Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Links Being Redirected


  • This topic is locked This topic is locked
51 replies to this topic

#1 Sharannhof

Sharannhof

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:25 PM

Posted 04 March 2013 - 10:20 PM

When I use google search in both IE and Firefox, I seem to be redirected to other websites when I click on the links. If I use my cursor and hover over the link it appears correct, but once I click on it, it opens up a website other than what I have clicked on. I have run TDSSKiller, Spybot, Housecall, Malwarebytes, Spywareblaster and AVG numerous times. They frequently find trojans and viruses. I quarrentine them, remove them, reboot, but each time I go to use google, I am sent to websites not associated with the link I clicked on (this does not happen every time). I can't seem to find and remove what is causing the problem. Can someone help me please? Thanks in advance for your assistance.

 

As requested, here is the DDS log and attach.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by User at 22:03:48 on 2013-03-04
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2039.1089 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
\??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://webmail.juno.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned>
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned>
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [PCHealth] rundll32 "c:\documents and settings\user\local settings\application data\intuit\pchealth\vebqhqz.dll",drm_pagui_doitW
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [PCHealth] rundll32 "c:\documents and settings\user\local settings\application data\intuit\pchealth\vebqhqz.dll",drm_pagui_doitW
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: _NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267900084937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3707C5A0-65C5-4C50-8855-62C9FC641775} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
Notify: igfxcui - igfxsrvc.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\0ldcril0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://webmailbb.juno.com/webmail/new/7?count=1359213099&randid=749236082
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff9.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - ExtSQL: 2013-01-23 18:06; avg@toolbar; c:\documents and settings\all users\application data\avg safeguard toolbar\firefoxext\14.2.0.1
FF - ExtSQL: !HIDDEN! 2009-09-20 17:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2004-6-18 4064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 255968]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-23 33112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-2-27 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-2-27 1369624]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-21 968880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-3-4 40776]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-2-27 168384]
S3 HPUATA;HP CD Writer Plus Controller Driver;c:\windows\system32\drivers\HPUATA.sys [2001-9-24 75776]
S3 PciTest;WinMTA PCI Service;c:\windows\system32\drivers\pcitest.sys [2004-3-22 6912]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-16 1252232]
S4 AloPar;AloPar;c:\windows\system32\drivers\AloPar.sys [2004-6-6 4944]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-02-27 23:07:14    1409    ----a-w-    c:\windows\QTFont.for
2013-02-27 02:29:42    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-27 02:29:37    71024    -c--a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 20:57:46    33112    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-01-26 03:55:44    552448    ------w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02    2193024    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58    2069760    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49:10    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10    1292288    ----a-w-    c:\windows\system32\quartz.dll
2012-12-26 20:16:29    916480    ----a-w-    c:\windows\system32\wininet.dll
2012-12-26 20:16:28    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59    385024    ----a-w-    c:\windows\system32\html.iec
2012-12-16 12:23:59    290560    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-14 21:49:28    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 22:06:37.14 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:25 PM

Posted 05 March 2013 - 12:41 AM


Hello Sharannhof

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Sharannhof

Sharannhof
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:25 PM

Posted 05 March 2013 - 07:05 PM

Hi Gringo,

Thanks for your assistance. I have run the first two programs. For the third program you wrote:

Please disconnect any USB or external drives from the computer before you run this scan.

Are you referring to data USB drives? I ask because my mouse is connected to a USB port. Is it safe to assume that I can leave hardware connected to the USB ports? As soon as I hear back from you, I will run the RogueKiller program.

Thanks.

 

Here is the log for Security Check:

 

Results of screen317's Security Check version 0.99.60  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 AVG 2011     
 AVG SafeGuard toolbar    
 AVG 2011     
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 4.6    
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Java 2 Runtime Environment Standard Edition v1.3.1
 Java 2 Runtime Environment Standard Edition v1.3.1_02
 Java™ 6 Update 18  
 Java version out of Date!
 Adobe Flash Player     11.6.602.171  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (19.0)
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 36% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Here is the log for AdwCleaner:

# AdwCleaner v2.114 - Logfile created 03/05/2013 at 18:51:15
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - YOUR-GURG0DYWDC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0ldcril0.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

*************************

AdwCleaner[S1].txt - [5217 octets] - [05/03/2013 18:51:15]

########## EOF - C:\AdwCleaner[S1].txt - [5277 octets] ##########
 



#4 Sharannhof

Sharannhof
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:25 PM

Posted 05 March 2013 - 07:08 PM

By the way, I just tried doing a google search and I am still being redirected to sites other than the one I clicked on.



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:25 PM

Posted 05 March 2013 - 08:24 PM


Hello Sharannhof

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Sharannhof

Sharannhof
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:25 PM

Posted 05 March 2013 - 09:50 PM

Hi Gringo,

I ran Combofix. When I went to turn off AVG (free edition), I opened the start center and got a threat warning and clicked to quarantine it. I believe I closed my virus program. I have malwarebytes (free edition) and spotpot and spywareblaster, but they didn't have any option available to turn them off, so I hope the log results aren't affected by them.

 

I just tried another google search for Schoonmaker Obituary

I clicked on a link that began with:obits.syracuse.com/obituaries/syracuse/obituary.aspx?page.

and got redirected to this:

http://butterflysearch.net/?login=mainpage3&search=schoonmaker%20obituary

 

The redirects don't happen every time - just sometimes.

 

Here is the log you requested.... can I turn my AVG back on?

 

ComboFix 13-03-05.01 - User 03/05/2013  21:14:17.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2039.1511 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\User\Recent\Thumbs.db
c:\documents and settings\User\WINDOWS
C:\Thumbs.db
c:\windows\help\wmplayer.bak
c:\windows\system32\Cache
c:\windows\system32\Cache\004e769f7f59f8f8.fb
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\Cache\fbaccbb5edc00686.fb
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\encapi32.dll
c:\windows\system32\oobe\msoobe.err
c:\windows\system32\SET34.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\Thumbs.db
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-06 to 2013-03-06  )))))))))))))))))))))))))))))))
.
.
2013-03-05 23:56 . 2013-03-05 23:56    --------    d-----w-    c:\documents and settings\User\Local Settings\Application Data\AVG Secure Search
2013-02-27 23:14 . 2013-03-06 02:28    --------    d-----w-    c:\documents and settings\Administrator
2013-02-27 23:06 . 2009-01-25 17:14    15224    ----a-w-    c:\windows\system32\sdnclean.exe
2013-02-27 23:06 . 2013-02-27 23:07    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2013-02-24 23:45 . 2013-02-27 10:53    --------    d-----w-    c:\program files\SpywareBlaster
2013-02-24 22:50 . 2005-03-12 00:42    59392    ----a-w-    c:\windows\isxdl.dll
2013-02-24 22:48 . 2013-02-24 22:48    --------    d-----w-    c:\program files\TeaTimer (Spybot - Search & Destroy)
2013-02-24 22:48 . 2013-02-24 22:48    --------    d-----w-    c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2013-02-24 22:48 . 2013-02-24 22:48    --------    d-----w-    c:\program files\SDHelper (Spybot - Search & Destroy)
2013-02-24 22:47 . 2013-02-24 22:48    --------    d-----w-    c:\program files\File Scanner Library (Spybot - Search & Destroy)
2013-02-24 22:46 . 2013-02-24 23:27    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2013-02-24 01:58 . 2013-02-24 02:01    --------    d-----w-    c:\program files\HRBlock2012
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 23:07 . 2012-05-20 18:02    1409    ----a-w-    c:\windows\QTFont.for
2013-02-27 02:29 . 2012-04-01 14:09    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-27 02:29 . 2011-06-07 00:02    71024    -c--a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 20:57 . 2013-01-23 23:05    33112    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-01-26 03:55 . 2004-02-04 20:45    552448    ------w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:16 . 2004-02-04 20:45    2193024    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2002-08-29 01:04    2069760    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-02-04 20:45    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2003-05-30 17:00    1292288    ----a-w-    c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2002-12-12 08:14    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
2012-12-26 20:16 . 2004-08-24 01:32    916480    ----a-w-    c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-02-04 20:45    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-02-04 20:45    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-04 05:59    385024    ----a-w-    c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-02-04 20:45    290560    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2011-06-05 12:48    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-28 01:40 . 2013-02-28 01:37    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-02-04 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-02-21 1151152]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AloPar.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Parallel Arbitrator]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^VZAccess Manager.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\VZAccess Manager.lnk
backup=c:\windows\pss\VZAccess Manager.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35    946352    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20    38872    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2011-06-15 05:32    1532760    ----a-w-    c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ----a-w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsSA33XXDM]
2007-08-07 15:28    892928    -c--a-w-    c:\program files\Philips\SA33XX\Philips Device Manager\bin\SA33XXDevicemanager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
2000-03-01 13:37    48128    ----a-w-    c:\progra~1\ScanSoft\PAPERP~1\PPWEBCAP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-02-04 22:41    77824    ----a-w-    c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-02-04 22:31    26112    -c--a-w-    c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-14 12:51    68856    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-02-24 16:57    2506752    ----a-w-    c:\program files\Yahoo!\Messenger\YPager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [6/18/2004 3:54 PM 4064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 255968]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 297168]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [1/23/2013 6:05 PM 33112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 4:33 AM 269520]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2/27/2013 6:06 PM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2/27/2013 6:06 PM 1369624]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 27216]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2/27/2013 6:06 PM 168384]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [?]
S3 HPUATA;HP CD Writer Plus Controller Driver;c:\windows\system32\drivers\HPUATA.sys [9/24/2001 3:36 AM 75776]
S3 PciTest;WinMTA PCI Service;c:\windows\system32\drivers\pcitest.sys [3/22/2004 9:01 PM 6912]
S4 AloPar;AloPar;c:\windows\system32\drivers\AloPar.sys [6/6/2004 3:02 PM 4944]
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 02:29]
.
2013-03-05 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-02-27 19:08]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 02:00]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 02:00]
.
2013-02-27 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-02-27 19:07]
.
2013-02-27 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-02-27 19:07]
.
2013-03-06 c:\windows\Tasks\User_Feed_Synchronization-{D18C6837-3F1A-4975-B147-96697656F22A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://webmail.juno.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\0ldcril0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://webmailbb.juno.com/webmail/new/7?count=1359213099&randid=749236082
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-09-20 17:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
MSConfigStartUp-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-UIUCU - c:\docume~1\User\LOCALS~1\Temp\UIUCU.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-05 21:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-603824595-2646275955-536325080-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-03-05  21:39:44
ComboFix-quarantined-files.txt  2013-03-06 02:39
.
Pre-Run: 635,351,040 bytes free
Post-Run: 967,495,680 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - ED148679D922D0F2E260124A51BCFD22
 



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:25 PM

Posted 05 March 2013 - 10:17 PM



Hello Sharannhof


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
  • and I will see if I want to see the whole report

    Malwarebytes Anti-Rootkit

    1.Download Malwarebytes Anti-Rootkit
    2.Unzip the contents to a folder in a convenient location.
    3.Open the folder where the contents were unzipped and run mbar.exe
    4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    6.Wait while the system shuts down and the cleanup process is performed.
    7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    • •Internet access
      •Windows Update
      •Windows Firewall
    9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
    10.Verify that your system is now functioning normally.

    If you have any problems running either one come back and let me know

    please reply with the reports from TDSSKiller and MBAR

    Gringo







I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Sharannhof

Sharannhof
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:25 PM

Posted 05 March 2013 - 10:41 PM

Here is the log from tdsskiller:

22:31:51.0015 3812  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:31:53.0296 3812  ============================================================
22:31:53.0328 3812  Current date / time: 2013/03/05 22:31:53.0296
22:31:53.0328 3812  SystemInfo:
22:31:53.0359 3812  
22:31:53.0359 3812  OS Version: 5.1.2600 ServicePack: 3.0
22:31:53.0390 3812  Product type: Workstation
22:31:53.0390 3812  ComputerName: YOUR-GURG0DYWDC
22:31:53.0468 3812  UserName: User
22:31:53.0468 3812  Windows directory: C:\WINDOWS
22:31:53.0546 3812  System windows directory: C:\WINDOWS
22:31:53.0546 3812  Processor architecture: Intel x86
22:31:53.0593 3812  Number of processors: 1
22:31:53.0593 3812  Page size: 0x1000
22:31:53.0625 3812  Boot type: Normal boot
22:31:53.0625 3812  ============================================================
22:31:59.0890 3812  BG loaded
22:32:02.0515 3812  Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:32:03.0546 3812  ============================================================
22:32:03.0578 3812  \Device\Harddisk0\DR0:
22:32:03.0640 3812  MBR partitions:
22:32:03.0640 3812  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A89182
22:32:03.0640 3812  ============================================================
22:32:04.0375 3812  C: <-> \Device\Harddisk0\DR0\Partition1
22:32:04.0812 3812  ============================================================
22:32:04.0812 3812  Initialize success
22:32:04.0859 3812  ============================================================
22:35:00.0734 3364  ============================================================
22:35:00.0734 3364  Scan started
22:35:00.0734 3364  Mode: Manual; SigCheck; TDLFS;
22:35:00.0734 3364  ============================================================
22:35:01.0109 3364  ================ Scan system memory ========================
22:35:01.0125 3364  System memory - ok
22:35:01.0125 3364  ================ Scan services =============================
22:35:01.0281 3364  Abiosdsk - ok
22:35:01.0312 3364  abp480n5 - ok
22:35:01.0359 3364  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:35:03.0843 3364  ACPI - ok
22:35:03.0921 3364  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
22:35:04.0140 3364  ACPIEC - ok
22:35:04.0296 3364  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:35:04.0359 3364  AdobeFlashPlayerUpdateSvc - ok
22:35:04.0375 3364  adpu160m - ok
22:35:04.0468 3364  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
22:35:04.0703 3364  aec - ok
22:35:04.0781 3364  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
22:35:04.0953 3364  AFD - ok
22:35:04.0968 3364  Aha154x - ok
22:35:04.0984 3364  aic78u2 - ok
22:35:05.0000 3364  aic78xx - ok
22:35:05.0109 3364  [ FBBCB95F677CBAA924140B6EA2D9A97B ] ALCXSENS        C:\WINDOWS\system32\drivers\ALCXSENS.SYS
22:35:05.0296 3364  ALCXSENS - ok
22:35:05.0406 3364  [ BC5C55B49C4BD1FDFAAA128FE21F9FEA ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:35:05.0578 3364  ALCXWDM - ok
22:35:05.0640 3364  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
22:35:05.0890 3364  Alerter - ok
22:35:05.0921 3364  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
22:35:06.0046 3364  ALG - ok
22:35:06.0078 3364  AliIde - ok
22:35:06.0125 3364  [ 6B9D88F59AEC6ED9D0A7CE757CEFDF35 ] AloPar          C:\WINDOWS\System32\Drivers\AloPar.sys
22:35:06.0171 3364  AloPar ( UnsignedFile.Multi.Generic ) - warning
22:35:06.0171 3364  AloPar - detected UnsignedFile.Multi.Generic (1)
22:35:06.0187 3364  amsint - ok
22:35:06.0218 3364  AppMgmt - ok
22:35:06.0234 3364  asc - ok
22:35:06.0265 3364  asc3350p - ok
22:35:06.0281 3364  asc3550 - ok
22:35:06.0343 3364  [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM          C:\WINDOWS\system32\drivers\ASCTRM.sys
22:35:06.0390 3364  ASCTRM ( UnsignedFile.Multi.Generic ) - warning
22:35:06.0390 3364  ASCTRM - detected UnsignedFile.Multi.Generic (1)
22:35:06.0500 3364  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:35:06.0640 3364  aspnet_state - ok
22:35:06.0703 3364  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:35:06.0953 3364  AsyncMac - ok
22:35:07.0000 3364  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
22:35:07.0281 3364  atapi - ok
22:35:07.0296 3364  Atdisk - ok
22:35:07.0359 3364  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:35:07.0609 3364  Atmarpc - ok
22:35:07.0718 3364  [ 3EF1DB7F168851914517D4ED36B57C04 ] ATMhelpr        C:\WINDOWS\system32\drivers\ATMhelpr.sys
22:35:07.0765 3364  ATMhelpr ( UnsignedFile.Multi.Generic ) - warning
22:35:07.0765 3364  ATMhelpr - detected UnsignedFile.Multi.Generic (1)
22:35:07.0828 3364  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
22:35:08.0078 3364  AudioSrv - ok
22:35:08.0109 3364  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
22:35:08.0359 3364  audstub - ok
22:35:08.0546 3364  [ 0FCFBD0EDAA188B3D652DDCE6D16D866 ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
22:35:08.0578 3364  Automatic LiveUpdate Scheduler - ok
22:35:09.0171 3364  [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent     C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
22:35:09.0906 3364  AVGIDSAgent - ok
22:35:10.0000 3364  [ 2D18221AAB3DB2D408D6C55C0F23090A ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:35:10.0515 3364  AVGIDSDriver - ok
22:35:10.0546 3364  [ 1AF676DB3F3D4CC709CFAB2571CF5FC3 ] AVGIDSEH        C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:35:10.0609 3364  AVGIDSEH - ok
22:35:10.0671 3364  [ 4C51E233C87F9EC7598551DE554BC99D ] AVGIDSFilter    C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:35:10.0765 3364  AVGIDSFilter - ok
22:35:10.0828 3364  [ C3FC426E54F55C1CC3219E415B88E10C ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:35:10.0875 3364  AVGIDSShim - ok
22:35:10.0953 3364  [ 901EB73F900D8DD1E8862C40427B83AE ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:35:11.0062 3364  Avgldx86 - ok
22:35:11.0093 3364  [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:35:11.0218 3364  Avgmfx86 - ok
22:35:11.0250 3364  [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:35:11.0296 3364  Avgrkx86 - ok
22:35:11.0343 3364  [ AAF0EBCAD95F2164CFFB544E00392498 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:35:11.0406 3364  Avgtdix - ok
22:35:11.0468 3364  [ DB61A6ECACD9D84405D2F3E411B25409 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
22:35:11.0671 3364  avgtp - ok
22:35:11.0734 3364  [ FC2BC51120A945F7C70376495E4E7737 ] avgwd           C:\Program Files\AVG\AVG10\avgwdsvc.exe
22:35:11.0828 3364  avgwd - ok
22:35:11.0921 3364  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:35:12.0500 3364  Beep - ok
22:35:12.0687 3364  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
22:35:13.0531 3364  BITS - ok
22:35:13.0593 3364  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
22:35:14.0046 3364  Browser - ok
22:35:14.0265 3364  catchme - ok
22:35:14.0328 3364  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
22:35:14.0781 3364  cbidf2k - ok
22:35:14.0796 3364  cd20xrnt - ok
22:35:14.0859 3364  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
22:35:15.0203 3364  Cdaudio - ok
22:35:15.0265 3364  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
22:35:15.0546 3364  Cdfs - ok
22:35:15.0625 3364  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:35:15.0812 3364  Cdrom - ok
22:35:15.0843 3364  Changer - ok
22:35:15.0906 3364  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
22:35:16.0281 3364  CiSvc - ok
22:35:16.0343 3364  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
22:35:16.0671 3364  ClipSrv - ok
22:35:16.0718 3364  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:35:16.0859 3364  clr_optimization_v2.0.50727_32 - ok
22:35:16.0953 3364  CLTNetCnService - ok
22:35:16.0968 3364  CmdIde - ok
22:35:16.0984 3364  COMSysApp - ok
22:35:17.0015 3364  Cpqarray - ok
22:35:17.0140 3364  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
22:35:17.0421 3364  CryptSvc - ok
22:35:17.0437 3364  dac2w2k - ok
22:35:17.0468 3364  dac960nt - ok
22:35:17.0562 3364  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:35:17.0750 3364  DcomLaunch - ok
22:35:17.0812 3364  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
22:35:18.0078 3364  Dhcp - ok
22:35:18.0156 3364  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
22:35:18.0437 3364  Disk - ok
22:35:18.0453 3364  dmadmin - ok
22:35:18.0562 3364  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
22:35:18.0890 3364  dmboot - ok
22:35:18.0984 3364  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
22:35:19.0312 3364  dmio - ok
22:35:19.0359 3364  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
22:35:19.0625 3364  dmload - ok
22:35:19.0687 3364  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
22:35:19.0968 3364  dmserver - ok
22:35:20.0031 3364  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
22:35:20.0296 3364  DMusic - ok
22:35:20.0343 3364  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:35:20.0562 3364  Dnscache - ok
22:35:20.0609 3364  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:35:20.0906 3364  Dot3svc - ok
22:35:20.0921 3364  dpti2o - ok
22:35:20.0968 3364  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:35:21.0203 3364  drmkaud - ok
22:35:21.0281 3364  [ FAE8B6B311F898DF3D19BC638E980CA5 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:35:21.0406 3364  E100B - ok
22:35:21.0468 3364  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
22:35:21.0765 3364  EapHost - ok
22:35:21.0859 3364  [ 31C959319EF45B548D2111E338412270 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:35:21.0906 3364  eeCtrl - ok
22:35:21.0968 3364  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
22:35:22.0343 3364  ERSvc - ok
22:35:22.0406 3364  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
22:35:22.0484 3364  Eventlog - ok
22:35:22.0640 3364  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
22:35:22.0859 3364  EventSystem - ok
22:35:23.0000 3364  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
22:35:23.0281 3364  Fastfat - ok
22:35:23.0406 3364  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:35:23.0656 3364  FastUserSwitchingCompatibility - ok
22:35:23.0718 3364  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
22:35:24.0031 3364  Fdc - ok
22:35:24.0109 3364  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
22:35:24.0359 3364  Fips - ok
22:35:24.0515 3364  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:35:24.0812 3364  Flpydisk - ok
22:35:24.0984 3364  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:35:25.0343 3364  FltMgr - ok
22:35:25.0828 3364  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:35:25.0937 3364  FontCache3.0.0.0 - ok
22:35:26.0078 3364  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:35:26.0375 3364  Fs_Rec - ok
22:35:26.0421 3364  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:35:26.0781 3364  Ftdisk - ok
22:35:26.0937 3364  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:35:27.0312 3364  Gpc - ok
22:35:27.0593 3364  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:35:27.0640 3364  gupdate - ok
22:35:27.0656 3364  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:35:27.0703 3364  gupdatem - ok
22:35:27.0796 3364  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:35:27.0859 3364  gusvc - ok
22:35:27.0984 3364  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:35:28.0234 3364  helpsvc - ok
22:35:28.0296 3364  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
22:35:28.0578 3364  HidServ - ok
22:35:28.0609 3364  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:35:28.0875 3364  HidUsb - ok
22:35:29.0000 3364  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
22:35:29.0312 3364  hkmsvc - ok
22:35:29.0328 3364  hpn - ok
22:35:29.0406 3364  [ 04462676036659EAC991D84214785026 ] HPUATA          C:\WINDOWS\system32\DRIVERS\HPUATA.sys
22:35:29.0546 3364  HPUATA - ok
22:35:29.0781 3364  [ 6DB36593ABDDA54C505B77A4F135D5F3 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\USR_BSC2.sys
22:35:30.0187 3364  HSFHWBS2 - ok
22:35:30.0359 3364  [ EBB354438A4C5A3327FB97306260714A ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
22:35:30.0828 3364  HSF_DP - ok
22:35:31.0000 3364  [ 01DC6300BD5B4EAA3DE6FC3FA4ADB82A ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\USR_MDMV.sys
22:35:31.0187 3364  HSF_DPV - ok
22:35:31.0359 3364  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
22:35:31.0609 3364  HTTP - ok
22:35:31.0703 3364  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
22:35:31.0968 3364  HTTPFilter - ok
22:35:31.0984 3364  i2omgmt - ok
22:35:32.0000 3364  i2omp - ok
22:35:32.0156 3364  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:35:32.0531 3364  i8042prt - ok
22:35:32.0625 3364  [ 1406D6EF4436AEE970EFE13193123965 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:35:32.0687 3364  ialm ( UnsignedFile.Multi.Generic ) - warning
22:35:32.0687 3364  ialm - detected UnsignedFile.Multi.Generic (1)
22:35:33.0312 3364  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:35:34.0109 3364  idsvc - ok
22:35:34.0171 3364  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
22:35:34.0515 3364  Imapi - ok
22:35:34.0578 3364  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
22:35:34.0937 3364  ImapiService - ok
22:35:34.0968 3364  ini910u - ok
22:35:35.0015 3364  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
22:35:35.0312 3364  IntelIde - ok
22:35:35.0390 3364  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:35:35.0671 3364  intelppm - ok
22:35:35.0718 3364  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
22:35:35.0968 3364  ip6fw - ok
22:35:36.0062 3364  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:35:36.0343 3364  IpFilterDriver - ok
22:35:36.0375 3364  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:35:36.0656 3364  IpInIp - ok
22:35:36.0734 3364  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:35:36.0984 3364  IpNat - ok
22:35:37.0031 3364  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:35:37.0328 3364  IPSec - ok
22:35:37.0375 3364  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
22:35:37.0812 3364  IRENUM - ok
22:35:37.0890 3364  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:35:38.0437 3364  isapnp - ok
22:35:38.0578 3364  [ 77AC10DB097DFD0CD3071465B644D0AB ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
22:35:38.0671 3364  JavaQuickStarterService - ok
22:35:38.0781 3364  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:35:39.0046 3364  Kbdclass - ok
22:35:39.0093 3364  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:35:39.0359 3364  kbdhid - ok
22:35:39.0421 3364  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
22:35:39.0671 3364  kmixer - ok
22:35:39.0734 3364  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
22:35:39.0906 3364  KSecDD - ok
22:35:39.0984 3364  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
22:35:40.0156 3364  lanmanserver - ok
22:35:40.0234 3364  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:35:40.0375 3364  lanmanworkstation - ok
22:35:40.0406 3364  lbrtfdc - ok
22:35:40.0640 3364  [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
22:35:40.0796 3364  LiveUpdate - ok
22:35:40.0859 3364  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
22:35:41.0125 3364  LmHosts - ok
22:35:41.0343 3364  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:35:41.0406 3364  MDM - ok
22:35:41.0531 3364  [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:35:41.0640 3364  mdmxsdk - ok
22:35:41.0765 3364  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
22:35:42.0187 3364  Messenger - ok
22:35:42.0265 3364  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
22:35:42.0625 3364  mnmdd - ok
22:35:42.0921 3364  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
22:35:43.0500 3364  mnmsrvc - ok
22:35:43.0578 3364  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
22:35:43.0921 3364  Modem - ok
22:35:44.0031 3364  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:35:44.0328 3364  Mouclass - ok
22:35:44.0390 3364  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:35:44.0687 3364  mouhid - ok
22:35:46.0812 3364  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
22:35:47.0109 3364  MountMgr - ok
22:35:47.0218 3364  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:35:47.0359 3364  MozillaMaintenance - ok
22:35:47.0390 3364  mraid35x - ok
22:35:47.0546 3364  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:35:47.0859 3364  MRxDAV - ok
22:35:47.0968 3364  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:35:48.0359 3364  MRxSmb - ok
22:35:48.0421 3364  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
22:35:48.0703 3364  MSDTC - ok
22:35:48.0750 3364  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:35:49.0062 3364  Msfs - ok
22:35:49.0093 3364  MSIServer - ok
22:35:49.0156 3364  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:35:49.0437 3364  MSKSSRV - ok
22:35:49.0546 3364  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:35:49.0812 3364  MSPCLOCK - ok
22:35:49.0859 3364  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:35:50.0093 3364  MSPQM - ok
22:35:50.0140 3364  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:35:50.0359 3364  mssmbios - ok
22:35:50.0421 3364  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
22:35:50.0546 3364  Mup - ok
22:35:50.0671 3364  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
22:35:50.0984 3364  napagent - ok
22:35:51.0062 3364  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
22:35:51.0296 3364  NDIS - ok
22:35:51.0343 3364  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:35:51.0546 3364  NdisTapi - ok
22:35:51.0656 3364  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:35:51.0937 3364  Ndisuio - ok
22:35:51.0984 3364  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:35:52.0234 3364  NdisWan - ok
22:35:52.0281 3364  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:35:52.0421 3364  NDProxy - ok
22:35:52.0484 3364  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:35:52.0750 3364  NetBIOS - ok
22:35:52.0828 3364  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:35:53.0078 3364  NetBT - ok
22:35:53.0125 3364  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
22:35:53.0375 3364  NetDDE - ok
22:35:53.0390 3364  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
22:35:53.0640 3364  NetDDEdsdm - ok
22:35:53.0703 3364  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:35:53.0937 3364  Netlogon - ok
22:35:54.0015 3364  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
22:35:54.0265 3364  Netman - ok
22:35:54.0640 3364  [ D3376ECFDDE375D86554074D5645D38E ] NetSvc          c:\Program Files\Intel\NCS\Sync\NetSvc.exe
22:35:54.0812 3364  NetSvc ( UnsignedFile.Multi.Generic ) - warning
22:35:54.0812 3364  NetSvc - detected UnsignedFile.Multi.Generic (1)
22:35:54.0937 3364  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:35:55.0015 3364  NetTcpPortSharing - ok
22:35:55.0109 3364  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
22:35:55.0187 3364  Nla - ok
22:35:55.0218 3364  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:35:55.0468 3364  Npfs - ok
22:35:55.0656 3364  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:35:55.0968 3364  Ntfs - ok
22:35:56.0015 3364  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
22:35:56.0250 3364  NtLmSsp - ok
22:35:56.0328 3364  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
22:35:56.0609 3364  NtmsSvc - ok
22:35:56.0703 3364  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:35:56.0953 3364  Null - ok
22:35:57.0015 3364  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:35:57.0265 3364  NwlnkFlt - ok
22:35:57.0296 3364  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:35:57.0578 3364  NwlnkFwd - ok
22:35:57.0750 3364  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:35:57.0812 3364  ose - ok
22:35:58.0171 3364  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:35:58.0687 3364  osppsvc - ok
22:35:58.0750 3364  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
22:35:59.0000 3364  Parport - ok
22:35:59.0046 3364  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
22:35:59.0296 3364  PartMgr - ok
22:35:59.0359 3364  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
22:35:59.0609 3364  ParVdm - ok
22:35:59.0671 3364  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
22:35:59.0937 3364  PCI - ok
22:35:59.0953 3364  PCIDump - ok
22:36:00.0062 3364  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
22:36:00.0312 3364  PCIIde - ok
22:36:00.0437 3364  [ C06D13350DDF3E84D72A80574BE92DD5 ] PciTest         C:\WINDOWS\SYSTEM32\DRIVERS\pcitest.sys
22:36:00.0562 3364  PciTest ( UnsignedFile.Multi.Generic ) - warning
22:36:00.0562 3364  PciTest - detected UnsignedFile.Multi.Generic (1)
22:36:00.0640 3364  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
22:36:00.0906 3364  Pcmcia - ok
22:36:00.0937 3364  PDCOMP - ok
22:36:00.0953 3364  PDFRAME - ok
22:36:00.0984 3364  PDRELI - ok
22:36:01.0000 3364  PDRFRAME - ok
22:36:01.0031 3364  perc2 - ok
22:36:01.0046 3364  perc2hib - ok
22:36:01.0140 3364  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
22:36:01.0218 3364  PlugPlay - ok
22:36:01.0265 3364  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
22:36:01.0500 3364  PolicyAgent - ok
22:36:01.0953 3364  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:36:02.0234 3364  PptpMiniport - ok
22:36:02.0265 3364  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
22:36:02.0500 3364  Processor - ok
22:36:02.0531 3364  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:36:02.0750 3364  ProtectedStorage - ok
22:36:02.0812 3364  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
22:36:03.0078 3364  PSched - ok
22:36:03.0171 3364  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:36:03.0421 3364  Ptilink - ok
22:36:03.0562 3364  [ E6BE48AFDCF7BE96F69455581F15221C ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
22:36:03.0625 3364  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
22:36:03.0625 3364  QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
22:36:03.0718 3364  [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
22:36:03.0796 3364  QBFCService ( UnsignedFile.Multi.Generic ) - warning
22:36:03.0796 3364  QBFCService - detected UnsignedFile.Multi.Generic (1)
22:36:03.0812 3364  ql1080 - ok
22:36:03.0828 3364  Ql10wnt - ok
22:36:03.0859 3364  ql12160 - ok
22:36:03.0875 3364  ql1240 - ok
22:36:03.0890 3364  ql1280 - ok
22:36:03.0968 3364  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:36:04.0203 3364  RasAcd - ok
22:36:04.0265 3364  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:36:04.0500 3364  RasAuto - ok
22:36:04.0531 3364  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:36:04.0765 3364  Rasl2tp - ok
22:36:04.0828 3364  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:36:05.0093 3364  RasMan - ok
22:36:05.0109 3364  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:36:05.0343 3364  RasPppoe - ok
22:36:05.0453 3364  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
22:36:05.0703 3364  Raspti - ok
22:36:05.0750 3364  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:36:06.0000 3364  Rdbss - ok
22:36:06.0093 3364  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:36:06.0562 3364  RDPCDD - ok
22:36:06.0718 3364  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
22:36:07.0093 3364  RDPWD - ok
22:36:07.0140 3364  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
22:36:07.0640 3364  RDSessMgr - ok
22:36:07.0687 3364  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
22:36:08.0406 3364  redbook - ok
22:36:08.0500 3364  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:36:08.0765 3364  RemoteAccess - ok
22:36:08.0859 3364  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
22:36:09.0375 3364  ROOTMODEM - ok
22:36:09.0406 3364  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
22:36:10.0062 3364  RpcLocator - ok
22:36:10.0125 3364  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
22:36:10.0359 3364  RpcSs - ok
22:36:10.0484 3364  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
22:36:11.0125 3364  RSVP - ok
22:36:11.0187 3364  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
22:36:11.0546 3364  SamSs - ok
22:36:11.0687 3364  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
22:36:11.0953 3364  SCardSvr - ok
22:36:12.0046 3364  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:36:12.0296 3364  Schedule - ok
22:36:12.0750 3364  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
22:36:12.0953 3364  SDScannerService - ok
22:36:13.0109 3364  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:36:13.0359 3364  SDUpdateService - ok
22:36:13.0390 3364  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:36:13.0515 3364  SDWSCService - ok
22:36:13.0593 3364  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:36:13.0859 3364  Secdrv - ok
22:36:13.0937 3364  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
22:36:14.0359 3364  seclogon - ok
22:36:14.0390 3364  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
22:36:14.0750 3364  SENS - ok
22:36:14.0828 3364  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
22:36:15.0093 3364  serenum - ok
22:36:15.0125 3364  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
22:36:15.0406 3364  Serial - ok
22:36:15.0484 3364  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
22:36:15.0843 3364  Sfloppy - ok
22:36:15.0937 3364  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:36:16.0203 3364  SharedAccess - ok
22:36:16.0265 3364  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:36:16.0359 3364  ShellHWDetection - ok
22:36:16.0375 3364  Simbad - ok
22:36:16.0406 3364  SMNDIS5 - ok
22:36:16.0468 3364  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:36:16.0718 3364  SONYPVU1 - ok
22:36:16.0734 3364  Sparrow - ok
22:36:16.0796 3364  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
22:36:17.0062 3364  splitter - ok
22:36:17.0156 3364  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
22:36:17.0343 3364  Spooler - ok
22:36:17.0453 3364  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
22:36:17.0687 3364  sr - ok
22:36:17.0828 3364  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
22:36:17.0984 3364  srservice - ok
22:36:18.0156 3364  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:36:18.0328 3364  Srv - ok
22:36:18.0437 3364  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:36:18.0562 3364  SSDPSRV - ok
22:36:18.0687 3364  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
22:36:18.0953 3364  stisvc - ok
22:36:19.0078 3364  [ 78B58486A5CB4F418D06EA2D6E961DB0 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
22:36:19.0156 3364  SupportSoft RemoteAssist - ok
22:36:19.0250 3364  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
22:36:19.0515 3364  swenum - ok
22:36:19.0562 3364  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
22:36:19.0812 3364  swmidi - ok
22:36:19.0812 3364  SwPrv - ok
22:36:20.0062 3364  [ 595175D2E7F77A1440DE360EEC20FA7D ] Symantec Core LC C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
22:36:20.0187 3364  Symantec Core LC - ok
22:36:20.0203 3364  symc810 - ok
22:36:20.0250 3364  symc8xx - ok
22:36:20.0265 3364  sym_hi - ok
22:36:20.0296 3364  sym_u3 - ok
22:36:20.0328 3364  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
22:36:20.0578 3364  sysaudio - ok
22:36:20.0656 3364  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
22:36:20.0906 3364  SysmonLog - ok
22:36:21.0031 3364  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:36:21.0296 3364  TapiSrv - ok
22:36:21.0515 3364  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:36:21.0734 3364  Tcpip - ok
22:36:21.0890 3364  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
22:36:22.0218 3364  TDPIPE - ok
22:36:22.0250 3364  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
22:36:22.0531 3364  TDTCP - ok
22:36:22.0578 3364  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
22:36:22.0859 3364  TermDD - ok
22:36:22.0937 3364  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
22:36:23.0187 3364  TermService - ok
22:36:23.0234 3364  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
22:36:23.0312 3364  Themes - ok
22:36:23.0343 3364  TosIde - ok
22:36:23.0390 3364  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
22:36:23.0656 3364  TrkWks - ok
22:36:23.0718 3364  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
22:36:23.0968 3364  Udfs - ok
22:36:23.0984 3364  ultra - ok
22:36:24.0203 3364  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
22:36:24.0500 3364  Update - ok
22:36:24.0625 3364  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:36:24.0859 3364  upnphost - ok
22:36:24.0953 3364  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
22:36:25.0375 3364  UPS - ok
22:36:25.0453 3364  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:36:25.0750 3364  usbccgp - ok
22:36:25.0781 3364  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:36:26.0031 3364  usbehci - ok
22:36:26.0078 3364  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:36:26.0328 3364  usbhub - ok
22:36:26.0375 3364  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:36:26.0640 3364  usbscan - ok
22:36:26.0671 3364  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:36:26.0921 3364  USBSTOR - ok
22:36:26.0968 3364  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:36:27.0234 3364  usbuhci - ok
22:36:27.0281 3364  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
22:36:27.0515 3364  VgaSave - ok
22:36:27.0531 3364  ViaIde - ok
22:36:27.0578 3364  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
22:36:27.0828 3364  VolSnap - ok
22:36:27.0890 3364  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
22:36:28.0078 3364  VSS - ok
22:36:28.0093 3364  vToolbarUpdater14.2.0 - ok
22:36:28.0156 3364  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
22:36:28.0421 3364  W32Time - ok
22:36:28.0515 3364  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:36:28.0750 3364  Wanarp - ok
22:36:28.0781 3364  wanatw - ok
22:36:28.0906 3364  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
22:36:29.0000 3364  Wdf01000 - ok
22:36:29.0015 3364  WDICA - ok
22:36:29.0046 3364  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
22:36:29.0296 3364  wdmaud - ok
22:36:29.0390 3364  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:36:29.0671 3364  WebClient - ok
22:36:29.0921 3364  [ 35104D888A90EBC18F71FDC2374D2BB9 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_USR.sys
22:36:30.0015 3364  winachsf - ok
22:36:30.0125 3364  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:36:30.0375 3364  winmgmt - ok
22:36:30.0500 3364  [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
22:36:30.0562 3364  WinUSB - ok
22:36:30.0625 3364  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
22:36:30.0765 3364  WmdmPmSN - ok
22:36:30.0843 3364  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
22:36:30.0968 3364  Wmi - ok
22:36:31.0062 3364  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:36:31.0328 3364  WmiApSrv - ok
22:36:31.0515 3364  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
22:36:31.0796 3364  WMPNetworkSvc - ok
22:36:31.0843 3364  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:36:31.0921 3364  WpdUsb - ok
22:36:32.0046 3364  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:36:32.0296 3364  WS2IFSL - ok
22:36:32.0343 3364  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
22:36:32.0640 3364  wscsvc - ok
22:36:32.0687 3364  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
22:36:32.0937 3364  wuauserv - ok
22:36:33.0000 3364  [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:36:33.0140 3364  WudfPf - ok
22:36:33.0187 3364  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:36:33.0281 3364  WudfRd - ok
22:36:33.0328 3364  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
22:36:33.0406 3364  WudfSvc - ok
22:36:33.0531 3364  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
22:36:33.0796 3364  WZCSVC - ok
22:36:33.0890 3364  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
22:36:34.0140 3364  xmlprov - ok
22:36:34.0156 3364  zumbus - ok
22:36:34.0265 3364  [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
22:36:34.0359 3364  {6080A529-897E-4629-A488-ABA0C29B635E} ( UnsignedFile.Multi.Generic ) - warning
22:36:34.0359 3364  {6080A529-897E-4629-A488-ABA0C29B635E} - detected UnsignedFile.Multi.Generic (1)
22:36:34.0437 3364  [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
22:36:34.0546 3364  {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} ( UnsignedFile.Multi.Generic ) - warning
22:36:34.0562 3364  {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - detected UnsignedFile.Multi.Generic (1)
22:36:34.0562 3364  ================ Scan global ===============================
22:36:34.0656 3364  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:36:34.0828 3364  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:36:34.0937 3364  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:36:34.0984 3364  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:36:34.0984 3364  [Global] - ok
22:36:35.0000 3364  ================ Scan MBR ==================================
22:36:35.0031 3364  [ C99C3199CFAA4CBDCD91493F6D113A50 ] \Device\Harddisk0\DR0
22:36:35.0640 3364  \Device\Harddisk0\DR0 - ok
22:36:35.0640 3364  ================ Scan VBR ==================================
22:36:35.0656 3364  [ 046F306382DAE132F8BC47E7C5F8AA27 ] \Device\Harddisk0\DR0\Partition1
22:36:35.0656 3364  \Device\Harddisk0\DR0\Partition1 - ok
22:36:35.0656 3364  ================ Scan active images ========================
22:36:35.0671 3364  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
22:36:35.0671 3364  C:\WINDOWS\system32\drivers\intelppm.sys - ok
22:36:35.0687 3364  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
22:36:35.0687 3364  C:\WINDOWS\system32\drivers\videoprt.sys - ok
22:36:35.0703 3364  [ 1406D6EF4436AEE970EFE13193123965 ] C:\WINDOWS\system32\drivers\ialmnt5.sys
22:36:35.0703 3364  C:\WINDOWS\system32\drivers\ialmnt5.sys - ok
22:36:35.0718 3364  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
22:36:35.0718 3364  C:\WINDOWS\system32\drivers\usbport.sys - ok
22:36:35.0734 3364  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
22:36:35.0734 3364  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
22:36:35.0750 3364  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
22:36:35.0750 3364  C:\WINDOWS\system32\drivers\usbehci.sys - ok
22:36:35.0765 3364  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
22:36:35.0765 3364  C:\WINDOWS\system32\drivers\ks.sys - ok
22:36:35.0781 3364  [ 6DB36593ABDDA54C505B77A4F135D5F3 ] C:\WINDOWS\system32\drivers\USR_BSC2.sys
22:36:35.0781 3364  C:\WINDOWS\system32\drivers\USR_BSC2.sys - ok
22:36:35.0796 3364  [ 01DC6300BD5B4EAA3DE6FC3FA4ADB82A ] C:\WINDOWS\system32\drivers\USR_MDMV.sys
22:36:35.0796 3364  C:\WINDOWS\system32\drivers\USR_MDMV.sys - ok
22:36:35.0812 3364  [ 35104D888A90EBC18F71FDC2374D2BB9 ] C:\WINDOWS\system32\drivers\HSF_USR.sys
22:36:35.0812 3364  C:\WINDOWS\system32\drivers\HSF_USR.sys - ok
22:36:35.0828 3364  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
22:36:35.0828 3364  C:\WINDOWS\system32\drivers\modem.sys - ok
22:36:35.0843 3364  [ FAE8B6B311F898DF3D19BC638E980CA5 ] C:\WINDOWS\system32\drivers\e100b325.sys
22:36:35.0843 3364  C:\WINDOWS\system32\drivers\e100b325.sys - ok
22:36:35.0859 3364  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
22:36:35.0859 3364  C:\WINDOWS\system32\drivers\fdc.sys - ok
22:36:35.0875 3364  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
22:36:35.0875 3364  C:\WINDOWS\system32\drivers\serial.sys - ok
22:36:35.0890 3364  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
22:36:35.0890 3364  C:\WINDOWS\system32\drivers\serenum.sys - ok
22:36:35.0906 3364  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
22:36:35.0906 3364  C:\WINDOWS\system32\drivers\parport.sys - ok
22:36:35.0921 3364  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
22:36:35.0921 3364  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
22:36:35.0937 3364  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
22:36:35.0937 3364  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
22:36:35.0953 3364  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
22:36:35.0953 3364  C:\WINDOWS\system32\drivers\imapi.sys - ok
22:36:35.0968 3364  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] C:\WINDOWS\system32\drivers\cdrom.sys
22:36:35.0968 3364  C:\WINDOWS\system32\drivers\cdrom.sys - ok
22:36:35.0984 3364  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
22:36:35.0984 3364  C:\WINDOWS\system32\drivers\redbook.sys - ok
22:36:36.0000 3364  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
22:36:36.0000 3364  C:\WINDOWS\system32\drivers\drmk.sys - ok
22:36:36.0015 3364  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
22:36:36.0015 3364  C:\WINDOWS\system32\drivers\portcls.sys - ok
22:36:36.0031 3364  [ FBBCB95F677CBAA924140B6EA2D9A97B ] C:\WINDOWS\system32\drivers\ALCXSENS.SYS
22:36:36.0031 3364  C:\WINDOWS\system32\drivers\ALCXSENS.SYS - ok
22:36:36.0046 3364  [ BC5C55B49C4BD1FDFAAA128FE21F9FEA ] C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:36:36.0046 3364  C:\WINDOWS\system32\drivers\ALCXWDM.SYS - ok
22:36:36.0078 3364  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
22:36:36.0078 3364  C:\WINDOWS\system32\drivers\audstub.sys - ok
22:36:36.0093 3364  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] C:\WINDOWS\system32\drivers\rootmdm.sys
22:36:36.0093 3364  C:\WINDOWS\system32\drivers\rootmdm.sys - ok
22:36:36.0109 3364  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
22:36:36.0109 3364  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
22:36:36.0109 3364  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
22:36:36.0109 3364  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
22:36:36.0125 3364  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
22:36:36.0125 3364  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
22:36:36.0140 3364  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
22:36:36.0140 3364  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
22:36:36.0156 3364  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
22:36:36.0156 3364  C:\WINDOWS\system32\drivers\tdi.sys - ok
22:36:36.0171 3364  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
22:36:36.0171 3364  C:\WINDOWS\system32\drivers\raspptp.sys - ok
22:36:36.0187 3364  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
22:36:36.0187 3364  C:\WINDOWS\system32\drivers\psched.sys - ok
22:36:36.0203 3364  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
22:36:36.0203 3364  C:\WINDOWS\system32\drivers\msgpc.sys - ok
22:36:36.0218 3364  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
22:36:36.0218 3364  C:\WINDOWS\system32\drivers\ptilink.sys - ok
22:36:36.0234 3364  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
22:36:36.0234 3364  C:\WINDOWS\system32\drivers\raspti.sys - ok
22:36:36.0234 3364  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
22:36:36.0234 3364  C:\WINDOWS\system32\drivers\termdd.sys - ok
22:36:36.0250 3364  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
22:36:36.0250 3364  C:\WINDOWS\system32\drivers\mouclass.sys - ok
22:36:36.0265 3364  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
22:36:36.0265 3364  C:\WINDOWS\system32\drivers\swenum.sys - ok
22:36:36.0281 3364  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
22:36:36.0281 3364  C:\WINDOWS\system32\drivers\update.sys - ok
22:36:36.0296 3364  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
22:36:36.0296 3364  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
22:36:36.0312 3364  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
22:36:36.0312 3364  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
22:36:36.0328 3364  [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] C:\WINDOWS\system32\drivers\ialmkchw.sys
22:36:36.0328 3364  C:\WINDOWS\system32\drivers\ialmkchw.sys - ok
22:36:36.0343 3364  [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] C:\WINDOWS\system32\drivers\ialmsbw.sys
22:36:36.0343 3364  C:\WINDOWS\system32\drivers\ialmsbw.sys - ok
22:36:36.0343 3364  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
22:36:36.0343 3364  C:\WINDOWS\system32\drivers\usbd.sys - ok
22:36:36.0359 3364  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
22:36:36.0359 3364  C:\WINDOWS\system32\drivers\usbhub.sys - ok
22:36:36.0375 3364  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
22:36:36.0375 3364  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
22:36:36.0390 3364  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
22:36:36.0390 3364  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
22:36:36.0406 3364  [ 5639DE66B37D02BD22DF4CF3155FBA60 ] C:\WINDOWS\system32\drivers\avgmfx86.sys
22:36:36.0406 3364  C:\WINDOWS\system32\drivers\avgmfx86.sys - ok
22:36:36.0421 3364  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
22:36:36.0421 3364  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
22:36:36.0437 3364  [ DB61A6ECACD9D84405D2F3E411B25409 ] C:\WINDOWS\system32\drivers\avgtpx86.sys
22:36:36.0437 3364  C:\WINDOWS\system32\drivers\avgtpx86.sys - ok
22:36:36.0453 3364  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
22:36:36.0453 3364  C:\WINDOWS\system32\drivers\beep.sys - ok
22:36:36.0468 3364  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
22:36:36.0468 3364  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
22:36:36.0484 3364  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
22:36:36.0484 3364  C:\WINDOWS\system32\drivers\hidparse.sys - ok
22:36:36.0500 3364  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
22:36:36.0500 3364  C:\WINDOWS\system32\drivers\null.sys - ok
22:36:36.0515 3364  [ 3EF1DB7F168851914517D4ED36B57C04 ] C:\WINDOWS\system32\drivers\ATMHELPR.SYS
22:36:36.0515 3364  C:\WINDOWS\system32\drivers\ATMHELPR.SYS - ok
22:36:36.0531 3364  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
22:36:36.0531 3364  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
22:36:36.0546 3364  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
22:36:36.0546 3364  C:\WINDOWS\system32\drivers\vga.sys - ok
22:36:36.0562 3364  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
22:36:36.0562 3364  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
22:36:36.0562 3364  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
22:36:36.0562 3364  C:\WINDOWS\system32\drivers\msfs.sys - ok
22:36:36.0578 3364  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
22:36:36.0578 3364  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
22:36:36.0593 3364  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
22:36:36.0593 3364  C:\WINDOWS\system32\drivers\ipsec.sys - ok
22:36:36.0609 3364  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
22:36:36.0609 3364  C:\WINDOWS\system32\drivers\npfs.sys - ok
22:36:36.0625 3364  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
22:36:36.0625 3364  C:\WINDOWS\system32\drivers\rasacd.sys - ok
22:36:36.0640 3364  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
22:36:36.0640 3364  C:\WINDOWS\system32\drivers\tcpip.sys - ok
22:36:36.0656 3364  [ AAF0EBCAD95F2164CFFB544E00392498 ] C:\WINDOWS\system32\drivers\avgtdix.sys
22:36:36.0656 3364  C:\WINDOWS\system32\drivers\avgtdix.sys - ok
22:36:36.0656 3364  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
22:36:36.0656 3364  C:\WINDOWS\system32\drivers\ipnat.sys - ok
22:36:36.0671 3364  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
22:36:36.0671 3364  C:\WINDOWS\system32\drivers\wanarp.sys - ok
22:36:36.0687 3364  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
22:36:36.0687 3364  C:\WINDOWS\system32\drivers\netbt.sys - ok
22:36:36.0703 3364  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
22:36:36.0703 3364  C:\WINDOWS\system32\drivers\afd.sys - ok
22:36:36.0718 3364  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:36:36.0718 3364  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
22:36:36.0734 3364  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
22:36:36.0734 3364  C:\WINDOWS\system32\drivers\netbios.sys - ok
22:36:36.0750 3364  [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
22:36:36.0750 3364  C:\WINDOWS\system32\drivers\processr.sys - ok
22:36:36.0765 3364  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
22:36:36.0765 3364  C:\WINDOWS\system32\drivers\rdbss.sys - ok
22:36:36.0781 3364  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
22:36:36.0781 3364  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
22:36:36.0796 3364  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
22:36:36.0796 3364  C:\WINDOWS\system32\drivers\fips.sys - ok
22:36:36.0796 3364  [ 31C959319EF45B548D2111E338412270 ] C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:36:36.0796 3364  C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - ok
22:36:36.0812 3364  [ 901EB73F900D8DD1E8862C40427B83AE ] C:\WINDOWS\system32\drivers\avgldx86.sys
22:36:36.0812 3364  C:\WINDOWS\system32\drivers\avgldx86.sys - ok
22:36:36.0828 3364  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
22:36:36.0828 3364  C:\WINDOWS\system32\drivers\hidclass.sys - ok
22:36:36.0843 3364  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
22:36:36.0843 3364  C:\WINDOWS\system32\drivers\hidusb.sys - ok
22:36:36.0859 3364  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] C:\WINDOWS\system32\drivers\usbscan.sys
22:36:36.0859 3364  C:\WINDOWS\system32\drivers\usbscan.sys - ok
22:36:36.0875 3364  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
22:36:36.0875 3364  C:\WINDOWS\system32\drivers\mouhid.sys - ok
22:36:36.0875 3364  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
22:36:36.0875 3364  C:\WINDOWS\system32\smss.exe - ok
22:36:36.0890 3364  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
22:36:36.0890 3364  C:\WINDOWS\system32\ntdll.dll - ok
22:36:36.0906 3364  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
22:36:36.0906 3364  C:\WINDOWS\system32\autochk.exe - ok
22:36:36.0921 3364  [ 853AB2F2A2267FE90D1D4E9B0C8CF314 ] C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
22:36:36.0921 3364  C:\PROGRA~1\AVG\AVG10\avgchsvx.exe - ok
22:36:36.0937 3364  [ 3FA61EF87E49FFACE4ED58C4F1A98EB1 ] C:\Program Files\AVG\AVG10\avglogx.dll
22:36:36.0937 3364  C:\Program Files\AVG\AVG10\avglogx.dll - ok
22:36:36.0953 3364  [ 1A3579ECEE56C4D4D32204D8C667CA6C ] C:\PROGRA~1\AVG\AVG10\avgchjwx.dll
22:36:36.0953 3364  C:\PROGRA~1\AVG\AVG10\avgchjwx.dll - ok
22:36:36.0968 3364  [ 39D78C0A52A365FB0221BB37A754C9E1 ] C:\PROGRA~1\AVG\AVG10\avgclitx.dll
22:36:36.0968 3364  C:\PROGRA~1\AVG\AVG10\avgclitx.dll - ok
22:36:36.0984 3364  [ E0E0B180CFA3B1A1322AC4AEA5FFBEBF ] C:\PROGRA~1\AVG\AVG10\avgrsx.exe
22:36:36.0984 3364  C:\PROGRA~1\AVG\AVG10\avgrsx.exe - ok
22:36:37.0000 3364  [ 43D8779059D848BB26D725D4E6C3350C ] C:\PROGRA~1\AVG\AVG10\avgcorex.dll
22:36:37.0000 3364  C:\PROGRA~1\AVG\AVG10\avgcorex.dll - ok
22:36:37.0015 3364  [ 1E9839FD8F51E4836A219ABCBDCBEA6B ] C:\Program Files\AVG\AVG10\avgcertx.dll
22:36:37.0015 3364  C:\Program Files\AVG\AVG10\avgcertx.dll - ok
22:36:37.0031 3364  [ DB359D68D8B5D7E1C0A1961916BBA905 ] C:\Program Files\AVG\AVG10\avgchclx.dll
22:36:37.0031 3364  C:\Program Files\AVG\AVG10\avgchclx.dll - ok
22:36:37.0046 3364  [ A9C25C9A8F9DA7F25C14D84C4CE845A3 ] C:\WINDOWS\system32\sdnclean.exe
22:36:37.0046 3364  C:\WINDOWS\system32\sdnclean.exe - ok
22:36:37.0062 3364  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
22:36:37.0062 3364  C:\WINDOWS\system32\sfcfiles.dll - ok
22:36:37.0078 3364  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
22:36:37.0078 3364  C:\WINDOWS\system32\drivers\cdfs.sys - ok
22:36:37.0078 3364  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
22:36:37.0078 3364  C:\WINDOWS\system32\drivers\wmilib.sys - ok
22:36:37.0093 3364  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
22:36:37.0093 3364  C:\WINDOWS\system32\drivers\atapi.sys - ok
22:36:37.0109 3364  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
22:36:37.0109 3364  C:\WINDOWS\system32\drivers\dxapi.sys - ok
22:36:37.0125 3364  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
22:36:37.0125 3364  C:\WINDOWS\system32\watchdog.sys - ok
22:36:37.0140 3364  [ BD39EC6064A1B5DFDABCF312A38A37EE ] C:\WINDOWS\system32\win32k.sys
22:36:37.0140 3364  C:\WINDOWS\system32\win32k.sys - ok
22:36:37.0156 3364  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
22:36:37.0156 3364  C:\WINDOWS\system32\csrsrv.dll - ok
22:36:37.0171 3364  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
22:36:37.0171 3364  C:\WINDOWS\system32\csrss.exe - ok
22:36:37.0187 3364  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:36:37.0187 3364  C:\WINDOWS\system32\basesrv.dll - ok
22:36:37.0203 3364  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:36:37.0203 3364  C:\WINDOWS\system32\winsrv.dll - ok
22:36:37.0203 3364  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
22:36:37.0203 3364  C:\WINDOWS\system32\gdi32.dll - ok
22:36:37.0218 3364  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
22:36:37.0218 3364  C:\WINDOWS\system32\kernel32.dll - ok
22:36:37.0234 3364  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
22:36:37.0234 3364  C:\WINDOWS\system32\user32.dll - ok
22:36:37.0250 3364  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
22:36:37.0250 3364  C:\WINDOWS\system32\drivers\dxg.sys - ok
22:36:37.0265 3364  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
22:36:37.0265 3364  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
22:36:37.0281 3364  [ 542810C1CA3D19AD07440D2970D4C5EE ] C:\WINDOWS\system32\ialmdnt5.dll
22:36:37.0281 3364  C:\WINDOWS\system32\ialmdnt5.dll - ok
22:36:37.0296 3364  [ 33A1A0567ECE151CA55F8C44D1A8FEA7 ] C:\WINDOWS\system32\ialmrnt5.dll
22:36:37.0296 3364  C:\WINDOWS\system32\ialmrnt5.dll - ok
22:36:37.0312 3364  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
22:36:37.0312 3364  C:\WINDOWS\system32\vga.dll - ok
22:36:37.0328 3364  [ 588CCD82467DFBEFF54308292127E2F5 ] C:\WINDOWS\system32\ialmdev5.dll
22:36:37.0328 3364  C:\WINDOWS\system32\ialmdev5.dll - ok
22:36:37.0343 3364  [ 9B9A9D9AF199ACAD2379991BF40EA2EC ] C:\WINDOWS\system32\ialmdd5.dll
22:36:37.0343 3364  C:\WINDOWS\system32\ialmdd5.dll - ok
22:36:37.0343 3364  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
22:36:37.0343 3364  C:\WINDOWS\system32\winlogon.exe - ok
22:36:37.0359 3364  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
22:36:37.0359 3364  C:\WINDOWS\system32\advapi32.dll - ok
22:36:37.0375 3364  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
22:36:37.0375 3364  C:\WINDOWS\system32\rpcrt4.dll - ok
22:36:37.0390 3364  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
22:36:37.0390 3364  C:\WINDOWS\system32\secur32.dll - ok
22:36:37.0406 3364  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
22:36:37.0406 3364  C:\WINDOWS\system32\authz.dll - ok
22:36:37.0421 3364  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
22:36:37.0421 3364  C:\WINDOWS\system32\msvcrt.dll - ok
22:36:37.0437 3364  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
22:36:37.0437 3364  C:\WINDOWS\system32\crypt32.dll - ok
22:36:37.0453 3364  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
22:36:37.0453 3364  C:\WINDOWS\system32\msasn1.dll - ok
22:36:37.0468 3364  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
22:36:37.0468 3364  C:\WINDOWS\system32\nddeapi.dll - ok
22:36:37.0484 3364  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
22:36:37.0484 3364  C:\WINDOWS\system32\profmap.dll - ok
22:36:37.0500 3364  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
22:36:37.0500 3364  C:\WINDOWS\system32\netapi32.dll - ok
22:36:37.0515 3364  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
22:36:37.0515 3364  C:\WINDOWS\system32\userenv.dll - ok
22:36:37.0515 3364  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
22:36:37.0515 3364  C:\WINDOWS\system32\psapi.dll - ok
22:36:37.0531 3364  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
22:36:37.0531 3364  C:\WINDOWS\system32\regapi.dll - ok
22:36:37.0546 3364  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
22:36:37.0546 3364  C:\WINDOWS\system32\setupapi.dll - ok
22:36:37.0562 3364  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
22:36:37.0562 3364  C:\WINDOWS\system32\version.dll - ok
22:36:37.0578 3364  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
22:36:37.0578 3364  C:\WINDOWS\system32\winsta.dll - ok
22:36:37.0593 3364  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
22:36:37.0593 3364  C:\WINDOWS\system32\wintrust.dll - ok
22:36:37.0609 3364  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
22:36:37.0609 3364  C:\WINDOWS\system32\imagehlp.dll - ok
22:36:37.0625 3364  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
22:36:37.0625 3364  C:\WINDOWS\system32\imm32.dll - ok
22:36:37.0640 3364  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
22:36:37.0640 3364  C:\WINDOWS\system32\ws2help.dll - ok
22:36:37.0656 3364  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
22:36:37.0656 3364  C:\WINDOWS\system32\ws2_32.dll - ok
22:36:37.0671 3364  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
22:36:37.0671 3364  C:\WINDOWS\system32\kbdus.dll - ok
22:36:37.0671 3364  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
22:36:37.0671 3364  C:\WINDOWS\system32\msgina.dll - ok
22:36:37.0687 3364  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
22:36:37.0687 3364  C:\WINDOWS\system32\comctl32.dll - ok
22:36:37.0703 3364  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
22:36:37.0703 3364  C:\WINDOWS\system32\odbc32.dll - ok
22:36:37.0718 3364  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
22:36:37.0718 3364  C:\WINDOWS\system32\comdlg32.dll - ok
22:36:37.0734 3364  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
22:36:37.0734 3364  C:\WINDOWS\system32\shell32.dll - ok
22:36:37.0750 3364  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
22:36:37.0750 3364  C:\WINDOWS\system32\shlwapi.dll - ok
22:36:37.0765 3364  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
22:36:37.0765 3364  C:\WINDOWS\system32\sxs.dll - ok
22:36:37.0781 3364  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
22:36:37.0781 3364  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
22:36:37.0796 3364  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
22:36:37.0796 3364  C:\WINDOWS\system32\odbcint.dll - ok
22:36:37.0812 3364  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
22:36:37.0812 3364  C:\WINDOWS\system32\shsvcs.dll - ok
22:36:37.0812 3364  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
22:36:37.0812 3364  C:\WINDOWS\system32\sfc.dll - ok
22:36:37.0828 3364  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
22:36:37.0828 3364  C:\WINDOWS\system32\ole32.dll - ok
22:36:37.0843 3364  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
22:36:37.0843 3364  C:\WINDOWS\system32\sfc_os.dll - ok
22:36:37.0859 3364  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
22:36:37.0859 3364  C:\WINDOWS\system32\apphelp.dll - ok
22:36:37.0875 3364  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:36:37.0875 3364  C:\WINDOWS\system32\services.exe - ok
22:36:37.0890 3364  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
22:36:37.0890 3364  C:\WINDOWS\system32\lsass.exe - ok
22:36:37.0890 3364  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
22:36:37.0890 3364  C:\WINDOWS\system32\lsasrv.dll - ok
22:36:37.0906 3364  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
22:36:37.0906 3364  C:\WINDOWS\system32\ncobjapi.dll - ok
22:36:37.0921 3364  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
22:36:37.0921 3364  C:\WINDOWS\system32\msvcp60.dll - ok
22:36:37.0937 3364  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
22:36:37.0937 3364  C:\WINDOWS\system32\mpr.dll - ok
22:36:37.0953 3364  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
22:36:37.0953 3364  C:\WINDOWS\system32\ntdsapi.dll - ok
22:36:37.0968 3364  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
22:36:37.0968 3364  C:\WINDOWS\system32\scesrv.dll - ok
22:36:37.0984 3364  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
22:36:37.0984 3364  C:\WINDOWS\system32\dnsapi.dll - ok
22:36:38.0000 3364  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
22:36:38.0000 3364  C:\WINDOWS\system32\umpnpmgr.dll - ok
22:36:38.0015 3364  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
22:36:38.0015 3364  C:\WINDOWS\system32\wldap32.dll - ok
22:36:38.0031 3364  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
22:36:38.0031 3364  C:\WINDOWS\system32\samlib.dll - ok
22:36:38.0046 3364  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
22:36:38.0046 3364  C:\WINDOWS\system32\samsrv.dll - ok
22:36:38.0062 3364  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
22:36:38.0062 3364  C:\WINDOWS\system32\shimeng.dll - ok
22:36:38.0078 3364  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
22:36:38.0078 3364  C:\WINDOWS\AppPatch\acadproc.dll - ok
22:36:38.0078 3364  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
22:36:38.0078 3364  C:\WINDOWS\system32\cryptdll.dll - ok
22:36:38.0093 3364  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
22:36:38.0093 3364  C:\WINDOWS\AppPatch\acgenral.dll - ok
22:36:38.0109 3364  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
22:36:38.0109 3364  C:\WINDOWS\system32\winmm.dll - ok
22:36:38.0125 3364  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
22:36:38.0125 3364  C:\WINDOWS\system32\oleaut32.dll - ok
22:36:38.0140 3364  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
22:36:38.0140 3364  C:\WINDOWS\system32\msacm32.dll - ok
22:36:38.0156 3364  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
22:36:38.0156 3364  C:\WINDOWS\system32\uxtheme.dll - ok
22:36:38.0156 3364  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
22:36:38.0156 3364  C:\WINDOWS\system32\msapsspc.dll - ok
22:36:38.0171 3364  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
22:36:38.0171 3364  C:\WINDOWS\system32\msvcrt40.dll - ok
22:36:38.0187 3364  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
22:36:38.0187 3364  C:\WINDOWS\system32\schannel.dll - ok
22:36:38.0203 3364  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
22:36:38.0203 3364  C:\WINDOWS\system32\digest.dll - ok
22:36:38.0218 3364  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
22:36:38.0218 3364  C:\WINDOWS\system32\msnsspc.dll - ok
22:36:38.0234 3364  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
22:36:38.0234 3364  C:\WINDOWS\system32\msprivs.dll - ok
22:36:38.0250 3364  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
22:36:38.0250 3364  C:\WINDOWS\system32\msctfime.ime - ok
22:36:38.0265 3364  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
22:36:38.0265 3364  C:\WINDOWS\system32\kerberos.dll - ok
22:36:38.0281 3364  [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
22:36:38.0281 3364  C:\WINDOWS\system32\atmfd.dll - ok
22:36:38.0296 3364  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
22:36:38.0296 3364  C:\WINDOWS\system32\msv1_0.dll - ok
22:36:38.0328 3364  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
22:36:38.0328 3364  C:\WINDOWS\system32\iphlpapi.dll - ok
22:36:38.0343 3364  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
22:36:38.0343 3364  C:\WINDOWS\system32\netlogon.dll - ok
22:36:38.0359 3364  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
22:36:38.0359 3364  C:\WINDOWS\system32\w32time.dll - ok
22:36:38.0375 3364  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
22:36:38.0375 3364  C:\WINDOWS\system32\rsaenh.dll - ok
22:36:38.0390 3364  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
22:36:38.0390 3364  C:\WINDOWS\system32\wdigest.dll - ok
22:36:38.0406 3364  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
22:36:38.0406 3364  C:\WINDOWS\system32\winscard.dll - ok
22:36:38.0421 3364  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
22:36:38.0421 3364  C:\WINDOWS\system32\wtsapi32.dll - ok
22:36:38.0421 3364  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
22:36:38.0437 3364  C:\WINDOWS\system32\scecli.dll - ok
22:36:38.0453 3364  [ EAA6324F51214D2F6718977EC9CE0DEF ] C:\WINDOWS\system32\drivers\WudfPf.sys
22:36:38.0453 3364  C:\WINDOWS\system32\drivers\WudfPf.sys - ok
22:36:38.0453 3364  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
22:36:38.0453 3364  C:\WINDOWS\system32\svchost.exe - ok
22:36:38.0468 3364  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
22:36:38.0468 3364  C:\WINDOWS\system32\ntmarta.dll - ok
22:36:38.0484 3364  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
22:36:38.0484 3364  C:\WINDOWS\system32\rpcss.dll - ok
22:36:38.0500 3364  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
22:36:38.0500 3364  C:\WINDOWS\system32\xpsp2res.dll - ok
22:36:38.0515 3364  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
22:36:38.0515 3364  C:\WINDOWS\system32\eventlog.dll - ok
22:36:38.0531 3364  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
22:36:38.0531 3364  C:\WINDOWS\system32\logonui.exe - ok
22:36:38.0546 3364  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
22:36:38.0546 3364  C:\WINDOWS\system32\duser.dll - ok
22:36:38.0562 3364  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
22:36:38.0562 3364  C:\WINDOWS\system32\mswsock.dll - ok
22:36:38.0578 3364  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
22:36:38.0578 3364  C:\WINDOWS\system32\hnetcfg.dll - ok
22:36:38.0578 3364  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
22:36:38.0593 3364  C:\WINDOWS\system32\msimg32.dll - ok
22:36:38.0593 3364  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
22:36:38.0593 3364  C:\WINDOWS\system32\oleacc.dll - ok
22:36:38.0609 3364  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
22:36:38.0609 3364  C:\WINDOWS\system32\wshtcpip.dll - ok
22:36:38.0625 3364  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
22:36:38.0625 3364  C:\WINDOWS\system32\clbcatq.dll - ok
22:36:38.0640 3364  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
22:36:38.0640 3364  C:\WINDOWS\system32\winrnr.dll - ok
22:36:38.0656 3364  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
22:36:38.0656 3364  C:\WINDOWS\system32\rasadhlp.dll - ok
22:36:38.0671 3364  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
22:36:38.0671 3364  C:\WINDOWS\system32\comres.dll - ok
22:36:38.0671 3364  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
22:36:38.0671 3364  C:\WINDOWS\system32\shgina.dll - ok
22:36:38.0687 3364  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
22:36:38.0687 3364  C:\WINDOWS\system32\cscdll.dll - ok
22:36:38.0703 3364  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
22:36:38.0703 3364  C:\WINDOWS\system32\dimsntfy.dll - ok
22:36:38.0718 3364  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
22:36:38.0718 3364  C:\WINDOWS\system32\winspool.drv - ok
22:36:38.0734 3364  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
22:36:38.0734 3364  C:\WINDOWS\system32\wlnotify.dll - ok
22:36:38.0750 3364  [ D7DCFB4D0C58FFB569DE93E1681FD37A ] C:\WINDOWS\system32\WgaLogon.dll
22:36:38.0750 3364  C:\WINDOWS\system32\WgaLogon.dll - ok
22:36:38.0765 3364  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
22:36:38.0765 3364  C:\WINDOWS\system32\msxml3.dll - ok
22:36:38.0781 3364  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] C:\WINDOWS\system32\WudfSvc.dll
22:36:38.0781 3364  C:\WINDOWS\system32\WudfSvc.dll - ok
22:36:38.0796 3364  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
22:36:38.0796 3364  C:\WINDOWS\system32\cscui.dll - ok
22:36:38.0812 3364  [ 708E6997420592E033CF01B60E6E4223 ] C:\WINDOWS\system32\WudfPlatform.dll
22:36:38.0812 3364  C:\WINDOWS\system32\WudfPlatform.dll - ok
22:36:38.0812 3364  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
22:36:38.0812 3364  C:\WINDOWS\system32\powrprof.dll - ok
22:36:38.0828 3364  [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\system32\dpcdll.dll
22:36:38.0828 3364  C:\WINDOWS\system32\dpcdll.dll - ok
22:36:38.0843 3364  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
22:36:38.0843 3364  C:\WINDOWS\system32\userinit.exe - ok
22:36:38.0859 3364  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
22:36:38.0859 3364  C:\WINDOWS\explorer.exe - ok
22:36:38.0875 3364  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
22:36:38.0875 3364  C:\WINDOWS\system32\browseui.dll - ok
22:36:38.0890 3364  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
22:36:38.0890 3364  C:\WINDOWS\system32\shdocvw.dll - ok
22:36:38.0890 3364  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
22:36:38.0890 3364  C:\WINDOWS\system32\cryptui.dll - ok
22:36:38.0906 3364  [ D175F91A4C98B8848818C9B5089F88A2 ] C:\WINDOWS\system32\wininet.dll
22:36:38.0906 3364  C:\WINDOWS\system32\wininet.dll - ok
22:36:38.0921 3364  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
22:36:38.0921 3364  C:\WINDOWS\system32\normaliz.dll - ok
22:36:38.0937 3364  [ 84A5C7B9B1B82F94A8245781FD44D8BA ] C:\WINDOWS\system32\urlmon.dll
22:36:38.0937 3364  C:\WINDOWS\system32\urlmon.dll - ok
22:36:38.0953 3364  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
22:36:38.0953 3364  C:\WINDOWS\system32\dhcpcsvc.dll - ok
22:36:38.0968 3364  [ D1B3D1E05BEDC8F9B0BBBC03D6033F82 ] C:\WINDOWS\system32\iertutil.dll
22:36:38.0968 3364  C:\WINDOWS\system32\iertutil.dll - ok
22:36:38.0984 3364  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
22:36:38.0984 3364  C:\WINDOWS\system32\dnsrslvr.dll - ok
22:36:39.0000 3364  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
22:36:39.0000 3364  C:\WINDOWS\system32\lmhsvc.dll - ok
22:36:39.0015 3364  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
22:36:39.0015 3364  C:\WINDOWS\system32\riched20.dll - ok
22:36:39.0031 3364  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
22:36:39.0031 3364  C:\WINDOWS\system32\schedsvc.dll - ok
22:36:39.0046 3364  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
22:36:39.0046 3364  C:\WINDOWS\system32\desk.cpl - ok
22:36:39.0062 3364  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
22:36:39.0062 3364  C:\WINDOWS\system32\themeui.dll - ok
22:36:39.0078 3364  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
22:36:39.0078 3364  C:\WINDOWS\system32\msidle.dll - ok
22:36:39.0093 3364  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
22:36:39.0093 3364  C:\WINDOWS\system32\spoolsv.exe - ok
22:36:39.0093 3364  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
22:36:39.0093 3364  C:\WINDOWS\system32\actxprxy.dll - ok
22:36:39.0109 3364  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
22:36:39.0109 3364  C:\WINDOWS\system32\audiosrv.dll - ok
22:36:39.0125 3364  [ 8F0DE4FEF8201E306F9938B0905AC96A ] C:\Program Files\Google\Update\GoogleUpdate.exe
22:36:39.0125 3364  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
22:36:39.0140 3364  [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
22:36:39.0140 3364  C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
22:36:39.0156 3364  [ 452DB84283EB2F043827AC95D62CE19C ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
22:36:39.0156 3364  C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe - ok
22:36:39.0171 3364  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
22:36:39.0171 3364  C:\WINDOWS\system32\wkssvc.dll - ok
22:36:39.0171 3364  [ 4C867B62F6100C107A3A8F5E7A10461D ] C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl
22:36:39.0187 3364  C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl - ok
22:36:39.0187 3364  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
22:36:39.0187 3364  C:\WINDOWS\system32\cmd.exe - ok
22:36:39.0203 3364  [ 53249B2147DDC8212B290ACF80570290 ] C:\WINDOWS\system32\ieframe.dll
22:36:39.0203 3364  C:\WINDOWS\system32\ieframe.dll - ok
22:36:39.0218 3364  [ 8C22083ED515DC94D575438662F0BE6A ] C:\WINDOWS\system32\msi.dll
22:36:39.0218 3364  C:\WINDOWS\system32\msi.dll - ok
22:36:39.0234 3364  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
22:36:39.0234 3364  C:\WINDOWS\system32\shfolder.dll - ok
22:36:39.0250 3364  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
22:36:39.0250 3364  C:\WINDOWS\system32\wsock32.dll - ok
22:36:39.0265 3364  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
22:36:39.0265 3364  C:\WINDOWS\system32\wdmaud.drv - ok
22:36:39.0281 3364  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
22:36:39.0281 3364  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
22:36:39.0296 3364  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
22:36:39.0296 3364  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
22:36:39.0312 3364  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
22:36:39.0312 3364  C:\WINDOWS\system32\drivers\splitter.sys - ok
22:36:39.0328 3364  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
22:36:39.0328 3364  C:\WINDOWS\system32\drivers\aec.sys - ok
22:36:39.0343 3364  [ D9AF104F7E21FA859EFA3C67E5522E88 ] C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl
22:36:39.0343 3364  C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl - ok
22:36:39.0343 3364  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
22:36:39.0343 3364  C:\WINDOWS\system32\drivers\swmidi.sys - ok
22:36:39.0359 3364  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
22:36:39.0359 3364  C:\WINDOWS\system32\drivers\dmusic.sys - ok
22:36:39.0375 3364  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
22:36:39.0375 3364  C:\WINDOWS\system32\drivers\kmixer.sys - ok
22:36:39.0390 3364  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
22:36:39.0390 3364  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
22:36:39.0406 3364  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
22:36:39.0406 3364  C:\WINDOWS\system32\msacm32.drv - ok
22:36:39.0421 3364  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
22:36:39.0421 3364  C:\WINDOWS\system32\midimap.dll - ok
22:36:39.0437 3364  [ C5648BE5409E0AABDA8C9047BAC8F603 ] C:\WINDOWS\system32\msadp32.acm
22:36:39.0437 3364  C:\WINDOWS\system32\msadp32.acm - ok
22:36:39.0453 3364  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
22:36:39.0453 3364  C:\WINDOWS\system32\dbghelp.dll - ok
22:36:39.0468 3364  [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
22:36:39.0468 3364  C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
22:36:39.0468 3364  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
22:36:39.0468 3364  C:\WINDOWS\system32\mstask.dll - ok
22:36:39.0484 3364  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
22:36:39.0484 3364  C:\WINDOWS\system32\oledlg.dll - ok
22:36:39.0500 3364  [ 9C2543A7AC524CAA63B26A16D4E3AD39 ] C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
22:36:39.0500 3364  C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl - ok
22:36:39.0515 3364  [ 5422CB64444C33F029483552A8FACE37 ] C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl
22:36:39.0515 3364  C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl - ok
22:36:39.0531 3364  [ AEB9DD47B76075B05E27874384544F39 ] C:\Program Files\Spybot - Search & Destroy 2\vclie150.bpl
22:36:39.0531 3364  C:\Program Files\Spybot - Search & Destroy 2\vclie150.bpl - ok
22:36:39.0546 3364  [ FA27F4DF4015B22F04B5D18044A24322 ] C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
22:36:39.0546 3364  C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl - ok
22:36:39.0562 3364  [ 0FDABB1FD68CBC557084E16B0EA2F731 ] C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl
22:36:39.0562 3364  C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl - ok
22:36:39.0578 3364  [ 105ED75F4CEE9E58152061520DAA4ABD ] C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl
22:36:39.0578 3364  C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl - ok
22:36:39.0593 3364  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
22:36:39.0593 3364  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
22:36:39.0609 3364  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
22:36:39.0609 3364  C:\WINDOWS\system32\webclnt.dll - ok
22:36:39.0625 3364  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
22:36:39.0625 3364  C:\WINDOWS\system32\drivers\parvdm.sys - ok
22:36:39.0625 3364  [ D880831279ED91F9A4190A2DB9539EA9 ] C:\WINDOWS\system32\drivers\asctrm.sys
22:36:39.0625 3364  C:\WINDOWS\system32\drivers\asctrm.sys - ok
22:36:39.0640 3364  [ 0FCFBD0EDAA188B3D652DDCE6D16D866 ] C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
22:36:39.0640 3364  C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe - ok
22:36:39.0656 3364  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\WINDOWS\system32\msvcp71.dll
22:36:39.0656 3364  C:\WINDOWS\system32\msvcp71.dll - ok
22:36:39.0671 3364  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\system32\msvcr71.dll
22:36:39.0671 3364  C:\WINDOWS\system32\msvcr71.dll - ok
22:36:39.0687 3364  [ C3FC426E54F55C1CC3219E415B88E10C ] C:\WINDOWS\system32\drivers\AVGIDSShim.sys
22:36:39.0687 3364  C:\WINDOWS\system32\drivers\AVGIDSShim.sys - ok
22:36:39.0703 3364  [ FC2BC51120A945F7C70376495E4E7737 ] C:\Program Files\AVG\AVG10\avgwdsvc.exe
22:36:39.0703 3364  C:\Program Files\AVG\AVG10\avgwdsvc.exe - ok
22:36:39.0718 3364  [ 86E99E1222E671408ED5E8618521AEEB ] C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
22:36:39.0718 3364  C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl - ok
22:36:39.0718 3364  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
22:36:39.0718 3364  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
22:36:39.0734 3364  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
22:36:39.0734 3364  C:\WINDOWS\system32\cryptsvc.dll - ok
22:36:39.0750 3364  [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
22:36:39.0750 3364  C:\WINDOWS\system32\qmgr.dll - ok
22:36:39.0765 3364  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
22:36:39.0765 3364  C:\WINDOWS\system32\cryptnet.dll - ok
22:36:39.0781 3364  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
22:36:39.0781 3364  C:\WINDOWS\system32\certcli.dll - ok
22:36:39.0796 3364  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
22:36:39.0796 3364  C:\WINDOWS\system32\sensapi.dll - ok
22:36:39.0812 3364  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
22:36:39.0812 3364  C:\WINDOWS\system32\winhttp.dll - ok
22:36:39.0828 3364  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
22:36:39.0828 3364  C:\WINDOWS\system32\atl.dll - ok
22:36:39.0843 3364  [ 9244E0240A1D150581C3BAA89D8AA154 ] C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
22:36:39.0843 3364  C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl - ok
22:36:39.0875 3364  [ 4AA01BD5CC7DA9888AF33C5FAB5BF1DD ] C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl
22:36:39.0875 3364  C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl - ok
22:36:39.0890 3364  [ 8F220DCB4AA4B2A12ECE5B87C701170D ] C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
22:36:39.0890 3364  C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl - ok
22:36:39.0906 3364  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
22:36:39.0906 3364  C:\WINDOWS\system32\cabinet.dll - ok
22:36:39.0906 3364  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
22:36:39.0906 3364  C:\WINDOWS\system32\esent.dll - ok
22:36:39.0937 3364  [ CE62652689462E14ED8C5D87FA34A28B ] C:\Program Files\AVG\AVG10\avgwd.dll
22:36:39.0937 3364  C:\Program Files\AVG\AVG10\avgwd.dll - ok
22:36:39.0953 3364  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
22:36:39.0953 3364  C:\WINDOWS\system32\netman.dll - ok
22:36:39.0968 3364  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
22:36:39.0968 3364  C:\WINDOWS\system32\mprapi.dll - ok
22:36:39.0984 3364  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
22:36:39.0984 3364  C:\WINDOWS\system32\activeds.dll - ok
22:36:39.0984 3364  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
22:36:39.0984 3364  C:\WINDOWS\system32\adsldpc.dll - ok
22:36:40.0000 3364  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
22:36:40.0000 3364  C:\WINDOWS\system32\rtutils.dll - ok
22:36:40.0015 3364  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
22:36:40.0015 3364  C:\WINDOWS\system32\spoolss.dll - ok
22:36:40.0031 3364  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
22:36:40.0031 3364  C:\WINDOWS\system32\netshell.dll - ok
22:36:40.0046 3364  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
22:36:40.0046 3364  C:\WINDOWS\system32\localspl.dll - ok
22:36:40.0062 3364  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
22:36:40.0062 3364  C:\WINDOWS\system32\es.dll - ok
22:36:40.0078 3364  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
22:36:40.0078 3364  C:\WINDOWS\system32\cnbjmon.dll - ok
22:36:40.0093 3364  [ 322FD75A97DBA67FC8F97A9957F857F1 ] C:\WINDOWS\system32\mdimon.dll
22:36:40.0093 3364  C:\WINDOWS\system32\mdimon.dll - ok
22:36:40.0109 3364  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
22:36:40.0109 3364  C:\WINDOWS\system32\ersvc.dll - ok
22:36:40.0125 3364  [ AF238673651EFC0226EA74239B502A6F ] C:\WINDOWS\system32\pdf995mon.dll
22:36:40.0125 3364  C:\WINDOWS\system32\pdf995mon.dll - ok
22:36:40.0125 3364  [ 77AC10DB097DFD0CD3071465B644D0AB ] C:\Program Files\Java\jre6\bin\jqs.exe
22:36:40.0125 3364  C:\Program Files\Java\jre6\bin\jqs.exe - ok
22:36:40.0140 3364  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:36:40.0140 3364  C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - ok
22:36:40.0156 3364  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
22:36:40.0156 3364  C:\WINDOWS\system32\hidserv.dll - ok
22:36:40.0171 3364  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
22:36:40.0171 3364  C:\WINDOWS\system32\pjlmon.dll - ok
22:36:40.0187 3364  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
22:36:40.0187 3364  C:\WINDOWS\system32\tcpmon.dll - ok
22:36:40.0203 3364  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
22:36:40.0203 3364  C:\WINDOWS\system32\hid.dll - ok
22:36:40.0218 3364  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll
22:36:40.0218 3364  C:\Program Files\Java\jre6\bin\msvcr71.dll - ok
22:36:40.0234 3364  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
22:36:40.0234 3364  C:\WINDOWS\system32\usbmon.dll - ok
22:36:40.0250 3364  [ EA8647A21BCB56C5F15712D4B7407501 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
22:36:40.0250 3364  C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
22:36:40.0265 3364  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
22:36:40.0265 3364  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
22:36:40.0281 3364  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
22:36:40.0281 3364  C:\WINDOWS\system32\win32spl.dll - ok
22:36:40.0281 3364  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
22:36:40.0281 3364  C:\WINDOWS\system32\pdh.dll - ok
22:36:40.0296 3364  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
22:36:40.0296 3364  C:\WINDOWS\system32\netrap.dll - ok
22:36:40.0312 3364  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
22:36:40.0312 3364  C:\WINDOWS\system32\inetpp.dll - ok
22:36:40.0328 3364  [ C6E6F5ED8CAAEACB04A8E43F539DF300 ] C:\Program Files\AVG\AVG10\avgcfgx.dll
22:36:40.0328 3364  C:\Program Files\AVG\AVG10\avgcfgx.dll - ok
22:36:40.0343 3364  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
22:36:40.0343 3364  C:\WINDOWS\system32\odbcbcp.dll - ok
22:36:40.0390 3364  [ 11F714F85530A2BD134074DC30E99FCA ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:36:40.0390 3364  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE - ok
22:36:40.0421 3364  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
22:36:40.0421 3364  C:\WINDOWS\system32\srvsvc.dll - ok
22:36:40.0484 3364  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
22:36:40.0484 3364  C:\WINDOWS\system32\netmsg.dll - ok
22:36:40.0546 3364  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
22:36:40.0546 3364  C:\WINDOWS\system32\credui.dll - ok
22:36:40.0609 3364  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
22:36:40.0609 3364  C:\WINDOWS\system32\perfos.dll - ok
22:36:40.0640 3364  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
22:36:40.0640 3364  C:\WINDOWS\system32\drivers\srv.sys - ok
22:36:40.0656 3364  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
22:36:40.0656 3364  C:\WINDOWS\system32\dot3api.dll - ok
22:36:40.0671 3364  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
22:36:40.0671 3364  C:\WINDOWS\system32\dot3dlg.dll - ok
22:36:40.0671 3364  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
22:36:40.0671 3364  C:\WINDOWS\system32\onex.dll - ok
22:36:40.0687 3364  [ 3C318B9CD391371BED62126581EE9961 ] C:\WINDOWS\system32\drivers\mdmxsdk.sys
22:36:40.0687 3364  C:\WINDOWS\system32\drivers\mdmxsdk.sys - ok
22:36:40.0703 3364  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
22:36:40.0703 3364  C:\WINDOWS\system32\ipsecsvc.dll - ok
22:36:40.0718 3364  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
22:36:40.0718 3364  C:\WINDOWS\system32\eappcfg.dll - ok
22:36:40.0734 3364  [ E6BE48AFDCF7BE96F69455581F15221C ] C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
22:36:40.0734 3364  C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe - ok
22:36:40.0750 3364  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
22:36:40.0750 3364  C:\WINDOWS\system32\eappprxy.dll - ok
22:36:40.0765 3364  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
22:36:40.0765 3364  C:\WINDOWS\system32\oakley.dll - ok
22:36:40.0781 3364  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
22:36:40.0781 3364  C:\WINDOWS\system32\winipsec.dll - ok
22:36:40.0796 3364  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
22:36:40.0796 3364  C:\WINDOWS\system32\pstorsvc.dll - ok
22:36:40.0812 3364  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
22:36:40.0812 3364  C:\WINDOWS\system32\rasapi32.dll - ok
22:36:40.0828 3364  [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
22:36:40.0828 3364  C:\WINDOWS\system32\mscoree.dll - ok
22:36:40.0828 3364  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
22:36:40.0828 3364  C:\WINDOWS\system32\psbase.dll - ok
22:36:40.0843 3364  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
22:36:40.0843 3364  C:\WINDOWS\system32\rasman.dll - ok
22:36:40.0859 3364  [ FB53A700132D9A97D1E10E9F80BD6174 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
22:36:40.0859 3364  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
22:36:40.0875 3364  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
22:36:40.0875 3364  C:\WINDOWS\system32\dssenh.dll - ok
22:36:40.0890 3364  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
22:36:40.0890 3364  C:\WINDOWS\system32\tapi32.dll - ok
22:36:40.0906 3364  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
22:36:40.0906 3364  C:\WINDOWS\system32\wzcsapi.dll - ok
22:36:40.0921 3364  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
22:36:40.0921 3364  C:\WINDOWS\system32\perfdisk.dll - ok
22:36:40.0921 3364  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
22:36:40.0921 3364  C:\WINDOWS\system32\wzcsvc.dll - ok
22:36:40.0937 3364  [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
22:36:40.0937 3364  C:\WINDOWS\system32\olepro32.dll - ok
22:36:40.0953 3364  [ 6D7FEA5353AE646167E91152F1D9BE89 ] C:\Program Files\AVG\AVG10\avgcslx.dll
22:36:40.0953 3364  C:\Program Files\AVG\AVG10\avgcslx.dll - ok
22:36:40.0968 3364  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
22:36:40.0968 3364  C:\WINDOWS\system32\wmi.dll - ok
22:36:40.0984 3364  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
22:36:40.0984 3364  C:\WINDOWS\system32\eapolqec.dll - ok
22:36:41.0000 3364  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
22:36:41.0000 3364  C:\WINDOWS\system32\qutil.dll - ok
22:36:41.0015 3364  [ BC7F21E4B1AEFF68C61BE70C94BEF3DD ] C:\WINDOWS\system32\jsproxy.dll
22:36:41.0015 3364  C:\WINDOWS\system32\jsproxy.dll - ok
22:36:41.0031 3364  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
22:36:41.0031 3364  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
22:36:41.0046 3364  [ 09523AFBC5937D7CC786FC9C74D2D516 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
22:36:41.0046 3364  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll - ok
22:36:41.0062 3364  [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx
22:36:41.0062 3364  C:\WINDOWS\system32\hhctrl.ocx - ok
22:36:41.0062 3364  [ 77A54BDFBAD4604E6131AE68E3CF76D6 ] C:\WINDOWS\system32\srclient.dll
22:36:41.0062 3364  C:\WINDOWS\system32\srclient.dll - ok
22:36:41.0078 3364  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
22:36:41.0078 3364  C:\WINDOWS\system32\wbem\framedyn.dll - ok
22:36:41.0093 3364  [ D21AB32F16E8DE67D45E5A383B5E52BA ] C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll
22:36:41.0093 3364  C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll - ok
22:36:41.0125 3364  [ B009D6171147BE129636A49C4178E487 ] C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll
22:36:41.0125 3364  C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll - ok
22:36:41.0125 3364  [ 4B3685AA700084E4ED6635FC1EFD9CC2 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
22:36:41.0125 3364  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll - ok
22:36:41.0140 3364  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
22:36:41.0140 3364  C:\WINDOWS\system32\mscms.dll - ok
22:36:41.0156 3364  [ 6D07DF8A3B4E89B5BAC943B64F0B70D0 ] C:\WINDOWS\system32\icm32.dll
22:36:41.0156 3364  C:\WINDOWS\system32\icm32.dll - ok
22:36:41.0171 3364  [ A0E86BA4B3E56C1DC277BD7CCEC555DA ] C:\Program Files\Spybot - Search & Destroy 2\SDResources.dll
22:36:41.0171 3364  C:\Program Files\Spybot - Search & Destroy 2\SDResources.dll - ok
22:36:41.0187 3364  [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
22:36:41.0187 3364  C:\WINDOWS\system32\drivers\fastfat.sys - ok
22:36:41.0203 3364  [ DE81240BD5476BB8AA2261349AB32FF8 ] C:\Program Files\AVG\AVG10\avgamnot.dll
22:36:41.0203 3364  C:\Program Files\AVG\AVG10\avgamnot.dll - ok
22:36:41.0203 3364  [ C1649188479440AA5834EDA555445CDC ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
22:36:41.0203 3364  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll - ok
22:36:41.0218 3364  [ 8F2E5F841DF279C41FA011E8F2E945BC ] C:\Program Files\AVG\AVG10\avgidpsdkx.dll
22:36:41.0218 3364  C:\Program Files\AVG\AVG10\avgidpsdkx.dll - ok
22:36:41.0234 3364  [ 723528449ED0D1B0AD98AF3EDF23101D ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
22:36:41.0234 3364  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
22:36:41.0250 3364  [ 4F7841D812393DCA92E0FF7923F011E9 ] C:\Program Files\Common Files\Intuit\QuickBooks\CFScan.dll
22:36:41.0250 3364  C:\Program Files\Common Files\Intuit\QuickBooks\CFScan.dll - ok
22:36:41.0265 3364  [ 5F43C7330899A6C56FF7A428D60F4F62 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBDBPortFinder.DLL
22:36:41.0265 3364  C:\Program Files\Common Files\Intuit\QuickBooks\QBDBPortFinder.DLL - ok
22:36:41.0281 3364  [ 206387AB881E93A1A6EB89966C8651F1 ] C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
22:36:41.0281 3364  C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe - ok
22:36:41.0296 3364  [ 31BEFCE43D3EFCA98FEC850E910A309B ] C:\Program Files\Common Files\Intuit\QuickBooks\stlport_r50.dll
22:36:41.0296 3364  C:\Program Files\Common Files\Intuit\QuickBooks\stlport_r50.dll - ok
22:36:41.0312 3364  [ 14361FB2FD630988816A4F46AEAF0684 ] C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
22:36:41.0312 3364  C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll - ok
22:36:41.0328 3364  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
22:36:41.0328 3364  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
22:36:41.0343 3364  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
22:36:41.0343 3364  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
22:36:41.0359 3364  [ E8A6413CE73FD6C7586F27443A3171C8 ] C:\Program Files\AVG\AVG10\avgnsx.exe
22:36:41.0359 3364  C:\Program Files\AVG\AVG10\avgnsx.exe - ok
22:36:41.0375 3364  [ 96EC140D8EC76556A3651987B7102F92 ] C:\Program Files\AVG\AVG10\avgsched.dll
22:36:41.0375 3364  C:\Program Files\AVG\AVG10\avgsched.dll - ok
22:36:41.0390 3364  [ 80AEC7987F4F315DC8B65FA1A42FF554 ] C:\Program Files\AVG\AVG10\avgwdwsc.dll
22:36:41.0390 3364  C:\Program Files\AVG\AVG10\avgwdwsc.dll - ok
22:36:41.0390 3364  [ CB63BDB77BB86549FC3303C2F11EDC18 ] C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:36:41.0390 3364  C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe - ok
22:36:41.0406 3364  [ 90A3935D05B494A5A39D37E71F09A677 ] C:\WINDOWS\system32\drivers\secdrv.sys
22:36:41.0406 3364  C:\WINDOWS\system32\drivers\secdrv.sys - ok
22:36:41.0421 3364  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
22:36:41.0421 3364  C:\WINDOWS\system32\seclogon.dll - ok
22:36:41.0437 3364  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
22:36:41.0437 3364  C:\WINDOWS\system32\sens.dll - ok
22:36:41.0453 3364  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
22:36:41.0453 3364  C:\WINDOWS\system32\srsvc.dll - ok
22:36:41.0468 3364  [ 78B58486A5CB4F418D06EA2D6E961DB0 ] C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
22:36:41.0468 3364  C:\Program Files\Common Files\supportsoft\bin\ssrc.exe - ok
22:36:41.0484 3364  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
22:36:41.0484 3364  C:\WINDOWS\system32\wiaservc.dll - ok
22:36:41.0500 3364  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
22:36:41.0500 3364  C:\WINDOWS\system32\cfgmgr32.dll - ok
22:36:41.0500 3364  [ D7CE4BF406BB32DA938A03419BFC0F92 ] C:\Program Files\Common Files\supportsoft\bin\vnchooks.dll
22:36:41.0500 3364  C:\Program Files\Common Files\supportsoft\bin\vnchooks.dll - ok
22:36:41.0515 3364  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
22:36:41.0515 3364  C:\WINDOWS\system32\trkwks.dll - ok
22:36:41.0531 3364  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
22:36:41.0531 3364  C:\WINDOWS\system32\vssapi.dll - ok
22:36:41.0546 3364  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
22:36:41.0546 3364  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
22:36:41.0562 3364  [ 46D2D7FDED46379E6D051633640AF8D3 ] C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
22:36:41.0562 3364  C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe - ok
22:36:41.0578 3364  [ FBDB9D0935B9907B809B381FDDF1627F ] C:\WINDOWS\system32\regsvr32.exe
22:36:41.0578 3364  C:\WINDOWS\system32\regsvr32.exe - ok
22:36:41.0593 3364  [ F2A12BE9CEB441655BDABF9601CBFE4D ] C:\PROGRA~1\COMMON~1\SUPPOR~1\bin\SPRTHE~1.EXE
22:36:41.0593 3364  C:\PROGRA~1\COMMON~1\SUPPOR~1\bin\SPRTHE~1.EXE - ok
22:36:41.0609 3364  [ 4C51E233C87F9EC7598551DE554BC99D ] C:\WINDOWS\system32\drivers\AVGIDSFilter.sys
22:36:41.0609 3364  C:\WINDOWS\system32\drivers\AVGIDSFilter.sys - ok
22:36:41.0625 3364  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
22:36:41.0625 3364  C:\WINDOWS\system32\wuauserv.dll - ok
22:36:41.0640 3364  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
22:36:41.0640 3364  C:\WINDOWS\system32\wuaueng.dll - ok
22:36:41.0656 3364  [ A529CFE32565C0B145578FFB2B32C9A5 ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:36:41.0656 3364  C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe - ok
22:36:41.0656 3364  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
22:36:41.0656 3364  C:\WINDOWS\system32\mspatcha.dll - ok
22:36:41.0671 3364  [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
22:36:41.0671 3364  C:\WINDOWS\system32\browser.dll - ok
22:36:41.0687 3364  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
22:36:41.0687 3364  C:\WINDOWS\system32\comsvcs.dll - ok
22:36:41.0703 3364  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
22:36:41.0703 3364  C:\WINDOWS\system32\colbact.dll - ok
22:36:41.0718 3364  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
22:36:41.0718 3364  C:\WINDOWS\system32\mtxclu.dll - ok
22:36:41.0734 3364  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
22:36:41.0734 3364  C:\WINDOWS\system32\clusapi.dll - ok
22:36:41.0750 3364  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
22:36:41.0750 3364  C:\WINDOWS\system32\resutils.dll - ok
22:36:41.0765 3364  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
22:36:41.0765 3364  C:\WINDOWS\system32\wups.dll - ok
22:36:41.0781 3364  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
22:36:41.0781 3364  C:\WINDOWS\system32\wups2.dll - ok
22:36:41.0781 3364  [ 65C051AC9ADE44AA4F478DF08063CEFB ] C:\WINDOWS\system32\D125UUD.DLL
22:36:41.0796 3364  C:\WINDOWS\system32\D125UUD.DLL - ok
22:36:41.0796 3364  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
22:36:41.0796 3364  C:\WINDOWS\system32\wuauclt.exe - ok
22:36:41.0812 3364  [ 5B339F9E2459B0E54B7F4C6E3B5A09F3 ] C:\WINDOWS\system32\D125UFW.dll
22:36:41.0812 3364  C:\WINDOWS\system32\D125UFW.dll - ok
22:36:41.0828 3364  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
22:36:41.0828 3364  C:\WINDOWS\system32\ipnathlp.dll - ok
22:36:41.0843 3364  [ 2D18221AAB3DB2D408D6C55C0F23090A ] C:\WINDOWS\system32\drivers\AVGIDSDriver.sys
22:36:41.0843 3364  C:\WINDOWS\system32\drivers\AVGIDSDriver.sys - ok
22:36:41.0859 3364  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
22:36:41.0859 3364  C:\WINDOWS\system32\wscsvc.dll - ok
22:36:41.0875 3364  [ 7A0F6A3E0E41425B9BA54616B482668A ] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
22:36:41.0875 3364  C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe - ok
22:36:41.0890 3364  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
22:36:41.0890 3364  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
22:36:41.0906 3364  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
22:36:41.0906 3364  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
22:36:41.0906 3364  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
22:36:41.0906 3364  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
22:36:41.0921 3364  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
22:36:41.0921 3364  C:\WINDOWS\system32\wbem\esscli.dll - ok
22:36:41.0937 3364  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
22:36:41.0937 3364  C:\WINDOWS\system32\wbem\fastprox.dll - ok
22:36:41.0953 3364  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
22:36:41.0953 3364  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
22:36:41.0968 3364  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
22:36:41.0968 3364  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
22:36:41.0984 3364  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
22:36:41.0984 3364  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
22:36:42.0000 3364  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
22:36:42.0000 3364  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
22:36:42.0015 3364  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
22:36:42.0015 3364  C:\WINDOWS\system32\wbem\wbemess.dll - ok
22:36:42.0015 3364  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
22:36:42.0015 3364  C:\WINDOWS\system32\wuapi.dll - ok
22:36:42.0031 3364  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
22:36:42.0031 3364  C:\WINDOWS\system32\wbem\ncprov.dll - ok
22:36:42.0046 3364  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
22:36:42.0046 3364  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
22:36:42.0062 3364  [ CFF3F66119D13EC1065CACDBCE6D6F2D ] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\avgcslex.dll
22:36:42.0062 3364  C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\avgcslex.dll - ok
22:36:42.0078 3364  [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
22:36:42.0078 3364  C:\WINDOWS\system32\msxml6.dll - ok
22:36:42.0093 3364  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
22:36:42.0093 3364  C:\WINDOWS\system32\linkinfo.dll - ok
22:36:42.0109 3364  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
22:36:42.0109 3364  C:\WINDOWS\system32\ntshrui.dll - ok
22:36:42.0125 3364  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
22:36:42.0125 3364  C:\WINDOWS\system32\mlang.dll - ok
22:36:42.0140 3364  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
22:36:42.0140 3364  C:\WINDOWS\system32\termsrv.dll - ok
22:36:42.0156 3364  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
22:36:42.0156 3364  C:\WINDOWS\system32\icaapi.dll - ok
22:36:42.0156 3364  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
22:36:42.0156 3364  C:\WINDOWS\system32\mstlsapi.dll - ok
22:36:42.0171 3364  [ D4931277DF5393E84A48B27DF40914E3 ] C:\WINDOWS\system32\riched32.dll
22:36:42.0171 3364  C:\WINDOWS\system32\riched32.dll - ok
22:36:42.0187 3364  [ 0671A791C292F46423CFE37B53D598D0 ] C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll
22:36:42.0187 3364  C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll - ok
22:36:42.0203 3364  [ F92E1076C42FCD6DB3D72D8CFE9816D5 ] C:\WINDOWS\system32\wscntfy.exe
22:36:42.0203 3364  C:\WINDOWS\system32\wscntfy.exe - ok
22:36:42.0218 3364  [ 047CD344AC7B76BA3C224FAE1A4627C9 ] C:\WINDOWS\system32\WgaTray.exe
22:36:42.0218 3364  C:\WINDOWS\system32\WgaTray.exe - ok
22:36:42.0234 3364  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
22:36:42.0234 3364  C:\WINDOWS\system32\alg.exe - ok
22:36:42.0250 3364  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
22:36:42.0250 3364  C:\WINDOWS\system32\netcfgx.dll - ok
22:36:42.0265 3364  [ FAD9807ACDE89A34D2EB4743D57016D7 ] C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll
22:36:42.0265 3364  C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll - ok
22:36:42.0281 3364  [ D1CB99ADBA9397D7D02B0B2DCFE47F1A ] C:\WINDOWS\system32\LegitCheckControl.dll
22:36:42.0281 3364  C:\WINDOWS\system32\LegitCheckControl.dll - ok
22:36:42.0296 3364  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
22:36:42.0296 3364  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
22:36:42.0296 3364  [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
22:36:42.0312 3364  C:\WINDOWS\system32\licwmi.dll - ok
22:36:42.0312 3364  [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
22:36:42.0312 3364  C:\WINDOWS\system32\licdll.dll - ok
22:36:42.0328 3364  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\User\LOCALS~1\temp\7F80995A-7E21-4B1C-BCF3-5B42E5D9F5D7.exe
22:36:42.0328 3364  C:\DOCUME~1\User\LOCALS~1\temp\7F80995A-7E21-4B1C-BCF3-5B42E5D9F5D7.exe - ok
22:36:42.0343 3364  [ F1DAC7969C1337AF790BD1D981AA780C ] C:\WINDOWS\system32\qmgrprxy.dll
22:36:42.0343 3364  C:\WINDOWS\system32\qmgrprxy.dll - ok
22:36:42.0359 3364  [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
22:36:42.0359 3364  C:\WINDOWS\system32\msutb.dll - ok
22:36:42.0375 3364  [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
22:36:42.0375 3364  C:\WINDOWS\system32\msctf.dll - ok
22:36:42.0390 3364  [ C9128AE6036CDF67873A516E1A00ED4B ] C:\Program Files\QuickTime\qttask.exe
22:36:42.0390 3364  C:\Program Files\QuickTime\qttask.exe - ok
22:36:42.0406 3364  [ FF352BA8B9DA8FA5CD06CA2B8EAD765E ] C:\WINDOWS\SOUNDMAN.EXE
22:36:42.0406 3364  C:\WINDOWS\SOUNDMAN.EXE - ok
22:36:42.0421 3364  [ 52DB6CDAC5BC7A1FC884E97C41C91213 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
22:36:42.0421 3364  C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
22:36:42.0437 3364  [ 06105D08927E3498B3D380CBF0688E78 ] C:\Program Files\AVG\AVG10\avgtray.exe
22:36:42.0437 3364  C:\Program Files\AVG\AVG10\avgtray.exe - ok
22:36:42.0453 3364  [ 0600CB2613BEA0C6C0987B58D56D77B9 ] C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
22:36:42.0453 3364  C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe - ok
22:36:42.0468 3364  [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:36:42.0468 3364  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
22:36:42.0484 3364  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
22:36:42.0484 3364  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
22:36:42.0500 3364  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
22:36:42.0500 3364  C:\WINDOWS\system32\dsound.dll - ok
22:36:42.0500 3364  [ 6E4F82218F1B1DD439364383910BF014 ] C:\Program Files\AVG SafeGuard toolbar\vprot.exe
22:36:42.0500 3364  C:\Program Files\AVG SafeGuard toolbar\vprot.exe - ok
22:36:42.0515 3364  [ 27115A53347FD0E36229C4DB532DD43E ] C:\Program Files\AVG\AVG10\avgxpl.dll
22:36:42.0515 3364  C:\Program Files\AVG\AVG10\avgxpl.dll - ok
22:36:42.0531 3364  [ B5A4EBA9487F08BECC843A87422B8052 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
22:36:42.0531 3364  C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe - ok
22:36:42.0546 3364  [ E616A6A6E91B0A86F2F6217CDE835FFE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
22:36:42.0546 3364  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
22:36:42.0562 3364  [ 46D1EF4EE059807C1E5868D605ED059F ] C:\WINDOWS\system32\QuickTime.qts
22:36:42.0562 3364  C:\WINDOWS\system32\QuickTime.qts - ok
22:36:42.0578 3364  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
22:36:42.0578 3364  C:\WINDOWS\system32\webcheck.dll - ok
22:36:42.0593 3364  [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
22:36:42.0593 3364  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll - ok
22:36:42.0609 3364  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
22:36:42.0609 3364  C:\WINDOWS\system32\stobject.dll - ok
22:36:42.0625 3364  [ 76E7410B3A308F6960D3CE06DC7874AD ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
22:36:42.0625 3364  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll - ok
22:36:42.0640 3364  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
22:36:42.0640 3364  C:\WINDOWS\system32\batmeter.dll - ok
22:36:42.0656 3364  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
22:36:42.0656 3364  C:\WINDOWS\system32\imapi.exe - ok
22:36:42.0671 3364  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
22:36:42.0671 3364  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
22:36:42.0671 3364  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
22:36:42.0671 3364  C:\WINDOWS\system32\mydocs.dll - ok
22:36:42.0687 3364  [ 235B2311786AC007AD644B12A2DA8AC7 ] C:\WINDOWS\system32\msvfw32.dll
22:36:42.0687 3364  C:\WINDOWS\system32\msvfw32.dll - ok
22:36:42.0703 3364  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
22:36:42.0703 3364  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
22:36:42.0718 3364  [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
22:36:42.0718 3364  C:\WINDOWS\system32\tapisrv.dll - ok
22:36:42.0734 3364  [ ADC90EBBE2823C23A0406ACD3D6E9312 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
22:36:42.0734 3364  C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL - ok
22:36:42.0750 3364  [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
22:36:42.0750 3364  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll - ok
22:36:42.0765 3364  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
22:36:42.0765 3364  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
22:36:42.0765 3364  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
22:36:42.0765 3364  C:\WINDOWS\system32\upnp.dll - ok
22:36:42.0781 3364  [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
22:36:42.0781 3364  C:\WINDOWS\system32\ddraw.dll - ok
22:36:42.0796 3364  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
22:36:42.0796 3364  C:\WINDOWS\system32\ssdpapi.dll - ok
22:36:42.0812 3364  [ 199F9ADDB1C1E633169B9F6CB40D7724 ] C:\Program Files\AVG\AVG10\avglngx.dll
22:36:42.0812 3364  C:\Program Files\AVG\AVG10\avglngx.dll - ok
22:36:42.0828 3364  [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
22:36:42.0828 3364  C:\WINDOWS\system32\dciman32.dll - ok
22:36:42.0843 3364  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
22:36:42.0843 3364  C:\WINDOWS\system32\security.dll - ok
22:36:42.0859 3364  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
22:36:42.0859 3364  C:\WINDOWS\system32\rasmans.dll - ok
22:36:42.0875 3364  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
22:36:42.0875 3364  C:\WINDOWS\system32\drivers\http.sys - ok
22:36:42.0890 3364  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\73051879.sys
22:36:42.0890 3364  C:\WINDOWS\system32\drivers\73051879.sys - ok
22:36:42.0906 3364  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
22:36:42.0906 3364  C:\WINDOWS\system32\ssdpsrv.dll - ok
22:36:42.0906 3364  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
22:36:42.0906 3364  C:\WINDOWS\system32\rastapi.dll - ok
22:36:42.0921 3364  [ 73EC0C5FB8D0DDB42B6AAF800F1EFB6B ] C:\WINDOWS\system32\QuickTime\QuickTimeAuthoring.qtx
22:36:42.0921 3364  C:\WINDOWS\system32\QuickTime\QuickTimeAuthoring.qtx - ok
22:36:42.0937 3364  [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
22:36:42.0937 3364  C:\WINDOWS\system32\unimdm.tsp - ok
22:36:42.0953 3364  [ AF4DC6348884A5636F439FC6CE93A8DC ] C:\Program Files\AVG\AVG10\avgabout.dll
22:36:42.0953 3364  C:\Program Files\AVG\AVG10\avgabout.dll - ok
22:36:42.0968 3364  [ D05FE82970DAAAFEBDCF52D95A4D59EE ] C:\WINDOWS\system32\QuickTime\QuickTimeCapture.qtx
22:36:42.0968 3364  C:\WINDOWS\system32\QuickTime\QuickTimeCapture.qtx - ok
22:36:42.0984 3364  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
22:36:42.0984 3364  C:\WINDOWS\system32\uniplat.dll - ok
22:36:42.0984 3364  [ E571F7571A35C4406D1B49D9A90C0345 ] C:\WINDOWS\system32\QuickTime\QuickTimeEssentials.qtx
22:36:42.0984 3364  C:\WINDOWS\system32\QuickTime\QuickTimeEssentials.qtx - ok
22:36:43.0000 3364  [ 6FD0067A799F52568A3472D3FE0CC430 ] C:\WINDOWS\system32\QuickTime\QuickTimeImage.qtx
22:36:43.0000 3364  C:\WINDOWS\system32\QuickTime\QuickTimeImage.qtx - ok
22:36:43.0015 3364  [ ADA23DCD5DD87CA957AAF1DE9D6CE292 ] C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL
22:36:43.0015 3364  C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL - ok
22:36:43.0031 3364  [ 137683AE7841F9204D9221763E2827C6 ] C:\WINDOWS\system32\QuickTime\QuickTimeInternetExtras.qtx
22:36:43.0031 3364  C:\WINDOWS\system32\QuickTime\QuickTimeInternetExtras.qtx - ok
22:36:43.0046 3364  [ 229F0412FE86BE4B07674AB96D49ECD5 ] C:\Program Files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
22:36:43.0046 3364  C:\Program Files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll - ok
22:36:43.0062 3364  [ A24E60B11233C4BF2B7357391195423C ] C:\WINDOWS\system32\QuickTime\QuickTimeMPEG.qtx
22:36:43.0062 3364  C:\WINDOWS\system32\QuickTime\QuickTimeMPEG.qtx - ok
22:36:43.0078 3364  [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
22:36:43.0078 3364  C:\WINDOWS\system32\unimdmat.dll - ok
22:36:43.0093 3364  [ 0D0069F9E34EBE143376BBFA171AC9D6 ] C:\WINDOWS\system32\QuickTime\QuickTimeMPEG4.qtx
22:36:43.0093 3364  C:\WINDOWS\system32\QuickTime\QuickTimeMPEG4.qtx - ok
22:36:43.0109 3364  [ 61B12427CCBF5512E3439664C00D5FCD ] C:\Program Files\AVG\AVG10\avguires.dll
22:36:43.0109 3364  C:\Program Files\AVG\AVG10\avguires.dll - ok
22:36:43.0125 3364  [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
22:36:43.0125 3364  C:\WINDOWS\system32\modemui.dll - ok
22:36:43.0140 3364  [ C7CDCBEFA705FB32C04C8F4ED1B1EC85 ] C:\WINDOWS\system32\QuickTime\QuickTimeStreaming.qtx
22:36:43.0140 3364  C:\WINDOWS\system32\QuickTime\QuickTimeStreaming.qtx - ok
22:36:43.0140 3364  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
22:36:43.0140 3364  C:\WINDOWS\system32\kmddsp.tsp - ok
22:36:43.0156 3364  [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
22:36:43.0156 3364  C:\WINDOWS\system32\wbem\wmipcima.dll - ok
22:36:43.0187 3364  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
22:36:43.0187 3364  C:\WINDOWS\system32\ndptsp.tsp - ok
22:36:43.0187 3364  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
22:36:43.0187 3364  C:\WINDOWS\system32\ipconf.tsp - ok
22:36:43.0203 3364  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
22:36:43.0203 3364  C:\WINDOWS\system32\h323.tsp - ok
22:36:43.0218 3364  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
22:36:43.0218 3364  C:\WINDOWS\system32\hidphone.tsp - ok
22:36:43.0234 3364  [ 350A0C2CC411A6B0982604C8893C3E93 ] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
22:36:43.0234 3364  C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe - ok
22:36:43.0250 3364  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
22:36:43.0250 3364  C:\WINDOWS\system32\rasppp.dll - ok
22:36:43.0265 3364  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
22:36:43.0265 3364  C:\WINDOWS\system32\ntlsapi.dll - ok
22:36:43.0281 3364  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
22:36:43.0281 3364  C:\WINDOWS\system32\rasqec.dll - ok
22:36:43.0296 3364  [ C88C65DF1ED4DFD34CFBD11CDFE519A3 ] C:\WINDOWS\system32\wucltui.dll
22:36:43.0296 3364  C:\WINDOWS\system32\wucltui.dll - ok
22:36:43.0296 3364  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
22:36:43.0296 3364  C:\WINDOWS\system32\raschap.dll - ok
22:36:43.0312 3364  [ C31DD4CEC06D2908AE5F212A0B13805B ] C:\WINDOWS\system32\wuaucpl.cpl
22:36:43.0312 3364  C:\WINDOWS\system32\wuaucpl.cpl - ok
22:36:43.0328 3364  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
22:36:43.0328 3364  C:\WINDOWS\system32\rastls.dll - ok
22:36:43.0343 3364  [ BBDFDBEAD1B7A1CFD44BFFFD177FB627 ] C:\WINDOWS\system32\mucltui.dll
22:36:43.0343 3364  C:\WINDOWS\system32\mucltui.dll - ok
22:36:43.0359 3364  [ 917A728A12F25FCF4636858FAC9979FA ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
22:36:43.0359 3364  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll - ok
22:36:43.0375 3364  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
22:36:43.0375 3364  C:\WINDOWS\system32\rasdlg.dll - ok
22:36:43.0390 3364  [ 317C54DCAB9EE29CD4B9F55D197A90D1 ] C:\WINDOWS\system32\msisip.dll
22:36:43.0390 3364  C:\WINDOWS\system32\msisip.dll - ok
22:36:43.0406 3364  [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
22:36:43.0406 3364  C:\WINDOWS\system32\wshext.dll - ok
22:36:43.0421 3364  [ F3AD8EA144F411A6292775FA2B230DE5 ] C:\WINDOWS\system32\windowspowershell\v1.0\pwrshsip.dll
22:36:43.0421 3364  C:\WINDOWS\system32\windowspowershell\v1.0\pwrshsip.dll - ok
22:36:43.0437 3364  [ 40FA2F035ED88108850757CA51DAD942 ] C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
22:36:43.0437 3364  C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL - ok
22:36:43.0437 3364  [ 050D1C454A49D4DF8EB5222D352B6630 ] C:\Program Files\Mozilla Firefox\firefox.exe
22:36:43.0437 3364  C:\Program Files\Mozilla Firefox\firefox.exe - ok
22:36:43.0453 3364  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Mozilla Firefox\msvcr100.dll
22:36:43.0453 3364  C:\Program Files\Mozilla Firefox\msvcr100.dll - ok
22:36:43.0468 3364  [ 926DEA61D336849612C7665FE88720D4 ] C:\Program Files\Mozilla Firefox\mozglue.dll
22:36:43.0468 3364  C:\Program Files\Mozilla Firefox\mozglue.dll - ok
22:36:43.0484 3364  [ 71BE8E99E09B9CFDCC4BC8E1AD730E8F ] C:\Program Files\Mozilla Firefox\nspr4.dll
22:36:43.0484 3364  C:\Program Files\Mozilla Firefox\nspr4.dll - ok
22:36:43.0500 3364  [ 03E9314004F504A14A61C3D364B62F66 ] C:\Program Files\Mozilla Firefox\msvcp100.dll
22:36:43.0500 3364  C:\Program Files\Mozilla Firefox\msvcp100.dll - ok
22:36:43.0515 3364  [ 7599E0A27FB4753D2E71ABD7C1CC70D8 ] C:\Program Files\Mozilla Firefox\mozjs.dll
22:36:43.0515 3364  C:\Program Files\Mozilla Firefox\mozjs.dll - ok
22:36:43.0531 3364  [ 368E163F323E66B0C98F40D34664DA61 ] C:\Program Files\Mozilla Firefox\nssutil3.dll
22:36:43.0531 3364  C:\Program Files\Mozilla Firefox\nssutil3.dll - ok
22:36:43.0546 3364  [ EBB9E2F31C9FE596CCFE9461387278E1 ] C:\Program Files\Mozilla Firefox\plc4.dll
22:36:43.0546 3364  C:\Program Files\Mozilla Firefox\plc4.dll - ok
22:36:43.0546 3364  [ 14A0D9B20DBFE006DC9C119A859560C8 ] C:\Program Files\Mozilla Firefox\plds4.dll
22:36:43.0562 3364  C:\Program Files\Mozilla Firefox\plds4.dll - ok
22:36:43.0562 3364  [ 3D08D0F8814A1A74F05539153191EE1C ] C:\Program Files\Mozilla Firefox\nss3.dll
22:36:43.0562 3364  C:\Program Files\Mozilla Firefox\nss3.dll - ok
22:36:43.0578 3364  [ BD113C439039D9889C6AC187D8D35CD7 ] C:\Program Files\Mozilla Firefox\smime3.dll
22:36:43.0578 3364  C:\Program Files\Mozilla Firefox\smime3.dll - ok
22:36:43.0593 3364  [ 77FD975FAD9D8693E81BD7DDB9015A12 ] C:\Program Files\Mozilla Firefox\ssl3.dll
22:36:43.0593 3364  C:\Program Files\Mozilla Firefox\ssl3.dll - ok
22:36:43.0609 3364  [ 193092D8D31493D81DEF23FB03D59EC7 ] C:\Program Files\Mozilla Firefox\mozsqlite3.dll
22:36:43.0609 3364  C:\Program Files\Mozilla Firefox\mozsqlite3.dll - ok
22:36:43.0625 3364  [ 53349427AC77A049D972902E862B05A0 ] C:\Program Files\Mozilla Firefox\mozalloc.dll
22:36:43.0625 3364  C:\Program Files\Mozilla Firefox\mozalloc.dll - ok
22:36:43.0640 3364  [ 7D8B64B446F3D2C67FA3F9097CC8C784 ] C:\Program Files\Mozilla Firefox\gkmedias.dll
22:36:43.0640 3364  C:\Program Files\Mozilla Firefox\gkmedias.dll - ok
22:36:43.0656 3364  [ 0A1C56C281B7D2E9845D870E8210C021 ] C:\Program Files\Java\jre6\bin\awt.dll
22:36:43.0656 3364  C:\Program Files\Java\jre6\bin\awt.dll - ok
22:36:43.0671 3364  [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
22:36:43.0671 3364  C:\WINDOWS\system32\drprov.dll - ok
22:36:43.0687 3364  [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
22:36:43.0687 3364  C:\WINDOWS\system32\ntlanman.dll - ok
22:36:43.0687 3364  [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
22:36:43.0687 3364  C:\WINDOWS\system32\netui0.dll - ok
22:36:43.0703 3364  [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
22:36:43.0703 3364  C:\WINDOWS\system32\netui1.dll - ok
22:36:43.0718 3364  [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
22:36:43.0718 3364  C:\WINDOWS\system32\davclnt.dll - ok
22:36:43.0734 3364  [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
22:36:43.0734 3364  C:\WINDOWS\system32\usp10.dll - ok
22:36:43.0750 3364  [ 9917933511F30120998F787826630C94 ] C:\Program Files\Java\jre6\bin\client\jvm.dll
22:36:43.0750 3364  C:\Program Files\Java\jre6\bin\client\jvm.dll - ok
22:36:43.0765 3364  [ 32D3BBC245C523A089D6031813329A45 ] C:\Program Files\Mozilla Firefox\xul.dll
22:36:43.0765 3364  C:\Program Files\Mozilla Firefox\xul.dll - ok
22:36:43.0781 3364  [ B771A34892EC4BABD3FCD7552A5FEACA ] C:\Program Files\Java\jre6\bin\dcpr.dll
22:36:43.0781 3364  C:\Program Files\Java\jre6\bin\dcpr.dll - ok
22:36:43.0796 3364  [ F1F4D274E49D1B91C2EB8243813C1305 ] C:\Program Files\Java\jre6\bin\deploy.dll
22:36:43.0796 3364  C:\Program Files\Java\jre6\bin\deploy.dll - ok
22:36:43.0812 3364  [ 556A35EAADE75BBC0E4A89CA35C5797B ] C:\Program Files\Java\jre6\bin\fontmanager.dll
22:36:43.0812 3364  C:\Program Files\Java\jre6\bin\fontmanager.dll - ok
22:36:43.0828 3364  [ 8941CB55927AF5B05E068CB1208BB12B ] C:\Program Files\Java\jre6\bin\hpi.dll
22:36:43.0828 3364  C:\Program Files\Java\jre6\bin\hpi.dll - ok
22:36:43.0843 3364  [ 8E89F6EFF27213862E2A61E01563D45F ] C:\Program Files\Java\jre6\bin\java.dll
22:36:43.0843 3364  C:\Program Files\Java\jre6\bin\java.dll - ok
22:36:43.0859 3364  [ B427962BDB196D132AF50F6C7B78380D ] C:\Program Files\Java\jre6\bin\javaw.exe
22:36:43.0859 3364  C:\Program Files\Java\jre6\bin\javaw.exe - ok
22:36:43.0875 3364  [ 1F22B27A0F05CF973C71AAC37CFE3FE2 ] C:\Program Files\Java\jre6\bin\jp2native.dll
22:36:43.0875 3364  C:\Program Files\Java\jre6\bin\jp2native.dll - ok
22:36:43.0890 3364  [ 20D05CE7BA11921130E3D01ECD7C9425 ] C:\Program Files\Java\jre6\bin\jpeg.dll
22:36:43.0890 3364  C:\Program Files\Java\jre6\bin\jpeg.dll - ok
22:36:43.0906 3364  [ F24BA21108897C3F02A50277635A6467 ] C:\Program Files\Java\jre6\bin\net.dll
22:36:43.0906 3364  C:\Program Files\Java\jre6\bin\net.dll - ok
22:36:43.0921 3364  [ 2742C3D282BF761090CB1D63CCB295BB ] C:\Program Files\Java\jre6\bin\nio.dll
22:36:43.0921 3364  C:\Program Files\Java\jre6\bin\nio.dll - ok
22:36:43.0937 3364  [ 10198A8DFD4A4015D1180F9FD00998A1 ] C:\Program Files\Java\jre6\bin\regutils.dll
22:36:43.0937 3364  C:\Program Files\Java\jre6\bin\regutils.dll - ok
22:36:43.0937 3364  [ 8EDF4EA760BEDC0739AD9021FCD982F7 ] C:\Program Files\Java\jre6\bin\verify.dll
22:36:43.0937 3364  C:\Program Files\Java\jre6\bin\verify.dll - ok
22:36:43.0953 3364  [ DD4A71AD16A5D7FC295E05290E32CF2C ] C:\Program Files\Java\jre6\bin\zip.dll
22:36:43.0953 3364  C:\Program Files\Java\jre6\bin\zip.dll - ok
22:36:43.0968 3364  [ D25C03D04159D462D69F294BA7142BDB ] C:\WINDOWS\system32\msdmo.dll
22:36:43.0968 3364  C:\WINDOWS\system32\msdmo.dll - ok
22:36:43.0984 3364  [ C4D7266D9277017B6DF92D9E725384AF ] C:\Program Files\Mozilla Firefox\xpcom.dll
22:36:43.0984 3364  C:\Program Files\Mozilla Firefox\xpcom.dll - ok
22:36:44.0000 3364  [ B72FBE3E7292B033499CDEFA0D07C730 ] C:\Program Files\Mozilla Firefox\components\browsercomps.dll
22:36:44.0000 3364  C:\Program Files\Mozilla Firefox\components\browsercomps.dll - ok
22:36:44.0015 3364  [ 303A63F4B913AA5D8998161CB77A8CE7 ] C:\WINDOWS\system32\feclient.dll
22:36:44.0015 3364  C:\WINDOWS\system32\feclient.dll - ok
22:36:44.0031 3364  [ D0049860B63DD87A73A5D165C829C65F ] C:\WINDOWS\system32\t2embed.dll
22:36:44.0031 3364  C:\WINDOWS\system32\t2embed.dll - ok
22:36:44.0046 3364  [ C3200506FB212A0F4FB736A80E646C40 ] C:\WINDOWS\system32\lz32.dll
22:36:44.0046 3364  C:\WINDOWS\system32\lz32.dll - ok
22:36:44.0062 3364  [ EE09398BA0EE9F8244923E6B534068CF ] C:\Program Files\Mozilla Firefox\softokn3.dll
22:36:44.0062 3364  C:\Program Files\Mozilla Firefox\softokn3.dll - ok
22:36:44.0078 3364  [ EA325A364EED8DD60125B08A37418777 ] C:\Program Files\Mozilla Firefox\nssdbm3.dll
22:36:44.0078 3364  C:\Program Files\Mozilla Firefox\nssdbm3.dll - ok
22:36:44.0093 3364  [ E01B9453B174913355BB44D8097390DA ] C:\Program Files\Mozilla Firefox\freebl3.dll
22:36:44.0093 3364  C:\Program Files\Mozilla Firefox\freebl3.dll - ok
22:36:44.0109 3364  [ C14FBA3D10CC1CEB7A1646C55C7393DC ] C:\Program Files\Mozilla Firefox\nssckbi.dll
22:36:44.0109 3364  C:\Program Files\Mozilla Firefox\nssckbi.dll - ok
22:36:44.0125 3364  [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll
22:36:44.0125 3364  C:\WINDOWS\system32\d3d9.dll - ok
22:36:44.0140 3364  [ 31B067C412FA1A9BAD3CA2A63D7DA440 ] C:\WINDOWS\system32\d3d8thk.dll
22:36:44.0140 3364  C:\WINDOWS\system32\d3d8thk.dll - ok
22:36:44.0156 3364  [ E64819B6014A93E2503BB52419A0F6F3 ] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
22:36:44.0156 3364  C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll - ok
22:36:44.0156 3364  ============================================================
22:36:44.0156 3364  Scan finished
22:36:44.0156 3364  ============================================================
22:36:44.0281 3332  Detected object count: 10
22:36:44.0281 3332  Actual detected object count: 10
22:37:43.0140 3332  AloPar ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:43.0140 3332  AloPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:37:43.0140 3332  ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:43.0140 3332  ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:37:43.0140 3332  ATMhelpr ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:43.0140 3332  ATMhelpr ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:37:43.0156 3332  ialm ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:43.0156 3332  ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:37:43.0156 3332  NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:43.0156 3332  NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:37:43.0156 3332  PciTest ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:43.0156 3332  PciTest ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:37:43.0171 3332  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:43.0171 3332  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:37:43.0171 3332  QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:43.0171 3332  QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:37:43.0187 3332  {6080A529-897E-4629-A488-ABA0C29B635E} ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:43.0187 3332  {6080A529-897E-4629-A488-ABA0C29B635E} ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:37:43.0187 3332  {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:43.0187 3332  {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:38:09.0453 2796  Deinitialize success
 

I am now going to go run the other program and will post the results once I get them.



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:25 PM

Posted 05 March 2013 - 10:50 PM

there may be a small delay in my next post but not long
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Sharannhof

Sharannhof
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:25 PM

Posted 06 March 2013 - 06:07 AM

Not a problem. I had to go to sleep since I get up very early for work. I really do appreciate your help.

 

Since I left my computer on during the night, Spybot ran automatically.

Internet access seems up and running

And according to my security settings in the control panel, my firewall and Windows Update are active and on.

Unfortunately, when I tried to do the same google search (Schoonmaker obituary), I was redirected again when I clicked on this link:

www.eagletribune.com/obituaries/.../Mazie-R-Schoonmaker-87

I was once again sent here:

http://butterflysearch.net/?login=mainpage3&search=schoonmaker%20obituary

 

I tried a few more links and they're all working correctly... for now.

 

First time I ran mbar, this is the log:

 

alwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.06.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: YOUR-GURG0DYWDC [administrator]

3/5/2013 11:37:18 PM
mbar-log-2013-03-05 (23-37-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26650
Time elapsed: 49 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\Documents and Settings\User\Local Settings\Application Data\{c077b9cb-e181-8127-cb2d-5ec744a483e1}\U (Backdoor.0Access) -> Delete on reboot.
c:\Documents and Settings\User\Local Settings\Application Data\{c077b9cb-e181-8127-cb2d-5ec744a483e1}\L (Backdoor.0Access) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

(end)

 

Since it detected 2 items, I rebooted and ran it again. This is the second log:

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.06.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: YOUR-GURG0DYWDC [administrator]

3/6/2013 12:32:48 AM
mbar-log-2013-03-06 (00-32-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26636
Time elapsed: 40 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#11 Sharannhof

Sharannhof
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:25 PM

Posted 06 March 2013 - 07:00 AM

I went and ran mbar again after opening my browser and got a clean log again, despite the redirect earlier this morning.

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.06.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: YOUR-GURG0DYWDC [administrator]

3/6/2013 6:53:59 AM
mbar-log-2013-03-06 (06-53-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26645
Time elapsed: 39 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:25 PM

Posted 06 March 2013 - 12:49 PM


Hello Sharannhof

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Sharannhof

Sharannhof
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:25 PM

Posted 06 March 2013 - 07:54 PM

Hi Gringo,

Here's the next log that you requested:

 

OTL logfile created on: 3/6/2013 7:31:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.88% Memory free
4.83 Gb Paging File | 4.09 Gb Available in Paging File | 84.66% Paging File free
Paging file location(s): C:\pagefile.sys 3057 4095 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 0.82 Gb Free Space | 2.21% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-GURG0DYWDC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
MOD - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\WINDOWS\system32\pdf995mon.dll ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (vToolbarUpdater14.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (NetSvc) -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (zumbus) -- system32\DRIVERS\zumbus.sys File not found
DRV - (WDICA) --  File not found
DRV - (wanatw) -- System32\DRIVERS\wanatw4.sys File not found
DRV - (SMNDIS5) -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys File not found
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\USR_MDMV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\USR_BSC2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_USR.sys (Conexant Systems, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (PciTest) -- C:\WINDOWS\system32\drivers\pcitest.sys (Intel Corporation)
DRV - (AloPar) -- C:\WINDOWS\system32\drivers\AloPar.sys (Eisenworld, Inc.)
DRV - (HPUATA) -- C:\WINDOWS\system32\drivers\HPUATA.sys (SCM Microsystems Inc.)
DRV - (ATMhelpr) -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-603824595-2646275955-536325080-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-603824595-2646275955-536325080-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-603824595-2646275955-536325080-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webmail.juno.com/
IE - HKU\S-1-5-21-603824595-2646275955-536325080-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-603824595-2646275955-536325080-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-603824595-2646275955-536325080-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-603824595-2646275955-536325080-1005\..\SearchScopes\{0BC1000E-A9EE-4D6D-AA81-40CD5BA14510}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GGLD_enUS311
IE - HKU\S-1-5-21-603824595-2646275955-536325080-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-603824595-2646275955-536325080-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://webmailbb.juno.com/webmail/new/7?count=1359213099&randid=749236082"
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: zdcpsnzdyl%40zdcpsnzdyl.org:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1423
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKEY_LOCAL_MACHINE\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2013/01/27 09:24:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2013/01/27 09:24:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/12/15 17:56:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/27 20:40:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/27 20:38:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2004/02/04 17:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2013/01/27 09:24:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKEY_CURRENT_USER\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2013/01/27 09:24:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2013/01/27 09:24:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2004/02/04 17:41:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2013/01/27 09:24:04 | 000,000,000 | ---D | M]
 
[2010/05/05 20:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2013/03/03 11:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0ldcril0.default\extensions
[2010/05/08 08:22:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0ldcril0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2003/03/31 07:00:00 | 000,004,816 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0ldcril0.default\extensions\zdcpsnzdyl@zdcpsnzdyl.org.xpi
[2013/02/27 20:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/13 21:43:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013/02/27 20:40:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/09 16:01:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/21 16:00:10 | 000,003,723 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/27 20:39:51 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2013/03/06 05:54:14 | 000,444,957 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 15308 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-603824595-2646275955-536325080-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-603824595-2646275955-536325080-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-603824595-2646275955-536325080-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-603824595-2646275955-536325080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-603824595-2646275955-536325080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-603824595-2646275955-536325080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-603824595-2646275955-536325080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267900084937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3707C5A0-65C5-4C50-8855-62C9FC641775}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/02/04 16:58:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/06 19:28:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/03/05 22:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\mbar-1.01.0.1021
[2013/03/05 22:26:48 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\tdsskiller(1).exe
[2013/03/05 21:08:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/03/05 21:05:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/03/05 21:05:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/03/05 21:05:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/03/05 21:05:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/03/05 21:05:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/05 21:04:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/03/05 21:02:15 | 005,036,545 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2013/03/05 20:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\ProcAlyzer Dumps
[2013/03/05 18:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\AVG Secure Search
[2013/03/04 22:00:38 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.com
[2013/02/27 20:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/27 19:55:48 | 002,002,944 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\User\Desktop\HousecallLauncher.exe
[2013/02/27 18:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/02/27 18:06:30 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013/02/27 18:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/02/24 18:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2013/02/24 18:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/02/24 17:50:07 | 000,059,392 | ---- | C] (Bjørnar Henden) -- C:\WINDOWS\isxdl.dll
[2013/02/24 17:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2013/02/24 17:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2013/02/24 17:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2013/02/24 17:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2013/02/24 17:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/02/23 21:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\H&R Block 2012
[2013/02/23 20:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\HRBlock2012
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/06 19:28:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/03/06 19:27:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/06 19:26:00 | 112,356,035 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/03/06 19:22:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/06 19:20:55 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2013/03/06 19:19:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/06 19:19:47 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/03/06 19:19:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/06 19:19:31 | 2137,903,104 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/06 06:09:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/06 05:54:23 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/03/06 05:54:14 | 000,444,957 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/05 22:45:22 | 013,786,977 | ---- | M] () -- C:\Documents and Settings\User\Desktop\mbar-1.01.0.1021.zip
[2013/03/05 22:26:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\tdsskiller(1).exe
[2013/03/05 21:32:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130306-055414.backup
[2013/03/05 21:08:50 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2013/03/05 21:02:16 | 005,036,545 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2013/03/05 20:57:45 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2013/03/05 19:20:02 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D18C6837-3F1A-4975-B147-96697656F22A}.job
[2013/03/05 19:14:41 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2013/03/05 18:50:39 | 000,597,667 | ---- | M] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/03/05 18:46:03 | 000,881,950 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2013/03/05 18:42:58 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/04 22:00:38 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.com
[2013/03/03 17:06:30 | 000,275,893 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/03/02 20:22:56 | 000,000,181 | ---- | M] () -- C:\WINDOWS\civ.ini
[2013/03/02 18:23:26 | 000,326,108 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2013/03/02 18:23:07 | 000,205,072 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2013/03/02 10:21:57 | 000,000,548 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2013/02/27 19:56:53 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2013/02/27 19:55:54 | 002,002,944 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\User\Desktop\HousecallLauncher.exe
[2013/02/27 18:07:59 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/02/27 18:07:14 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2013/02/27 18:07:05 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/02/26 21:29:42 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/26 21:29:37 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/25 18:11:06 | 000,000,631 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2013/02/24 18:45:37 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SpywareBlaster.lnk
[2013/02/23 21:02:14 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2012.lnk
[2013/02/23 16:51:40 | 000,000,074 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2013/02/21 21:15:41 | 010,592,675 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Good Hoferer.ged
[2013/02/21 15:57:46 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/02/17 17:46:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/16 11:54:00 | 000,277,258 | ---- | M] () -- C:\Documents and Settings\User\My Documents\B&A_Cemetery.jpg
[2013/02/16 10:59:28 | 001,264,830 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Milancy Chandler Depuy.jpg
[2013/02/15 17:07:46 | 000,413,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/14 21:39:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/14 21:19:11 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/14 21:19:11 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/14 20:48:09 | 000,049,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\House in snow.jpg
[2013/02/14 19:10:35 | 000,167,971 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Garg Family.rtf
[2013/02/11 18:51:00 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\tdsskiller.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/05 22:45:19 | 013,786,977 | ---- | C] () -- C:\Documents and Settings\User\Desktop\mbar-1.01.0.1021.zip
[2013/03/05 21:08:49 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2013/03/05 21:08:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/03/05 21:05:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/03/05 21:05:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/03/05 21:05:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/03/05 21:05:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/03/05 21:05:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/03/05 19:14:33 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2013/03/05 18:50:39 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/03/05 18:46:02 | 000,881,950 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2013/02/27 20:53:06 | 000,326,108 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2013/02/27 20:51:34 | 000,205,072 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2013/02/27 19:56:53 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2013/02/27 19:37:21 | 2137,903,104 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/27 18:07:59 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/02/27 18:07:57 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/02/27 18:07:55 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/02/27 18:07:06 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/02/27 18:07:05 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/02/24 18:45:37 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SpywareBlaster.lnk
[2013/02/23 21:02:14 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2012.lnk
[2013/02/17 17:46:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/16 11:53:57 | 000,277,258 | ---- | C] () -- C:\Documents and Settings\User\My Documents\B&A_Cemetery.jpg
[2013/02/16 10:59:25 | 001,264,830 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Milancy Chandler Depuy.jpg
[2013/02/14 20:48:09 | 000,049,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\House in snow.jpg
[2013/02/14 19:10:31 | 000,167,971 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Garg Family.rtf
[2013/01/01 12:06:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\windr32.dat
[2012/03/04 12:30:48 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2012/03/04 12:29:36 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2012/03/04 12:29:35 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2012/02/16 15:31:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/06 12:25:46 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\User\jobq.dat
[2010/02/17 20:17:11 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\User\Application Data\wklnhst.dat
[2007/03/18 08:03:20 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\User\Application Data\dm.ini
[2006/03/14 17:16:48 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/13 09:59:25 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\User\TH061305.DES
[2005/06/13 09:53:35 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\User\SH061305.DES
[2005/04/01 22:45:20 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\User\TEMP.FIL
 
========== ZeroAccess Check ==========
 
[2008/11/22 16:09:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc

< End of report >
 



#14 Sharannhof

Sharannhof
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:25 PM

Posted 07 March 2013 - 01:18 PM

Hi Gringo,

Just checking in. Did you need me to send you the extra.txt? I can do that later tonight when I get home from work.

Thanks.



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:25 PM

Posted 07 March 2013 - 11:57 PM

Hello


no I do not need it - sorry I did not reply today seems when I was home today I was either sleeping or working


I can only do these reports at home so I will post sometime in the morning



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users