[A] Slow laptop suspected highly infected with malware/viruses

Inactive
By ra7v
Sep 24, 2012
Topic Status:
Not open for further replies.
  1. Hi,
    My Mom's laptop is a mess.
    Restarting the laptop takes 15 minutes.
    Also, whenever she clicks new tab on mozilla firefox, babylonsearch loads although the default site is google. Tried running avg but nothing detected. Changed config of mozillla manually but to no avail.
    I suspect that this laptop is highly infected with various malwares/viruses.
    I hope someone can help me run a thorough clean up of her system.

    since I've done this before just recently to remove virus from my own pc, I ran farbar64 on my mom's laptop and here's the log.



    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2012
    Ran by SYSTEM at 24-09-2012 20:18:16
    Running from E:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
    HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
    HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
    HKLM\...\Run: [dldtmon.exe] "C:\Program Files (x86)\Dell V305\dldtmon.exe" [672424 2009-07-30] ()
    HKLM\...\Run: [dldtamon] "C:\Program Files (x86)\Dell V305\dldtamon.exe" [16040 2009-07-30] ()
    HKLM\...\Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" [770728 2010-08-09] ()
    HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe" [139944 2010-08-09] ()
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
    HKLM-x32\...\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [63712 2007-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s [316072 2010-08-09] ()
    HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot [273544 2011-07-16] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKU\Guest\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
    HKU\HELEN GC ANG\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler [210208 2008-09-26] (Acresso Corporation)
    HKU\HELEN GC ANG\...\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [433872 2011-10-21] (Sony Ericsson)
    HKU\HELEN GC ANG\...\Run: [Google Update] "C:\Users\HELEN GC ANG\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-06] (Google Inc.)
    HKU\HELEN GC ANG\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [1020816 2012-06-16] (BitTorrent, Inc.)
    HKU\HELEN GC ANG\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
    HKU\HELEN GC ANG\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.)
    HKU\HELEN GC ANG\...\Run: [download beast] "C:\Program Files (x86)\Download Beast\DownloadBeast.exe" -h [x]
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-09] (Dell)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}: [NameServer]8.8.8.8,8.8.4.4
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Guest\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Guest\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (No File)
    Startup: C:\Users\HELEN GC ANG\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Services (Whitelisted) ===================

    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
    2 dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe [33448 2009-07-09] ()
    2 dldt_device; C:\Windows\system32\dldtcoms.exe -service [1044648 2009-07-09] ( )
    2 dldt_device; C:\Windows\SysWow64\dldtcoms.exe -service [594600 2009-07-09] ( )
    2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
    2 dlea_device; C:\Windows\system32\dleacoms.exe -service [1052328 2010-05-21] ( )
    2 dlea_device; C:\Windows\SysWow64\dleacoms.exe -service [598696 2010-05-21] ( )
    2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-09-06] (Trusteer Ltd.)
    3 Sony Ericsson PCCompanion; "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" [155344 2011-06-29] (Avanquest Software)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
    2 Browser Manager; C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]

    ==================== Drivers (Whitelisted) =====================

    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
    1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [397720 2012-08-20] ()
    1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-09-06] (Trusteer Ltd.)
    0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-09-06] (Trusteer Ltd.)
    1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-09-06] (Trusteer Ltd.)
    3 s0017bus; C:\Windows\System32\Drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
    3 s0017mdfl; C:\Windows\System32\Drivers\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
    3 s0017mdm; C:\Windows\System32\Drivers\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
    3 s0017mgmt; C:\Windows\System32\Drivers\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
    3 s0017nd5; C:\Windows\System32\Drivers\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
    3 s0017obex; C:\Windows\System32\Drivers\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
    3 s0017unic; C:\Windows\System32\Drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
    3 seehcri; C:\Windows\System32\Drivers\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
    2 srservice; [x]
    0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x]
    3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
    0 TFSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-09-24 20:13 - 2012-09-24 20:18 - 00000000 ____D C:\FRST
    2012-09-24 06:01 - 2012-09-24 06:01 - 00341392 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-09-24 05:55 - 2012-09-24 06:01 - 00000850 ____A C:\Windows\setupact.log
    2012-09-24 05:55 - 2012-09-24 05:55 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-24 05:53 - 2012-09-24 05:53 - 01454399 ____A (Farbar) C:\Users\HELEN GC ANG\Desktop\FRST64.exe
    2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\GDIPFONTCACHEV1.DAT
    2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-24 02:07 - 2012-09-24 06:01 - 00000462 ___AH C:\Windows\Tasks\Norton Security Scan for HELEN GC ANG.job
    2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
    2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
    2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
    2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Users\All Users\Symantec
    2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Users\All Users\Application Data\Symantec
    2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
    2012-09-23 23:08 - 2012-09-23 23:08 - 00001625 ____A C:\Users\HELEN GC ANG\Desktop\DivX Movies.lnk
    2012-09-18 20:42 - 2012-09-18 20:42 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\VS Revo Group
    2012-09-18 20:42 - 2012-09-18 20:42 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Application Data\VS Revo Group
    2012-09-18 20:42 - 2012-09-18 20:42 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Local\VS Revo Group
    2012-09-14 10:33 - 2012-09-14 10:33 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Download Beast
    2012-09-14 10:33 - 2012-09-14 10:33 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Application Data\Download Beast
    2012-09-14 10:33 - 2012-09-14 10:33 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Local\Download Beast
    2012-09-14 10:31 - 2012-09-14 10:31 - 00000000 ____D C:\Users\HELEN GC ANG\Application Data\2YourFace
    2012-09-14 10:31 - 2012-09-14 10:31 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Roaming\2YourFace
    2012-09-14 02:14 - 2012-09-14 02:14 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Macromedia
    2012-09-14 02:14 - 2012-09-14 02:14 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Application Data\Macromedia
    2012-09-14 02:14 - 2012-09-14 02:14 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Local\Macromedia
    2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-09-14 02:00 - 2012-08-21 00:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Program Files\iTunes
    2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-09-14 01:59 - 2012-09-14 01:59 - 00000000 ____D C:\Program Files\iPod
    2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\HELEN GC ANG\Application Data\PlatinumHideIP
    2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Roaming\PlatinumHideIP
    2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\All Users\PlatinumHideIP
    2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\All Users\Application Data\PlatinumHideIP

    ==================== 3 Months Modified Files ==================

    2012-09-24 06:02 - 2011-07-13 00:55 - 00016918 ____A C:\Users\All Users\dleascan.log
    2012-09-24 06:02 - 2011-07-13 00:55 - 00016918 ____A C:\Users\All Users\Application Data\dleascan.log
    2012-09-24 06:02 - 2011-05-06 00:43 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-24 06:01 - 2012-09-24 06:01 - 00341392 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-09-24 06:01 - 2012-09-24 05:55 - 00000850 ____A C:\Windows\setupact.log
    2012-09-24 06:01 - 2012-09-24 02:07 - 00000462 ___AH C:\Windows\Tasks\Norton Security Scan for HELEN GC ANG.job
    2012-09-24 06:01 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-24 05:59 - 2009-07-14 00:10 - 02013739 ____A C:\Windows\WindowsUpdate.log
    2012-09-24 05:58 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-24 05:58 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-24 05:57 - 2009-07-14 00:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-24 05:55 - 2012-09-24 05:55 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-24 05:53 - 2012-09-24 05:53 - 01454399 ____A (Farbar) C:\Users\HELEN GC ANG\Desktop\FRST64.exe
    2012-09-24 05:52 - 2011-05-07 13:29 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134271179-1829282520-788597953-1000UA.job
    2012-09-24 05:41 - 2011-03-27 01:06 - 00000000 ____A C:\Users\HELEN GC ANG\Desktop\Password to add other computers.txt
    2012-09-24 05:40 - 2010-07-10 05:51 - 00056320 ____A C:\Users\HELEN GC ANG\My Documents\Expenses 2010.xlsx
    2012-09-24 05:40 - 2010-07-10 05:51 - 00056320 ____A C:\Users\HELEN GC ANG\Documents\Expenses 2010.xlsx
    2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\GDIPFONTCACHEV1.DAT
    2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-24 05:14 - 2011-05-06 00:43 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
    2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
    2012-09-24 01:52 - 2011-05-07 13:29 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134271179-1829282520-788597953-1000Core.job
    2012-09-23 23:08 - 2012-09-23 23:08 - 00001625 ____A C:\Users\HELEN GC ANG\Desktop\DivX Movies.lnk
    2012-09-23 23:08 - 2012-04-17 03:08 - 00001114 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
    2012-09-23 23:08 - 2012-04-17 03:08 - 00001114 ____A C:\Users\All Users\Desktop\DivX Plus Player.lnk
    2012-09-22 00:26 - 2012-03-16 05:10 - 00001051 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-09-22 00:26 - 2012-03-16 05:10 - 00001051 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
    2012-09-18 19:52 - 2010-06-23 14:40 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-09-17 05:40 - 2011-07-13 01:07 - 00009370 ____A C:\Users\All Users\dleaJSW.log
    2012-09-17 05:40 - 2011-07-13 01:07 - 00009370 ____A C:\Users\All Users\Application Data\dleaJSW.log
    2012-09-14 10:30 - 2012-08-19 09:31 - 00000413 ____A C:\user.js
    2012-09-14 02:11 - 2012-05-09 08:21 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-14 02:11 - 2012-02-19 18:58 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-09-11 00:14 - 2012-07-29 10:54 - 00000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
    2012-09-11 00:14 - 2012-07-29 10:54 - 00000967 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
    2012-09-06 22:07 - 2011-02-25 04:51 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
    2012-08-24 09:32 - 2012-06-21 12:59 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-08-24 09:32 - 2012-06-21 12:59 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk
    2012-08-24 00:59 - 2012-08-24 09:27 - 03927560 ____A (Piriform Ltd) C:\Users\HELEN GC ANG\Downloads\CCleaner Professional + Business Edition v3.22.1800.exe
    2012-08-22 08:02 - 2012-08-22 08:02 - 00000997 ____A C:\Users\HELEN GC ANG\Desktop\MiPony.lnk
    2012-08-22 08:02 - 2012-08-22 08:02 - 00000997 ____A C:\Users\Guest\Desktop\MiPony.lnk
    2012-08-22 08:01 - 2012-08-22 08:00 - 03974437 ____A C:\Users\HELEN GC ANG\Downloads\Mipony-Installer.exe
    2012-08-21 00:01 - 2012-09-14 02:00 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-08-21 00:01 - 2010-06-20 09:47 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2012-08-21 00:01 - 2010-06-20 09:47 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2012-08-01 07:00 - 2012-08-01 06:59 - 03907920 ____A (Piriform Ltd) C:\Users\HELEN GC ANG\Downloads\ccsetup321.exe
    2012-07-29 10:44 - 2012-07-29 10:43 - 03879800 ____A (AVG Technologies) C:\Users\HELEN GC ANG\Downloads\avg_free_stb_all_2012_2197_cnet.exe
    2012-07-29 10:39 - 2012-07-29 10:39 - 00001068 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2012-07-29 10:39 - 2012-07-29 10:39 - 00001068 ____A C:\Users\All Users\Desktop\VLC media player.lnk
    2012-07-29 10:18 - 2012-07-29 10:17 - 22617148 ____A C:\Users\HELEN GC ANG\Downloads\vlc-2.0.3-win32.exe
    2012-07-29 00:00 - 2012-07-28 23:54 - 00635392 ____A C:\Users\HELEN GC ANG\Downloads\BestCodecsPack.exe
    2012-07-27 06:08 - 2012-07-24 16:47 - 02027315 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-07-26 06:02 - 2012-03-16 02:26 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
    2012-07-26 06:02 - 2012-03-16 02:26 - 00002491 ____A C:\Users\All Users\Desktop\Safari.lnk
    2012-07-26 05:37 - 2012-07-26 05:37 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-07-26 05:37 - 2012-07-26 05:37 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
    2012-07-25 14:21 - 2012-07-25 14:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-07-21 08:31 - 2011-07-07 06:39 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-07-21 08:31 - 2011-07-07 06:39 - 00002515 ____A C:\Users\All Users\Desktop\Skype.lnk
    2012-07-21 06:42 - 2012-07-21 06:42 - 00017408 ____A C:\Users\HELEN GC ANG\Local Settings\WebpageIcons.db
    2012-07-21 06:42 - 2012-07-21 06:42 - 00017408 ____A C:\Users\HELEN GC ANG\Local Settings\Application Data\WebpageIcons.db
    2012-07-21 06:42 - 2012-07-21 06:42 - 00017408 ____A C:\Users\HELEN GC ANG\AppData\Local\WebpageIcons.db
    2012-07-18 13:15 - 2012-08-20 16:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-17 16:43 - 2012-07-17 16:43 - 02682336 ____A (Speedchecker Limited ) C:\Users\HELEN GC ANG\Downloads\pcsu_80bc0023f43348be92cb0cb1654b3c66_.exe
    2012-07-16 19:20 - 2012-07-16 19:20 - 01665985 ____A C:\Users\HELEN GC ANG\Desktop\Unlocker1.9.1.exe
    2012-07-16 19:17 - 2012-07-16 19:17 - 00352936 ____A (Softonic) C:\Users\HELEN GC ANG\Downloads\SoftonicDownloader_for_unlocker.exe
    2012-07-11 04:27 - 2012-07-11 04:27 - 00543024 ____A (Microsoft Corporation) C:\Users\HELEN GC ANG\Downloads\IE9-Windows7-x64-enu.exe
    2012-07-05 22:08 - 2011-07-13 01:03 - 00000575 ____A C:\Users\All Users\dlea.log
    2012-07-05 22:08 - 2011-07-13 01:03 - 00000575 ____A C:\Users\All Users\Application Data\dlea.log
    2012-07-04 17:16 - 2012-08-20 16:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 17:13 - 2012-08-20 16:05 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 17:13 - 2012-08-20 16:05 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 16:16 - 2012-08-20 16:05 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 16:14 - 2012-08-20 16:05 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-06-28 23:55 - 2012-08-20 16:09 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 23:09 - 2012-08-20 16:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 22:56 - 2012-08-20 16:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 22:49 - 2012-08-20 16:09 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 22:49 - 2012-08-20 16:09 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 22:48 - 2012-08-20 16:09 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 22:47 - 2012-08-20 16:09 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 22:45 - 2012-08-20 16:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 22:44 - 2012-08-20 16:09 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 22:43 - 2012-08-20 16:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 22:42 - 2012-08-20 16:09 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 22:40 - 2012-08-20 16:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 22:39 - 2012-08-20 16:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 22:35 - 2012-08-20 16:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 19:52 - 2012-08-20 16:09 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 19:27 - 2012-08-20 16:09 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 19:16 - 2012-08-20 16:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 19:09 - 2012-08-20 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 19:09 - 2012-08-20 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 19:08 - 2012-08-20 16:09 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 19:07 - 2012-08-20 16:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 19:06 - 2012-08-20 16:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 19:04 - 2012-08-20 16:09 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 19:04 - 2012-08-20 16:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 19:01 - 2012-08-20 16:09 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 19:01 - 2012-08-20 16:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 19:00 - 2012-08-20 16:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 18:57 - 2012-08-20 16:09 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-15 11:33:22
    Restore point made on: 2012-09-18 19:52:22
    Restore point made on: 2012-09-18 20:50:27
    Restore point made on: 2012-09-18 20:52:57

    ==================== Memory info ===========================

    Percentage of memory in use: 17%
    Total physical RAM: 3032.36 MB
    Available physical RAM: 2499.71 MB
    Total Pagefile: 3030.51 MB
    Available Pagefile: 2503.03 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:174.06 GB) NTFS
    2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (RAVI 16GB) (Removable) (Total:15.09 GB) (Free:15.09 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 Online 15 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 40 MB
    Partition 3 Primary 283 GB 14 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 FAT Partition 39 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 283 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 15 GB 6024 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E RAVI 16GB FAT32 Removable 15 GB Healthy

    =========================================================

    Last Boot: 2012-09-14 02:35

    ==================== End Of Log =============================
  2. ra7v

    ra7v Newcomer, in training Topic Starter Posts: 28

    Also, I ran Malwarebytes' Anti-Malware and removed detected files. log is below.

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.24.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    HELEN GC ANG :: HELENGCANG-PC [administrator]

    24/09/2012 20:42:17
    mbam-log-2012-09-24 (20-42-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 222111
    Time elapsed: 4 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 22
    HKCR\CLSID\{F747745E-E5A2-4FCF-947A-984F98C732E5} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F747745E-E5A2-4FCF-947A-984F98C732E5} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F747745E-E5A2-4FCF-947A-984F98C732E5} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F747745E-E5A2-4FCF-947A-984F98C732E5} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 6
    C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FunWebProducts\Installr\2.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    Files Detected: 8
    C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    C:\Users\HELEN GC ANG\Downloads\BestCodecsPack.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
    C:\Users\HELEN GC ANG\Downloads\Codec-V.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\HELEN GC ANG\Downloads\CursorMania.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    C:\Users\HELEN GC ANG\Downloads\SoftonicDownloader_for_utorrent.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    (end)
  3. ra7v

    ra7v Newcomer, in training Topic Starter Posts: 28

    Also did a DDS scan, here's the log.

    DDS.TXT

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by HELEN GC ANG at 21:04:29 on 2012-09-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.1532 [GMT 8:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\dldtcoms.exe
    C:\Windows\system32\dleacoms.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Dell V305\dldtmon.exe
    C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
    C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Dell V305\dldtMsdMon.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\real\realplayer\Update\realsched.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = hxxp://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    mSearchAssistant = hxxp://inboxtoolbar.com/search/ie.aspx?tbid=80150
    mCustomizeSearch = hxxp://inboxtoolbar.com/help/sa_customize.aspx?tbid=80150
    uURLSearchHooks: H - No File
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
    BHO: 2YourFace Addon: {1185823f-f22f-4027-80e5-4f68acd5de5e} - C:\Users\HELEN GC ANG\AppData\Roaming\2YourFace\bho.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
    uRun: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
    uRun: [Google Update] "C:\Users\HELEN GC ANG\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [download beast] "C:\Program Files (x86)\Download Beast\DownloadBeast.exe" -h
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    mRun: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s
    mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    StartupFolder: C:\Users\HELENG~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}\2716736796 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}\35B4955363234393 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}\94D60756279616C60284F64756C6 : DhcpNameServer = 202.188.1.5 202.188.0.133
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
    BHO-X64: 2YourFace Addon: {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Users\HELEN GC ANG\AppData\Roaming\2YourFace\bho.dll
    BHO-X64: C:\\Users\\HELEN GC ANG\\AppData\\Roaming\\2YourFace\\bho.dll - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
    BHO-X64: Babylon toolbar helper - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    BHO-X64: uTorrentBar - No File
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    mRun-x64: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    AppInit_DLLs-X64: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\HELEN GC ANG\AppData\Roaming\Mozilla\Firefox\Profiles\f7t5bodz.default\
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?tab=wm&scc=1&ltmpl=default&ltmplcache=2
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: C:\Users\HELEN GC ANG\AppData\Roaming\Mozilla\Firefox\Profiles\f7t5bodz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: C:\Users\HELEN GC ANG\AppData\Roaming\Mozilla\Firefox\Profiles\f7t5bodz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\HELEN GC ANG\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\HELEN GC ANG\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\HELEN GC ANG\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.claro.id - 9c3ea522000000000000904ce598d1ab
    FF - user.js: extensions.claro.instlDay - 15571
    FF - user.js: extensions.claro.vrsn - 1.6.4.1
    FF - user.js: extensions.claro.vrsni - 1.6.4.1
    FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.122:31:34
    FF - user.js: extensions.claro.prtnrId - claro
    FF - user.js: extensions.claro.prdct - claro
    FF - user.js: extensions.claro.aflt - babsst
    FF - user.js: extensions.claro_i.smplGrp - none
    FF - user.js: extensions.claro.tlbrId - iclaro
    FF - user.js: extensions.claro.instlRef - sst
    FF - user.js: extensions.claro.dfltLng - en
    FF - user.js: extensions.claro.excTlbr - false
    FF - user.js: extensions.claro.admin - false
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9c3ea522000000000000904ce598d1ab&q=
    FF - user.js: extensions.BabylonToolbar.id - 9c3ea522000000000000904ce598d1ab
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15597
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1223:30:27
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - std
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114875&tt=120912_cpc_3712_8
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-21 397720]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-9-7 55096]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-9-7 297240]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 dldt_device;dldt_device;C:\Windows\system32\dldtcoms.exe -service --> C:\Windows\system32\dldtcoms.exe -service [?]
    R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-10 155648]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-9-7 976728]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-25 1692480]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe --> C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 dldtCATSCustConnectService;dldtCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\x64\3\dldtserv.exe [2009-7-10 33448]
    S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\x64\3\dleaserv.exe [2011-7-13 45224]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-6 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-6 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-15 114144]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
    S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\Windows\system32\DRIVERS\s0017bus.sys --> C:\Windows\system32\DRIVERS\s0017bus.sys [?]
    S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0017mdfl.sys --> C:\Windows\system32\DRIVERS\s0017mdfl.sys [?]
    S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0017mdm.sys --> C:\Windows\system32\DRIVERS\s0017mdm.sys [?]
    S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0017mgmt.sys --> C:\Windows\system32\DRIVERS\s0017mgmt.sys [?]
    S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\Windows\system32\DRIVERS\s0017nd5.sys --> C:\Windows\system32\DRIVERS\s0017nd5.sys [?]
    S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0017obex.sys --> C:\Windows\system32\DRIVERS\s0017obex.sys [?]
    S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\Windows\system32\DRIVERS\s0017unic.sys --> C:\Windows\system32\DRIVERS\s0017unic.sys [?]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-4-27 155344]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-25 01:13:02 -------- d-----w- C:\FRST
    2012-09-24 12:41:05 -------- d-----w- C:\Users\HELEN GC ANG\AppData\Roaming\Malwarebytes
    2012-09-24 12:40:27 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-24 12:40:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-24 12:40:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-24 10:31:34 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-09-24 10:31:33 192600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-09-24 10:31:33 114144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-09-24 10:31:32 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-09-24 10:31:32 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-09-24 07:07:33 -------- d-----w- C:\ProgramData\Symantec
    2012-09-24 07:07:26 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0307020.005
    2012-09-24 07:07:26 -------- d-----w- C:\Windows\System32\drivers\NSSx64
    2012-09-24 07:07:26 -------- d-----w- C:\Program Files (x86)\Norton Security Scan
    2012-09-24 07:07:22 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2012-09-19 01:42:03 -------- d-----w- C:\Users\HELEN GC ANG\AppData\Local\VS Revo Group
    2012-09-14 15:33:29 -------- d-----w- C:\Users\HELEN GC ANG\AppData\Local\Download Beast
    2012-09-14 15:31:40 -------- d-----w- C:\Users\HELEN GC ANG\AppData\Roaming\2YourFace
    2012-09-14 07:14:22 -------- d-----w- C:\Users\HELEN GC ANG\AppData\Local\Macromedia
    2012-09-14 07:00:40 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-09-14 06:59:58 -------- d-----w- C:\Program Files\iPod
    2012-09-14 06:59:57 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-14 06:59:57 -------- d-----w- C:\Program Files\iTunes
    2012-09-14 06:59:57 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-09-05 23:02:08 -------- d-----w- C:\Users\HELEN GC ANG\AppData\Roaming\PlatinumHideIP
    2012-09-05 23:02:08 -------- d-----w- C:\ProgramData\PlatinumHideIP
    .
    ==================== Find3M ====================
    .
    2012-09-14 07:11:40 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-14 07:11:40 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-07 03:07:30 101688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
    2012-08-21 05:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-08-21 05:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-07-25 19:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 21:05:31.76 ===============
  4. ra7v

    ra7v Newcomer, in training Topic Starter Posts: 28

    And ATTACH.TXT


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 20/06/2010 22:20:26
    System Uptime: 24/09/2012 20:54:56 (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0T04MW
    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | Microprocessor | 2200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 174.089 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP161: 16/09/2012 00:32:58 - Removed Ask Toolbar.
    RP162: 19/09/2012 08:51:56 - Windows Update
    RP164: 19/09/2012 09:50:04 - Revo Uninstaller Pro's restore point - Ask Toolbar
    RP165: 19/09/2012 09:52:44 - Removed Ask Toolbar.
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.1.2
    Adobe® Photoshop® Album Starter Edition 3.2
    Advanced Audio FX Engine
    Any Video Converter 3.3.5
    Apple Application Support
    Apple Software Update
    µTorrent
    Avanquest update
    Codecv
    Compatibility Pack for the 2007 Office system
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Getting Started Guide
    Dell Toolbar
    Dell Webcam Central
    DivX Setup
    ffdshow v1.2.4422 [2012-04-09]
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    GoToAssist 8.0.0.514
    Junk Mail filter update
    K-Lite Codec Pack 7.2.0 (Standard)
    Live! Cam Avatar Creator
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft Office Click-to-Run 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2010 - English
    Microsoft Office Suite Activation Assistant
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    MiPony 2.0.0
    mIRC
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    Norton Security Scan
    Quick Web Player
    QuickTime
    Rapport
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Roxio Burn
    Roxio Update Manager
    Safari
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Skype™ 5.9
    Sony Ericsson Media Manager 1.2
    Sony Ericsson PC Companion 2.02.002
    Unlocker 1.9.1
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    uTorrentBar Toolbar
    VC80CRTRedist - 8.0.50727.6195
    Visual Studio 2008 x64 Redistributables
    VLC media player 2.0.3
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    24/09/2012 20:56:08, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TFSysMon
    24/09/2012 20:55:42, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.
    24/09/2012 20:55:42, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldtCATSCustConnectService service to connect.
    24/09/2012 20:55:42, Error: Service Control Manager [7000] - The dleaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    24/09/2012 20:55:42, Error: Service Control Manager [7000] - The dldtCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    24/09/2012 20:55:42, Error: Service Control Manager [7000] - The Browser Manager service failed to start due to the following error: The system cannot find the file specified.
    24/09/2012 19:03:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    23/09/2012 05:15:47, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    23/09/2012 05:15:47, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    .
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    I still need GMER log.
  6. ra7v

    ra7v Newcomer, in training Topic Starter Posts: 28

    Sorry, forgot that I did gmer too.
    GMER didnt find anything so didnt post the log.
    Thanks.
  7. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  8. ra7v

    ra7v Newcomer, in training Topic Starter Posts: 28

    Mom's sleeping, cant get her laptop now. It's 12am here in malaysia.
    I'll reply with the logs once I run the scans within the next 20hrs (after work).

    Thanks!
  9. Broni

    Broni Malware Annihilator Posts: 46,171   +251

  10. ra7v

    ra7v Newcomer, in training Topic Starter Posts: 28

    TDSSKiller found nothing. Log below.


    19:10:25.0311 4948 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    19:10:26.0167 4948 ============================================================
    19:10:26.0167 4948 Current date / time: 2012/09/25 19:10:26.0167
    19:10:26.0167 4948 SystemInfo:
    19:10:26.0167 4948
    19:10:26.0167 4948 OS Version: 6.1.7601 ServicePack: 1.0
    19:10:26.0167 4948 Product type: Workstation
    19:10:26.0167 4948 ComputerName: HELENGCANG-PC
    19:10:26.0167 4948 UserName: HELEN GC ANG
    19:10:26.0167 4948 Windows directory: C:\Windows
    19:10:26.0167 4948 System windows directory: C:\Windows
    19:10:26.0167 4948 Running under WOW64
    19:10:26.0167 4948 Processor architecture: Intel x64
    19:10:26.0167 4948 Number of processors: 2
    19:10:26.0167 4948 Page size: 0x1000
    19:10:26.0167 4948 Boot type: Normal boot
    19:10:26.0167 4948 ============================================================
    19:10:26.0677 4948 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:10:26.0687 4948 ============================================================
    19:10:26.0687 4948 \Device\Harddisk0\DR0:
    19:10:26.0687 4948 MBR partitions:
    19:10:26.0687 4948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
    19:10:26.0687 4948 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
    19:10:26.0687 4948 ============================================================
    19:10:26.0707 4948 C: <-> \Device\Harddisk0\DR0\Partition2
    19:10:26.0707 4948 ============================================================
    19:10:26.0707 4948 Initialize success
    19:10:26.0707 4948 ============================================================
    19:10:47.0487 1256 ============================================================
    19:10:47.0487 1256 Scan started
    19:10:47.0487 1256 Mode: Manual;
    19:10:47.0487 1256 ============================================================
    19:10:48.0969 1256 ================ Scan system memory ========================
    19:10:48.0969 1256 System memory - ok
    19:10:48.0969 1256 ================ Scan services =============================
    19:10:49.0157 1256 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    19:10:49.0157 1256 1394ohci - ok
    19:10:49.0219 1256 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    19:10:49.0235 1256 ACPI - ok
    19:10:49.0281 1256 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    19:10:49.0281 1256 AcpiPmi - ok
    19:10:49.0344 1256 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    19:10:49.0375 1256 adp94xx - ok
    19:10:49.0422 1256 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    19:10:49.0422 1256 adpahci - ok
    19:10:49.0453 1256 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    19:10:49.0453 1256 adpu320 - ok
    19:10:49.0500 1256 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    19:10:49.0500 1256 AeLookupSvc - ok
    19:10:49.0562 1256 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    19:10:49.0578 1256 AFD - ok
    19:10:49.0640 1256 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    19:10:49.0640 1256 agp440 - ok
    19:10:49.0656 1256 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    19:10:49.0656 1256 ALG - ok
    19:10:49.0718 1256 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    19:10:49.0718 1256 aliide - ok
    19:10:49.0734 1256 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    19:10:49.0734 1256 amdide - ok
    19:10:49.0781 1256 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    19:10:49.0796 1256 AmdK8 - ok
    19:10:49.0827 1256 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    19:10:49.0827 1256 AmdPPM - ok
    19:10:49.0859 1256 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    19:10:49.0859 1256 amdsata - ok
    19:10:49.0910 1256 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    19:10:49.0910 1256 amdsbs - ok
    19:10:49.0930 1256 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    19:10:49.0930 1256 amdxata - ok
    19:10:49.0980 1256 [ 1412E9A88FE1F7E35CE6058A2EF03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
    19:10:49.0980 1256 ApfiltrService - ok
    19:10:50.0040 1256 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    19:10:50.0040 1256 AppID - ok
    19:10:50.0070 1256 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    19:10:50.0070 1256 AppIDSvc - ok
    19:10:50.0110 1256 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    19:10:50.0120 1256 Appinfo - ok
    19:10:50.0270 1256 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:10:50.0280 1256 Apple Mobile Device - ok
    19:10:50.0320 1256 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    19:10:50.0320 1256 arc - ok
    19:10:50.0350 1256 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    19:10:50.0350 1256 arcsas - ok
    19:10:50.0390 1256 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    19:10:50.0390 1256 AsyncMac - ok
    19:10:50.0430 1256 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    19:10:50.0430 1256 atapi - ok
    19:10:50.0500 1256 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    19:10:50.0520 1256 AudioEndpointBuilder - ok
    19:10:50.0540 1256 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    19:10:50.0540 1256 AudioSrv - ok
    19:10:50.0640 1256 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    19:10:50.0640 1256 AVGIDSHA - ok
    19:10:50.0720 1256 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    19:10:50.0720 1256 Avgldx64 - ok
    19:10:50.0770 1256 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    19:10:50.0770 1256 Avgmfx64 - ok
    19:10:50.0830 1256 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    19:10:50.0840 1256 Avgrkx64 - ok
    19:10:50.0910 1256 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    19:10:50.0910 1256 avgwd - ok
    19:10:50.0960 1256 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    19:10:50.0960 1256 AxInstSV - ok
    19:10:51.0030 1256 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    19:10:51.0050 1256 b06bdrv - ok
    19:10:51.0121 1256 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    19:10:51.0141 1256 b57nd60a - ok
    19:10:51.0171 1256 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
    19:10:51.0181 1256 BCM42RLY - ok
    19:10:51.0281 1256 [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    19:10:51.0361 1256 BCM43XX - ok
    19:10:51.0411 1256 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    19:10:51.0411 1256 BDESVC - ok
    19:10:51.0461 1256 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    19:10:51.0471 1256 Beep - ok
    19:10:51.0541 1256 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    19:10:51.0571 1256 BFE - ok
    19:10:51.0611 1256 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    19:10:51.0641 1256 BITS - ok
    19:10:51.0681 1256 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    19:10:51.0691 1256 blbdrive - ok
    19:10:51.0771 1256 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    19:10:51.0791 1256 Bonjour Service - ok
    19:10:51.0831 1256 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    19:10:51.0831 1256 bowser - ok
    19:10:51.0871 1256 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    19:10:51.0871 1256 BrFiltLo - ok
    19:10:51.0891 1256 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    19:10:51.0891 1256 BrFiltUp - ok
    19:10:51.0911 1256 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    19:10:51.0921 1256 Browser - ok
    19:10:52.0021 1256 Browser Manager - ok
    19:10:52.0041 1256 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    19:10:52.0051 1256 Brserid - ok
    19:10:52.0081 1256 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    19:10:52.0091 1256 BrSerWdm - ok
    19:10:52.0101 1256 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:10:52.0101 1256 BrUsbMdm - ok
    19:10:52.0121 1256 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    19:10:52.0121 1256 BrUsbSer - ok
    19:10:52.0141 1256 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    19:10:52.0141 1256 BTHMODEM - ok
    19:10:52.0201 1256 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    19:10:52.0201 1256 bthserv - ok
    19:10:52.0231 1256 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    19:10:52.0241 1256 cdfs - ok
    19:10:52.0301 1256 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    19:10:52.0311 1256 cdrom - ok
    19:10:52.0351 1256 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    19:10:52.0361 1256 CertPropSvc - ok
    19:10:52.0391 1256 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    19:10:52.0391 1256 circlass - ok
    19:10:52.0411 1256 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    19:10:52.0421 1256 CLFS - ok
    19:10:52.0491 1256 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:10:52.0491 1256 clr_optimization_v2.0.50727_32 - ok
    19:10:52.0551 1256 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:10:52.0561 1256 clr_optimization_v2.0.50727_64 - ok
    19:10:52.0661 1256 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:10:52.0691 1256 clr_optimization_v4.0.30319_32 - ok
    19:10:52.0731 1256 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:10:52.0731 1256 clr_optimization_v4.0.30319_64 - ok
    19:10:52.0781 1256 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    19:10:52.0781 1256 CmBatt - ok
    19:10:52.0801 1256 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    19:10:52.0811 1256 cmdide - ok
    19:10:52.0851 1256 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    19:10:52.0861 1256 CNG - ok
    19:10:52.0901 1256 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    19:10:52.0901 1256 Compbatt - ok
    19:10:52.0951 1256 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    19:10:52.0951 1256 CompositeBus - ok
    19:10:52.0981 1256 COMSysApp - ok
    19:10:52.0991 1256 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    19:10:53.0001 1256 crcdisk - ok
    19:10:53.0031 1256 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    19:10:53.0031 1256 CryptSvc - ok
    19:10:53.0061 1256 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
    19:10:53.0071 1256 CtClsFlt - ok
    19:10:53.0182 1256 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    19:10:53.0212 1256 cvhsvc - ok
    19:10:53.0272 1256 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    19:10:53.0312 1256 DcomLaunch - ok
    19:10:53.0362 1256 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    19:10:53.0372 1256 defragsvc - ok
    19:10:53.0442 1256 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    19:10:53.0442 1256 DfsC - ok
    19:10:53.0482 1256 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    19:10:53.0492 1256 Dhcp - ok
    19:10:53.0522 1256 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    19:10:53.0522 1256 discache - ok
    19:10:53.0562 1256 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    19:10:53.0562 1256 Disk - ok
    19:10:53.0632 1256 [ 1E53C9D46995487DAE3FA9F4236DCEF1 ] dldtCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe
    19:10:53.0652 1256 dldtCATSCustConnectService - ok
    19:10:53.0662 1256 dldt_device - ok
    19:10:53.0712 1256 [ 1017D70ABE5483F40C10B7774397D120 ] dleaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
    19:10:53.0762 1256 dleaCATSCustConnectService - ok
    19:10:53.0792 1256 dlea_device - ok
    19:10:53.0832 1256 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    19:10:53.0842 1256 Dnscache - ok
    19:10:53.0942 1256 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
    19:10:53.0942 1256 DockLoginService - ok
    19:10:54.0002 1256 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    19:10:54.0012 1256 dot3svc - ok
    19:10:54.0032 1256 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    19:10:54.0042 1256 DPS - ok
    19:10:54.0092 1256 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    19:10:54.0092 1256 drmkaud - ok
    19:10:54.0142 1256 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    19:10:54.0182 1256 DXGKrnl - ok
    19:10:54.0232 1256 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    19:10:54.0242 1256 EapHost - ok
    19:10:54.0342 1256 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    19:10:54.0442 1256 ebdrv - ok
    19:10:54.0482 1256 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    19:10:54.0482 1256 EFS - ok
    19:10:54.0562 1256 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    19:10:54.0582 1256 ehRecvr - ok
    19:10:54.0632 1256 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    19:10:54.0632 1256 ehSched - ok
    19:10:54.0652 1256 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    19:10:54.0672 1256 elxstor - ok
    19:10:54.0712 1256 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    19:10:54.0712 1256 ErrDev - ok
    19:10:54.0762 1256 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    19:10:54.0772 1256 EventSystem - ok
    19:10:54.0822 1256 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    19:10:54.0822 1256 exfat - ok
    19:10:54.0852 1256 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    19:10:54.0852 1256 fastfat - ok
    19:10:54.0912 1256 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    19:10:54.0932 1256 Fax - ok
    19:10:54.0972 1256 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    19:10:54.0972 1256 fdc - ok
    19:10:55.0002 1256 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    19:10:55.0002 1256 fdPHost - ok
    19:10:55.0022 1256 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    19:10:55.0022 1256 FDResPub - ok
    19:10:55.0042 1256 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    19:10:55.0042 1256 FileInfo - ok
    19:10:55.0052 1256 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    19:10:55.0052 1256 Filetrace - ok
    19:10:55.0072 1256 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    19:10:55.0072 1256 flpydisk - ok
    19:10:55.0102 1256 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    19:10:55.0112 1256 FltMgr - ok
    19:10:55.0173 1256 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    19:10:55.0213 1256 FontCache - ok
    19:10:55.0273 1256 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:10:55.0273 1256 FontCache3.0.0.0 - ok
    19:10:55.0303 1256 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    19:10:55.0303 1256 FsDepends - ok
    19:10:55.0343 1256 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    19:10:55.0343 1256 Fs_Rec - ok
    19:10:55.0393 1256 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    19:10:55.0403 1256 fvevol - ok
    19:10:55.0413 1256 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    19:10:55.0423 1256 gagp30kx - ok
    19:10:55.0453 1256 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    19:10:55.0453 1256 GEARAspiWDM - ok
    19:10:55.0523 1256 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    19:10:55.0523 1256 GoToAssist - ok
    19:10:55.0573 1256 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    19:10:55.0613 1256 gpsvc - ok
    19:10:55.0723 1256 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:10:55.0723 1256 gupdate - ok
    19:10:55.0743 1256 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:10:55.0743 1256 gupdatem - ok
    19:10:55.0783 1256 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    19:10:55.0783 1256 hcw85cir - ok
    19:10:55.0833 1256 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    19:10:55.0843 1256 HDAudBus - ok
    19:10:55.0853 1256 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    19:10:55.0853 1256 HidBatt - ok
    19:10:55.0873 1256 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    19:10:55.0873 1256 HidBth - ok
    19:10:55.0893 1256 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    19:10:55.0893 1256 HidIr - ok
    19:10:55.0933 1256 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    19:10:55.0933 1256 hidserv - ok
    19:10:55.0983 1256 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    19:10:55.0983 1256 HidUsb - ok
    19:10:56.0033 1256 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    19:10:56.0033 1256 hkmsvc - ok
    19:10:56.0083 1256 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    19:10:56.0093 1256 HomeGroupListener - ok
    19:10:56.0123 1256 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    19:10:56.0133 1256 HomeGroupProvider - ok
    19:10:56.0183 1256 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    19:10:56.0183 1256 HpSAMD - ok
    19:10:56.0253 1256 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    19:10:56.0293 1256 HTTP - ok
    19:10:56.0333 1256 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    19:10:56.0343 1256 hwpolicy - ok
    19:10:56.0383 1256 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    19:10:56.0393 1256 i8042prt - ok
    19:10:56.0463 1256 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    19:10:56.0473 1256 IAANTMON - ok
    19:10:56.0533 1256 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    19:10:56.0543 1256 iaStor - ok
    19:10:56.0600 1256 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    19:10:56.0600 1256 iaStorV - ok
    19:10:56.0678 1256 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:10:56.0709 1256 idsvc - ok
    19:10:56.0912 1256 [ BABD5F9B2BCC82CE556A0BAF1AE208A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    19:10:57.0130 1256 igfx - ok
    19:10:57.0161 1256 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    19:10:57.0161 1256 iirsp - ok
    19:10:57.0224 1256 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    19:10:57.0270 1256 IKEEXT - ok
    19:10:57.0317 1256 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    19:10:57.0317 1256 intelide - ok
    19:10:57.0348 1256 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    19:10:57.0348 1256 intelppm - ok
    19:10:57.0364 1256 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    19:10:57.0380 1256 IPBusEnum - ok
    19:10:57.0426 1256 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:10:57.0426 1256 IpFilterDriver - ok
    19:10:57.0489 1256 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    19:10:57.0504 1256 iphlpsvc - ok
    19:10:57.0551 1256 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    19:10:57.0551 1256 IPMIDRV - ok
    19:10:57.0567 1256 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    19:10:57.0567 1256 IPNAT - ok
    19:10:57.0645 1256 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    19:10:57.0676 1256 iPod Service - ok
    19:10:57.0723 1256 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    19:10:57.0723 1256 IRENUM - ok
    19:10:57.0738 1256 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    19:10:57.0754 1256 isapnp - ok
    19:10:57.0785 1256 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    19:10:57.0801 1256 iScsiPrt - ok
    19:10:57.0832 1256 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    19:10:57.0832 1256 kbdclass - ok
    19:10:57.0863 1256 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    19:10:57.0863 1256 kbdhid - ok
    19:10:57.0894 1256 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    19:10:57.0894 1256 KeyIso - ok
    19:10:57.0926 1256 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    19:10:57.0941 1256 KSecDD - ok
    19:10:57.0961 1256 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    19:10:57.0971 1256 KSecPkg - ok
    19:10:57.0991 1256 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    19:10:57.0991 1256 ksthunk - ok
    19:10:58.0031 1256 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    19:10:58.0051 1256 KtmRm - ok
    19:10:58.0091 1256 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    19:10:58.0101 1256 LanmanServer - ok
    19:10:58.0141 1256 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    19:10:58.0141 1256 LanmanWorkstation - ok
    19:10:58.0171 1256 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    19:10:58.0181 1256 lltdio - ok
    19:10:58.0211 1256 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    19:10:58.0231 1256 lltdsvc - ok
    19:10:58.0251 1256 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    19:10:58.0251 1256 lmhosts - ok
    19:10:58.0301 1256 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    19:10:58.0301 1256 LSI_FC - ok
    19:10:58.0321 1256 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    19:10:58.0321 1256 LSI_SAS - ok
    19:10:58.0341 1256 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    19:10:58.0341 1256 LSI_SAS2 - ok
    19:10:58.0361 1256 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    19:10:58.0371 1256 LSI_SCSI - ok
    19:10:58.0391 1256 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    19:10:58.0391 1256 luafv - ok
    19:10:58.0431 1256 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    19:10:58.0441 1256 Mcx2Svc - ok
    19:10:58.0461 1256 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    19:10:58.0461 1256 megasas - ok
    19:10:58.0491 1256 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    19:10:58.0491 1256 MegaSR - ok
    19:10:58.0551 1256 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    19:10:58.0551 1256 MMCSS - ok
    19:10:58.0571 1256 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    19:10:58.0571 1256 Modem - ok
    19:10:58.0601 1256 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    19:10:58.0601 1256 monitor - ok
    19:10:58.0641 1256 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    19:10:58.0641 1256 mouclass - ok
    19:10:58.0661 1256 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    19:10:58.0661 1256 mouhid - ok
    19:10:58.0701 1256 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    19:10:58.0711 1256 mountmgr - ok
    19:10:58.0771 1256 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    19:10:58.0781 1256 MozillaMaintenance - ok
    19:10:58.0801 1256 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    19:10:58.0801 1256 mpio - ok
    19:10:58.0831 1256 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    19:10:58.0831 1256 mpsdrv - ok
    19:10:58.0881 1256 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    19:10:58.0901 1256 MpsSvc - ok
    19:10:58.0941 1256 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    19:10:58.0951 1256 MRxDAV - ok
    19:10:58.0991 1256 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:10:58.0991 1256 mrxsmb - ok
    19:10:59.0021 1256 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:10:59.0021 1256 mrxsmb10 - ok
    19:10:59.0061 1256 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:10:59.0061 1256 mrxsmb20 - ok
    19:10:59.0101 1256 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    19:10:59.0101 1256 msahci - ok
    19:10:59.0131 1256 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    19:10:59.0131 1256 msdsm - ok
    19:10:59.0151 1256 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    19:10:59.0161 1256 MSDTC - ok
    19:10:59.0201 1256 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    19:10:59.0201 1256 Msfs - ok
    19:10:59.0231 1256 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    19:10:59.0231 1256 mshidkmdf - ok
    19:10:59.0261 1256 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    19:10:59.0261 1256 msisadrv - ok
    19:10:59.0301 1256 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    19:10:59.0311 1256 MSiSCSI - ok
    19:10:59.0311 1256 msiserver - ok
    19:10:59.0341 1256 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    19:10:59.0341 1256 MSKSSRV - ok
    19:10:59.0401 1256 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    19:10:59.0401 1256 MSPCLOCK - ok
    19:10:59.0421 1256 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    19:10:59.0431 1256 MSPQM - ok
    19:10:59.0471 1256 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    19:10:59.0471 1256 MsRPC - ok
    19:10:59.0491 1256 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    19:10:59.0501 1256 mssmbios - ok
    19:10:59.0521 1256 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    19:10:59.0531 1256 MSTEE - ok
    19:10:59.0541 1256 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    19:10:59.0541 1256 MTConfig - ok
    19:10:59.0571 1256 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    19:10:59.0581 1256 Mup - ok
    19:10:59.0631 1256 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    19:10:59.0641 1256 napagent - ok
    19:10:59.0691 1256 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    19:10:59.0701 1256 NativeWifiP - ok
    19:10:59.0761 1256 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    19:10:59.0781 1256 NDIS - ok
    19:10:59.0811 1256 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    19:10:59.0821 1256 NdisCap - ok
    19:10:59.0841 1256 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    19:10:59.0851 1256 NdisTapi - ok
    19:10:59.0901 1256 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    19:10:59.0901 1256 Ndisuio - ok
    19:10:59.0941 1256 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    19:10:59.0951 1256 NdisWan - ok
    19:10:59.0971 1256 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    19:10:59.0971 1256 NDProxy - ok
    19:11:00.0007 1256 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    19:11:00.0007 1256 NetBIOS - ok
    19:11:00.0038 1256 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    19:11:00.0054 1256 NetBT - ok
    19:11:00.0069 1256 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    19:11:00.0069 1256 Netlogon - ok
    19:11:00.0116 1256 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    19:11:00.0147 1256 Netman - ok
    19:11:00.0178 1256 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    19:11:00.0194 1256 netprofm - ok
    19:11:00.0235 1256 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:11:00.0235 1256 NetTcpPortSharing - ok
    19:11:00.0255 1256 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    19:11:00.0265 1256 nfrd960 - ok
    19:11:00.0315 1256 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    19:11:00.0325 1256 NlaSvc - ok
    19:11:00.0335 1256 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    19:11:00.0345 1256 Npfs - ok
    19:11:00.0365 1256 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    19:11:00.0365 1256 nsi - ok
    19:11:00.0395 1256 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    19:11:00.0395 1256 nsiproxy - ok
    19:11:00.0475 1256 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    19:11:00.0565 1256 Ntfs - ok
    19:11:00.0575 1256 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    19:11:00.0585 1256 Null - ok
    19:11:00.0625 1256 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    19:11:00.0625 1256 nvraid - ok
    19:11:00.0665 1256 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    19:11:00.0665 1256 nvstor - ok
    19:11:00.0725 1256 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    19:11:00.0735 1256 nv_agp - ok
    19:11:00.0755 1256 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    19:11:00.0765 1256 ohci1394 - ok
    19:11:00.0815 1256 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:11:00.0815 1256 ose - ok
    19:11:01.0015 1256 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    19:11:01.0155 1256 osppsvc - ok
    19:11:01.0195 1256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    19:11:01.0195 1256 p2pimsvc - ok
    19:11:01.0235 1256 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    19:11:01.0245 1256 p2psvc - ok
    19:11:01.0265 1256 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    19:11:01.0275 1256 Parport - ok
    19:11:01.0295 1256 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    19:11:01.0305 1256 partmgr - ok
    19:11:01.0325 1256 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    19:11:01.0335 1256 PcaSvc - ok
    19:11:01.0355 1256 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    19:11:01.0355 1256 pci - ok
    19:11:01.0395 1256 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    19:11:01.0405 1256 pciide - ok
    19:11:01.0425 1256 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    19:11:01.0425 1256 pcmcia - ok
    19:11:01.0455 1256 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    19:11:01.0455 1256 pcw - ok
    19:11:01.0485 1256 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    19:11:01.0505 1256 PEAUTH - ok
    19:11:01.0585 1256 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    19:11:01.0585 1256 PerfHost - ok
    19:11:01.0665 1256 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    19:11:01.0725 1256 pla - ok
    19:11:01.0775 1256 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    19:11:01.0795 1256 PlugPlay - ok
    19:11:01.0835 1256 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    19:11:01.0835 1256 PNRPAutoReg - ok
    19:11:01.0865 1256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    19:11:01.0865 1256 PNRPsvc - ok
    19:11:01.0895 1256 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    19:11:01.0895 1256 Point64 - ok
    19:11:01.0935 1256 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    19:11:01.0955 1256 PolicyAgent - ok
    19:11:01.0995 1256 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    19:11:02.0005 1256 Power - ok
    19:11:02.0035 1256 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    19:11:02.0035 1256 PptpMiniport - ok
    19:11:02.0055 1256 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    19:11:02.0065 1256 Processor - ok
    19:11:02.0105 1256 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    19:11:02.0115 1256 ProfSvc - ok
    19:11:02.0145 1256 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    19:11:02.0145 1256 ProtectedStorage - ok
    19:11:02.0195 1256 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    19:11:02.0205 1256 Psched - ok
    19:11:02.0235 1256 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    19:11:02.0245 1256 PxHlpa64 - ok
    19:11:02.0315 1256 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    19:11:02.0375 1256 ql2300 - ok
    19:11:02.0425 1256 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    19:11:02.0425 1256 ql40xx - ok
    19:11:02.0465 1256 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    19:11:02.0485 1256 QWAVE - ok
  11. ra7v

    ra7v Newcomer, in training Topic Starter Posts: 28

    19:11:02.0515 1256 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    19:11:02.0515 1256 QWAVEdrv - ok
    19:11:02.0695 1256 [ 00935D8DA2DCD34017544CFEBA97D1E7 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys
    19:11:02.0715 1256 RapportCerberus_42020 - ok
    19:11:02.0805 1256 [ 31E62EA1E2ADB1E089DD8C28EF0822A8 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
    19:11:02.0805 1256 RapportEI64 - ok
    19:11:02.0845 1256 [ 21F1ECE02BF01D548449F8F0917B0D56 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
    19:11:02.0855 1256 RapportKE64 - ok
    19:11:02.0935 1256 [ B9B6D1593F1CDE5C886C47EFA6867FAB ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    19:11:02.0975 1256 RapportMgmtService - ok
    19:11:03.0045 1256 [ DAC03D5D44C47D561EEAD03FB32FAA7D ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
    19:11:03.0045 1256 RapportPG64 - ok
    19:11:03.0095 1256 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    19:11:03.0105 1256 RasAcd - ok
    19:11:03.0155 1256 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:11:03.0155 1256 RasAgileVpn - ok
    19:11:03.0185 1256 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    19:11:03.0195 1256 RasAuto - ok
    19:11:03.0235 1256 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:11:03.0235 1256 Rasl2tp - ok
    19:11:03.0275 1256 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    19:11:03.0295 1256 RasMan - ok
    19:11:03.0315 1256 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    19:11:03.0315 1256 RasPppoe - ok
    19:11:03.0365 1256 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    19:11:03.0365 1256 RasSstp - ok
    19:11:03.0395 1256 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    19:11:03.0405 1256 rdbss - ok
    19:11:03.0425 1256 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    19:11:03.0425 1256 rdpbus - ok
    19:11:03.0445 1256 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:11:03.0445 1256 RDPCDD - ok
    19:11:03.0485 1256 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    19:11:03.0485 1256 RDPENCDD - ok
    19:11:03.0505 1256 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    19:11:03.0505 1256 RDPREFMP - ok
    19:11:03.0535 1256 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    19:11:03.0535 1256 RDPWD - ok
    19:11:03.0565 1256 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    19:11:03.0565 1256 rdyboost - ok
    19:11:03.0605 1256 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    19:11:03.0605 1256 RemoteAccess - ok
    19:11:03.0625 1256 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    19:11:03.0635 1256 RemoteRegistry - ok
    19:11:03.0655 1256 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    19:11:03.0665 1256 RpcEptMapper - ok
    19:11:03.0695 1256 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    19:11:03.0695 1256 RpcLocator - ok
    19:11:03.0725 1256 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    19:11:03.0735 1256 RpcSs - ok
    19:11:03.0765 1256 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    19:11:03.0765 1256 rspndr - ok
    19:11:03.0795 1256 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    19:11:03.0795 1256 RSUSBSTOR - ok
    19:11:03.0845 1256 [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
    19:11:03.0845 1256 s0017bus - ok
    19:11:03.0885 1256 [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
    19:11:03.0895 1256 s0017mdfl - ok
    19:11:03.0915 1256 [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
    19:11:03.0925 1256 s0017mdm - ok
    19:11:03.0965 1256 [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
    19:11:03.0965 1256 s0017mgmt - ok
    19:11:03.0995 1256 [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5 C:\Windows\system32\DRIVERS\s0017nd5.sys
    19:11:04.0005 1256 s0017nd5 - ok
    19:11:04.0045 1256 [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
    19:11:04.0055 1256 s0017obex - ok
    19:11:04.0085 1256 [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
    19:11:04.0095 1256 s0017unic - ok
    19:11:04.0125 1256 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    19:11:04.0125 1256 SamSs - ok
    19:11:04.0166 1256 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    19:11:04.0166 1256 sbp2port - ok
    19:11:04.0196 1256 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    19:11:04.0226 1256 SCardSvr - ok
    19:11:04.0266 1256 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    19:11:04.0266 1256 scfilter - ok
    19:11:04.0326 1256 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    19:11:04.0376 1256 Schedule - ok
    19:11:04.0416 1256 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    19:11:04.0416 1256 SCPolicySvc - ok
    19:11:04.0466 1256 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    19:11:04.0476 1256 SDRSVC - ok
    19:11:04.0516 1256 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    19:11:04.0516 1256 secdrv - ok
    19:11:04.0556 1256 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    19:11:04.0556 1256 seclogon - ok
    19:11:04.0619 1256 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
    19:11:04.0619 1256 seehcri - ok
    19:11:04.0650 1256 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    19:11:04.0650 1256 SENS - ok
    19:11:04.0681 1256 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    19:11:04.0681 1256 SensrSvc - ok
    19:11:04.0697 1256 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    19:11:04.0697 1256 Serenum - ok
    19:11:04.0743 1256 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    19:11:04.0743 1256 Serial - ok
    19:11:04.0775 1256 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    19:11:04.0775 1256 sermouse - ok
    19:11:04.0831 1256 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    19:11:04.0841 1256 SessionEnv - ok
    19:11:04.0881 1256 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    19:11:04.0881 1256 sffdisk - ok
    19:11:04.0891 1256 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    19:11:04.0901 1256 sffp_mmc - ok
    19:11:04.0911 1256 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    19:11:04.0911 1256 sffp_sd - ok
    19:11:04.0931 1256 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    19:11:04.0931 1256 sfloppy - ok
    19:11:04.0981 1256 [ 72CD52403EFC137290CB5A328510EBCA ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    19:11:05.0001 1256 Sftfs - ok
    19:11:05.0081 1256 [ F821B6C5D3FD23E11CBB613F61C94C98 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    19:11:05.0101 1256 sftlist - ok
    19:11:05.0151 1256 [ 31A36EF71AF36EABCC4B4F8AB8F76465 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    19:11:05.0161 1256 Sftplay - ok
    19:11:05.0221 1256 [ 2D969194FCC8EB41ED1D52863BFE7F52 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    19:11:05.0221 1256 Sftredir - ok
    19:11:05.0361 1256 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    19:11:05.0431 1256 SftService - ok
    19:11:05.0461 1256 [ 08B36D2F63AF3CA2248458A4280C0C50 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    19:11:05.0461 1256 Sftvol - ok
    19:11:05.0491 1256 [ DB7213FCB2BC1B4F0C5CC5AF344ABCD0 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    19:11:05.0491 1256 sftvsa - ok
    19:11:05.0541 1256 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    19:11:05.0551 1256 SharedAccess - ok
    19:11:05.0591 1256 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    19:11:05.0601 1256 ShellHWDetection - ok
    19:11:05.0621 1256 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    19:11:05.0631 1256 SiSRaid2 - ok
    19:11:05.0661 1256 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    19:11:05.0661 1256 SiSRaid4 - ok
    19:11:05.0731 1256 [ C70AEBD3608ED9FCEA2A1BAE83567FFC ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    19:11:05.0761 1256 SkypeUpdate - ok
    19:11:05.0791 1256 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    19:11:05.0801 1256 Smb - ok
    19:11:05.0861 1256 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    19:11:05.0861 1256 SNMPTRAP - ok
    19:11:05.0971 1256 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
    19:11:05.0971 1256 Sony Ericsson PCCompanion - ok
    19:11:06.0011 1256 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    19:11:06.0011 1256 spldr - ok
    19:11:06.0051 1256 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    19:11:06.0081 1256 Spooler - ok
    19:11:06.0201 1256 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    19:11:06.0291 1256 sppsvc - ok
    19:11:06.0331 1256 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    19:11:06.0331 1256 sppuinotify - ok
    19:11:06.0401 1256 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    19:11:06.0411 1256 srv - ok
    19:11:06.0471 1256 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    19:11:06.0501 1256 srv2 - ok
    19:11:06.0541 1256 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    19:11:06.0541 1256 srvnet - ok
    19:11:06.0581 1256 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    19:11:06.0591 1256 SSDPSRV - ok
    19:11:06.0621 1256 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    19:11:06.0621 1256 SstpSvc - ok
    19:11:06.0761 1256 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    19:11:06.0771 1256 STacSV - ok
    19:11:06.0801 1256 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    19:11:06.0811 1256 stexstor - ok
    19:11:06.0841 1256 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    19:11:06.0861 1256 STHDA - ok
    19:11:06.0911 1256 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    19:11:06.0941 1256 stisvc - ok
    19:11:06.0981 1256 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    19:11:06.0981 1256 swenum - ok
    19:11:07.0021 1256 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    19:11:07.0041 1256 swprv - ok
    19:11:07.0131 1256 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    19:11:07.0191 1256 SysMain - ok
    19:11:07.0231 1256 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    19:11:07.0231 1256 TabletInputService - ok
    19:11:07.0271 1256 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    19:11:07.0281 1256 TapiSrv - ok
    19:11:07.0291 1256 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    19:11:07.0291 1256 TBS - ok
    19:11:07.0371 1256 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    19:11:07.0421 1256 Tcpip - ok
    19:11:07.0481 1256 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    19:11:07.0501 1256 TCPIP6 - ok
    19:11:07.0521 1256 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    19:11:07.0521 1256 tcpipreg - ok
    19:11:07.0561 1256 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    19:11:07.0561 1256 TDPIPE - ok
    19:11:07.0591 1256 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    19:11:07.0601 1256 TDTCP - ok
    19:11:07.0631 1256 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    19:11:07.0641 1256 tdx - ok
    19:11:07.0681 1256 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    19:11:07.0681 1256 TermDD - ok
    19:11:07.0721 1256 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    19:11:07.0741 1256 TermService - ok
    19:11:07.0771 1256 TfFsMon - ok
    19:11:07.0781 1256 TfNetMon - ok
    19:11:07.0801 1256 TFSysMon - ok
    19:11:07.0841 1256 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    19:11:07.0841 1256 Themes - ok
    19:11:07.0871 1256 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    19:11:07.0871 1256 THREADORDER - ok
    19:11:07.0891 1256 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    19:11:07.0901 1256 TrkWks - ok
    19:11:07.0961 1256 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    19:11:07.0961 1256 TrustedInstaller - ok
    19:11:08.0011 1256 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:11:08.0011 1256 tssecsrv - ok
    19:11:08.0051 1256 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    19:11:08.0051 1256 TsUsbFlt - ok
    19:11:08.0111 1256 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    19:11:08.0111 1256 tunnel - ok
    19:11:08.0141 1256 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    19:11:08.0151 1256 uagp35 - ok
    19:11:08.0181 1256 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    19:11:08.0191 1256 udfs - ok
    19:11:08.0231 1256 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    19:11:08.0231 1256 UI0Detect - ok
    19:11:08.0291 1256 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    19:11:08.0291 1256 uliagpkx - ok
    19:11:08.0331 1256 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    19:11:08.0331 1256 umbus - ok
    19:11:08.0361 1256 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    19:11:08.0361 1256 UmPass - ok
    19:11:08.0441 1256 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
    19:11:08.0441 1256 UnlockerDriver5 - ok
    19:11:08.0461 1256 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    19:11:08.0481 1256 upnphost - ok
    19:11:08.0511 1256 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    19:11:08.0521 1256 usbccgp - ok
    19:11:08.0551 1256 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    19:11:08.0551 1256 usbcir - ok
    19:11:08.0581 1256 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    19:11:08.0581 1256 usbehci - ok
    19:11:08.0631 1256 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    19:11:08.0641 1256 usbhub - ok
    19:11:08.0661 1256 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    19:11:08.0661 1256 usbohci - ok
    19:11:08.0701 1256 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    19:11:08.0701 1256 usbprint - ok
    19:11:08.0731 1256 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    19:11:08.0741 1256 usbscan - ok
    19:11:08.0751 1256 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:11:08.0761 1256 USBSTOR - ok
    19:11:08.0781 1256 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    19:11:08.0781 1256 usbuhci - ok
    19:11:08.0831 1256 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    19:11:08.0831 1256 usbvideo - ok
    19:11:08.0861 1256 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    19:11:08.0861 1256 UxSms - ok
    19:11:08.0881 1256 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    19:11:08.0881 1256 VaultSvc - ok
    19:11:08.0911 1256 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    19:11:08.0911 1256 vdrvroot - ok
    19:11:08.0961 1256 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    19:11:08.0981 1256 vds - ok
    19:11:09.0021 1256 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    19:11:09.0021 1256 vga - ok
    19:11:09.0031 1256 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    19:11:09.0041 1256 VgaSave - ok
    19:11:09.0071 1256 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    19:11:09.0071 1256 vhdmp - ok
    19:11:09.0111 1256 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    19:11:09.0111 1256 viaide - ok
    19:11:09.0141 1256 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    19:11:09.0141 1256 volmgr - ok
    19:11:09.0181 1256 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    19:11:09.0191 1256 volmgrx - ok
    19:11:09.0211 1256 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    19:11:09.0221 1256 volsnap - ok
    19:11:09.0241 1256 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    19:11:09.0241 1256 vsmraid - ok
    19:11:09.0321 1256 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    19:11:09.0361 1256 VSS - ok
    19:11:09.0381 1256 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    19:11:09.0381 1256 vwifibus - ok
    19:11:09.0421 1256 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    19:11:09.0421 1256 vwififlt - ok
    19:11:09.0461 1256 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    19:11:09.0461 1256 vwifimp - ok
    19:11:09.0521 1256 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    19:11:09.0531 1256 W32Time - ok
    19:11:09.0561 1256 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    19:11:09.0571 1256 WacomPen - ok
    19:11:09.0621 1256 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    19:11:09.0621 1256 WANARP - ok
    19:11:09.0651 1256 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    19:11:09.0651 1256 Wanarpv6 - ok
    19:11:09.0751 1256 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    19:11:09.0811 1256 WatAdminSvc - ok
    19:11:09.0881 1256 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    19:11:09.0941 1256 wbengine - ok
    19:11:09.0971 1256 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    19:11:09.0971 1256 WbioSrvc - ok
    19:11:10.0011 1256 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    19:11:10.0021 1256 wcncsvc - ok
    19:11:10.0041 1256 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    19:11:10.0051 1256 WcsPlugInService - ok
    19:11:10.0071 1256 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    19:11:10.0081 1256 Wd - ok
    19:11:10.0131 1256 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    19:11:10.0141 1256 WDC_SAM - ok
    19:11:10.0191 1256 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    19:11:10.0211 1256 Wdf01000 - ok
    19:11:10.0231 1256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    19:11:10.0241 1256 WdiServiceHost - ok
    19:11:10.0251 1256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    19:11:10.0251 1256 WdiSystemHost - ok
    19:11:10.0301 1256 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    19:11:10.0301 1256 WebClient - ok
    19:11:10.0321 1256 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    19:11:10.0331 1256 Wecsvc - ok
    19:11:10.0351 1256 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    19:11:10.0351 1256 wercplsupport - ok
    19:11:10.0381 1256 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    19:11:10.0381 1256 WerSvc - ok
    19:11:10.0421 1256 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    19:11:10.0431 1256 WfpLwf - ok
    19:11:10.0481 1256 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
    19:11:10.0481 1256 WimFltr - ok
    19:11:10.0501 1256 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    19:11:10.0501 1256 WIMMount - ok
    19:11:10.0541 1256 WinDefend - ok
    19:11:10.0541 1256 WinHttpAutoProxySvc - ok
    19:11:10.0621 1256 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    19:11:10.0631 1256 Winmgmt - ok
    19:11:10.0731 1256 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    19:11:10.0811 1256 WinRM - ok
    19:11:10.0901 1256 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    19:11:10.0901 1256 WinUsb - ok
    19:11:10.0961 1256 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    19:11:11.0001 1256 Wlansvc - ok
    19:11:11.0141 1256 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:11:11.0211 1256 wlidsvc - ok
    19:11:11.0247 1256 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    19:11:11.0247 1256 wltrysvc - ok
    19:11:11.0294 1256 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    19:11:11.0294 1256 WmiAcpi - ok
    19:11:11.0341 1256 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    19:11:11.0341 1256 wmiApSrv - ok
    19:11:11.0372 1256 WMPNetworkSvc - ok
    19:11:11.0403 1256 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    19:11:11.0403 1256 WPCSvc - ok
    19:11:11.0450 1256 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    19:11:11.0450 1256 WPDBusEnum - ok
    19:11:11.0481 1256 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    19:11:11.0481 1256 ws2ifsl - ok
    19:11:11.0497 1256 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    19:11:11.0497 1256 wscsvc - ok
    19:11:11.0512 1256 WSearch - ok
    19:11:11.0590 1256 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    19:11:11.0668 1256 wuauserv - ok
    19:11:11.0715 1256 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    19:11:11.0715 1256 WudfPf - ok
    19:11:11.0762 1256 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:11:11.0762 1256 WUDFRd - ok
    19:11:11.0793 1256 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    19:11:11.0793 1256 wudfsvc - ok
    19:11:11.0824 1256 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    19:11:11.0824 1256 WwanSvc - ok
    19:11:11.0871 1256 [ 79D9CE9614C955DD31AA2556B4014662 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    19:11:11.0887 1256 yukonw7 - ok
    19:11:11.0902 1256 ================ Scan global ===============================
    19:11:11.0933 1256 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    19:11:11.0965 1256 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    19:11:11.0996 1256 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    19:11:12.0011 1256 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    19:11:12.0058 1256 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    19:11:12.0058 1256 [Global] - ok
    19:11:12.0058 1256 ================ Scan MBR ==================================
    19:11:12.0089 1256 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    19:11:12.0370 1256 \Device\Harddisk0\DR0 - ok
    19:11:12.0370 1256 ================ Scan VBR ==================================
    19:11:12.0370 1256 [ CE1660B4A78827026EAB557BE1BFE095 ] \Device\Harddisk0\DR0\Partition1
    19:11:12.0370 1256 \Device\Harddisk0\DR0\Partition1 - ok
    19:11:12.0401 1256 [ 54803E162A402B9B7FCB392913CF18BA ] \Device\Harddisk0\DR0\Partition2
    19:11:12.0401 1256 \Device\Harddisk0\DR0\Partition2 - ok
    19:11:12.0401 1256 ============================================================
    19:11:12.0401 1256 Scan finished
    19:11:12.0401 1256 ============================================================
    19:11:12.0417 5404 Detected object count: 0
    19:11:12.0417 5404 Actual detected object count: 0
     
  12. ra7v

    ra7v Newcomer, in training Topic Starter Posts: 28

    RogueKiller V8.0.5 [09/23/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : HELEN GC ANG [Admin rights]
    Mode : Remove -- Date : 09/25/2012 19:18:09

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 11 ¤¤¤
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
    [HJ] HKLM\[...]\Wow6432Node\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT2 +++++
    --- User ---
    [MBR] c4d2eb6db4fa2d149a8bdae7bf0bc47a
    [BSP] 850751c8bf3aab1df338e82140e3f84c : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  13. ra7v

    ra7v Newcomer, in training Topic Starter Posts: 28

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-25 19:20:53
    -----------------------------
    19:20:53.560 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:20:53.560 Number of processors: 2 586 0x170A
    19:20:53.560 ComputerName: HELENGCANG-PC UserName: HELEN GC ANG
    19:20:54.590 Initialize success
    19:24:50.140 AVAST engine defs: 12092500
    19:24:54.474 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    19:24:54.474 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
    19:24:54.494 Disk 0 MBR read successfully
    19:24:54.494 Disk 0 MBR scan
    19:24:54.514 Disk 0 Windows 7 default MBR code
    19:24:54.524 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    19:24:54.534 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
    19:24:54.554 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
    19:24:54.594 Disk 0 scanning C:\Windows\system32\drivers
    19:25:07.835 Service scanning
    19:25:34.496 Modules scanning
    19:25:34.506 Disk 0 trace - called modules:
    19:25:34.566 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    19:25:34.586 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800303f060]
    19:25:34.586 3 CLASSPNP.SYS[fffff880013d043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002eb9050]
    19:25:36.227 AVAST engine scan C:\Windows
    19:25:38.327 AVAST engine scan C:\Windows\system32
    18:30:22.292 AVAST engine scan C:\Windows\system32\drivers
    18:30:43.498 AVAST engine scan C:\Users\HELEN GC ANG
    18:33:22.817 AVAST engine scan C:\ProgramData
    18:35:08.168 Scan finished successfully
    18:38:19.550 Disk 0 MBR has been saved successfully to "C:\Users\HELEN GC ANG\Desktop\MBR.dat"
    18:38:19.560 The log file has been saved successfully to "C:\Users\HELEN GC ANG\Desktop\aswMBR.txt"
  14. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  15. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.