Inactive [A] Slow laptop suspected highly infected with malware/viruses

[ra7v]

Hi,
My Mom's laptop is a mess.
Restarting the laptop takes 15 minutes.
Also, whenever she clicks new tab on mozilla firefox, babylonsearch loads although the default site is google. Tried running avg but nothing detected. Changed config of mozillla manually but to no avail.
I suspect that this laptop is highly infected with various malwares/viruses.
I hope someone can help me run a thorough clean up of her system.

since I've done this before just recently to remove virus from my own pc, I ran farbar64 on my mom's laptop and here's the log.



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2012
Ran by SYSTEM at 24-09-2012 20:18:16
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [dldtmon.exe] "C:\Program Files (x86)\Dell V305\dldtmon.exe" [672424 2009-07-30] ()
HKLM\...\Run: [dldtamon] "C:\Program Files (x86)\Dell V305\dldtamon.exe" [16040 2009-07-30] ()
HKLM\...\Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" [770728 2010-08-09] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe" [139944 2010-08-09] ()
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [63712 2007-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s [316072 2010-08-09] ()
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot [273544 2011-07-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\Guest\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\HELEN GC ANG\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler [210208 2008-09-26] (Acresso Corporation)
HKU\HELEN GC ANG\...\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [433872 2011-10-21] (Sony Ericsson)
HKU\HELEN GC ANG\...\Run: [Google Update] "C:\Users\HELEN GC ANG\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-06] (Google Inc.)
HKU\HELEN GC ANG\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [1020816 2012-06-16] (BitTorrent, Inc.)
HKU\HELEN GC ANG\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\HELEN GC ANG\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.)
HKU\HELEN GC ANG\...\Run: [download beast] "C:\Program Files (x86)\Download Beast\DownloadBeast.exe" -h [x]
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-09] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}: [NameServer]8.8.8.8,8.8.4.4
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\Start Menu\Programs\Startup\LimeWire On Startup.lnk
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (No File)
Startup: C:\Users\HELEN GC ANG\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
2 dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe [33448 2009-07-09] ()
2 dldt_device; C:\Windows\system32\dldtcoms.exe -service [1044648 2009-07-09] ( )
2 dldt_device; C:\Windows\SysWow64\dldtcoms.exe -service [594600 2009-07-09] ( )
2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
2 dlea_device; C:\Windows\system32\dleacoms.exe -service [1052328 2010-05-21] ( )
2 dlea_device; C:\Windows\SysWow64\dleacoms.exe -service [598696 2010-05-21] ( )
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-09-06] (Trusteer Ltd.)
3 Sony Ericsson PCCompanion; "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" [155344 2011-06-29] (Avanquest Software)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
2 Browser Manager; C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]

==================== Drivers (Whitelisted) =====================

0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [397720 2012-08-20] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-09-06] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-09-06] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-09-06] (Trusteer Ltd.)
3 s0017bus; C:\Windows\System32\Drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
3 s0017mdfl; C:\Windows\System32\Drivers\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
3 s0017mdm; C:\Windows\System32\Drivers\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
3 s0017mgmt; C:\Windows\System32\Drivers\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
3 s0017nd5; C:\Windows\System32\Drivers\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
3 s0017obex; C:\Windows\System32\Drivers\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
3 s0017unic; C:\Windows\System32\Drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
3 seehcri; C:\Windows\System32\Drivers\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
2 srservice; [x]
0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x]
3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
0 TFSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-24 20:13 - 2012-09-24 20:18 - 00000000 ____D C:\FRST
2012-09-24 06:01 - 2012-09-24 06:01 - 00341392 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-24 05:55 - 2012-09-24 06:01 - 00000850 ____A C:\Windows\setupact.log
2012-09-24 05:55 - 2012-09-24 05:55 - 00000000 ____A C:\Windows\setuperr.log
2012-09-24 05:53 - 2012-09-24 05:53 - 01454399 ____A (Farbar) C:\Users\HELEN GC ANG\Desktop\FRST64.exe
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-24 02:07 - 2012-09-24 06:01 - 00000462 ___AH C:\Windows\Tasks\Norton Security Scan for HELEN GC ANG.job
2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Users\All Users\Symantec
2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Users\All Users\Application Data\Symantec
2012-09-24 02:07 - 2012-09-24 02:07 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2012-09-23 23:08 - 2012-09-23 23:08 - 00001625 ____A C:\Users\HELEN GC ANG\Desktop\DivX Movies.lnk
2012-09-18 20:42 - 2012-09-18 20:42 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\VS Revo Group
2012-09-18 20:42 - 2012-09-18 20:42 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Application Data\VS Revo Group
2012-09-18 20:42 - 2012-09-18 20:42 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Local\VS Revo Group
2012-09-14 10:33 - 2012-09-14 10:33 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Download Beast
2012-09-14 10:33 - 2012-09-14 10:33 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Application Data\Download Beast
2012-09-14 10:33 - 2012-09-14 10:33 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Local\Download Beast
2012-09-14 10:31 - 2012-09-14 10:31 - 00000000 ____D C:\Users\HELEN GC ANG\Application Data\2YourFace
2012-09-14 10:31 - 2012-09-14 10:31 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Roaming\2YourFace
2012-09-14 02:14 - 2012-09-14 02:14 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Macromedia
2012-09-14 02:14 - 2012-09-14 02:14 - 00000000 ____D C:\Users\HELEN GC ANG\Local Settings\Application Data\Macromedia
2012-09-14 02:14 - 2012-09-14 02:14 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Local\Macromedia
2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-09-14 02:00 - 2012-08-21 00:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Program Files\iTunes
2012-09-14 01:59 - 2012-09-14 02:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-09-14 01:59 - 2012-09-14 01:59 - 00000000 ____D C:\Program Files\iPod
2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\HELEN GC ANG\Application Data\PlatinumHideIP
2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\HELEN GC ANG\AppData\Roaming\PlatinumHideIP
2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\All Users\PlatinumHideIP
2012-09-05 18:02 - 2012-09-05 18:02 - 00000000 ____D C:\Users\All Users\Application Data\PlatinumHideIP

==================== 3 Months Modified Files ==================

2012-09-24 06:02 - 2011-07-13 00:55 - 00016918 ____A C:\Users\All Users\dleascan.log
2012-09-24 06:02 - 2011-07-13 00:55 - 00016918 ____A C:\Users\All Users\Application Data\dleascan.log
2012-09-24 06:02 - 2011-05-06 00:43 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-24 06:01 - 2012-09-24 06:01 - 00341392 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-24 06:01 - 2012-09-24 05:55 - 00000850 ____A C:\Windows\setupact.log
2012-09-24 06:01 - 2012-09-24 02:07 - 00000462 ___AH C:\Windows\Tasks\Norton Security Scan for HELEN GC ANG.job
2012-09-24 06:01 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-24 05:59 - 2009-07-14 00:10 - 02013739 ____A C:\Windows\WindowsUpdate.log
2012-09-24 05:58 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-24 05:58 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-24 05:57 - 2009-07-14 00:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-24 05:55 - 2012-09-24 05:55 - 00000000 ____A C:\Windows\setuperr.log
2012-09-24 05:53 - 2012-09-24 05:53 - 01454399 ____A (Farbar) C:\Users\HELEN GC ANG\Desktop\FRST64.exe
2012-09-24 05:52 - 2011-05-07 13:29 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134271179-1829282520-788597953-1000UA.job
2012-09-24 05:41 - 2011-03-27 01:06 - 00000000 ____A C:\Users\HELEN GC ANG\Desktop\Password to add other computers.txt
2012-09-24 05:40 - 2010-07-10 05:51 - 00056320 ____A C:\Users\HELEN GC ANG\My Documents\Expenses 2010.xlsx
2012-09-24 05:40 - 2010-07-10 05:51 - 00056320 ____A C:\Users\HELEN GC ANG\Documents\Expenses 2010.xlsx
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-24 05:31 - 2012-09-24 05:31 - 00079792 ____A C:\Users\HELEN GC ANG\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-24 05:14 - 2011-05-06 00:43 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-09-24 02:07 - 2012-09-24 02:07 - 00001341 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
2012-09-24 01:52 - 2011-05-07 13:29 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134271179-1829282520-788597953-1000Core.job
2012-09-23 23:08 - 2012-09-23 23:08 - 00001625 ____A C:\Users\HELEN GC ANG\Desktop\DivX Movies.lnk
2012-09-23 23:08 - 2012-04-17 03:08 - 00001114 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-09-23 23:08 - 2012-04-17 03:08 - 00001114 ____A C:\Users\All Users\Desktop\DivX Plus Player.lnk
2012-09-22 00:26 - 2012-03-16 05:10 - 00001051 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-22 00:26 - 2012-03-16 05:10 - 00001051 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-09-18 19:52 - 2010-06-23 14:40 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-17 05:40 - 2011-07-13 01:07 - 00009370 ____A C:\Users\All Users\dleaJSW.log
2012-09-17 05:40 - 2011-07-13 01:07 - 00009370 ____A C:\Users\All Users\Application Data\dleaJSW.log
2012-09-14 10:30 - 2012-08-19 09:31 - 00000413 ____A C:\user.js
2012-09-14 02:11 - 2012-05-09 08:21 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-14 02:11 - 2012-02-19 18:58 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-14 02:00 - 2012-09-14 02:00 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-09-11 00:14 - 2012-07-29 10:54 - 00000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-09-11 00:14 - 2012-07-29 10:54 - 00000967 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2012-09-06 22:07 - 2011-02-25 04:51 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2012-08-24 09:32 - 2012-06-21 12:59 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-24 09:32 - 2012-06-21 12:59 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-08-24 00:59 - 2012-08-24 09:27 - 03927560 ____A (Piriform Ltd) C:\Users\HELEN GC ANG\Downloads\CCleaner Professional + Business Edition v3.22.1800.exe
2012-08-22 08:02 - 2012-08-22 08:02 - 00000997 ____A C:\Users\HELEN GC ANG\Desktop\MiPony.lnk
2012-08-22 08:02 - 2012-08-22 08:02 - 00000997 ____A C:\Users\Guest\Desktop\MiPony.lnk
2012-08-22 08:01 - 2012-08-22 08:00 - 03974437 ____A C:\Users\HELEN GC ANG\Downloads\Mipony-Installer.exe
2012-08-21 00:01 - 2012-09-14 02:00 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 00:01 - 2010-06-20 09:47 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 00:01 - 2010-06-20 09:47 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-01 07:00 - 2012-08-01 06:59 - 03907920 ____A (Piriform Ltd) C:\Users\HELEN GC ANG\Downloads\ccsetup321.exe
2012-07-29 10:44 - 2012-07-29 10:43 - 03879800 ____A (AVG Technologies) C:\Users\HELEN GC ANG\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-07-29 10:39 - 2012-07-29 10:39 - 00001068 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-29 10:39 - 2012-07-29 10:39 - 00001068 ____A C:\Users\All Users\Desktop\VLC media player.lnk
2012-07-29 10:18 - 2012-07-29 10:17 - 22617148 ____A C:\Users\HELEN GC ANG\Downloads\vlc-2.0.3-win32.exe
2012-07-29 00:00 - 2012-07-28 23:54 - 00635392 ____A C:\Users\HELEN GC ANG\Downloads\BestCodecsPack.exe
2012-07-27 06:08 - 2012-07-24 16:47 - 02027315 ____A C:\Windows\System32\Drivers\Cat.DB
2012-07-26 06:02 - 2012-03-16 02:26 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-07-26 06:02 - 2012-03-16 02:26 - 00002491 ____A C:\Users\All Users\Desktop\Safari.lnk
2012-07-26 05:37 - 2012-07-26 05:37 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-07-26 05:37 - 2012-07-26 05:37 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-07-25 14:21 - 2012-07-25 14:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-07-21 08:31 - 2011-07-07 06:39 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-21 08:31 - 2011-07-07 06:39 - 00002515 ____A C:\Users\All Users\Desktop\Skype.lnk
2012-07-21 06:42 - 2012-07-21 06:42 - 00017408 ____A C:\Users\HELEN GC ANG\Local Settings\WebpageIcons.db
2012-07-21 06:42 - 2012-07-21 06:42 - 00017408 ____A C:\Users\HELEN GC ANG\Local Settings\Application Data\WebpageIcons.db
2012-07-21 06:42 - 2012-07-21 06:42 - 00017408 ____A C:\Users\HELEN GC ANG\AppData\Local\WebpageIcons.db
2012-07-18 13:15 - 2012-08-20 16:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 16:43 - 2012-07-17 16:43 - 02682336 ____A (Speedchecker Limited ) C:\Users\HELEN GC ANG\Downloads\pcsu_80bc0023f43348be92cb0cb1654b3c66_.exe
2012-07-16 19:20 - 2012-07-16 19:20 - 01665985 ____A C:\Users\HELEN GC ANG\Desktop\Unlocker1.9.1.exe
2012-07-16 19:17 - 2012-07-16 19:17 - 00352936 ____A (Softonic) C:\Users\HELEN GC ANG\Downloads\SoftonicDownloader_for_unlocker.exe
2012-07-11 04:27 - 2012-07-11 04:27 - 00543024 ____A (Microsoft Corporation) C:\Users\HELEN GC ANG\Downloads\IE9-Windows7-x64-enu.exe
2012-07-05 22:08 - 2011-07-13 01:03 - 00000575 ____A C:\Users\All Users\dlea.log
2012-07-05 22:08 - 2011-07-13 01:03 - 00000575 ____A C:\Users\All Users\Application Data\dlea.log
2012-07-04 17:16 - 2012-08-20 16:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 17:13 - 2012-08-20 16:05 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 17:13 - 2012-08-20 16:05 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 16:16 - 2012-08-20 16:05 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 16:14 - 2012-08-20 16:05 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 23:55 - 2012-08-20 16:09 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 23:09 - 2012-08-20 16:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 22:56 - 2012-08-20 16:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 22:49 - 2012-08-20 16:09 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 22:49 - 2012-08-20 16:09 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 22:48 - 2012-08-20 16:09 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 22:47 - 2012-08-20 16:09 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 22:45 - 2012-08-20 16:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 22:44 - 2012-08-20 16:09 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 22:43 - 2012-08-20 16:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 22:42 - 2012-08-20 16:09 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 22:40 - 2012-08-20 16:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 22:39 - 2012-08-20 16:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 22:35 - 2012-08-20 16:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 19:52 - 2012-08-20 16:09 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 19:27 - 2012-08-20 16:09 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 19:16 - 2012-08-20 16:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 19:09 - 2012-08-20 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 19:09 - 2012-08-20 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 19:08 - 2012-08-20 16:09 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 19:07 - 2012-08-20 16:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 19:06 - 2012-08-20 16:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 19:04 - 2012-08-20 16:09 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 19:04 - 2012-08-20 16:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 19:01 - 2012-08-20 16:09 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 19:01 - 2012-08-20 16:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 19:00 - 2012-08-20 16:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 18:57 - 2012-08-20 16:09 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-15 11:33:22
Restore point made on: 2012-09-18 19:52:22
Restore point made on: 2012-09-18 20:50:27
Restore point made on: 2012-09-18 20:52:57

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3032.36 MB
Available physical RAM: 2499.71 MB
Total Pagefile: 3030.51 MB
Available Pagefile: 2503.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:174.06 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (RAVI 16GB) (Removable) (Total:15.09 GB) (Free:15.09 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 6024 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E RAVI 16GB FAT32 Removable 15 GB Healthy

=========================================================

Last Boot: 2012-09-14 02:35

==================== End Of Log =============================

 

[ra7v]

Also, I ran Malwarebytes' Anti-Malware and removed detected files. log is below.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.24.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HELEN GC ANG :: HELENGCANG-PC [administrator]

24/09/2012 20:42:17
mbam-log-2012-09-24 (20-42-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222111
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 22
HKCR\CLSID\{F747745E-E5A2-4FCF-947A-984F98C732E5} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F747745E-E5A2-4FCF-947A-984F98C732E5} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F747745E-E5A2-4FCF-947A-984F98C732E5} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F747745E-E5A2-4FCF-947A-984F98C732E5} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 8
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\Users\HELEN GC ANG\Downloads\BestCodecsPack.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Users\HELEN GC ANG\Downloads\Codec-V.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\HELEN GC ANG\Downloads\CursorMania.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\HELEN GC ANG\Downloads\SoftonicDownloader_for_utorrent.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)

 

[ra7v]

Also did a DDS scan, here's the log.

DDS.TXT

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by HELEN GC ANG at 21:04:29 on 2012-09-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.1532 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dldtcoms.exe
C:\Windows\system32\dleacoms.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell V305\dldtmon.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell V305\dldtMsdMon.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mSearchAssistant = hxxp://inboxtoolbar.com/search/ie.aspx?tbid=80150
mCustomizeSearch = hxxp://inboxtoolbar.com/help/sa_customize.aspx?tbid=80150
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: 2YourFace Addon: {1185823f-f22f-4027-80e5-4f68acd5de5e} - C:\Users\HELEN GC ANG\AppData\Roaming\2YourFace\bho.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
uRun: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
uRun: [Google Update] "C:\Users\HELEN GC ANG\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [download beast] "C:\Program Files (x86)\Download Beast\DownloadBeast.exe" -h
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
mRun: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\HELENG~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}\2716736796 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}\35B4955363234393 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0DA3CAA3-A44B-4693-A535-882219FCC050}\94D60756279616C60284F64756C6 : DhcpNameServer = 202.188.1.5 202.188.0.133
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO-X64: 2YourFace Addon: {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Users\HELEN GC ANG\AppData\Roaming\2YourFace\bho.dll
BHO-X64: C:\\Users\\HELEN GC ANG\\AppData\\Roaming\\2YourFace\\bho.dll - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
mRun-x64: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s
mRun-x64: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
AppInit_DLLs-X64: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HELEN GC ANG\AppData\Roaming\Mozilla\Firefox\Profiles\f7t5bodz.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?tab=wm&scc=1&ltmpl=default&ltmplcache=2
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\HELEN GC ANG\AppData\Roaming\Mozilla\Firefox\Profiles\f7t5bodz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\HELEN GC ANG\AppData\Roaming\Mozilla\Firefox\Profiles\f7t5bodz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\HELEN GC ANG\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\HELEN GC ANG\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\HELEN GC ANG\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.claro.id - 9c3ea522000000000000904ce598d1ab
FF - user.js: extensions.claro.instlDay - 15571
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.122:31:34
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - iclaro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9c3ea522000000000000904ce598d1ab&q=
FF - user.js: extensions.BabylonToolbar.id - 9c3ea522000000000000904ce598d1ab
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15597
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1223:30:27
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - std
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114875&tt=120912_cpc_3712_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-21 397720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-9-7 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-9-7 297240]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 dldt_device;dldt_device;C:\Windows\system32\dldtcoms.exe -service --> C:\Windows\system32\dldtcoms.exe -service [?]
R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-10 155648]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-9-7 976728]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-25 1692480]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe --> C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\x64\3\dldtserv.exe [2009-7-10 33448]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\x64\3\dleaserv.exe [2011-7-13 45224]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-6 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-6 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-15 114144]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\Windows\system32\DRIVERS\s0017bus.sys --> C:\Windows\system32\DRIVERS\s0017bus.sys [?]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0017mdfl.sys --> C:\Windows\system32\DRIVERS\s0017mdfl.sys [?]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0017mdm.sys --> C:\Windows\system32\DRIVERS\s0017mdm.sys [?]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0017mgmt.sys --> C:\Windows\system32\DRIVERS\s0017mgmt.sys [?]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\Windows\system32\DRIVERS\s0017nd5.sys --> C:\Windows\system32\DRIVERS\s0017nd5.sys [?]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0017obex.sys --> C:\Windows\system32\DRIVERS\s0017obex.sys [?]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\Windows\system32\DRIVERS\s0017unic.sys --> C:\Windows\system32\DRIVERS\s0017unic.sys [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-4-27 155344]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-09-25 01:13:02 -------- d-----w- C:\FRST
2012-09-24 12:41:05 -------- d-----w- C:\Users\HELEN GC ANG\AppData\Roaming\Malwarebytes
2012-09-24 12:40:27 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-24 12:40:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-24 12:40:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-24 10:31:34 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-24 10:31:33 192600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-09-24 10:31:33 114144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-09-24 10:31:32 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-09-24 10:31:32 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-09-24 07:07:33 -------- d-----w- C:\ProgramData\Symantec
2012-09-24 07:07:26 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0307020.005
2012-09-24 07:07:26 -------- d-----w- C:\Windows\System32\drivers\NSSx64
2012-09-24 07:07:26 -------- d-----w- C:\Program Files (x86)\Norton Security Scan
2012-09-24 07:07:22 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-09-19 01:42:03 -------- d-----w- C:\Users\HELEN GC ANG\AppData\Local\VS Revo Group
2012-09-14 15:33:29 -------- d-----w- C:\Users\HELEN GC ANG\AppData\Local\Download Beast
2012-09-14 15:31:40 -------- d-----w- C:\Users\HELEN GC ANG\AppData\Roaming\2YourFace
2012-09-14 07:14:22 -------- d-----w- C:\Users\HELEN GC ANG\AppData\Local\Macromedia
2012-09-14 07:00:40 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-14 06:59:58 -------- d-----w- C:\Program Files\iPod
2012-09-14 06:59:57 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 06:59:57 -------- d-----w- C:\Program Files\iTunes
2012-09-14 06:59:57 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-05 23:02:08 -------- d-----w- C:\Users\HELEN GC ANG\AppData\Roaming\PlatinumHideIP
2012-09-05 23:02:08 -------- d-----w- C:\ProgramData\PlatinumHideIP
.
==================== Find3M ====================
.
2012-09-14 07:11:40 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 07:11:40 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-07 03:07:30 101688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-08-21 05:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 05:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-25 19:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:05:31.76 ===============

 

[ra7v]

And ATTACH.TXT


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 20/06/2010 22:20:26
System Uptime: 24/09/2012 20:54:56 (1 hours ago)
.
Motherboard: Dell Inc. | | 0T04MW
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | Microprocessor | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 174.089 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP161: 16/09/2012 00:32:58 - Removed Ask Toolbar.
RP162: 19/09/2012 08:51:56 - Windows Update
RP164: 19/09/2012 09:50:04 - Revo Uninstaller Pro's restore point - Ask Toolbar
RP165: 19/09/2012 09:52:44 - Removed Ask Toolbar.
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
Adobe® Photoshop® Album Starter Edition 3.2
Advanced Audio FX Engine
Any Video Converter 3.3.5
Apple Application Support
Apple Software Update
µTorrent
Avanquest update
Codecv
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Getting Started Guide
Dell Toolbar
Dell Webcam Central
DivX Setup
ffdshow v1.2.4422 [2012-04-09]
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
GoToAssist 8.0.0.514
Junk Mail filter update
K-Lite Codec Pack 7.2.0 (Standard)
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Office Click-to-Run 2010
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2010 - English
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
MiPony 2.0.0
mIRC
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Norton Security Scan
Quick Web Player
QuickTime
Rapport
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Burn
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.9
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Companion 2.02.002
Unlocker 1.9.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
24/09/2012 20:56:08, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TFSysMon
24/09/2012 20:55:42, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.
24/09/2012 20:55:42, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldtCATSCustConnectService service to connect.
24/09/2012 20:55:42, Error: Service Control Manager [7000] - The dleaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/09/2012 20:55:42, Error: Service Control Manager [7000] - The dldtCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/09/2012 20:55:42, Error: Service Control Manager [7000] - The Browser Manager service failed to start due to the following error: The system cannot find the file specified.
24/09/2012 19:03:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
23/09/2012 05:15:47, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
23/09/2012 05:15:47, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

I still need GMER log.

 

[ra7v]

Sorry, forgot that I did gmer too.
GMER didnt find anything so didnt post the log.
Thanks.

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

====================================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

===================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[ra7v]

Mom's sleeping, cant get her laptop now. It's 12am here in malaysia.
I'll reply with the logs once I run the scans within the next 20hrs (after work).

Thanks!

 

[Broni]

OK.

 

[ra7v]

TDSSKiller found nothing. Log below.


19:10:25.0311 4948 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:10:26.0167 4948 ============================================================
19:10:26.0167 4948 Current date / time: 2012/09/25 19:10:26.0167
19:10:26.0167 4948 SystemInfo:
19:10:26.0167 4948
19:10:26.0167 4948 OS Version: 6.1.7601 ServicePack: 1.0
19:10:26.0167 4948 Product type: Workstation
19:10:26.0167 4948 ComputerName: HELENGCANG-PC
19:10:26.0167 4948 UserName: HELEN GC ANG
19:10:26.0167 4948 Windows directory: C:\Windows
19:10:26.0167 4948 System windows directory: C:\Windows
19:10:26.0167 4948 Running under WOW64
19:10:26.0167 4948 Processor architecture: Intel x64
19:10:26.0167 4948 Number of processors: 2
19:10:26.0167 4948 Page size: 0x1000
19:10:26.0167 4948 Boot type: Normal boot
19:10:26.0167 4948 ============================================================
19:10:26.0677 4948 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:10:26.0687 4948 ============================================================
19:10:26.0687 4948 \Device\Harddisk0\DR0:
19:10:26.0687 4948 MBR partitions:
19:10:26.0687 4948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
19:10:26.0687 4948 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
19:10:26.0687 4948 ============================================================
19:10:26.0707 4948 C: <-> \Device\Harddisk0\DR0\Partition2
19:10:26.0707 4948 ============================================================
19:10:26.0707 4948 Initialize success
19:10:26.0707 4948 ============================================================
19:10:47.0487 1256 ============================================================
19:10:47.0487 1256 Scan started
19:10:47.0487 1256 Mode: Manual;
19:10:47.0487 1256 ============================================================
19:10:48.0969 1256 ================ Scan system memory ========================
19:10:48.0969 1256 System memory - ok
19:10:48.0969 1256 ================ Scan services =============================
19:10:49.0157 1256 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:10:49.0157 1256 1394ohci - ok
19:10:49.0219 1256 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:10:49.0235 1256 ACPI - ok
19:10:49.0281 1256 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:10:49.0281 1256 AcpiPmi - ok
19:10:49.0344 1256 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:10:49.0375 1256 adp94xx - ok
19:10:49.0422 1256 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:10:49.0422 1256 adpahci - ok
19:10:49.0453 1256 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:10:49.0453 1256 adpu320 - ok
19:10:49.0500 1256 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:10:49.0500 1256 AeLookupSvc - ok
19:10:49.0562 1256 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:10:49.0578 1256 AFD - ok
19:10:49.0640 1256 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:10:49.0640 1256 agp440 - ok
19:10:49.0656 1256 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:10:49.0656 1256 ALG - ok
19:10:49.0718 1256 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:10:49.0718 1256 aliide - ok
19:10:49.0734 1256 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:10:49.0734 1256 amdide - ok
19:10:49.0781 1256 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:10:49.0796 1256 AmdK8 - ok
19:10:49.0827 1256 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:10:49.0827 1256 AmdPPM - ok
19:10:49.0859 1256 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:10:49.0859 1256 amdsata - ok
19:10:49.0910 1256 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:10:49.0910 1256 amdsbs - ok
19:10:49.0930 1256 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:10:49.0930 1256 amdxata - ok
19:10:49.0980 1256 [ 1412E9A88FE1F7E35CE6058A2EF03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
19:10:49.0980 1256 ApfiltrService - ok
19:10:50.0040 1256 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:10:50.0040 1256 AppID - ok
19:10:50.0070 1256 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:10:50.0070 1256 AppIDSvc - ok
19:10:50.0110 1256 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:10:50.0120 1256 Appinfo - ok
19:10:50.0270 1256 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:10:50.0280 1256 Apple Mobile Device - ok
19:10:50.0320 1256 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:10:50.0320 1256 arc - ok
19:10:50.0350 1256 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:10:50.0350 1256 arcsas - ok
19:10:50.0390 1256 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:10:50.0390 1256 AsyncMac - ok
19:10:50.0430 1256 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:10:50.0430 1256 atapi - ok
19:10:50.0500 1256 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:10:50.0520 1256 AudioEndpointBuilder - ok
19:10:50.0540 1256 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:10:50.0540 1256 AudioSrv - ok
19:10:50.0640 1256 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
19:10:50.0640 1256 AVGIDSHA - ok
19:10:50.0720 1256 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
19:10:50.0720 1256 Avgldx64 - ok
19:10:50.0770 1256 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
19:10:50.0770 1256 Avgmfx64 - ok
19:10:50.0830 1256 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
19:10:50.0840 1256 Avgrkx64 - ok
19:10:50.0910 1256 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:10:50.0910 1256 avgwd - ok
19:10:50.0960 1256 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:10:50.0960 1256 AxInstSV - ok
19:10:51.0030 1256 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:10:51.0050 1256 b06bdrv - ok
19:10:51.0121 1256 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:10:51.0141 1256 b57nd60a - ok
19:10:51.0171 1256 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
19:10:51.0181 1256 BCM42RLY - ok
19:10:51.0281 1256 [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:10:51.0361 1256 BCM43XX - ok
19:10:51.0411 1256 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:10:51.0411 1256 BDESVC - ok
19:10:51.0461 1256 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:10:51.0471 1256 Beep - ok
19:10:51.0541 1256 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:10:51.0571 1256 BFE - ok
19:10:51.0611 1256 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:10:51.0641 1256 BITS - ok
19:10:51.0681 1256 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:10:51.0691 1256 blbdrive - ok
19:10:51.0771 1256 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:10:51.0791 1256 Bonjour Service - ok
19:10:51.0831 1256 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:10:51.0831 1256 bowser - ok
19:10:51.0871 1256 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:10:51.0871 1256 BrFiltLo - ok
19:10:51.0891 1256 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:10:51.0891 1256 BrFiltUp - ok
19:10:51.0911 1256 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:10:51.0921 1256 Browser - ok
19:10:52.0021 1256 Browser Manager - ok
19:10:52.0041 1256 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:10:52.0051 1256 Brserid - ok
19:10:52.0081 1256 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:10:52.0091 1256 BrSerWdm - ok
19:10:52.0101 1256 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:10:52.0101 1256 BrUsbMdm - ok
19:10:52.0121 1256 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:10:52.0121 1256 BrUsbSer - ok
19:10:52.0141 1256 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:10:52.0141 1256 BTHMODEM - ok
19:10:52.0201 1256 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:10:52.0201 1256 bthserv - ok
19:10:52.0231 1256 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:10:52.0241 1256 cdfs - ok
19:10:52.0301 1256 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:10:52.0311 1256 cdrom - ok
19:10:52.0351 1256 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:10:52.0361 1256 CertPropSvc - ok
19:10:52.0391 1256 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:10:52.0391 1256 circlass - ok
19:10:52.0411 1256 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:10:52.0421 1256 CLFS - ok
19:10:52.0491 1256 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:10:52.0491 1256 clr_optimization_v2.0.50727_32 - ok
19:10:52.0551 1256 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:10:52.0561 1256 clr_optimization_v2.0.50727_64 - ok
19:10:52.0661 1256 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:10:52.0691 1256 clr_optimization_v4.0.30319_32 - ok
19:10:52.0731 1256 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:10:52.0731 1256 clr_optimization_v4.0.30319_64 - ok
19:10:52.0781 1256 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:10:52.0781 1256 CmBatt - ok
19:10:52.0801 1256 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:10:52.0811 1256 cmdide - ok
19:10:52.0851 1256 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:10:52.0861 1256 CNG - ok
19:10:52.0901 1256 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:10:52.0901 1256 Compbatt - ok
19:10:52.0951 1256 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:10:52.0951 1256 CompositeBus - ok
19:10:52.0981 1256 COMSysApp - ok
19:10:52.0991 1256 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:10:53.0001 1256 crcdisk - ok
19:10:53.0031 1256 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:10:53.0031 1256 CryptSvc - ok
19:10:53.0061 1256 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:10:53.0071 1256 CtClsFlt - ok
19:10:53.0182 1256 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:10:53.0212 1256 cvhsvc - ok
19:10:53.0272 1256 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:10:53.0312 1256 DcomLaunch - ok
19:10:53.0362 1256 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:10:53.0372 1256 defragsvc - ok
19:10:53.0442 1256 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:10:53.0442 1256 DfsC - ok
19:10:53.0482 1256 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:10:53.0492 1256 Dhcp - ok
19:10:53.0522 1256 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:10:53.0522 1256 discache - ok
19:10:53.0562 1256 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:10:53.0562 1256 Disk - ok
19:10:53.0632 1256 [ 1E53C9D46995487DAE3FA9F4236DCEF1 ] dldtCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe
19:10:53.0652 1256 dldtCATSCustConnectService - ok
19:10:53.0662 1256 dldt_device - ok
19:10:53.0712 1256 [ 1017D70ABE5483F40C10B7774397D120 ] dleaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
19:10:53.0762 1256 dleaCATSCustConnectService - ok
19:10:53.0792 1256 dlea_device - ok
19:10:53.0832 1256 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:10:53.0842 1256 Dnscache - ok
19:10:53.0942 1256 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
19:10:53.0942 1256 DockLoginService - ok
19:10:54.0002 1256 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:10:54.0012 1256 dot3svc - ok
19:10:54.0032 1256 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:10:54.0042 1256 DPS - ok
19:10:54.0092 1256 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:10:54.0092 1256 drmkaud - ok
19:10:54.0142 1256 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:10:54.0182 1256 DXGKrnl - ok
19:10:54.0232 1256 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:10:54.0242 1256 EapHost - ok
19:10:54.0342 1256 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:10:54.0442 1256 ebdrv - ok
19:10:54.0482 1256 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:10:54.0482 1256 EFS - ok
19:10:54.0562 1256 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:10:54.0582 1256 ehRecvr - ok
19:10:54.0632 1256 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:10:54.0632 1256 ehSched - ok
19:10:54.0652 1256 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:10:54.0672 1256 elxstor - ok
19:10:54.0712 1256 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:10:54.0712 1256 ErrDev - ok
19:10:54.0762 1256 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:10:54.0772 1256 EventSystem - ok
19:10:54.0822 1256 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:10:54.0822 1256 exfat - ok
19:10:54.0852 1256 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:10:54.0852 1256 fastfat - ok
19:10:54.0912 1256 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:10:54.0932 1256 Fax - ok
19:10:54.0972 1256 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:10:54.0972 1256 fdc - ok
19:10:55.0002 1256 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:10:55.0002 1256 fdPHost - ok
19:10:55.0022 1256 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:10:55.0022 1256 FDResPub - ok
19:10:55.0042 1256 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:10:55.0042 1256 FileInfo - ok
19:10:55.0052 1256 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:10:55.0052 1256 Filetrace - ok
19:10:55.0072 1256 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:10:55.0072 1256 flpydisk - ok
19:10:55.0102 1256 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:10:55.0112 1256 FltMgr - ok
19:10:55.0173 1256 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:10:55.0213 1256 FontCache - ok
19:10:55.0273 1256 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:10:55.0273 1256 FontCache3.0.0.0 - ok
19:10:55.0303 1256 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:10:55.0303 1256 FsDepends - ok
19:10:55.0343 1256 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:10:55.0343 1256 Fs_Rec - ok
19:10:55.0393 1256 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:10:55.0403 1256 fvevol - ok
19:10:55.0413 1256 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:10:55.0423 1256 gagp30kx - ok
19:10:55.0453 1256 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:10:55.0453 1256 GEARAspiWDM - ok
19:10:55.0523 1256 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
19:10:55.0523 1256 GoToAssist - ok
19:10:55.0573 1256 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:10:55.0613 1256 gpsvc - ok
19:10:55.0723 1256 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:10:55.0723 1256 gupdate - ok
19:10:55.0743 1256 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:10:55.0743 1256 gupdatem - ok
19:10:55.0783 1256 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:10:55.0783 1256 hcw85cir - ok
19:10:55.0833 1256 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:10:55.0843 1256 HDAudBus - ok
19:10:55.0853 1256 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:10:55.0853 1256 HidBatt - ok
19:10:55.0873 1256 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:10:55.0873 1256 HidBth - ok
19:10:55.0893 1256 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:10:55.0893 1256 HidIr - ok
19:10:55.0933 1256 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:10:55.0933 1256 hidserv - ok
19:10:55.0983 1256 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:10:55.0983 1256 HidUsb - ok
19:10:56.0033 1256 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:10:56.0033 1256 hkmsvc - ok
19:10:56.0083 1256 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:10:56.0093 1256 HomeGroupListener - ok
19:10:56.0123 1256 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:10:56.0133 1256 HomeGroupProvider - ok
19:10:56.0183 1256 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:10:56.0183 1256 HpSAMD - ok
19:10:56.0253 1256 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:10:56.0293 1256 HTTP - ok
19:10:56.0333 1256 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:10:56.0343 1256 hwpolicy - ok
19:10:56.0383 1256 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:10:56.0393 1256 i8042prt - ok
19:10:56.0463 1256 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:10:56.0473 1256 IAANTMON - ok
19:10:56.0533 1256 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:10:56.0543 1256 iaStor - ok
19:10:56.0600 1256 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:10:56.0600 1256 iaStorV - ok
19:10:56.0678 1256 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:10:56.0709 1256 idsvc - ok
19:10:56.0912 1256 [ BABD5F9B2BCC82CE556A0BAF1AE208A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:10:57.0130 1256 igfx - ok
19:10:57.0161 1256 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:10:57.0161 1256 iirsp - ok
19:10:57.0224 1256 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:10:57.0270 1256 IKEEXT - ok
19:10:57.0317 1256 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:10:57.0317 1256 intelide - ok
19:10:57.0348 1256 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:10:57.0348 1256 intelppm - ok
19:10:57.0364 1256 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:10:57.0380 1256 IPBusEnum - ok
19:10:57.0426 1256 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:10:57.0426 1256 IpFilterDriver - ok
19:10:57.0489 1256 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:10:57.0504 1256 iphlpsvc - ok
19:10:57.0551 1256 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:10:57.0551 1256 IPMIDRV - ok
19:10:57.0567 1256 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:10:57.0567 1256 IPNAT - ok
19:10:57.0645 1256 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:10:57.0676 1256 iPod Service - ok
19:10:57.0723 1256 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:10:57.0723 1256 IRENUM - ok
19:10:57.0738 1256 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:10:57.0754 1256 isapnp - ok
19:10:57.0785 1256 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:10:57.0801 1256 iScsiPrt - ok
19:10:57.0832 1256 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:10:57.0832 1256 kbdclass - ok
19:10:57.0863 1256 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:10:57.0863 1256 kbdhid - ok
19:10:57.0894 1256 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:10:57.0894 1256 KeyIso - ok
19:10:57.0926 1256 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:10:57.0941 1256 KSecDD - ok
19:10:57.0961 1256 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:10:57.0971 1256 KSecPkg - ok
19:10:57.0991 1256 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:10:57.0991 1256 ksthunk - ok
19:10:58.0031 1256 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:10:58.0051 1256 KtmRm - ok
19:10:58.0091 1256 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:10:58.0101 1256 LanmanServer - ok
19:10:58.0141 1256 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:10:58.0141 1256 LanmanWorkstation - ok
19:10:58.0171 1256 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:10:58.0181 1256 lltdio - ok
19:10:58.0211 1256 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:10:58.0231 1256 lltdsvc - ok
19:10:58.0251 1256 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:10:58.0251 1256 lmhosts - ok
19:10:58.0301 1256 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:10:58.0301 1256 LSI_FC - ok
19:10:58.0321 1256 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:10:58.0321 1256 LSI_SAS - ok
19:10:58.0341 1256 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:10:58.0341 1256 LSI_SAS2 - ok
19:10:58.0361 1256 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:10:58.0371 1256 LSI_SCSI - ok
19:10:58.0391 1256 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:10:58.0391 1256 luafv - ok
19:10:58.0431 1256 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:10:58.0441 1256 Mcx2Svc - ok
19:10:58.0461 1256 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:10:58.0461 1256 megasas - ok
19:10:58.0491 1256 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:10:58.0491 1256 MegaSR - ok
19:10:58.0551 1256 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:10:58.0551 1256 MMCSS - ok
19:10:58.0571 1256 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:10:58.0571 1256 Modem - ok
19:10:58.0601 1256 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:10:58.0601 1256 monitor - ok
19:10:58.0641 1256 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:10:58.0641 1256 mouclass - ok
19:10:58.0661 1256 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:10:58.0661 1256 mouhid - ok
19:10:58.0701 1256 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:10:58.0711 1256 mountmgr - ok
19:10:58.0771 1256 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:10:58.0781 1256 MozillaMaintenance - ok
19:10:58.0801 1256 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:10:58.0801 1256 mpio - ok
19:10:58.0831 1256 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:10:58.0831 1256 mpsdrv - ok
19:10:58.0881 1256 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:10:58.0901 1256 MpsSvc - ok
19:10:58.0941 1256 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:10:58.0951 1256 MRxDAV - ok
19:10:58.0991 1256 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:10:58.0991 1256 mrxsmb - ok
19:10:59.0021 1256 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:10:59.0021 1256 mrxsmb10 - ok
19:10:59.0061 1256 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:10:59.0061 1256 mrxsmb20 - ok
19:10:59.0101 1256 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:10:59.0101 1256 msahci - ok
19:10:59.0131 1256 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:10:59.0131 1256 msdsm - ok
19:10:59.0151 1256 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:10:59.0161 1256 MSDTC - ok
19:10:59.0201 1256 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:10:59.0201 1256 Msfs - ok
19:10:59.0231 1256 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:10:59.0231 1256 mshidkmdf - ok
19:10:59.0261 1256 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:10:59.0261 1256 msisadrv - ok
19:10:59.0301 1256 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:10:59.0311 1256 MSiSCSI - ok
19:10:59.0311 1256 msiserver - ok
19:10:59.0341 1256 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:10:59.0341 1256 MSKSSRV - ok
19:10:59.0401 1256 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:10:59.0401 1256 MSPCLOCK - ok
19:10:59.0421 1256 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:10:59.0431 1256 MSPQM - ok
19:10:59.0471 1256 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:10:59.0471 1256 MsRPC - ok
19:10:59.0491 1256 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:10:59.0501 1256 mssmbios - ok
19:10:59.0521 1256 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:10:59.0531 1256 MSTEE - ok
19:10:59.0541 1256 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:10:59.0541 1256 MTConfig - ok
19:10:59.0571 1256 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:10:59.0581 1256 Mup - ok
19:10:59.0631 1256 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:10:59.0641 1256 napagent - ok
19:10:59.0691 1256 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:10:59.0701 1256 NativeWifiP - ok
19:10:59.0761 1256 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:10:59.0781 1256 NDIS - ok
19:10:59.0811 1256 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:10:59.0821 1256 NdisCap - ok
19:10:59.0841 1256 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:10:59.0851 1256 NdisTapi - ok
19:10:59.0901 1256 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:10:59.0901 1256 Ndisuio - ok
19:10:59.0941 1256 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:10:59.0951 1256 NdisWan - ok
19:10:59.0971 1256 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:10:59.0971 1256 NDProxy - ok
19:11:00.0007 1256 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:11:00.0007 1256 NetBIOS - ok
19:11:00.0038 1256 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:11:00.0054 1256 NetBT - ok
19:11:00.0069 1256 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:11:00.0069 1256 Netlogon - ok
19:11:00.0116 1256 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:11:00.0147 1256 Netman - ok
19:11:00.0178 1256 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:11:00.0194 1256 netprofm - ok
19:11:00.0235 1256 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:11:00.0235 1256 NetTcpPortSharing - ok
19:11:00.0255 1256 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:11:00.0265 1256 nfrd960 - ok
19:11:00.0315 1256 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:11:00.0325 1256 NlaSvc - ok
19:11:00.0335 1256 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:11:00.0345 1256 Npfs - ok
19:11:00.0365 1256 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:11:00.0365 1256 nsi - ok
19:11:00.0395 1256 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:11:00.0395 1256 nsiproxy - ok
19:11:00.0475 1256 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:11:00.0565 1256 Ntfs - ok
19:11:00.0575 1256 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:11:00.0585 1256 Null - ok
19:11:00.0625 1256 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:11:00.0625 1256 nvraid - ok
19:11:00.0665 1256 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:11:00.0665 1256 nvstor - ok
19:11:00.0725 1256 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:11:00.0735 1256 nv_agp - ok
19:11:00.0755 1256 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:11:00.0765 1256 ohci1394 - ok
19:11:00.0815 1256 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:11:00.0815 1256 ose - ok
19:11:01.0015 1256 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:11:01.0155 1256 osppsvc - ok
19:11:01.0195 1256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:11:01.0195 1256 p2pimsvc - ok
19:11:01.0235 1256 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:11:01.0245 1256 p2psvc - ok
19:11:01.0265 1256 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:11:01.0275 1256 Parport - ok
19:11:01.0295 1256 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:11:01.0305 1256 partmgr - ok
19:11:01.0325 1256 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:11:01.0335 1256 PcaSvc - ok
19:11:01.0355 1256 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:11:01.0355 1256 pci - ok
19:11:01.0395 1256 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:11:01.0405 1256 pciide - ok
19:11:01.0425 1256 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:11:01.0425 1256 pcmcia - ok
19:11:01.0455 1256 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:11:01.0455 1256 pcw - ok
19:11:01.0485 1256 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:11:01.0505 1256 PEAUTH - ok
19:11:01.0585 1256 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:11:01.0585 1256 PerfHost - ok
19:11:01.0665 1256 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:11:01.0725 1256 pla - ok
19:11:01.0775 1256 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:11:01.0795 1256 PlugPlay - ok
19:11:01.0835 1256 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:11:01.0835 1256 PNRPAutoReg - ok
19:11:01.0865 1256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:11:01.0865 1256 PNRPsvc - ok
19:11:01.0895 1256 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:11:01.0895 1256 Point64 - ok
19:11:01.0935 1256 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:11:01.0955 1256 PolicyAgent - ok
19:11:01.0995 1256 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:11:02.0005 1256 Power - ok
19:11:02.0035 1256 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:11:02.0035 1256 PptpMiniport - ok
19:11:02.0055 1256 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:11:02.0065 1256 Processor - ok
19:11:02.0105 1256 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:11:02.0115 1256 ProfSvc - ok
19:11:02.0145 1256 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:11:02.0145 1256 ProtectedStorage - ok
19:11:02.0195 1256 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:11:02.0205 1256 Psched - ok
19:11:02.0235 1256 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:11:02.0245 1256 PxHlpa64 - ok
19:11:02.0315 1256 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:11:02.0375 1256 ql2300 - ok
19:11:02.0425 1256 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:11:02.0425 1256 ql40xx - ok
19:11:02.0465 1256 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:11:02.0485 1256 QWAVE - ok

 

[ra7v]

19:11:02.0515 1256 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:11:02.0515 1256 QWAVEdrv - ok
19:11:02.0695 1256 [ 00935D8DA2DCD34017544CFEBA97D1E7 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys
19:11:02.0715 1256 RapportCerberus_42020 - ok
19:11:02.0805 1256 [ 31E62EA1E2ADB1E089DD8C28EF0822A8 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
19:11:02.0805 1256 RapportEI64 - ok
19:11:02.0845 1256 [ 21F1ECE02BF01D548449F8F0917B0D56 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
19:11:02.0855 1256 RapportKE64 - ok
19:11:02.0935 1256 [ B9B6D1593F1CDE5C886C47EFA6867FAB ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
19:11:02.0975 1256 RapportMgmtService - ok
19:11:03.0045 1256 [ DAC03D5D44C47D561EEAD03FB32FAA7D ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
19:11:03.0045 1256 RapportPG64 - ok
19:11:03.0095 1256 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:11:03.0105 1256 RasAcd - ok
19:11:03.0155 1256 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:11:03.0155 1256 RasAgileVpn - ok
19:11:03.0185 1256 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:11:03.0195 1256 RasAuto - ok
19:11:03.0235 1256 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:11:03.0235 1256 Rasl2tp - ok
19:11:03.0275 1256 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:11:03.0295 1256 RasMan - ok
19:11:03.0315 1256 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:11:03.0315 1256 RasPppoe - ok
19:11:03.0365 1256 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:11:03.0365 1256 RasSstp - ok
19:11:03.0395 1256 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:11:03.0405 1256 rdbss - ok
19:11:03.0425 1256 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:11:03.0425 1256 rdpbus - ok
19:11:03.0445 1256 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:11:03.0445 1256 RDPCDD - ok
19:11:03.0485 1256 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:11:03.0485 1256 RDPENCDD - ok
19:11:03.0505 1256 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:11:03.0505 1256 RDPREFMP - ok
19:11:03.0535 1256 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:11:03.0535 1256 RDPWD - ok
19:11:03.0565 1256 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:11:03.0565 1256 rdyboost - ok
19:11:03.0605 1256 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:11:03.0605 1256 RemoteAccess - ok
19:11:03.0625 1256 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:11:03.0635 1256 RemoteRegistry - ok
19:11:03.0655 1256 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:11:03.0665 1256 RpcEptMapper - ok
19:11:03.0695 1256 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:11:03.0695 1256 RpcLocator - ok
19:11:03.0725 1256 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:11:03.0735 1256 RpcSs - ok
19:11:03.0765 1256 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:11:03.0765 1256 rspndr - ok
19:11:03.0795 1256 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:11:03.0795 1256 RSUSBSTOR - ok
19:11:03.0845 1256 [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
19:11:03.0845 1256 s0017bus - ok
19:11:03.0885 1256 [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
19:11:03.0895 1256 s0017mdfl - ok
19:11:03.0915 1256 [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
19:11:03.0925 1256 s0017mdm - ok
19:11:03.0965 1256 [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
19:11:03.0965 1256 s0017mgmt - ok
19:11:03.0995 1256 [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5 C:\Windows\system32\DRIVERS\s0017nd5.sys
19:11:04.0005 1256 s0017nd5 - ok
19:11:04.0045 1256 [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
19:11:04.0055 1256 s0017obex - ok
19:11:04.0085 1256 [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
19:11:04.0095 1256 s0017unic - ok
19:11:04.0125 1256 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:11:04.0125 1256 SamSs - ok
19:11:04.0166 1256 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:11:04.0166 1256 sbp2port - ok
19:11:04.0196 1256 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:11:04.0226 1256 SCardSvr - ok
19:11:04.0266 1256 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:11:04.0266 1256 scfilter - ok
19:11:04.0326 1256 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:11:04.0376 1256 Schedule - ok
19:11:04.0416 1256 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:11:04.0416 1256 SCPolicySvc - ok
19:11:04.0466 1256 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:11:04.0476 1256 SDRSVC - ok
19:11:04.0516 1256 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:11:04.0516 1256 secdrv - ok
19:11:04.0556 1256 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:11:04.0556 1256 seclogon - ok
19:11:04.0619 1256 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
19:11:04.0619 1256 seehcri - ok
19:11:04.0650 1256 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:11:04.0650 1256 SENS - ok
19:11:04.0681 1256 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:11:04.0681 1256 SensrSvc - ok
19:11:04.0697 1256 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:11:04.0697 1256 Serenum - ok
19:11:04.0743 1256 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:11:04.0743 1256 Serial - ok
19:11:04.0775 1256 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:11:04.0775 1256 sermouse - ok
19:11:04.0831 1256 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:11:04.0841 1256 SessionEnv - ok
19:11:04.0881 1256 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:11:04.0881 1256 sffdisk - ok
19:11:04.0891 1256 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:11:04.0901 1256 sffp_mmc - ok
19:11:04.0911 1256 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:11:04.0911 1256 sffp_sd - ok
19:11:04.0931 1256 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:11:04.0931 1256 sfloppy - ok
19:11:04.0981 1256 [ 72CD52403EFC137290CB5A328510EBCA ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:11:05.0001 1256 Sftfs - ok
19:11:05.0081 1256 [ F821B6C5D3FD23E11CBB613F61C94C98 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:11:05.0101 1256 sftlist - ok
19:11:05.0151 1256 [ 31A36EF71AF36EABCC4B4F8AB8F76465 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:11:05.0161 1256 Sftplay - ok
19:11:05.0221 1256 [ 2D969194FCC8EB41ED1D52863BFE7F52 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:11:05.0221 1256 Sftredir - ok
19:11:05.0361 1256 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
19:11:05.0431 1256 SftService - ok
19:11:05.0461 1256 [ 08B36D2F63AF3CA2248458A4280C0C50 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:11:05.0461 1256 Sftvol - ok
19:11:05.0491 1256 [ DB7213FCB2BC1B4F0C5CC5AF344ABCD0 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:11:05.0491 1256 sftvsa - ok
19:11:05.0541 1256 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:11:05.0551 1256 SharedAccess - ok
19:11:05.0591 1256 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:11:05.0601 1256 ShellHWDetection - ok
19:11:05.0621 1256 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:11:05.0631 1256 SiSRaid2 - ok
19:11:05.0661 1256 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:11:05.0661 1256 SiSRaid4 - ok
19:11:05.0731 1256 [ C70AEBD3608ED9FCEA2A1BAE83567FFC ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:11:05.0761 1256 SkypeUpdate - ok
19:11:05.0791 1256 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:11:05.0801 1256 Smb - ok
19:11:05.0861 1256 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:11:05.0861 1256 SNMPTRAP - ok
19:11:05.0971 1256 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
19:11:05.0971 1256 Sony Ericsson PCCompanion - ok
19:11:06.0011 1256 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:11:06.0011 1256 spldr - ok
19:11:06.0051 1256 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:11:06.0081 1256 Spooler - ok
19:11:06.0201 1256 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:11:06.0291 1256 sppsvc - ok
19:11:06.0331 1256 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:11:06.0331 1256 sppuinotify - ok
19:11:06.0401 1256 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:11:06.0411 1256 srv - ok
19:11:06.0471 1256 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:11:06.0501 1256 srv2 - ok
19:11:06.0541 1256 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:11:06.0541 1256 srvnet - ok
19:11:06.0581 1256 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:11:06.0591 1256 SSDPSRV - ok
19:11:06.0621 1256 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:11:06.0621 1256 SstpSvc - ok
19:11:06.0761 1256 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
19:11:06.0771 1256 STacSV - ok
19:11:06.0801 1256 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:11:06.0811 1256 stexstor - ok
19:11:06.0841 1256 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:11:06.0861 1256 STHDA - ok
19:11:06.0911 1256 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:11:06.0941 1256 stisvc - ok
19:11:06.0981 1256 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:11:06.0981 1256 swenum - ok
19:11:07.0021 1256 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:11:07.0041 1256 swprv - ok
19:11:07.0131 1256 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:11:07.0191 1256 SysMain - ok
19:11:07.0231 1256 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:11:07.0231 1256 TabletInputService - ok
19:11:07.0271 1256 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:11:07.0281 1256 TapiSrv - ok
19:11:07.0291 1256 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:11:07.0291 1256 TBS - ok
19:11:07.0371 1256 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:11:07.0421 1256 Tcpip - ok
19:11:07.0481 1256 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:11:07.0501 1256 TCPIP6 - ok
19:11:07.0521 1256 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:11:07.0521 1256 tcpipreg - ok
19:11:07.0561 1256 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:11:07.0561 1256 TDPIPE - ok
19:11:07.0591 1256 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:11:07.0601 1256 TDTCP - ok
19:11:07.0631 1256 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:11:07.0641 1256 tdx - ok
19:11:07.0681 1256 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:11:07.0681 1256 TermDD - ok
19:11:07.0721 1256 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:11:07.0741 1256 TermService - ok
19:11:07.0771 1256 TfFsMon - ok
19:11:07.0781 1256 TfNetMon - ok
19:11:07.0801 1256 TFSysMon - ok
19:11:07.0841 1256 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:11:07.0841 1256 Themes - ok
19:11:07.0871 1256 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:11:07.0871 1256 THREADORDER - ok
19:11:07.0891 1256 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:11:07.0901 1256 TrkWks - ok
19:11:07.0961 1256 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:11:07.0961 1256 TrustedInstaller - ok
19:11:08.0011 1256 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:11:08.0011 1256 tssecsrv - ok
19:11:08.0051 1256 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:11:08.0051 1256 TsUsbFlt - ok
19:11:08.0111 1256 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:11:08.0111 1256 tunnel - ok
19:11:08.0141 1256 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:11:08.0151 1256 uagp35 - ok
19:11:08.0181 1256 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:11:08.0191 1256 udfs - ok
19:11:08.0231 1256 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:11:08.0231 1256 UI0Detect - ok
19:11:08.0291 1256 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:11:08.0291 1256 uliagpkx - ok
19:11:08.0331 1256 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:11:08.0331 1256 umbus - ok
19:11:08.0361 1256 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:11:08.0361 1256 UmPass - ok
19:11:08.0441 1256 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
19:11:08.0441 1256 UnlockerDriver5 - ok
19:11:08.0461 1256 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:11:08.0481 1256 upnphost - ok
19:11:08.0511 1256 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:11:08.0521 1256 usbccgp - ok
19:11:08.0551 1256 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:11:08.0551 1256 usbcir - ok
19:11:08.0581 1256 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:11:08.0581 1256 usbehci - ok
19:11:08.0631 1256 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:11:08.0641 1256 usbhub - ok
19:11:08.0661 1256 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:11:08.0661 1256 usbohci - ok
19:11:08.0701 1256 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:11:08.0701 1256 usbprint - ok
19:11:08.0731 1256 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:11:08.0741 1256 usbscan - ok
19:11:08.0751 1256 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:11:08.0761 1256 USBSTOR - ok
19:11:08.0781 1256 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:11:08.0781 1256 usbuhci - ok
19:11:08.0831 1256 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:11:08.0831 1256 usbvideo - ok
19:11:08.0861 1256 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:11:08.0861 1256 UxSms - ok
19:11:08.0881 1256 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:11:08.0881 1256 VaultSvc - ok
19:11:08.0911 1256 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:11:08.0911 1256 vdrvroot - ok
19:11:08.0961 1256 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:11:08.0981 1256 vds - ok
19:11:09.0021 1256 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:11:09.0021 1256 vga - ok
19:11:09.0031 1256 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:11:09.0041 1256 VgaSave - ok
19:11:09.0071 1256 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:11:09.0071 1256 vhdmp - ok
19:11:09.0111 1256 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:11:09.0111 1256 viaide - ok
19:11:09.0141 1256 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:11:09.0141 1256 volmgr - ok
19:11:09.0181 1256 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:11:09.0191 1256 volmgrx - ok
19:11:09.0211 1256 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:11:09.0221 1256 volsnap - ok
19:11:09.0241 1256 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:11:09.0241 1256 vsmraid - ok
19:11:09.0321 1256 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:11:09.0361 1256 VSS - ok
19:11:09.0381 1256 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:11:09.0381 1256 vwifibus - ok
19:11:09.0421 1256 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:11:09.0421 1256 vwififlt - ok
19:11:09.0461 1256 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:11:09.0461 1256 vwifimp - ok
19:11:09.0521 1256 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:11:09.0531 1256 W32Time - ok
19:11:09.0561 1256 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:11:09.0571 1256 WacomPen - ok
19:11:09.0621 1256 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:11:09.0621 1256 WANARP - ok
19:11:09.0651 1256 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:11:09.0651 1256 Wanarpv6 - ok
19:11:09.0751 1256 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:11:09.0811 1256 WatAdminSvc - ok
19:11:09.0881 1256 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:11:09.0941 1256 wbengine - ok
19:11:09.0971 1256 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:11:09.0971 1256 WbioSrvc - ok
19:11:10.0011 1256 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:11:10.0021 1256 wcncsvc - ok
19:11:10.0041 1256 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:11:10.0051 1256 WcsPlugInService - ok
19:11:10.0071 1256 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:11:10.0081 1256 Wd - ok
19:11:10.0131 1256 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
19:11:10.0141 1256 WDC_SAM - ok
19:11:10.0191 1256 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:11:10.0211 1256 Wdf01000 - ok
19:11:10.0231 1256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:11:10.0241 1256 WdiServiceHost - ok
19:11:10.0251 1256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:11:10.0251 1256 WdiSystemHost - ok
19:11:10.0301 1256 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:11:10.0301 1256 WebClient - ok
19:11:10.0321 1256 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:11:10.0331 1256 Wecsvc - ok
19:11:10.0351 1256 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:11:10.0351 1256 wercplsupport - ok
19:11:10.0381 1256 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:11:10.0381 1256 WerSvc - ok
19:11:10.0421 1256 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:11:10.0431 1256 WfpLwf - ok
19:11:10.0481 1256 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:11:10.0481 1256 WimFltr - ok
19:11:10.0501 1256 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:11:10.0501 1256 WIMMount - ok
19:11:10.0541 1256 WinDefend - ok
19:11:10.0541 1256 WinHttpAutoProxySvc - ok
19:11:10.0621 1256 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:11:10.0631 1256 Winmgmt - ok
19:11:10.0731 1256 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:11:10.0811 1256 WinRM - ok
19:11:10.0901 1256 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:11:10.0901 1256 WinUsb - ok
19:11:10.0961 1256 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:11:11.0001 1256 Wlansvc - ok
19:11:11.0141 1256 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:11:11.0211 1256 wlidsvc - ok
19:11:11.0247 1256 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
19:11:11.0247 1256 wltrysvc - ok
19:11:11.0294 1256 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:11:11.0294 1256 WmiAcpi - ok
19:11:11.0341 1256 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:11:11.0341 1256 wmiApSrv - ok
19:11:11.0372 1256 WMPNetworkSvc - ok
19:11:11.0403 1256 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:11:11.0403 1256 WPCSvc - ok
19:11:11.0450 1256 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:11:11.0450 1256 WPDBusEnum - ok
19:11:11.0481 1256 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:11:11.0481 1256 ws2ifsl - ok
19:11:11.0497 1256 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:11:11.0497 1256 wscsvc - ok
19:11:11.0512 1256 WSearch - ok
19:11:11.0590 1256 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:11:11.0668 1256 wuauserv - ok
19:11:11.0715 1256 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:11:11.0715 1256 WudfPf - ok
19:11:11.0762 1256 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:11:11.0762 1256 WUDFRd - ok
19:11:11.0793 1256 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:11:11.0793 1256 wudfsvc - ok
19:11:11.0824 1256 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:11:11.0824 1256 WwanSvc - ok
19:11:11.0871 1256 [ 79D9CE9614C955DD31AA2556B4014662 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:11:11.0887 1256 yukonw7 - ok
19:11:11.0902 1256 ================ Scan global ===============================
19:11:11.0933 1256 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:11:11.0965 1256 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:11:11.0996 1256 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:11:12.0011 1256 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:11:12.0058 1256 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:11:12.0058 1256 [Global] - ok
19:11:12.0058 1256 ================ Scan MBR ==================================
19:11:12.0089 1256 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:11:12.0370 1256 \Device\Harddisk0\DR0 - ok
19:11:12.0370 1256 ================ Scan VBR ==================================
19:11:12.0370 1256 [ CE1660B4A78827026EAB557BE1BFE095 ] \Device\Harddisk0\DR0\Partition1
19:11:12.0370 1256 \Device\Harddisk0\DR0\Partition1 - ok
19:11:12.0401 1256 [ 54803E162A402B9B7FCB392913CF18BA ] \Device\Harddisk0\DR0\Partition2
19:11:12.0401 1256 \Device\Harddisk0\DR0\Partition2 - ok
19:11:12.0401 1256 ============================================================
19:11:12.0401 1256 Scan finished
19:11:12.0401 1256 ============================================================
19:11:12.0417 5404 Detected object count: 0
19:11:12.0417 5404 Actual detected object count: 0

 

[ra7v]

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : HELEN GC ANG [Admin rights]
Mode : Remove -- Date : 09/25/2012 19:18:09

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ] HKLM\[...]\Wow6432Node\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT2 +++++
--- User ---
[MBR] c4d2eb6db4fa2d149a8bdae7bf0bc47a
[BSP] 850751c8bf3aab1df338e82140e3f84c : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

 

[ra7v]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-25 19:20:53
-----------------------------
19:20:53.560 OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:53.560 Number of processors: 2 586 0x170A
19:20:53.560 ComputerName: HELENGCANG-PC UserName: HELEN GC ANG
19:20:54.590 Initialize success
19:24:50.140 AVAST engine defs: 12092500
19:24:54.474 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:24:54.474 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
19:24:54.494 Disk 0 MBR read successfully
19:24:54.494 Disk 0 MBR scan
19:24:54.514 Disk 0 Windows 7 default MBR code
19:24:54.524 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:24:54.534 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
19:24:54.554 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
19:24:54.594 Disk 0 scanning C:\Windows\system32\drivers
19:25:07.835 Service scanning
19:25:34.496 Modules scanning
19:25:34.506 Disk 0 trace - called modules:
19:25:34.566 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:25:34.586 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800303f060]
19:25:34.586 3 CLASSPNP.SYS[fffff880013d043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002eb9050]
19:25:36.227 AVAST engine scan C:\Windows
19:25:38.327 AVAST engine scan C:\Windows\system32
18:30:22.292 AVAST engine scan C:\Windows\system32\drivers
18:30:43.498 AVAST engine scan C:\Users\HELEN GC ANG
18:33:22.817 AVAST engine scan C:\ProgramData
18:35:08.168 Scan finished successfully
18:38:19.550 Disk 0 MBR has been saved successfully to "C:\Users\HELEN GC ANG\Desktop\MBR.dat"
18:38:19.560 The log file has been saved successfully to "C:\Users\HELEN GC ANG\Desktop\aswMBR.txt"

 

[Broni]

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If restarting doesn't help use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.