Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Restore & User Accounts blank


  • This topic is locked This topic is locked
31 replies to this topic

#1 evelyn295

evelyn295

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:57 PM

Posted 14 August 2012 - 10:37 PM

Hi

Global Moderator Boopme suggested I post in this forum for help: http://www.bleepingcomputer.com/forums/topic462316.html/page__pid__2783013#entry2783013

I did finally manage to download and run HTAStop. I tried running SFC again but had to cancel as I don't have the CD.

Thank you for your time and for any help you can provide!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Evelyn at 21:57:15 on 2012-08-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.503.70 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://snt145.mail.live.com/default.aspx?id=64855&rru=inbox
uDefault_Page_URL = hxxp://www.dell.ca/myway
uInternet Connection Wizard,ShellNext = iexplore
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\2.0.0.16\coIEPlg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\2.0.0.16\coIEPlg.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: live.com\sn112w.snt112.mail
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344637390421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A9E09FCC-9960-432B-BBFF-DBA1A3FE569A} : DhcpNameServer = 192.168.2.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-28 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-28 353688]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\nst\0200000.010\ccSetx86.sys [2012-1-29 132744]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2011-8-20 14464]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-11-9 565552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-28 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-28 44808]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\2.0.0.16\ccSvcHst.exe [2012-1-29 138760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 MpKsl17bf8b49;MpKsl17bf8b49; [x]
S1 MpKsl1aa5ec52;MpKsl1aa5ec52; [x]
S1 MpKsl42e2fb8a;MpKsl42e2fb8a; [x]
S1 MpKsl6062df68;MpKsl6062df68; [x]
S1 MpKsl64b89e57;MpKsl64b89e57; [x]
S1 MpKsl6e8f5d27;MpKsl6e8f5d27; [x]
S3 BlackBox;BlackBox SR2; [x]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys --> c:\windows\system32\drivers\klim5.sys [?]
S3 MFE_RR;MFE_RR; [x]
S3 TfNetMon;TfNetMon; [x]
.
=============== Created Last 30 ================
.
2012-08-12 14:24:23 1409 ----a-w- c:\windows\QTFont.for
2012-08-12 09:21:03 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-08-12 09:19:20 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-08-12 09:18:20 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-08-12 09:11:50 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-08-12 09:11:06 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-08-12 09:10:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-12 09:07:42 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2012-08-12 09:06:01 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-12 09:05:42 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-12 09:05:42 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-08-12 09:05:24 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-08-12 08:24:11 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2012-08-12 08:24:11 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2012-08-12 08:24:11 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2012-08-12 08:10:58 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2012-08-12 08:09:55 8462848 ------w- c:\windows\system32\dllcache\shell32.dll
2012-08-12 08:08:59 1292288 ------w- c:\windows\system32\dllcache\quartz.dll
2012-08-12 08:08:58 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2012-08-12 08:08:46 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2012-08-12 08:08:44 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-08-12 08:08:44 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2012-08-12 07:57:32 -------- d-----w- c:\windows\system32\scripting
2012-08-12 07:57:30 -------- d-----w- c:\windows\l2schemas
2012-08-12 07:57:29 -------- d-----w- c:\windows\system32\en
2012-08-12 07:57:28 -------- d-----w- c:\windows\system32\bits
2012-08-12 07:53:20 -------- d-----w- c:\windows\network diagnostic
2012-08-12 07:48:11 -------- d-----w- c:\windows\EHome
2012-08-12 07:42:59 61952 ------w- c:\windows\system32\rasqec.dll
2012-08-12 07:41:58 9216 ------w- c:\windows\system32\dot3dlg.dll
2012-08-11 00:20:06 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-11 00:20:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-11 00:20:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-08 13:54:11 -------- d-----w- c:\documents and settings\evelyn\application data\PandoraRecovery
2012-08-08 13:54:04 -------- d-----w- c:\program files\Pandora Recovery
2012-08-08 12:40:43 -------- d-----w- c:\windows\system32\Dell
2012-07-28 05:37:36 -------- d-----w- c:\documents and settings\evelyn\application data\TrojanHunter
2012-07-19 21:21:00 -------- d-----w- c:\documents and settings\evelyn\application data\Registry Help Free
2012-07-19 21:20:54 -------- d-----w- c:\program files\Registry Help Free
2012-07-19 19:57:21 -------- d-----w- c:\documents and settings\all users\application data\ErrorEND
.
==================== Find3M ====================
.
2012-07-27 02:24:19 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 02:24:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 21:58:50.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 PM

Posted 19 August 2012 - 06:49 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 evelyn295

evelyn295
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:57 PM

Posted 19 August 2012 - 07:01 PM

Hi! I'm ready when you are. Thanks.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 PM

Posted 19 August 2012 - 07:06 PM

Please start by running aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 evelyn295

evelyn295
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:57 PM

Posted 19 August 2012 - 07:19 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 20:10:12
-----------------------------
20:10:12.875 OS Version: Windows 5.1.2600 Service Pack 3
20:10:12.875 Number of processors: 1 586 0xD08
20:10:12.875 ComputerName: D6Z25P91 UserName: Evelyn
20:10:14.468 Initialize success
20:10:16.281 AVAST engine defs: 12081901
20:10:25.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:10:25.218 Disk 0 Vendor: ST9808211A 8.03 Size: 76319MB BusType: 3
20:10:25.234 Disk 0 MBR read successfully
20:10:25.234 Disk 0 MBR scan
20:10:25.312 Disk 0 Windows XP default MBR code
20:10:25.328 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:10:25.343 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 73202 MB offset 80325
20:10:25.375 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 149998905
20:10:25.375 Disk 0 scanning sectors +156296385
20:10:25.453 Disk 0 scanning C:\WINDOWS\system32\drivers
20:10:43.812 Service scanning
20:10:59.171 Modules scanning
20:11:07.125 Disk 0 trace - called modules:
20:11:07.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:11:07.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x831d1ab8]
20:11:07.640 3 CLASSPNP.SYS[f8632fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x831ae218]
20:11:08.109 AVAST engine scan C:\WINDOWS
20:11:11.390 AVAST engine scan C:\WINDOWS\system32
20:13:16.390 AVAST engine scan C:\WINDOWS\system32\drivers
20:13:31.640 AVAST engine scan C:\Documents and Settings\Evelyn
20:15:15.906 AVAST engine scan C:\Documents and Settings\All Users
20:15:36.546 Scan finished successfully
20:17:36.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Evelyn\Desktop\MBR.dat"
20:17:36.890 The log file has been saved successfully to "C:\Documents and Settings\Evelyn\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 PM

Posted 19 August 2012 - 07:22 PM

I think we're not going to find anything malicious here - based on the previous topic anyway.

Please run OTL

  • Please download OTL
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.

Posted Image
m0le is a proud member of UNITE

#7 evelyn295

evelyn295
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:57 PM

Posted 19 August 2012 - 07:43 PM

That's good and bad news :unsure:

OTL logfile created on: 19/08/2012 8:24:05 PM - Run 3
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Evelyn\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

503.37 Mb Total Physical Memory | 92.55 Mb Available Physical Memory | 18.39% Memory free
1.19 Gb Paging File | 0.85 Gb Available in Paging File | 71.04% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.49 Gb Total Space | 60.06 Gb Free Space | 84.02% Space Free | Partition Type: NTFS

Computer Name: D6Z25P91 | User Name: Evelyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 20:23:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/19 17:53:22 | 001,800,192 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12081901\algo.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl6e8f5d27)
DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl64b89e57)
DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl6062df68)
DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl42e2fb8a)
DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl1aa5ec52)
DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl17bf8b49)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MFE_RR)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\klim5.sys -- (klim5)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Evelyn\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\AegisP.sys -- (AegisP)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/09 06:45:06 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/08/08 19:38:11 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NST\0200000.010\ccSetx86.sys -- (ccSet_NST)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2009/11/02 21:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2007/02/16 05:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fanio.sys -- (fanio)
DRV - [2006/10/18 22:47:10 | 000,542,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)
DRV - [2005/11/14 15:41:10 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys -- (Appdrv)
DRV - [2005/09/10 01:15:32 | 001,032,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/05 05:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/22 05:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 05:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 05:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/06 23:09:58 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.ca


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.ca/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.ca/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-573004545-2269936460-2197417775-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
IE - HKU\S-1-5-21-573004545-2269936460-2197417775-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://snt145.mail.live.com/default.aspx?id=64855&rru=inbox
IE - HKU\S-1-5-21-573004545-2269936460-2197417775-1006\..\SearchScopes,DefaultScope = {B91A6783-B26C-4491-A7F6-BA77C32B9977}
IE - HKU\S-1-5-21-573004545-2269936460-2197417775-1006\..\SearchScopes\{B91A6783-B26C-4491-A7F6-BA77C32B9977}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-573004545-2269936460-2197417775-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.Retrogamer_4w.com/Plugin: C:\Program Files\Retrogamer_4wEI\Installr\2.bin\NP4wEISB.dll (Retrogamer)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2012/08/19 19:24:00 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/11/06 03:46:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-573004545-2269936460-2197417775-1006\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-573004545-2269936460-2197417775-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-573004545-2269936460-2197417775-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-573004545-2269936460-2197417775-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-573004545-2269936460-2197417775-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-573004545-2269936460-2197417775-1006\..Trusted Domains: live.com ([sn112w.snt112.mail] https in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344637390421 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E09FCC-9960-432B-BBFF-DBA1A3FE569A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/19 20:23:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
[2012/08/19 20:09:51 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Evelyn\Desktop\aswMBR.exe
[2012/08/19 19:23:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Evelyn\Recent
[2012/08/14 22:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Desktop\gmer
[2012/08/14 21:55:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Evelyn\Desktop\dds.com
[2012/08/12 05:21:03 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/08/12 05:19:20 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/08/12 05:18:20 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/08/12 05:11:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/08/12 05:11:06 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/08/12 05:10:10 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/08/12 05:07:42 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2012/08/12 05:06:01 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/08/12 05:05:24 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/08/12 04:24:11 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2012/08/12 04:24:11 | 000,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2012/08/12 04:24:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2012/08/12 04:11:39 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2012/08/12 04:11:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2012/08/12 04:11:32 | 000,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2012/08/12 04:11:32 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2012/08/12 04:11:26 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2012/08/12 04:11:25 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2012/08/12 04:11:15 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2012/08/12 04:11:15 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2012/08/12 04:11:15 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2012/08/12 04:11:14 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/08/12 04:11:13 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012/08/12 04:11:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2012/08/12 04:11:09 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2012/08/12 04:11:05 | 001,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2012/08/12 04:11:02 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2012/08/12 04:10:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2012/08/12 04:10:55 | 000,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2012/08/12 04:10:52 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2012/08/12 04:10:48 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2012/08/12 04:10:44 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2012/08/12 04:10:43 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/08/12 04:10:43 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/08/12 04:10:38 | 002,192,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/08/12 04:10:38 | 002,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/08/12 04:10:37 | 002,148,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/08/12 04:10:37 | 002,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012/08/12 04:10:37 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2012/08/12 04:10:32 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2012/08/12 04:10:27 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2012/08/12 04:10:27 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2012/08/12 04:10:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2012/08/12 04:10:27 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2012/08/12 04:10:27 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxclu.dll
[2012/08/12 04:10:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2012/08/12 04:10:24 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2012/08/12 04:10:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2012/08/12 04:10:15 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2012/08/12 04:10:11 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2012/08/12 04:10:04 | 001,866,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/08/12 04:09:55 | 008,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2012/08/12 04:09:51 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2012/08/12 04:09:40 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2012/08/12 04:09:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2012/08/12 04:09:40 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2012/08/12 04:09:35 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2012/08/12 04:09:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2012/08/12 04:09:35 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2012/08/12 04:09:35 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2012/08/12 04:09:35 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2012/08/12 04:09:31 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2012/08/12 04:09:24 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2012/08/12 04:09:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2012/08/12 04:09:13 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
[2012/08/12 04:09:09 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2012/08/12 04:09:06 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2012/08/12 04:09:03 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2012/08/12 04:08:58 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2012/08/12 04:08:46 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2012/08/12 03:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/08/12 03:57:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/08/12 03:57:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/08/12 03:57:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/08/12 03:53:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/08/12 03:48:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/08/12 03:48:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2012/08/12 03:43:23 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2012/08/12 03:43:20 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2012/08/12 03:43:20 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2012/08/12 03:43:20 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2012/08/12 03:43:20 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2012/08/12 03:43:20 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2012/08/12 03:43:20 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2012/08/12 03:43:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2012/08/12 03:43:19 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2012/08/12 03:43:15 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2012/08/12 03:43:10 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2012/08/12 03:43:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2012/08/12 03:43:08 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2012/08/12 03:43:08 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2012/08/12 03:43:08 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2012/08/12 03:43:08 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2012/08/12 03:43:08 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2012/08/12 03:43:08 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2012/08/12 03:43:08 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2012/08/12 03:43:08 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2012/08/12 03:43:08 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2012/08/12 03:43:08 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2012/08/12 03:43:08 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2012/08/12 03:43:08 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2012/08/12 03:43:05 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2012/08/12 03:43:03 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2012/08/12 03:43:03 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2012/08/12 03:43:02 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2012/08/12 03:43:02 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2012/08/12 03:43:02 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2012/08/12 03:42:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2012/08/12 03:42:58 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2012/08/12 03:42:50 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2012/08/12 03:42:45 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2012/08/12 03:42:45 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2012/08/12 03:42:45 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2012/08/12 03:42:45 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2012/08/12 03:42:45 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2012/08/12 03:42:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2012/08/12 03:42:45 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2012/08/12 03:42:45 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2012/08/12 03:42:45 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2012/08/12 03:42:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2012/08/12 03:42:45 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2012/08/12 03:42:43 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2012/08/12 03:42:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2012/08/12 03:42:31 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2012/08/12 03:42:31 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2012/08/12 03:42:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2012/08/12 03:42:31 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2012/08/12 03:42:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2012/08/12 03:42:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2012/08/12 03:42:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2012/08/12 03:42:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2012/08/12 03:42:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2012/08/12 03:42:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2012/08/12 03:42:09 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2012/08/12 03:42:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2012/08/12 03:42:04 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2012/08/12 03:42:04 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2012/08/12 03:42:04 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2012/08/12 03:42:03 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2012/08/12 03:41:58 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2012/08/12 03:41:58 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2012/08/12 03:41:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2012/08/12 03:41:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2012/08/12 03:41:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2012/08/12 03:41:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2012/08/12 03:41:50 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2012/08/12 03:41:49 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2012/08/12 03:41:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2012/08/12 03:41:48 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2012/08/12 03:41:48 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2012/08/12 03:41:48 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2012/08/12 03:41:48 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2012/08/12 03:41:48 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2012/08/12 03:41:48 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2012/08/12 03:41:48 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2012/08/12 03:41:48 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2012/08/12 03:41:47 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2012/08/12 03:41:47 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2012/08/12 03:41:47 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2012/08/12 03:41:47 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2012/08/12 03:41:47 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2012/08/12 03:41:47 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2012/08/12 03:41:47 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2012/08/12 03:41:47 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2012/08/12 03:41:47 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2012/08/12 03:41:47 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2012/08/12 03:41:47 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2012/08/12 03:41:47 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2012/08/12 03:41:47 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2012/08/12 03:41:47 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2012/08/12 03:41:47 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2012/08/12 03:41:47 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2012/08/12 03:41:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2012/08/12 03:41:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2012/08/12 03:41:47 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2012/08/12 03:41:46 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2012/08/12 03:41:46 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2012/08/12 03:41:46 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2012/08/12 03:41:46 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2012/08/12 03:41:46 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2012/08/12 03:41:46 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2012/08/12 03:41:45 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2012/08/12 03:41:45 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2012/08/12 03:41:45 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2012/08/12 03:41:45 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2012/08/12 03:41:42 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2012/08/12 03:41:42 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2012/08/12 03:41:42 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2012/08/12 03:41:42 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2012/08/12 03:41:42 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2012/08/12 03:41:42 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2012/08/12 03:41:42 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2012/08/12 03:41:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2012/08/10 20:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/10 20:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/10 20:20:04 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/10 20:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/09 20:34:48 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx
[2012/08/08 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Application Data\PandoraRecovery
[2012/08/08 09:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pandora Recovery
[2012/08/08 09:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery
[2012/08/08 08:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Dell
[2012/07/28 01:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Application Data\TrojanHunter
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/19 20:23:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
[2012/08/19 20:17:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Evelyn\Desktop\MBR.dat
[2012/08/19 20:09:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Evelyn\Desktop\aswMBR.exe
[2012/08/19 19:24:16 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/19 19:23:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/19 19:23:17 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/18 04:57:28 | 000,002,272 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/17 10:41:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/17 10:41:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/16 14:02:26 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2012/08/15 21:41:36 | 000,105,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/14 22:06:16 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Evelyn\Desktop\gmer.zip
[2012/08/14 21:55:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Evelyn\Desktop\dds.com
[2012/08/14 21:49:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Evelyn\defogger_reenable
[2012/08/14 21:45:52 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Evelyn\Desktop\Defogger.exe
[2012/08/12 10:25:37 | 000,111,808 | ---- | M] () -- C:\Documents and Settings\Evelyn\My Documents\cc_20120812_102532.reg
[2012/08/12 10:24:23 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/08/12 10:24:23 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/08/12 10:07:08 | 000,435,096 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/12 10:07:08 | 000,069,190 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/12 03:53:01 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/08/10 16:34:34 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\thxcfg.ini
[2012/08/10 08:42:11 | 000,002,562 | ---- | M] () -- C:\Documents and Settings\Evelyn\My Documents\cc_20120810_084202.reg
[2012/07/27 05:35:01 | 001,724,191 | ---- | M] () -- C:\Documents and Settings\Evelyn\My Documents\Sony Tv Manual
[2012/07/26 21:49:12 | 000,368,090 | ---- | M] () -- C:\Documents and Settings\Evelyn\My Documents\mom's bell bill july 8
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/19 20:17:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Evelyn\Desktop\MBR.dat
[2012/08/14 22:06:14 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Evelyn\Desktop\gmer.zip
[2012/08/14 21:49:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Evelyn\defogger_reenable
[2012/08/14 21:45:50 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Evelyn\Desktop\Defogger.exe
[2012/08/14 21:17:47 | 527,892,480 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/12 10:25:34 | 000,111,808 | ---- | C] () -- C:\Documents and Settings\Evelyn\My Documents\cc_20120812_102532.reg
[2012/08/12 10:24:23 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/08/12 10:24:23 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/08/12 05:05:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/12 05:05:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/08/12 04:08:59 | 001,292,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2012/08/12 03:42:47 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/08/12 03:42:12 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2012/08/12 03:41:54 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2012/08/12 03:41:47 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2012/08/10 16:34:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2012/08/10 08:42:09 | 000,002,562 | ---- | C] () -- C:\Documents and Settings\Evelyn\My Documents\cc_20120810_084202.reg
[2012/08/08 09:05:46 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Evelyn\Start Menu\Programs\Outlook Express.lnk
[2012/07/27 05:56:04 | 001,724,191 | ---- | C] () -- C:\Documents and Settings\Evelyn\My Documents\Sony Tv Manual
[2012/07/26 21:51:20 | 000,368,090 | ---- | C] () -- C:\Documents and Settings\Evelyn\My Documents\mom's bell bill july 8
[2011/11/09 07:03:45 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\WebpageIcons.db
[2011/11/09 06:49:57 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/11/09 06:49:57 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/11/07 22:32:29 | 000,203,156 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\census.cache
[2011/11/07 22:31:43 | 000,143,462 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\ars.cache
[2011/11/07 17:35:24 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\housecall.guid.cache
[2011/11/06 03:40:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/06 03:40:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/06 03:40:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/06 03:40:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/06 03:40:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/24 20:49:18 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\PFP120JPR.{PB
[2011/09/24 20:49:18 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\PFP120JCM.{PB
[2011/08/04 06:40:16 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2011/08/02 09:12:30 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/15 22:56:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/07/15 22:45:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2011/03/11 13:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2006/03/17 14:57:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

< End of report >

#8 evelyn295

evelyn295
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:57 PM

Posted 19 August 2012 - 11:42 PM

Does the above OTL log reveal anything? Do you have any further recommendations? Thanks.

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 PM

Posted 20 August 2012 - 05:34 PM

There are some things on the log which I have seen on recent malware-infected machines so let's see what we can find.

First, let's deal with the log items

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TfNetMon)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl6e8f5d27)
    DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl64b89e57)
    DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl6062df68)
    DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl42e2fb8a)
    DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl1aa5ec52)
    DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl17bf8b49)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MFE_RR)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
    O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
    :files
    C:\WINDOWS\system32\nusrmgr.cpl
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Please run TDSSKiller too

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#10 evelyn295

evelyn295
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:57 PM

Posted 20 August 2012 - 06:22 PM

Hi again! Here are the logs. Thanks.

========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service wanatw stopped successfully!
Service wanatw deleted successfully!
File system32\DRIVERS\wanatw4.sys not found.
Service TfSysMon stopped successfully!
Service TfSysMon deleted successfully!
File system32\drivers\TfSysMon.sys not found.
Service TfNetMon stopped successfully!
Service TfNetMon deleted successfully!
Service TfFsMon stopped successfully!
Service TfFsMon deleted successfully!
File system32\drivers\TfFsMon.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service MpKsl6e8f5d27 stopped successfully!
Service MpKsl6e8f5d27 deleted successfully!
Service MpKsl64b89e57 stopped successfully!
Service MpKsl64b89e57 deleted successfully!
Service MpKsl6062df68 stopped successfully!
Service MpKsl6062df68 deleted successfully!
Service MpKsl42e2fb8a stopped successfully!
Service MpKsl42e2fb8a deleted successfully!
Service MpKsl1aa5ec52 stopped successfully!
Service MpKsl1aa5ec52 deleted successfully!
Service MpKsl17bf8b49 stopped successfully!
Service MpKsl17bf8b49 deleted successfully!
Service MFE_RR stopped successfully!
Service MFE_RR deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\AutorunsDisabled\ deleted successfully.
File Protocol\Handler\AutorunsDisabled - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\nusrmgr.cpl moved successfully.

OTL by OldTimer - Version 3.2.58.1 log created on 08202012_191248




19:18:07.0750 1296 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
19:18:08.0359 1296 ============================================================
19:18:08.0359 1296 Current date / time: 2012/08/20 19:18:08.0359
19:18:08.0359 1296 SystemInfo:
19:18:08.0359 1296
19:18:08.0359 1296 OS Version: 5.1.2600 ServicePack: 3.0
19:18:08.0359 1296 Product type: Workstation
19:18:08.0359 1296 ComputerName: D6Z25P91
19:18:08.0359 1296 UserName: Evelyn
19:18:08.0359 1296 Windows directory: C:\WINDOWS
19:18:08.0359 1296 System windows directory: C:\WINDOWS
19:18:08.0359 1296 Processor architecture: Intel x86
19:18:08.0359 1296 Number of processors: 1
19:18:08.0359 1296 Page size: 0x1000
19:18:08.0359 1296 Boot type: Normal boot
19:18:08.0359 1296 ============================================================
19:18:09.0953 1296 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:18:10.0000 1296 ============================================================
19:18:10.0000 1296 \Device\Harddisk0\DR0:
19:18:10.0000 1296 MBR partitions:
19:18:10.0000 1296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8EF9374
19:18:10.0000 1296 ============================================================
19:18:10.0046 1296 C: <-> \Device\Harddisk0\DR0\Partition1
19:18:10.0078 1296 ============================================================
19:18:10.0078 1296 Initialize success
19:18:10.0078 1296 ============================================================
19:18:28.0828 3916 ============================================================
19:18:28.0828 3916 Scan started
19:18:28.0828 3916 Mode: Manual;
19:18:28.0828 3916 ============================================================
19:18:29.0921 3916 ================ Scan system memory ========================
19:18:29.0921 3916 System memory - ok
19:18:29.0921 3916 ================ Scan services =============================
19:18:30.0000 3916 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:18:30.0000 3916 !SASCORE - ok
19:18:30.0156 3916 [ 0B27AE82C113D3687024D18459440426 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
19:18:30.0156 3916 Aavmker4 - ok
19:18:30.0187 3916 Abiosdsk - ok
19:18:30.0312 3916 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:18:30.0312 3916 abp480n5 - ok
19:18:30.0375 3916 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:18:30.0390 3916 ACPI - ok
19:18:30.0421 3916 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:18:30.0421 3916 ACPIEC - ok
19:18:30.0437 3916 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:18:30.0437 3916 adpu160m - ok
19:18:30.0468 3916 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:18:30.0484 3916 aec - ok
19:18:30.0500 3916 AegisP - ok
19:18:30.0531 3916 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:18:30.0546 3916 AFD - ok
19:18:30.0578 3916 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
19:18:30.0578 3916 agp440 - ok
19:18:30.0609 3916 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:18:30.0609 3916 agpCPQ - ok
19:18:30.0640 3916 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:18:30.0640 3916 Aha154x - ok
19:18:30.0656 3916 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:18:30.0656 3916 aic78u2 - ok
19:18:30.0687 3916 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:18:30.0687 3916 aic78xx - ok
19:18:30.0750 3916 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:18:30.0750 3916 Alerter - ok
19:18:30.0781 3916 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:18:30.0781 3916 ALG - ok
19:18:30.0812 3916 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
19:18:30.0812 3916 AliIde - ok
19:18:30.0843 3916 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:18:30.0843 3916 alim1541 - ok
19:18:30.0859 3916 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:18:30.0859 3916 amdagp - ok
19:18:30.0890 3916 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
19:18:30.0906 3916 amsint - ok
19:18:30.0953 3916 [ EC94E05B76D033B74394E7B2175103CF ] Appdrv C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys
19:18:30.0968 3916 Appdrv - ok
19:18:31.0031 3916 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
19:18:31.0031 3916 asc - ok
19:18:31.0046 3916 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:18:31.0046 3916 asc3350p - ok
19:18:31.0093 3916 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:18:31.0093 3916 asc3550 - ok
19:18:31.0312 3916 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:18:31.0312 3916 aspnet_state - ok
19:18:31.0359 3916 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:18:31.0375 3916 aswFsBlk - ok
19:18:31.0421 3916 [ 9E912FE7B41650701EF2B227ACA440F3 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
19:18:31.0421 3916 aswMon2 - ok
19:18:31.0468 3916 [ 982E275D1C5801042FE94209FB0160FB ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
19:18:31.0484 3916 aswRdr - ok
19:18:31.0546 3916 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
19:18:31.0609 3916 aswSnx - ok
19:18:31.0640 3916 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
19:18:31.0656 3916 aswSP - ok
19:18:31.0687 3916 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
19:18:31.0687 3916 aswTdi - ok
19:18:31.0734 3916 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:18:31.0734 3916 AsyncMac - ok
19:18:31.0765 3916 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:18:31.0765 3916 atapi - ok
19:18:31.0781 3916 Atdisk - ok
19:18:31.0812 3916 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:18:31.0812 3916 Atmarpc - ok
19:18:31.0843 3916 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:18:31.0859 3916 AudioSrv - ok
19:18:31.0890 3916 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:18:31.0906 3916 audstub - ok
19:18:31.0984 3916 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:18:31.0984 3916 avast! Antivirus - ok
19:18:32.0062 3916 [ C3AB2D6954C7B5103770832A3A6A591B ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:18:32.0093 3916 BCM43XX - ok
19:18:32.0125 3916 [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:18:32.0140 3916 bcm4sbxp - ok
19:18:32.0171 3916 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:18:32.0171 3916 Beep - ok
19:18:32.0312 3916 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:18:32.0375 3916 BITS - ok
19:18:32.0375 3916 BlackBox - ok
19:18:32.0421 3916 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:18:32.0421 3916 Browser - ok
19:18:32.0437 3916 catchme - ok
19:18:32.0453 3916 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:18:32.0484 3916 cbidf - ok
19:18:32.0500 3916 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:18:32.0500 3916 cbidf2k - ok
19:18:32.0562 3916 [ 2B2F9B4A08190334A9C36446B208BAE9 ] ccSet_NST C:\WINDOWS\system32\drivers\NST\0200000.010\ccSetx86.sys
19:18:32.0578 3916 ccSet_NST - ok
19:18:32.0609 3916 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:18:32.0609 3916 cd20xrnt - ok
19:18:32.0640 3916 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:18:32.0640 3916 Cdaudio - ok
19:18:32.0671 3916 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:18:32.0671 3916 Cdfs - ok
19:18:32.0703 3916 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:18:32.0703 3916 Cdrom - ok
19:18:32.0750 3916 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:18:32.0750 3916 CiSvc - ok
19:18:32.0765 3916 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:18:32.0765 3916 ClipSrv - ok
19:18:32.0796 3916 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:18:32.0812 3916 clr_optimization_v2.0.50727_32 - ok
19:18:32.0859 3916 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:18:32.0859 3916 CmBatt - ok
19:18:32.0875 3916 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:18:32.0890 3916 CmdIde - ok
19:18:32.0906 3916 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:18:32.0906 3916 Compbatt - ok
19:18:32.0921 3916 COMSysApp - ok
19:18:32.0953 3916 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:18:32.0953 3916 Cpqarray - ok
19:18:33.0000 3916 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:18:33.0000 3916 CryptSvc - ok
19:18:33.0046 3916 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:18:33.0062 3916 dac2w2k - ok
19:18:33.0078 3916 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:18:33.0078 3916 dac960nt - ok
19:18:33.0125 3916 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:18:33.0171 3916 DcomLaunch - ok
19:18:33.0312 3916 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:18:33.0328 3916 Dhcp - ok
19:18:33.0359 3916 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:18:33.0359 3916 Disk - ok
19:18:33.0390 3916 dmadmin - ok
19:18:33.0437 3916 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:18:33.0468 3916 dmboot - ok
19:18:33.0515 3916 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:18:33.0515 3916 dmio - ok
19:18:33.0546 3916 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:18:33.0546 3916 dmload - ok
19:18:33.0593 3916 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:18:33.0609 3916 dmserver - ok
19:18:33.0625 3916 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:18:33.0625 3916 DMusic - ok
19:18:33.0671 3916 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:18:33.0671 3916 Dnscache - ok
19:18:33.0734 3916 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:18:33.0734 3916 Dot3svc - ok
19:18:33.0765 3916 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:18:33.0765 3916 dpti2o - ok
19:18:33.0781 3916 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:18:33.0796 3916 drmkaud - ok
19:18:33.0843 3916 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:18:33.0843 3916 E100B - ok
19:18:33.0890 3916 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:18:33.0890 3916 EapHost - ok
19:18:33.0937 3916 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:18:33.0937 3916 ERSvc - ok
19:18:33.0968 3916 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:18:34.0000 3916 Eventlog - ok
19:18:34.0078 3916 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:18:34.0078 3916 EventSystem - ok
19:18:34.0125 3916 [ 0DD24DABB0B8C4AC0D8F2EBF0492276A ] fanio C:\WINDOWS\system32\drivers\fanio.sys
19:18:34.0140 3916 fanio - ok
19:18:34.0281 3916 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:18:34.0296 3916 Fastfat - ok
19:18:34.0328 3916 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:18:34.0359 3916 FastUserSwitchingCompatibility - ok
19:18:34.0390 3916 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
19:18:34.0406 3916 Fax - ok
19:18:34.0437 3916 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:18:34.0437 3916 Fdc - ok
19:18:34.0453 3916 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:18:34.0453 3916 Fips - ok
19:18:34.0484 3916 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:18:34.0500 3916 Flpydisk - ok
19:18:34.0546 3916 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:18:34.0546 3916 FltMgr - ok
19:18:34.0609 3916 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:18:34.0609 3916 FontCache3.0.0.0 - ok
19:18:34.0640 3916 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:18:34.0640 3916 Fs_Rec - ok
19:18:34.0671 3916 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:18:34.0687 3916 Ftdisk - ok
19:18:34.0718 3916 [ 6F55305289A0765BD8AE8E8D32F17117 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:18:34.0718 3916 GEARAspiWDM - ok
19:18:34.0750 3916 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:18:34.0765 3916 Gpc - ok
19:18:34.0812 3916 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:18:34.0828 3916 HDAudBus - ok
19:18:34.0890 3916 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:18:34.0890 3916 helpsvc - ok
19:18:34.0937 3916 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:18:34.0937 3916 HidServ - ok
19:18:34.0984 3916 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:18:34.0984 3916 HidUsb - ok
19:18:35.0015 3916 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:18:35.0031 3916 hkmsvc - ok
19:18:35.0046 3916 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
19:18:35.0046 3916 hpn - ok
19:18:35.0078 3916 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
19:18:35.0093 3916 HSFHWAZL - ok
19:18:35.0171 3916 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:18:35.0312 3916 HSF_DPV - ok
19:18:35.0359 3916 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:18:35.0359 3916 HTTP - ok
19:18:35.0406 3916 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:18:35.0437 3916 HTTPFilter - ok
19:18:35.0468 3916 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
19:18:35.0484 3916 i2omgmt - ok
19:18:35.0515 3916 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:18:35.0515 3916 i2omp - ok
19:18:35.0546 3916 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:18:35.0562 3916 i8042prt - ok
19:18:35.0656 3916 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:18:35.0718 3916 ialm - ok
19:18:35.0796 3916 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:18:35.0828 3916 idsvc - ok
19:18:35.0843 3916 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:18:35.0843 3916 Imapi - ok
19:18:35.0890 3916 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:18:35.0906 3916 ImapiService - ok
19:18:35.0953 3916 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:18:35.0953 3916 ini910u - ok
19:18:36.0000 3916 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:18:36.0000 3916 IntelIde - ok
19:18:36.0031 3916 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:18:36.0031 3916 intelppm - ok
19:18:36.0078 3916 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:18:36.0078 3916 Ip6Fw - ok
19:18:36.0093 3916 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:18:36.0109 3916 IpFilterDriver - ok
19:18:36.0140 3916 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:18:36.0156 3916 IpInIp - ok
19:18:36.0296 3916 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:18:36.0296 3916 IpNat - ok
19:18:36.0328 3916 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:18:36.0328 3916 IPSec - ok
19:18:36.0359 3916 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:18:36.0359 3916 IRENUM - ok
19:18:36.0390 3916 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:18:36.0406 3916 isapnp - ok
19:18:36.0484 3916 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
19:18:36.0484 3916 JavaQuickStarterService - ok
19:18:36.0531 3916 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:18:36.0531 3916 Kbdclass - ok
19:18:36.0593 3916 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
19:18:36.0593 3916 KL1 - ok
19:18:36.0625 3916 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
19:18:36.0625 3916 kl2 - ok
19:18:36.0703 3916 [ 5D92A03045A6A98708975B3D77B39A36 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
19:18:36.0750 3916 KLIF - ok
19:18:36.0765 3916 klim5 - ok
19:18:36.0781 3916 [ 3959530F69E19DA56F1F24F2C89F1E2C ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
19:18:36.0796 3916 klmouflt - ok
19:18:36.0812 3916 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:18:36.0828 3916 kmixer - ok
19:18:36.0875 3916 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:18:36.0875 3916 KSecDD - ok
19:18:36.0937 3916 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:18:36.0953 3916 lanmanserver - ok
19:18:37.0000 3916 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:18:37.0015 3916 lanmanworkstation - ok
19:18:37.0062 3916 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:18:37.0062 3916 LmHosts - ok
19:18:37.0093 3916 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:18:37.0093 3916 mdmxsdk - ok
19:18:37.0140 3916 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:18:37.0156 3916 Messenger - ok
19:18:37.0171 3916 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:18:37.0171 3916 mnmdd - ok
19:18:37.0312 3916 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:18:37.0328 3916 mnmsrvc - ok
19:18:37.0359 3916 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:18:37.0359 3916 Modem - ok
19:18:37.0390 3916 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:18:37.0390 3916 Mouclass - ok
19:18:37.0421 3916 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:18:37.0421 3916 mouhid - ok
19:18:37.0453 3916 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:18:37.0453 3916 MountMgr - ok
19:18:37.0468 3916 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:18:37.0484 3916 mraid35x - ok
19:18:37.0515 3916 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:18:37.0515 3916 MRxDAV - ok
19:18:37.0578 3916 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:18:37.0593 3916 MRxSmb - ok
19:18:37.0625 3916 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:18:37.0640 3916 MSDTC - ok
19:18:37.0671 3916 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:18:37.0687 3916 Msfs - ok
19:18:37.0687 3916 MSIServer - ok
19:18:37.0734 3916 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:18:37.0734 3916 MSKSSRV - ok
19:18:37.0750 3916 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:18:37.0765 3916 MSPCLOCK - ok
19:18:37.0796 3916 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:18:37.0796 3916 MSPQM - ok
19:18:37.0828 3916 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:18:37.0828 3916 mssmbios - ok
19:18:37.0875 3916 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:18:37.0890 3916 Mup - ok
19:18:37.0937 3916 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:18:37.0953 3916 napagent - ok
19:18:38.0000 3916 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:18:38.0015 3916 NDIS - ok
19:18:38.0062 3916 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:18:38.0078 3916 NdisTapi - ok
19:18:38.0109 3916 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:18:38.0125 3916 Ndisuio - ok
19:18:38.0140 3916 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:18:38.0156 3916 NdisWan - ok
19:18:38.0187 3916 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:18:38.0296 3916 NDProxy - ok
19:18:38.0312 3916 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:18:38.0312 3916 NetBIOS - ok
19:18:38.0359 3916 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:18:38.0359 3916 NetBT - ok
19:18:38.0406 3916 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:18:38.0421 3916 NetDDE - ok
19:18:38.0437 3916 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:18:38.0453 3916 NetDDEdsdm - ok
19:18:38.0515 3916 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:18:38.0531 3916 Netlogon - ok
19:18:38.0562 3916 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:18:38.0578 3916 Netman - ok
19:18:38.0640 3916 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:18:38.0640 3916 NetTcpPortSharing - ok
19:18:38.0703 3916 [ 202ABC5C766A9C0767CE83F98605CE96 ] NICCONFIGSVC C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
19:18:38.0718 3916 NICCONFIGSVC - ok
19:18:38.0750 3916 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:18:38.0765 3916 Nla - ok
19:18:38.0796 3916 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:18:38.0828 3916 Npfs - ok
19:18:38.0890 3916 [ E127420B7FEB65C7F279EAAC183BBC0E ] NSL C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
19:18:38.0890 3916 NSL - ok
19:18:38.0953 3916 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:18:38.0968 3916 Ntfs - ok
19:18:39.0000 3916 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:18:39.0000 3916 NtLmSsp - ok
19:18:39.0046 3916 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:18:39.0062 3916 NtmsSvc - ok
19:18:39.0093 3916 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:18:39.0109 3916 Null - ok
19:18:39.0312 3916 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:18:39.0421 3916 nv - ok
19:18:39.0453 3916 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:18:39.0468 3916 NwlnkFlt - ok
19:18:39.0484 3916 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:18:39.0484 3916 NwlnkFwd - ok
19:18:39.0515 3916 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:18:39.0515 3916 Parport - ok
19:18:39.0546 3916 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:18:39.0546 3916 PartMgr - ok
19:18:39.0578 3916 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:18:39.0578 3916 ParVdm - ok
19:18:39.0609 3916 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:18:39.0625 3916 PCI - ok
19:18:39.0656 3916 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:18:39.0656 3916 PCIIde - ok
19:18:39.0687 3916 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:18:39.0687 3916 Pcmcia - ok
19:18:39.0718 3916 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
19:18:39.0718 3916 perc2 - ok
19:18:39.0734 3916 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:18:39.0734 3916 perc2hib - ok
19:18:39.0796 3916 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:18:39.0812 3916 PlugPlay - ok
19:18:39.0828 3916 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:18:39.0843 3916 PolicyAgent - ok
19:18:39.0890 3916 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:18:39.0906 3916 PptpMiniport - ok
19:18:39.0921 3916 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:18:39.0921 3916 ProtectedStorage - ok
19:18:39.0953 3916 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:18:39.0953 3916 PSched - ok
19:18:40.0000 3916 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:18:40.0000 3916 Ptilink - ok
19:18:40.0046 3916 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:18:40.0046 3916 ql1080 - ok
19:18:40.0093 3916 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:18:40.0093 3916 Ql10wnt - ok
19:18:40.0109 3916 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:18:40.0109 3916 ql12160 - ok
19:18:40.0140 3916 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:18:40.0140 3916 ql1240 - ok
19:18:40.0187 3916 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:18:40.0218 3916 ql1280 - ok
19:18:40.0296 3916 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:18:40.0312 3916 RasAcd - ok
19:18:40.0343 3916 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:18:40.0359 3916 RasAuto - ok
19:18:40.0390 3916 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:18:40.0390 3916 Rasl2tp - ok
19:18:40.0437 3916 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:18:40.0453 3916 RasMan - ok
19:18:40.0468 3916 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:18:40.0484 3916 RasPppoe - ok
19:18:40.0500 3916 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:18:40.0515 3916 Raspti - ok
19:18:40.0546 3916 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:18:40.0546 3916 Rdbss - ok
19:18:40.0578 3916 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:18:40.0593 3916 RDPCDD - ok
19:18:40.0640 3916 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:18:40.0656 3916 rdpdr - ok
19:18:40.0703 3916 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:18:40.0703 3916 RDPWD - ok
19:18:40.0750 3916 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:18:40.0765 3916 RDSessMgr - ok
19:18:40.0796 3916 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:18:40.0812 3916 redbook - ok
19:18:40.0875 3916 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:18:40.0890 3916 RemoteAccess - ok
19:18:40.0921 3916 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:18:40.0937 3916 RpcLocator - ok
19:18:40.0984 3916 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:18:41.0000 3916 RpcSs - ok
19:18:41.0046 3916 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:18:41.0062 3916 RSVP - ok
19:18:41.0078 3916 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:18:41.0078 3916 SamSs - ok
19:18:41.0109 3916 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:18:41.0109 3916 SASDIFSV - ok
19:18:41.0156 3916 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:18:41.0156 3916 SASKUTIL - ok
19:18:41.0187 3916 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:18:41.0265 3916 SCardSvr - ok
19:18:41.0312 3916 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:18:41.0328 3916 Schedule - ok
19:18:41.0375 3916 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:18:41.0390 3916 Secdrv - ok
19:18:41.0437 3916 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:18:41.0453 3916 seclogon - ok
19:18:41.0500 3916 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:18:41.0546 3916 SENS - ok
19:18:41.0578 3916 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:18:41.0578 3916 serenum - ok
19:18:41.0609 3916 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:18:41.0625 3916 Serial - ok
19:18:41.0687 3916 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:18:41.0687 3916 Sfloppy - ok
19:18:41.0750 3916 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:18:41.0765 3916 SharedAccess - ok
19:18:41.0796 3916 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:18:41.0812 3916 ShellHWDetection - ok
19:18:41.0828 3916 Simbad - ok
19:18:41.0859 3916 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:18:41.0859 3916 sisagp - ok
19:18:41.0890 3916 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:18:41.0890 3916 Sparrow - ok
19:18:41.0921 3916 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:18:41.0921 3916 splitter - ok
19:18:41.0953 3916 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:18:41.0968 3916 Spooler - ok
19:18:42.0015 3916 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:18:42.0031 3916 sr - ok
19:18:42.0062 3916 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:18:42.0078 3916 srservice - ok
19:18:42.0140 3916 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:18:42.0140 3916 Srv - ok
19:18:42.0171 3916 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:18:42.0250 3916 SSDPSRV - ok
19:18:42.0343 3916 [ 0467A93B1E7FDA167E01FDEC79783154 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
19:18:42.0406 3916 STHDA - ok
19:18:42.0453 3916 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:18:42.0484 3916 stisvc - ok
19:18:42.0531 3916 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:18:42.0531 3916 swenum - ok
19:18:42.0562 3916 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:18:42.0562 3916 swmidi - ok
19:18:42.0562 3916 SwPrv - ok
19:18:42.0593 3916 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
19:18:42.0609 3916 symc810 - ok
19:18:42.0625 3916 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:18:42.0625 3916 symc8xx - ok
19:18:42.0656 3916 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:18:42.0656 3916 sym_hi - ok
19:18:42.0687 3916 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:18:42.0687 3916 sym_u3 - ok
19:18:42.0734 3916 [ 35D5B3632E0BCEBE27B391157DE05996 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:18:42.0750 3916 SynTP - ok
19:18:42.0796 3916 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:18:42.0796 3916 sysaudio - ok
19:18:42.0828 3916 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:18:42.0859 3916 SysmonLog - ok
19:18:42.0890 3916 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:18:42.0921 3916 TapiSrv - ok
19:18:42.0953 3916 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:18:42.0968 3916 Tcpip - ok
19:18:43.0000 3916 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:18:43.0000 3916 TDPIPE - ok
19:18:43.0031 3916 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:18:43.0031 3916 TDTCP - ok
19:18:43.0062 3916 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:18:43.0078 3916 TermDD - ok
19:18:43.0125 3916 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:18:43.0156 3916 TermService - ok
19:18:43.0281 3916 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:18:43.0296 3916 Themes - ok
19:18:43.0328 3916 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
19:18:43.0328 3916 TosIde - ok
19:18:43.0375 3916 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:18:43.0390 3916 TrkWks - ok
19:18:43.0437 3916 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:18:43.0437 3916 Udfs - ok
19:18:43.0468 3916 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
19:18:43.0484 3916 ultra - ok
19:18:43.0531 3916 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:18:43.0546 3916 Update - ok
19:18:43.0593 3916 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:18:43.0609 3916 upnphost - ok
19:18:43.0656 3916 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:18:43.0671 3916 UPS - ok
19:18:43.0703 3916 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:18:43.0703 3916 usbehci - ok
19:18:43.0734 3916 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:18:43.0734 3916 usbhub - ok
19:18:43.0765 3916 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:18:43.0781 3916 usbscan - ok
19:18:43.0812 3916 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:18:43.0812 3916 USBSTOR - ok
19:18:43.0843 3916 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:18:43.0859 3916 usbuhci - ok
19:18:43.0875 3916 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:18:43.0890 3916 VgaSave - ok
19:18:43.0921 3916 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:18:43.0937 3916 viaagp - ok
19:18:43.0953 3916 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:18:43.0953 3916 ViaIde - ok
19:18:43.0984 3916 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:18:43.0984 3916 VolSnap - ok
19:18:44.0031 3916 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:18:44.0046 3916 VSS - ok
19:18:44.0093 3916 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
19:18:44.0109 3916 w32time - ok
19:18:44.0156 3916 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:18:44.0156 3916 Wanarp - ok
19:18:44.0312 3916 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:18:44.0312 3916 wdmaud - ok
19:18:44.0359 3916 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:18:44.0375 3916 WebClient - ok
19:18:44.0437 3916 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:18:44.0484 3916 winachsf - ok
19:18:44.0562 3916 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:18:44.0562 3916 winmgmt - ok
19:18:44.0640 3916 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:18:44.0640 3916 WmdmPmSN - ok
19:18:44.0703 3916 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:18:44.0703 3916 WmiApSrv - ok
19:18:44.0718 3916 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:18:44.0718 3916 WS2IFSL - ok
19:18:44.0765 3916 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:18:44.0781 3916 wscsvc - ok
19:18:44.0828 3916 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:18:44.0890 3916 wuauserv - ok
19:18:44.0937 3916 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:18:44.0937 3916 WudfPf - ok
19:18:44.0968 3916 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:18:44.0984 3916 WudfRd - ok
19:18:45.0000 3916 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:18:45.0015 3916 WudfSvc - ok
19:18:45.0093 3916 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:18:45.0125 3916 WZCSVC - ok
19:18:45.0156 3916 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:18:45.0171 3916 xmlprov - ok
19:18:45.0187 3916 ================ Scan global ===============================
19:18:45.0312 3916 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:18:45.0359 3916 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:18:45.0406 3916 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:18:45.0437 3916 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:18:45.0453 3916 [Global] - ok
19:18:45.0453 3916 ================ Scan MBR ==================================
19:18:45.0468 3916 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:18:45.0687 3916 \Device\Harddisk0\DR0 - ok
19:18:45.0703 3916 ================ Scan VBR ==================================
19:18:45.0703 3916 [ 8D5B62D7175F7E5F2EE2FD7C59A59195 ] \Device\Harddisk0\DR0\Partition1
19:18:45.0703 3916 \Device\Harddisk0\DR0\Partition1 - ok
19:18:45.0718 3916 ============================================================
19:18:45.0718 3916 Scan finished
19:18:45.0718 3916 ============================================================
19:18:45.0718 3508 Detected object count: 0
19:18:45.0718 3508 Actual detected object count: 0
19:19:09.0687 3932 Deinitialize success

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 PM

Posted 20 August 2012 - 07:17 PM

Please reboot your system

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Posted Image


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Posted Image

Click on box next to the Restart System when Finished. Then click on Start.


Now try and open user accounts and let me know what happens.
Posted Image
m0le is a proud member of UNITE

#12 evelyn295

evelyn295
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:57 PM

Posted 20 August 2012 - 08:06 PM

I'm having a problem - I can't do step 2, Check Disk. I keep getting the popup message to restart system first, which I have done 4 times now....please advise.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 PM

Posted 20 August 2012 - 08:36 PM

Ignore the step, continue through the other instructions.


Then do the following:

Step One: Click Start, select Run

Step Two: In the box, type cmd

Step Three: Click Ok

Step Four: Run the chkdsk utility by typing in the following command:

chkdsk c: /f /r

NOTE: The /f command automatically fixes any errors encountered, the /r command locates bad sectors and recovers readable information.

Step Five: A reboot is normally required for the chkdsk program to lock the disk and run correctly (this is typical on machines that have only one volume), so simply restart the computer and chkdsk will run automatically. When it's finished, (This process can take quite a while depending on the size of your disk, etc.), it will boot back to normal Windows.

On Rebooting the PC you will see the disk being checked.

This process will take, on average, about an hour.
Posted Image
m0le is a proud member of UNITE

#14 evelyn295

evelyn295
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:57 PM

Posted 20 August 2012 - 11:31 PM

I ran Windows Repair to completion. I get this message when chkdsk runs automatically after restart: "Cannot open volume for direct access. Windows has finished checking disk".

P.S. System Restore is still blank and User Accounts still shows the initial script error.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 PM

Posted 21 August 2012 - 06:50 PM

You need to run Checkdisk from the recovery console.

  • Set the BIOS to boot from CDROM
  • Place XP CD in drive
  • Reboot from the CD.
  • Select the first option R Repair/Recovery Console. Select your Windows partition by number. Usually it is 1
  • Login to XP with administrator password. Then run CHKDSK /P from the command line
  • Run it once (or repeat) until it shows no errors. This should clear the "dirty" flag on the disk drive C. Run CHKDSK for each drive on your system.
  • CHKDSK /P :X where X is letter for disk drive

XP recovery console help

Installing and using the Recovery Console
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users