtBtBus.sys
20:36:15.0472 5876 IvtBtBUs - ok
20:36:15.0628 5876 jswpsapi (78d233d835a8876035ac559afe02b940) C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe
20:36:15.0660 5876 jswpsapi - ok
20:36:15.0706 5876 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
20:36:15.0706 5876 JSWPSLWF - ok
20:36:15.0753 5876 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
20:36:15.0769 5876 kbdclass - ok
20:36:15.0816 5876 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
20:36:15.0816 5876 kbdhid - ok
20:36:15.0847 5876 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:36:15.0862 5876 KeyIso - ok
20:36:15.0940 5876 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
20:36:15.0956 5876 KSecDD - ok
20:36:16.0003 5876 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
20:36:16.0003 5876 ksthunk - ok
20:36:16.0065 5876 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
20:36:16.0081 5876 KtmRm - ok
20:36:16.0159 5876 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
20:36:16.0174 5876 LanmanServer - ok
20:36:16.0221 5876 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
20:36:16.0237 5876 LanmanWorkstation - ok
20:36:16.0268 5876 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
20:36:16.0268 5876 lltdio - ok
20:36:16.0315 5876 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
20:36:16.0330 5876 lltdsvc - ok
20:36:16.0362 5876 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
20:36:16.0362 5876 lmhosts - ok
20:36:16.0408 5876 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
20:36:16.0408 5876 LSI_FC - ok
20:36:16.0424 5876 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
20:36:16.0440 5876 LSI_SAS - ok
20:36:16.0455 5876 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
20:36:16.0455 5876 LSI_SCSI - ok
20:36:16.0502 5876 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
20:36:16.0502 5876 luafv - ok
20:36:16.0549 5876 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
20:36:16.0549 5876 MBAMProtector - ok
20:36:16.0658 5876 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:36:16.0674 5876 MBAMService - ok
20:36:16.0720 5876 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
20:36:16.0720 5876 Mcx2Svc - ok
20:36:16.0736 5876 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
20:36:16.0736 5876 megasas - ok
20:36:16.0783 5876 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:36:16.0783 5876 MMCSS - ok
20:36:16.0830 5876 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
20:36:16.0830 5876 Modem - ok
20:36:16.0861 5876 MODEMCSA (8985460fd448348f7ac748460d0a1cf4) C:\Windows\system32\drivers\MODEMCSA.sys
20:36:16.0861 5876 MODEMCSA - ok
20:36:16.0908 5876 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
20:36:16.0908 5876 monitor - ok
20:36:16.0923 5876 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
20:36:16.0939 5876 mouclass - ok
20:36:16.0939 5876 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
20:36:16.0954 5876 mouhid - ok
20:36:16.0986 5876 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
20:36:16.0986 5876 MountMgr - ok
20:36:17.0064 5876 MozillaMaintenance (de234f4479d29fc8c0dda8e52117fe0a) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:36:17.0064 5876 MozillaMaintenance - ok
20:36:17.0126 5876 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
20:36:17.0126 5876 mpio - ok
20:36:17.0157 5876 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
20:36:17.0157 5876 mpsdrv - ok
20:36:17.0235 5876 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
20:36:17.0251 5876 MpsSvc - ok
20:36:17.0282 5876 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
20:36:17.0282 5876 Mraid35x - ok
20:36:17.0329 5876 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
20:36:17.0329 5876 MRxDAV - ok
20:36:17.0391 5876 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:36:17.0391 5876 mrxsmb - ok
20:36:17.0438 5876 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:36:17.0438 5876 mrxsmb10 - ok
20:36:17.0469 5876 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:36:17.0469 5876 mrxsmb20 - ok
20:36:17.0485 5876 msahci (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
20:36:17.0485 5876 msahci - ok
20:36:17.0532 5876 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
20:36:17.0532 5876 msdsm - ok
20:36:17.0578 5876 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
20:36:17.0578 5876 MSDTC - ok
20:36:17.0641 5876 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
20:36:17.0641 5876 Msfs - ok
20:36:17.0703 5876 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
20:36:17.0703 5876 msisadrv - ok
20:36:17.0750 5876 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
20:36:17.0750 5876 MSiSCSI - ok
20:36:17.0766 5876 msiserver - ok
20:36:17.0797 5876 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
20:36:17.0797 5876 MSKSSRV - ok
20:36:17.0844 5876 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
20:36:17.0844 5876 MSPCLOCK - ok
20:36:17.0859 5876 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
20:36:17.0859 5876 MSPQM - ok
20:36:17.0922 5876 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
20:36:17.0922 5876 MsRPC - ok
20:36:17.0953 5876 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
20:36:17.0953 5876 mssmbios - ok
20:36:17.0984 5876 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
20:36:17.0984 5876 MSTEE - ok
20:36:18.0015 5876 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
20:36:18.0015 5876 Mup - ok
20:36:18.0109 5876 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
20:36:18.0109 5876 napagent - ok
20:36:18.0171 5876 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
20:36:18.0171 5876 NativeWifiP - ok
20:36:18.0374 5876 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
20:36:18.0405 5876 NDIS - ok
20:36:18.0452 5876 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
20:36:18.0468 5876 NdisTapi - ok
20:36:18.0499 5876 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
20:36:18.0514 5876 Ndisuio - ok
20:36:18.0561 5876 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
20:36:18.0561 5876 NdisWan - ok
20:36:18.0608 5876 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
20:36:18.0608 5876 NDProxy - ok
20:36:18.0624 5876 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
20:36:18.0624 5876 NetBIOS - ok
20:36:18.0670 5876 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
20:36:18.0670 5876 netbt - ok
20:36:18.0733 5876 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:36:18.0733 5876 Netlogon - ok
20:36:18.0780 5876 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
20:36:18.0795 5876 Netman - ok
20:36:18.0904 5876 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:36:18.0904 5876 NetMsmqActivator - ok
20:36:18.0920 5876 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:36:18.0920 5876 NetPipeActivator - ok
20:36:18.0982 5876 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
20:36:18.0998 5876 netprofm - ok
20:36:19.0014 5876 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:36:19.0014 5876 NetTcpActivator - ok
20:36:19.0014 5876 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:36:19.0029 5876 NetTcpPortSharing - ok
20:36:19.0294 5876 NETw4v64 (071ff34b560113790fe6e7ec0cee67c5) C:\Windows\system32\DRIVERS\NETw4v64.sys
20:36:19.0372 5876 NETw4v64 - ok
20:36:19.0513 5876 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
20:36:19.0513 5876 nfrd960 - ok
20:36:19.0575 5876 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
20:36:19.0591 5876 NlaSvc - ok
20:36:19.0638 5876 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
20:36:19.0638 5876 Npfs - ok
20:36:19.0684 5876 NSCIRDA (228c7cf50a584dd58e72fcefac7d8914) C:\Windows\system32\DRIVERS\nscirda.sys
20:36:19.0684 5876 NSCIRDA - ok
20:36:19.0716 5876 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
20:36:19.0731 5876 nsi - ok
20:36:19.0778 5876 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
20:36:19.0778 5876 nsiproxy - ok
20:36:19.0965 5876 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
20:36:19.0996 5876 Ntfs - ok
20:36:20.0137 5876 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
20:36:20.0137 5876 Null - ok
20:36:21.0276 5876 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:36:21.0588 5876 nvlddmkm - ok
20:36:21.0697 5876 nvraid (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
20:36:21.0712 5876 nvraid - ok
20:36:21.0728 5876 nvstor (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
20:36:21.0728 5876 nvstor - ok
20:36:21.0868 5876 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
20:36:21.0900 5876 nvsvc - ok
20:36:22.0243 5876 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:36:22.0305 5876 nvUpdatusService - ok
20:36:22.0477 5876 nv_agp (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
20:36:22.0477 5876 nv_agp - ok
20:36:22.0508 5876 NwlnkFlt - ok
20:36:22.0524 5876 NwlnkFwd - ok
20:36:22.0633 5876 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:36:22.0648 5876 odserv - ok
20:36:22.0711 5876 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
20:36:22.0711 5876 ohci1394 - ok
20:36:22.0758 5876 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:36:22.0758 5876 ose - ok
20:36:22.0882 5876 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:36:22.0914 5876 p2pimsvc - ok
20:36:22.0929 5876 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:36:22.0945 5876 p2psvc - ok
20:36:22.0992 5876 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
20:36:22.0992 5876 Parport - ok
20:36:23.0054 5876 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
20:36:23.0070 5876 partmgr - ok
20:36:23.0148 5876 pbfilter (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
20:36:23.0148 5876 pbfilter - ok
20:36:23.0194 5876 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
20:36:23.0210 5876 PCAMp50a64 - ok
20:36:23.0257 5876 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
20:36:23.0257 5876 PCASp50a64 - ok
20:36:23.0319 5876 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
20:36:23.0319 5876 PcaSvc - ok
20:36:23.0366 5876 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
20:36:23.0382 5876 pci - ok
20:36:23.0397 5876 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
20:36:23.0397 5876 pciide - ok
20:36:23.0428 5876 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
20:36:23.0444 5876 pcmcia - ok
20:36:23.0522 5876 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
20:36:23.0538 5876 PEAUTH - ok
20:36:23.0647 5876 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
20:36:23.0647 5876 PerfHost - ok
20:36:23.0787 5876 pgsql-8.3 (4e87ef38a053f02e454935c8440ec91a) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
20:36:23.0787 5876 pgsql-8.3 - ok
20:36:24.0006 5876 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
20:36:24.0052 5876 pla - ok
20:36:24.0130 5876 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
20:36:24.0130 5876 PlugPlay - ok
20:36:24.0240 5876 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
20:36:24.0255 5876 PMBDeviceInfoProvider - ok
20:36:24.0364 5876 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:36:24.0364 5876 PNRPAutoReg - ok
20:36:24.0380 5876 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:36:24.0380 5876 PNRPsvc - ok
20:36:24.0458 5876 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
20:36:24.0458 5876 PolicyAgent - ok
20:36:24.0536 5876 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
20:36:24.0552 5876 PptpMiniport - ok
20:36:24.0583 5876 Processor (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
20:36:24.0583 5876 Processor - ok
20:36:24.0630 5876 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
20:36:24.0630 5876 ProfSvc - ok
20:36:24.0676 5876 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:36:24.0676 5876 ProtectedStorage - ok
20:36:24.0723 5876 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
20:36:24.0739 5876 PSched - ok
20:36:24.0786 5876 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:36:24.0786 5876 PxHlpa64 - ok
20:36:24.0879 5876 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
20:36:24.0895 5876 ql2300 - ok
20:36:24.0926 5876 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
20:36:24.0926 5876 ql40xx - ok
20:36:25.0020 5876 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
20:36:25.0020 5876 QWAVE - ok
20:36:25.0082 5876 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
20:36:25.0082 5876 QWAVEdrv - ok
20:36:25.0363 5876 RapportCerberus_42020 (00935d8da2dcd34017544cfeba97d1e7) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys
20:36:25.0378 5876 RapportCerberus_42020 - ok
20:36:25.0519 5876 RapportEI64 (e00b1dac20b52781a6f697235a1ce9d4) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
20:36:25.0534 5876 RapportEI64 - ok
20:36:25.0628 5876 RapportKE64 (a0d6937897654813c27cb149fc4337e4) C:\Windows\system32\Drivers\RapportKE64.sys
20:36:25.0644 5876 RapportKE64 - ok
20:36:25.0753 5876 RapportMgmtService (61b37c0b3fd7da7414c20d917469bfff) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
20:36:25.0784 5876 RapportMgmtService - ok
20:36:25.0831 5876 RapportPG64 (9b5d119785654bf8219dcbd0c1925ff7) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
20:36:25.0831 5876 RapportPG64 - ok
20:36:26.0002 5876 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
20:36:26.0002 5876 RasAcd - ok
20:36:26.0049 5876 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
20:36:26.0065 5876 RasAuto - ok
20:36:26.0112 5876 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:36:26.0112 5876 Rasl2tp - ok
20:36:26.0143 5876 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
20:36:26.0158 5876 RasMan - ok
20:36:26.0205 5876 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
20:36:26.0205 5876 RasPppoe - ok
20:36:26.0252 5876 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
20:36:26.0268 5876 RasSstp - ok
20:36:26.0346 5876 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
20:36:26.0346 5876 rdbss - ok
20:36:26.0408 5876 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:36:26.0424 5876 RDPCDD - ok
20:36:26.0470 5876 rdpdr (2d98dda8edce73df99854bf3692ccc87) C:\Windows\system32\drivers\rdpdr.sys
20:36:26.0470 5876 rdpdr - ok
20:36:26.0470 5876 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
20:36:26.0470 5876 RDPENCDD - ok
20:36:26.0533 5876 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
20:36:26.0533 5876 RDPWD - ok
20:36:26.0611 5876 RegSrvc (ce0b44e7175e5fa41e13a468b8c877e9) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:36:26.0611 5876 RegSrvc - ok
20:36:26.0673 5876 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
20:36:26.0673 5876 RemoteAccess - ok
20:36:26.0736 5876 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
20:36:26.0751 5876 RemoteRegistry - ok
20:36:26.0798 5876 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
20:36:26.0814 5876 RFCOMM - ok
20:36:26.0845 5876 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
20:36:26.0845 5876 ROOTMODEM - ok
20:36:26.0892 5876 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
20:36:26.0892 5876 RpcLocator - ok
20:36:27.0001 5876 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:36:27.0001 5876 RpcSs - ok
20:36:27.0063 5876 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
20:36:27.0063 5876 rspndr - ok
20:36:27.0110 5876 RTL8169 (d5be3b7b527af1cd06a7d985cee57e55) C:\Windows\system32\DRIVERS\Rtlh64.sys
20:36:27.0110 5876 RTL8169 - ok
20:36:27.0157 5876 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:36:27.0157 5876 SamSs - ok
20:36:27.0204 5876 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
20:36:27.0204 5876 sbp2port - ok
20:36:27.0266 5876 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
20:36:27.0282 5876 SCardSvr - ok
20:36:27.0391 5876 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
20:36:27.0422 5876 Schedule - ok
20:36:27.0484 5876 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:36:27.0484 5876 SCPolicySvc - ok
20:36:27.0516 5876 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
20:36:27.0516 5876 sdbus - ok
20:36:27.0562 5876 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
20:36:27.0578 5876 SDRSVC - ok
20:36:27.0594 5876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:36:27.0594 5876 secdrv - ok
20:36:27.0625 5876 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
20:36:27.0625 5876 seclogon - ok
20:36:27.0672 5876 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
20:36:27.0687 5876 SENS - ok
20:36:27.0718 5876 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
20:36:27.0718 5876 Serenum - ok
20:36:27.0734 5876 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
20:36:27.0750 5876 Serial - ok
20:36:27.0781 5876 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
20:36:27.0781 5876 sermouse - ok
20:36:27.0874 5876 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
20:36:27.0890 5876 SessionEnv - ok
20:36:27.0921 5876 sffdisk (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
20:36:27.0921 5876 sffdisk - ok
20:36:27.0952 5876 sffp_mmc (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
20:36:27.0952 5876 sffp_mmc - ok
20:36:27.0968 5876 sffp_sd (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
20:36:27.0984 5876 sffp_sd - ok
20:36:27.0999 5876 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
20:36:27.0999 5876 sfloppy - ok
20:36:28.0062 5876 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
20:36:28.0077 5876 SharedAccess - ok
20:36:28.0124 5876 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
20:36:28.0140 5876 ShellHWDetection - ok
20:36:28.0171 5876 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
20:36:28.0171 5876 SiSRaid2 - ok
20:36:28.0202 5876 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
20:36:28.0218 5876 SiSRaid4 - ok
20:36:28.0561 5876 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:36:28.0639 5876 Skype C2C Service - ok
20:36:28.0826 5876 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:36:28.0842 5876 SkypeUpdate - ok
20:36:29.0138 5876 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
20:36:29.0169 5876 slsvc - ok
20:36:29.0294 5876 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
20:36:29.0294 5876 SLUINotify - ok
20:36:29.0372 5876 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
20:36:29.0372 5876 Smb - ok
20:36:29.0528 5876 smserial (22631aaf0ac9e9881ce76beac27d8030) C:\Windows\system32\DRIVERS\smserial.sys
20:36:29.0559 5876 smserial - ok
20:36:29.0606 5876 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
20:36:29.0606 5876 SNMPTRAP - ok
20:36:29.0668 5876 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
20:36:29.0668 5876 spldr - ok
20:36:29.0715 5876 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
20:36:29.0715 5876 Spooler - ok
20:36:29.0793 5876 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
20:36:29.0809 5876 srv - ok
20:36:29.0871 5876 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
20:36:29.0871 5876 srv2 - ok
20:36:29.0902 5876 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
20:36:29.0902 5876 srvnet - ok
20:36:29.0965 5876 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
20:36:29.0980 5876 SSDPSRV - ok
20:36:30.0027 5876 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
20:36:30.0027 5876 SstpSvc - ok
20:36:30.0105 5876 Steam Client Service - ok
20:36:30.0277 5876 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:36:30.0277 5876 Stereo Service - ok
20:36:30.0386 5876 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
20:36:30.0402 5876 stisvc - ok
20:36:30.0604 5876 StkCMini (8c74684d421f18dfa7ac1c0f6018955f) C:\Windows\system32\Drivers\StkCMini.sys
20:36:30.0636 5876 StkCMini - ok
20:36:30.0729 5876 StkSSrv (7b072f348b63098c94cccbbd3516a558) C:\Windows\System32\StkCSrv.exe
20:36:30.0745 5876 StkSSrv - ok
20:36:30.0792 5876 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
20:36:30.0792 5876 swenum - ok
20:36:30.0870 5876 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
20:36:30.0885 5876 swprv - ok
20:36:30.0916 5876 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
20:36:30.0916 5876 Symc8xx - ok
20:36:30.0932 5876 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
20:36:30.0932 5876 Sym_hi - ok
20:36:30.0963 5876 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
20:36:30.0963 5876 Sym_u3 - ok
20:36:31.0010 5876 SynTP (8896f5ca5a472fc6bb8ee6be5a0d3d2a) C:\Windows\system32\DRIVERS\SynTP.sys
20:36:31.0010 5876 SynTP - ok
20:36:31.0119 5876 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
20:36:31.0135 5876 SysMain - ok
20:36:31.0182 5876 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
20:36:31.0182 5876 TabletInputService - ok
20:36:31.0244 5876 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
20:36:31.0260 5876 TapiSrv - ok
20:36:31.0306 5876 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
20:36:31.0322 5876 TBS - ok
20:36:31.0525 5876 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
20:36:31.0572 5876 Tcpip - ok
20:36:31.0759 5876 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
20:36:31.0774 5876 Tcpip6 - ok
20:36:31.0852 5876 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
20:36:31.0852 5876 tcpipreg - ok
20:36:31.0884 5876 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
20:36:31.0884 5876 TDPIPE - ok
20:36:31.0915 5876 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
20:36:31.0915 5876 TDTCP - ok
20:36:31.0962 5876 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
20:36:31.0962 5876 tdx - ok
20:36:31.0993 5876 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
20:36:31.0993 5876 TermDD - ok
20:36:32.0086 5876 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
20:36:32.0102 5876 TermService - ok
20:36:32.0180 5876 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
20:36:32.0180 5876 Themes - ok
20:36:32.0227 5876 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:36:32.0227 5876 THREADORDER - ok
20:36:32.0274 5876 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
20:36:32.0289 5876 TrkWks - ok
20:36:32.0336 5876 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
20:36:32.0352 5876 TrustedInstaller - ok
20:36:32.0414 5876 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:36:32.0414 5876 tssecsrv - ok
20:36:32.0461 5876 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
20:36:32.0461 5876 tunmp - ok
20:36:32.0523 5876 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
20:36:32.0523 5876 tunnel - ok
20:36:32.0570 5876 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
20:36:32.0570 5876 uagp35 - ok
20:36:32.0664 5876 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
20:36:32.0679 5876 udfs - ok
20:36:32.0757 5876 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
20:36:32.0757 5876 UI0Detect - ok
20:36:32.0788 5876 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
20:36:32.0788 5876 uliagpkx - ok
20:36:32.0835 5876 uliahci (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
20:36:32.0835 5876 uliahci - ok
20:36:32.0882 5876 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
20:36:32.0882 5876 UlSata - ok
20:36:32.0913 5876 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
20:36:32.0913 5876 ulsata2 - ok
20:36:32.0976 5876 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
20:36:32.0976 5876 umbus - ok
20:36:33.0038 5876 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
20:36:33.0038 5876 upnphost - ok
20:36:33.0085 5876 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:36:33.0116 5876 USBAAPL64 - ok
20:36:33.0241 5876 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
20:36:33.0241 5876 usbaudio - ok
20:36:33.0303 5876 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
20:36:33.0303 5876 usbccgp - ok
20:36:33.0350 5876 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
20:36:33.0366 5876 usbcir - ok
20:36:33.0412 5876 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
20:36:33.0412 5876 usbehci - ok
20:36:33.0459 5876 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
20:36:33.0459 5876 usbhub - ok
20:36:33.0475 5876 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
20:36:33.0475 5876 usbohci - ok
20:36:33.0490 5876 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
20:36:33.0506 5876 usbprint - ok
20:36:33.0522 5876 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:36:33.0522 5876 USBSTOR - ok
20:36:33.0568 5876 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
20:36:33.0568 5876 usbuhci - ok
20:36:33.0615 5876 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
20:36:33.0615 5876 UxSms - ok
20:36:33.0646 5876 VComm (bcaecfad3567bdbf42f7422f2bf988d8) C:\Windows\system32\DRIVERS\VComm.sys
20:36:33.0646 5876 VComm - ok
20:36:33.0678 5876 VcommMgr (558898c8ce6ba5b96c3d1e3d9115a5bc) C:\Windows\system32\Drivers\VcommMgr.sys
20:36:33.0678 5876 VcommMgr - ok
20:36:33.0740 5876 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
20:36:33.0756 5876 vds - ok
20:36:33.0787 5876 vga (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys
20:36:33.0787 5876 vga - ok
20:36:33.0834 5876 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
20:36:33.0834 5876 VgaSave - ok
20:36:33.0880 5876 VHidMinidrv (936fe4867745fd71c16b2c0ed72b80c0) C:\Windows\system32\drivers\VHIDMini.sys
20:36:33.0880 5876 VHidMinidrv - ok
20:36:33.0912 5876 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
20:36:33.0912 5876 viaide - ok
20:36:33.0958 5876 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
20:36:33.0974 5876 volmgr - ok
20:36:34.0052 5876 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
20:36:34.0052 5876 volmgrx - ok
20:36:34.0114 5876 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
20:36:34.0114 5876 volsnap - ok
20:36:34.0161 5876 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
20:36:34.0161 5876 vsmraid - ok
20:36:34.0270 5876 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
20:36:34.0302 5876 VSS - ok
20:36:34.0536 5876 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
20:36:34.0551 5876 vToolbarUpdater11.2.0 - ok
20:36:34.0754 5876 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
20:36:34.0770 5876 W32Time - ok
20:36:34.0848 5876 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
20:36:34.0848 5876 WacomPen - ok
20:36:34.0926 5876 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:36:34.0926 5876 Wanarp - ok
20:36:34.0957 5876 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:36:34.0957 5876 Wanarpv6 - ok
20:36:35.0066 5876 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
20:36:35.0097 5876 wcncsvc - ok
20:36:35.0160 5876 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
20:36:35.0160 5876 WcsPlugInService - ok
20:36:35.0191 5876 Wd (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
20:36:35.0191 5876 Wd - ok
20:36:35.0316 5876 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
20:36:35.0331 5876 Wdf01000 - ok
20:36:35.0394 5876 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:36:35.0409 5876 WdiServiceHost - ok
20:36:35.0425 5876 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:36:35.0440 5876 WdiSystemHost - ok
20:36:35.0503 5876 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
20:36:35.0518 5876 WebClient - ok
20:36:35.0581 5876 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
20:36:35.0596 5876 Wecsvc - ok
20:36:35.0628 5876 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
20:36:35.0643 5876 wercplsupport - ok
20:36:35.0706 5876 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
20:36:35.0706 5876 WerSvc - ok
20:36:35.0784 5876 WinDefend - ok
20:36:35.0862 5876 WinHttpAutoProxySvc - ok
20:36:35.0971 5876 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
20:36:35.0971 5876 Winmgmt - ok
20:36:36.0189 5876 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
20:36:36.0236 5876 WinRM - ok
20:36:36.0470 5876 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
20:36:36.0486 5876 Wlansvc - ok
20:36:36.0766 5876 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:36:36.0813 5876 wlidsvc - ok
20:36:36.0907 5876 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:36:36.0907 5876 WmiAcpi - ok
20:36:37.0032 5876 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
20:36:37.0047 5876 wmiApSrv - ok
20:36:37.0094 5876 WMPNetworkSvc - ok
20:36:37.0203 5876 WNDA3100 (ae06d75f402de21c922bcecb30f8fb50) C:\Windows\system32\DRIVERS\WNDA31vx.sys
20:36:37.0219 5876 WNDA3100 - ok
20:36:37.0281 5876 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
20:36:37.0281 5876 WPCSvc - ok
20:36:37.0359 5876 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
20:36:37.0359 5876 WPDBusEnum - ok
20:36:37.0422 5876 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
20:36:37.0437 5876 WpdUsb - ok
20:36:37.0656 5876 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:36:37.0687 5876 WPFFontCache_v0400 - ok
20:36:37.0734 5876 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
20:36:37.0734 5876 ws2ifsl - ok
20:36:37.0796 5876 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
20:36:37.0796 5876 wscsvc - ok
20:36:37.0843 5876 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
20:36:37.0858 5876 WSDPrintDevice - ok
20:36:37.0890 5876 WSDScan (c48e6ef92be6bfef9ee2430c42eaf2bd) C:\Windows\system32\DRIVERS\WSDScan.sys
20:36:37.0890 5876 WSDScan - ok
20:36:37.0921 5876 WSearch - ok
20:36:38.0186 5876 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:36:38.0264 5876 wuauserv - ok
20:36:38.0436 5876 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:36:38.0436 5876 WUDFRd - ok
20:36:38.0498 5876 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
20:36:38.0498 5876 wudfsvc - ok
20:36:38.0560 5876 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:36:38.0826 5876 \Device\Harddisk0\DR0 - ok
20:36:38.0826 5876 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
20:36:38.0841 5876 \Device\Harddisk2\DR2 - ok
20:36:38.0841 5876 Boot (0x1200) (383031f30988a138cecde086b4290216) \Device\Harddisk0\DR0\Partition0
20:36:38.0841 5876 \Device\Harddisk0\DR0\Partition0 - ok
20:36:38.0857 5876 Boot (0x1200) (fe75d4a4f60f572a69fe7fbd8644f8c3) \Device\Harddisk2\DR2\Partition0
20:36:38.0857 5876 \Device\Harddisk2\DR2\Partition0 - ok
20:36:38.0857 5876 ============================================================
20:36:38.0857 5876 Scan finished
20:36:38.0857 5876 ============================================================
20:36:38.0888 3944 Detected object count: 1
20:36:38.0888 3944 Actual detected object count: 1
20:36:56.0079 3944 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:36:56.0079 3944 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-12 20:56:02
-----------------------------
20:56:02.599 OS Version: Windows x64 6.0.6002 Service Pack 2
20:56:02.599 Number of processors: 2 586 0x1706
20:56:02.599 ComputerName: MOJAVEXI UserName: Shaun
20:56:04.283 Initialize success
20:56:15.250 AVAST engine defs: 12081101
20:58:48.151 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:58:48.151 Disk 0 Vendor: Hitachi_ DC4O Size: 190782MB BusType: 3
20:58:48.151 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\RobsonImd-0
20:58:48.166 Disk 1 Vendor: Size: 190782MB BusType: 0
20:58:48.166 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000098
20:58:48.166 Disk 2 Vendor: Size: 190782MB BusType: 0
20:58:48.198 Disk 0 MBR read successfully
20:58:48.213 Disk 0 MBR scan
20:58:48.213 Disk 0 Windows VISTA default MBR code
20:58:48.229 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190780 MB offset 2048
20:58:48.260 Disk 0 scanning C:\Windows\system32\drivers
20:59:01.333 Service scanning
20:59:37.665 Modules scanning
20:59:37.665 Disk 0 trace - called modules:
20:59:37.681 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
20:59:37.681 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006ca7560]
20:59:37.696 3 CLASSPNP.SYS[fffffa6000fc4c33] -> nt!IofCallDriver -> [0xfffffa8004a6c440]
20:59:37.696 5 acpi.sys[fffffa60008f5fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004bb9050]
20:59:40.146 AVAST engine scan C:\Windows
20:59:45.730 AVAST engine scan C:\Windows\system32
21:04:03.702 AVAST engine scan C:\Windows\system32\drivers
21:04:20.258 AVAST engine scan C:\Users\Shaun
23:01:15.230 Disk 0 MBR has been saved successfully to "C:\Users\Shaun\Desktop\MBR.dat"
23:01:15.262 The log file has been saved successfully to "C:\Users\Shaun\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-12 23:02:08
-----------------------------
23:02:08.774 OS Version: Windows x64 6.0.6002 Service Pack 2
23:02:08.774 Number of processors: 2 586 0x1706
23:02:08.774 ComputerName: MOJAVEXI UserName: Shaun
23:02:11.270 Initialize success
23:02:22.830 AVAST engine defs: 12081101
23:02:42.361 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:02:42.361 Disk 0 Vendor: Hitachi_ DC4O Size: 190782MB BusType: 3
23:02:42.361 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\RobsonImd-0
23:02:42.361 Disk 1 Vendor: Size: 190782MB BusType: 0
23:02:42.361 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000098
23:02:42.361 Disk 2 Vendor: Size: 190782MB BusType: 0
23:02:42.486 Disk 0 MBR read successfully
23:02:42.486 Disk 0 MBR scan
23:02:42.502 Disk 0 Windows VISTA default MBR code
23:02:42.533 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190780 MB offset 2048
23:02:42.689 Disk 0 scanning C:\Windows\system32\drivers
23:03:48.559 Service scanning
23:04:28.825 Modules scanning
23:04:28.825 Disk 0 trace - called modules:
23:04:28.871 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
23:04:28.871 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006ca7560]
23:04:28.887 3 CLASSPNP.SYS[fffffa6000fc4c33] -> nt!IofCallDriver -> [0xfffffa8004a6c440]
23:04:28.887 5 acpi.sys[fffffa60008f5fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004bb9050]
23:04:32.350 AVAST engine scan C:\Windows
23:06:09.245 AVAST engine scan C:\Windows\system32
23:25:08.815 AVAST engine scan C:\Windows\system32\drivers
23:27:17.330 AVAST engine scan C:\Users\Shaun
00:38:59.395 Disk 0 MBR has been saved successfully to "C:\Users\Shaun\Desktop\MBR.dat"
00:38:59.395 The log file has been saved successfully to "C:\Users\Shaun\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users