Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer keeps trying to go to malicious URL's


  • This topic is locked This topic is locked
23 replies to this topic

#1 CNC

CNC

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 13 March 2013 - 04:23 PM

Internet Explorer keeps trying to go to malicious URL's and Avast blocks them. I have run DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by User at 17:01:46 on 2013-03-13
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.743 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE
C:\Program Files\Propalms Client\iqclntmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [wmgie] "c:\windows\system32\rundll32.exe" "c:\documents and settings\sharon mcguire\application data\wmgie.dll",Number_Und
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [mpcts] "c:\windows\system32\rundll32.exe" "c:\documents and settings\sharon mcguire\application data\mpcts.dll",State_New
mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [hethe] "c:\windows\system32\rundll32.exe" "c:\documents and settings\sharon mcguire\application data\hethe.dll",GetFrame
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\sharon~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\sharon~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2009\QBW32.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\refres~1.lnk - c:\windows\installer\{3b83f46f-a627-4c06-9478-da7de9272667}\Icon40D63FD11.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\solidw~1.lnk - c:\program files\common files\solidworks installation manager\backgrounddownloading\sldBgDwld.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1314806812343
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282581328500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4AC0FD24-DFCB-4141-AF11-03C13479E394} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E5B7EBB8-FBD9-4EAC-8A85-833FA835270F} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: NavLogon - <no file>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.152\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-13 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-13 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-13 368176]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-13 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-13 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-3-13 45248]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2012-1-10 1248256]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-3-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-3-13 1369624]
R3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-13 164736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-3-13 168384]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-3-12 40776]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-03-13 18:22:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-13 18:22:59 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-13 18:22:58 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-13 18:22:56 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-13 18:21:22 41664 ----a-w- c:\windows\avastSS.scr
2013-03-13 18:18:56 -------- d-----w- c:\program files\AVAST Software
2013-03-13 18:18:19 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-03-13 16:57:03 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-03-13 16:53:37 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-03-13 16:53:06 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-03-13 01:40:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-13 01:36:36 15859416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-13 01:09:18 -------- d-----w- c:\documents and settings\sharon mcguire\application data\Malwarebytes
2013-03-13 01:08:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-03-13 01:08:43 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 01:08:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-11 01:40:21 164352 ----a-w- c:\documents and settings\all users\application data\16LFC32s.exe
2013-03-11 01:40:13 164352 ----a-w- c:\documents and settings\sharon mcguire\doo88ddmcxliv.exe
2013-02-27 02:35:16 -------- d-----w- c:\documents and settings\sharon mcguire\application data\WindowsDatabase
2013-02-24 19:09:41 320000 ----a-w- c:\documents and settings\sharon mcguire\application data\wmgie.dll
2013-02-24 19:09:17 565760 ----a-w- c:\documents and settings\sharon mcguire\application data\mpcts.dll
.
==================== Find3M  ====================
.
2013-03-13 01:37:39 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 01:37:39 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-24 16:06:40 0 ----a-w- c:\documents and settings\sharon mcguire\application data\wupls.dll
2013-02-05 19:49:32 292352 ----a-w- c:\documents and settings\sharon mcguire\application data\hethe.dll
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200BEVT-35ZCT1 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A4664B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a46d93c]; MOV EAX, [0x8a46dab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x8A530AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> [0x8A4C6B98]
\Driver\atapi[0x8A5CE5E0] -> IRP_MJ_CREATE -> 0x8A4664B1
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A4662E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 17:03:22.19 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:31 PM

Posted 13 March 2013 - 04:39 PM


Hello CNC

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 CNC

CNC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 13 March 2013 - 04:48 PM

OK...thanks....by the way...I noticed in task manager there were several (5-6) copies of these processes running:

iexplorer.exe

16LFC32s.exe



#4 CNC

CNC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 13 March 2013 - 05:18 PM

 Results of screen317's Security Check version 0.99.61 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.70.0.1100 
 Java™ 6 Update 21 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
 Google Chrome 25.0.1364.152 
 Google Chrome 25.0.1364.97 
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

# AdwCleaner v2.114 - Logfile created 03/13/2013 at 17:59:20
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Sharon McGuire - SHARON-FDF52AE8
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sharon McGuire\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Sharon McGuire\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Sharon McGuire\Local Settings\Application Data\Ilivid Player

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.152

File : C:\Documents and Settings\Sharon McGuire\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3965 octets] - [13/03/2013 17:59:20]

########## EOF - C:\AdwCleaner[S1].txt - [4025 octets] ##########

 

RogueKiller V8.5.3 [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Sharon McGuire [Admin rights]
Mode : Remove -- Date : 03/13/2013 18:12:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Sharon McGuire\Application Data\wmgie.dll [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Sharon McGuire\Application Data\mpcts.dll [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : nvHotkey.dll [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 54 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : wmgie ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Sharon McGuire\Application Data\wmgie.dll",Number_Und) [7] -> DELETED
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe nvHotkey.dll,Start) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : mpcts ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Sharon McGuire\Application Data\mpcts.dll",State_New) [7] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : hethe ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Sharon McGuire\Application Data\hethe.dll",GetFrame) [7] -> DELETED
[TASK][SUSP PATH] At16.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At15.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At14.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At13.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At12.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At11.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At10.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At1.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At25.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At24.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At23.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At22.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At21.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At20.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At2.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At19.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At18.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At17.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At34.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At33.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At32.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At31.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At30.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At3.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At29.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At28.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At27.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At26.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At43.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At42.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At41.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At40.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At4.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At39.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At38.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At37.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At36.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At35.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At9.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At8.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At7.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At6.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At5.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe  [-] -> DELETED
[TASK][SUSP PATH] At48.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At47.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At46.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At45.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[TASK][SUSP PATH] At44.job : C:\Documents and Settings\All Users\Application Data\16LFC32s.exe_  -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[DriverStartIo] : atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8A5762E2)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 3b64ad2f7255039ea29df546630d556b
[BSP] 96433f36b650ecd33824045884438d63 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 760224bf760e9fd50518dac12e3ba4a3
[BSP] 96433f36b650ecd33824045884438d63 : Windows XP MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo

Finished : << RKreport[2]_D_03132013_02d1812.txt >>
RKreport[1]_S_03132013_02d1811.txt ; RKreport[2]_D_03132013_02d1812.txt



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:31 PM

Posted 13 March 2013 - 08:23 PM


Hello CNC

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo






I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 CNC

CNC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 14 March 2013 - 10:13 AM

I did not know recovery console was not installed and was afraid to let combofix update it without AVAST turned on because something keeps trying to go out to the internet and AVAST blocks it. So when I ran combofix it did not give me the option to exit and download recovery console and then rerun combofix. Anyway, I let combofix do it's thing, here is the log:

 

ComboFix 13-03-13.02 - Sharon McGuire 03/14/2013  10:21:40.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1129 [GMT -4:00]
Running from: c:\documents and settings\Sharon McGuire\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\16LFC32s.exe
c:\documents and settings\All Users\Application Data\16LFC32s.exe.b
c:\documents and settings\All Users\Start Menu\Programs\Startup\Refresh All Propalms TSE Shortcuts .lnk
c:\documents and settings\Sharon McGuire\Application Data\DACC4C
c:\documents and settings\Sharon McGuire\Application Data\hethe.dll
c:\documents and settings\Sharon McGuire\Application Data\mpcts.dll
c:\documents and settings\Sharon McGuire\Application Data\wmgie.dll
c:\documents and settings\Sharon McGuire\Application Data\wupls.dll
c:\documents and settings\Sharon McGuire\doo88ddmcxliv.exe
c:\documents and settings\Sharon McGuire\g2mdlhlpx.exe
c:\documents and settings\Sharon McGuire\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Sharon McGuire\Local Settings\Temporary Internet Files\5192AccountantCenter.html
c:\documents and settings\Sharon McGuire\Local Settings\Temporary Internet Files\ac.js
c:\documents and settings\Sharon McGuire\Local Settings\Temporary Internet Files\close_pop.png
c:\documents and settings\Sharon McGuire\Local Settings\Temporary Internet Files\jquery.corner.js
c:\documents and settings\Sharon McGuire\Local Settings\Temporary Internet Files\jquery.min.js
c:\documents and settings\Sharon McGuire\Local Settings\Temporary Internet Files\viewChanges.html
c:\windows\system32\SET422.tmp
c:\windows\system32\SET423.tmp
c:\windows\system32\SET42E.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET432.tmp
c:\windows\system32\SET433.tmp
c:\windows\system32\SET437.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-14 to 2013-03-14  )))))))))))))))))))))))))))))))
.
.
2013-03-13 18:23 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-13 18:23 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-13 18:23 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-13 18:23 . 2013-03-06 22:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-13 18:22 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-13 18:22 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-13 18:22 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-13 18:22 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-13 18:22 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-13 18:21 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-13 18:18 . 2013-03-13 18:18 -------- d-----w- c:\program files\AVAST Software
2013-03-13 18:18 . 2013-03-13 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-03-13 16:57 . 2013-03-13 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-03-13 16:53 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-03-13 16:53 . 2013-03-13 16:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-03-13 01:40 . 2013-03-13 01:58 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-13 01:36 . 2013-03-13 01:36 15859416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-13 01:09 . 2013-03-13 01:09 -------- d-----w- c:\documents and settings\Sharon McGuire\Application Data\Malwarebytes
2013-03-13 01:08 . 2013-03-13 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-03-13 01:08 . 2013-03-13 01:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-13 01:08 . 2012-12-14 20:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 00:32 . 2013-03-13 00:32 -------- d-----w- c:\documents and settings\Administrator
2013-03-12 13:02 . 2013-03-12 13:02 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2013-02-27 02:35 . 2013-03-13 19:34 -------- d-----w- c:\documents and settings\Sharon McGuire\Application Data\WindowsDatabase
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 01:37 . 2012-03-28 12:35 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 01:37 . 2012-03-28 12:35 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-26 03:55 . 2004-08-04 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-17 06:28 . 2010-08-23 16:05 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-07 01:19 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"nwiz"="nwiz.exe" [2008-05-07 1630208]
"NvMediaCenter"="NvMCTray.dll" [2008-05-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-07 13529088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-10-26 2643320]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\Sharon McGuire\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-12-6 6186872]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [N/A]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-12-6 1176464]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2009\QBW32.EXE [2012-12-6 1181584]
SolidWorks Background Downloader.lnk - c:\program files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2010-12-26 1826600]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McComponentHostService"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/13/2013 2:22 PM 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/13/2013 2:22 PM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/13/2013 2:23 PM 368176]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/6/2009 6:06 AM 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/13/2013 2:23 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/13/2013 2:22 PM 66336]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [1/10/2012 10:56 AM 1248256]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [3/13/2013 12:53 PM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3/13/2013 12:53 PM 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [3/13/2013 12:54 PM 168384]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/13/2013 2:22 PM 164736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/12/2013 9:40 PM 40776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 12:44 1630672 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 16:35]
.
2013-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2013-03-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-13 22:32]
.
2013-03-14 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-03-13 18:08]
.
2013-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-05 12:24]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-05 12:24]
.
2013-03-13 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-03-13 18:07]
.
2013-03-13 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-03-13 18:07]
.
2013-03-14 c:\windows\Tasks\User_Feed_Synchronization-{98DBECE4-74B4-4A3C-9EAB-D47CB8C9A5D1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Notify-NavLogon - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-14 10:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200BEVT-35ZCT1 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A3D52E2
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,71,20,4a,84,6f,56,42,bc,44,2c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,71,20,4a,84,6f,56,42,bc,44,2c,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1012)
c:\windows\system32\WININET.dll
.
Completion time: 2013-03-14  10:41:59
ComboFix-quarantined-files.txt  2013-03-14 14:41
.
Pre-Run: 61,508,395,008 bytes free
Post-Run: 62,124,818,432 bytes free
.
- - End Of File - - 964B95A58B6FF5599EB4F993A56455EE

Status:
My computer is still trying to go to strange websites on it's own. AVAST blocks the attempt and prompts me. I have seen these so far:

 

http://betbetbot.com

http://91.214.44.8

 

Under processes running I see 11 copies of svchost.exe running (is this normal?)

 

Doing more testing now.



#7 CNC

CNC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 14 March 2013 - 10:27 AM

another one:

http://freedondon.com

 

they all say:

Object: http://freedondon.com (or one of the other urls)

Infection: URL:Mal

Process: C:\WINDOWS\System32\svchost.exe



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:31 PM

Posted 14 March 2013 - 01:10 PM



Hello CNC


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
  • and I will see if I want to see the whole report

    Malwarebytes Anti-Rootkit

    1.Download Malwarebytes Anti-Rootkit
    2.Unzip the contents to a folder in a convenient location.
    3.Open the folder where the contents were unzipped and run mbar.exe
    4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    6.Wait while the system shuts down and the cleanup process is performed.
    7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    • •Internet access
      •Windows Update
      •Windows Firewall
    9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
    10.Verify that your system is now functioning normally.

    If you have any problems running either one come back and let me know

    please reply with the reports from TDSSKiller and MBAR

    Gringo







I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 CNC

CNC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 14 March 2013 - 03:51 PM

OK - I ran TDSS and ended up with 3 logs...all 3 are here. Also ran MBAR and it came back with no infections.

  • •Internet access-seems OK
    •Windows Update-seems OK
    •Windows Firewall-seems OK

I have not seen any more attempts to go to those URL's I discussed before. Please advise next step. Thanks!

 

 

 

14:54:33.0078 4072  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:54:33.0562 4072  ============================================================
14:54:33.0562 4072  Current date / time: 2013/03/14 14:54:33.0562
14:54:33.0562 4072  SystemInfo:
14:54:33.0562 4072 
14:54:33.0562 4072  OS Version: 5.1.2600 ServicePack: 3.0
14:54:33.0562 4072  Product type: Workstation
14:54:33.0562 4072  ComputerName: SHARON-FDF52AE8
14:54:33.0562 4072  UserName: Sharon McGuire
14:54:33.0562 4072  Windows directory: C:\WINDOWS
14:54:33.0562 4072  System windows directory: C:\WINDOWS
14:54:33.0562 4072  Processor architecture: Intel x86
14:54:33.0562 4072  Number of processors: 2
14:54:33.0562 4072  Page size: 0x1000
14:54:33.0562 4072  Boot type: Normal boot
14:54:33.0562 4072  ============================================================
14:54:35.0265 4072  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:54:35.0265 4072  ============================================================
14:54:35.0265 4072  \Device\Harddisk0\DR0:
14:54:35.0265 4072  MBR partitions:
14:54:35.0265 4072  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
14:54:35.0265 4072  ============================================================
14:54:35.0296 4072  C: <-> \Device\Harddisk0\DR0\Partition1
14:54:35.0296 4072  ============================================================
14:54:35.0296 4072  Initialize success
14:54:35.0296 4072  ============================================================
14:55:03.0593 0964  Deinitialize success

 

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

 

14:58:23.0484 3128  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:58:25.0484 3128  ============================================================
14:58:25.0484 3128  Current date / time: 2013/03/14 14:58:25.0484
14:58:25.0484 3128  SystemInfo:
14:58:25.0484 3128 
14:58:25.0484 3128  OS Version: 5.1.2600 ServicePack: 3.0
14:58:25.0484 3128  Product type: Workstation
14:58:25.0484 3128  ComputerName: SHARON-FDF52AE8
14:58:25.0484 3128  UserName: Sharon McGuire
14:58:25.0484 3128  Windows directory: C:\WINDOWS
14:58:25.0484 3128  System windows directory: C:\WINDOWS
14:58:25.0484 3128  Processor architecture: Intel x86
14:58:25.0484 3128  Number of processors: 2
14:58:25.0484 3128  Page size: 0x1000
14:58:25.0484 3128  Boot type: Normal boot
14:58:25.0484 3128  ============================================================
14:58:31.0953 3128  BG loaded
14:58:34.0031 3128  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:58:34.0343 3128  ============================================================
14:58:34.0343 3128  \Device\Harddisk0\DR0:
14:58:34.0343 3128  MBR partitions:
14:58:34.0343 3128  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
14:58:34.0343 3128  ============================================================
14:58:34.0546 3128  C: <-> \Device\Harddisk0\DR0\Partition1
14:58:34.0562 3128  ============================================================
14:58:34.0562 3128  Initialize success
14:58:34.0562 3128  ============================================================
14:59:16.0109 2920  ============================================================
14:59:16.0109 2920  Scan started
14:59:16.0109 2920  Mode: Manual; SigCheck; TDLFS;
14:59:16.0109 2920  ============================================================
14:59:21.0156 2920  ================ Scan system memory ========================
14:59:21.0171 2920  System memory - ok
14:59:21.0171 2920  ================ Scan services =============================
14:59:54.0312 2920  Abiosdsk - ok
14:59:54.0421 2920  abp480n5 - ok
14:59:59.0968 2920  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:00:04.0953 2920  ACPI - ok
15:00:05.0515 2920  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
15:00:05.0671 2920  ACPIEC - ok
15:00:28.0390 2920  [ 4451CC2275B04043EC2BCC757AF97291 ] AdobeActiveFileMonitor8.0 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
15:00:28.0406 2920  AdobeActiveFileMonitor8.0 - ok
15:00:31.0515 2920  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:00:31.0546 2920  AdobeFlashPlayerUpdateSvc - ok
15:00:31.0546 2920  adpu160m - ok
15:00:31.0593 2920  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
15:00:31.0734 2920  aec - ok
15:00:32.0406 2920  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
15:00:32.0468 2920  AFD - ok
15:00:32.0468 2920  Aha154x - ok
15:00:32.0484 2920  aic78u2 - ok
15:00:32.0484 2920  aic78xx - ok
15:00:32.0562 2920  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
15:00:32.0703 2920  Alerter - ok
15:00:32.0703 2920  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
15:00:32.0906 2920  ALG - ok
15:00:32.0906 2920  AliIde - ok
15:00:32.0906 2920  amsint - ok
15:00:40.0265 2920  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:00:41.0546 2920  Apple Mobile Device - ok
15:00:52.0015 2920  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
15:00:56.0046 2920  AppMgmt - ok
15:00:57.0093 2920  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:00:57.0171 2920  Arp1394 - ok
15:00:57.0171 2920  asc - ok
15:00:57.0187 2920  asc3350p - ok
15:00:57.0187 2920  asc3550 - ok
15:01:00.0421 2920  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:01:00.0750 2920  aspnet_state - ok
15:01:00.0828 2920  [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:01:01.0281 2920  aswFsBlk - ok
15:01:03.0625 2920  [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
15:01:03.0640 2920  aswMonFlt - ok
15:01:03.0906 2920  [ C1A411B7CCD604554D96EFDAC2F83617 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
15:01:03.0937 2920  AswRdr - ok
15:01:05.0203 2920  [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
15:01:05.0218 2920  aswRvrt - ok
15:01:11.0203 2920  [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
15:01:11.0343 2920  aswSnx - ok
15:01:11.0656 2920  [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
15:01:12.0000 2920  aswSP - ok
15:01:12.0375 2920  [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
15:01:12.0390 2920  aswTdi - ok
15:01:12.0578 2920  [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
15:01:12.0656 2920  aswVmm - ok
15:01:12.0718 2920  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:01:13.0828 2920  AsyncMac - ok
15:01:15.0703 2920  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
15:01:15.0843 2920  atapi - ok
15:01:15.0859 2920  Atdisk - ok
15:01:15.0890 2920  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:01:16.0203 2920  Atmarpc - ok
15:01:16.0750 2920  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:01:16.0859 2920  AudioSrv - ok
15:01:17.0359 2920  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
15:01:17.0484 2920  audstub - ok
15:01:23.0000 2920  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:01:23.0015 2920  avast! Antivirus - ok
15:01:24.0312 2920  [ D0692F7B8217E3B82D2BFAC535816117 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:01:24.0359 2920  b57w2k - ok
15:01:29.0734 2920  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:01:30.0046 2920  Beep - ok
15:01:31.0187 2920  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
15:01:32.0125 2920  BITS - ok
15:01:35.0578 2920  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:01:36.0000 2920  Bonjour Service - ok
15:01:36.0093 2920  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
15:01:36.0484 2920  Browser - ok
15:01:36.0906 2920  [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5        C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
15:01:38.0156 2920  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
15:01:38.0156 2920  BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
15:01:43.0843 2920  catchme - ok
15:01:43.0890 2920  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
15:01:44.0046 2920  cbidf2k - ok
15:01:44.0484 2920  [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8         C:\Program Files\Canon\CAL\CALMAIN.exe
15:01:44.0578 2920  CCALib8 ( UnsignedFile.Multi.Generic ) - warning
15:01:44.0578 2920  CCALib8 - detected UnsignedFile.Multi.Generic (1)
15:01:44.0578 2920  cd20xrnt - ok
15:01:44.0671 2920  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
15:01:44.0828 2920  Cdaudio - ok
15:01:44.0875 2920  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:01:44.0968 2920  Cdfs - ok
15:01:44.0984 2920  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:01:45.0109 2920  Cdrom - ok
15:01:45.0109 2920  Changer - ok
15:01:45.0218 2920  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
15:01:45.0359 2920  CiSvc - ok
15:01:45.0421 2920  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
15:01:45.0515 2920  ClipSrv - ok
15:01:45.0718 2920  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:01:45.0781 2920  clr_optimization_v2.0.50727_32 - ok
15:01:45.0828 2920  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:01:46.0328 2920  clr_optimization_v4.0.30319_32 - ok
15:01:46.0375 2920  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:01:46.0593 2920  CmBatt - ok
15:01:46.0593 2920  CmdIde - ok
15:01:46.0609 2920  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:01:46.0718 2920  Compbatt - ok
15:01:46.0718 2920  COMSysApp - ok
15:01:46.0734 2920  Cpqarray - ok
15:01:46.0796 2920  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:01:46.0890 2920  CryptSvc - ok
15:01:46.0984 2920  [ 8E1945984E147562F9F08E1D344A69CC ] CSRBC           C:\WINDOWS\system32\Drivers\csrbcxp.sys
15:01:47.0031 2920  CSRBC ( UnsignedFile.Multi.Generic ) - warning
15:01:47.0031 2920  CSRBC - detected UnsignedFile.Multi.Generic (1)
15:01:47.0031 2920  dac2w2k - ok
15:01:47.0046 2920  dac960nt - ok
15:01:47.0156 2920  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:01:47.0250 2920  DcomLaunch - ok
15:01:47.0296 2920  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:01:47.0406 2920  Dhcp - ok
15:01:47.0468 2920  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:01:47.0578 2920  Disk - ok
15:01:47.0593 2920  dmadmin - ok
15:01:47.0734 2920  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:01:48.0156 2920  dmboot - ok
15:01:48.0437 2920  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:01:48.0750 2920  dmio - ok
15:01:48.0859 2920  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:01:49.0000 2920  dmload - ok
15:01:49.0125 2920  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:01:49.0281 2920  dmserver - ok
15:01:49.0328 2920  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:01:49.0437 2920  DMusic - ok
15:01:49.0468 2920  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:01:49.0546 2920  Dnscache - ok
15:01:49.0609 2920  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:01:49.0750 2920  Dot3svc - ok
15:01:49.0750 2920  dpti2o - ok
15:01:49.0796 2920  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
15:01:49.0875 2920  drmkaud - ok
15:01:49.0906 2920  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
15:01:49.0984 2920  EapHost - ok
15:01:50.0031 2920  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
15:01:50.0156 2920  ERSvc - ok
15:01:50.0187 2920  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
15:01:50.0250 2920  Eventlog - ok
15:01:50.0296 2920  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
15:01:50.0359 2920  EventSystem - ok
15:01:50.0640 2920  [ C37B83B51CDF10E5BB6F78A7E4FED11A ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:01:50.0718 2920  EvtEng - ok
15:01:50.0859 2920  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
15:01:51.0000 2920  Fastfat - ok
15:01:51.0187 2920  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:01:51.0265 2920  FastUserSwitchingCompatibility - ok
15:01:51.0359 2920  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
15:01:51.0453 2920  Fdc - ok
15:01:51.0500 2920  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
15:01:51.0609 2920  Fips - ok
15:01:51.0781 2920  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:01:52.0218 2920  FLEXnet Licensing Service - ok
15:01:52.0250 2920  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
15:01:52.0406 2920  Flpydisk - ok
15:01:52.0640 2920  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
15:01:52.0750 2920  FltMgr - ok
15:01:53.0125 2920  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:01:53.0156 2920  FontCache3.0.0.0 - ok
15:01:53.0328 2920  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:01:53.0437 2920  Fs_Rec - ok
15:01:53.0468 2920  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:01:53.0562 2920  Ftdisk - ok
15:01:53.0609 2920  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:01:53.0625 2920  GEARAspiWDM - ok
15:01:53.0656 2920  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:01:53.0750 2920  Gpc - ok
15:01:53.0796 2920  [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2       C:\WINDOWS\system32\Drivers\oz776.sys
15:01:53.0812 2920  guardian2 - ok
15:01:53.0937 2920  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:01:53.0953 2920  gupdate - ok
15:01:53.0968 2920  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:01:54.0000 2920  gupdatem - ok
15:01:54.0046 2920  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:01:54.0062 2920  gusvc - ok
15:01:54.0140 2920  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:01:54.0265 2920  HDAudBus - ok
15:01:54.0359 2920  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:01:54.0500 2920  helpsvc - ok
15:01:54.0515 2920  HidServ - ok
15:01:54.0546 2920  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:01:54.0671 2920  HidUsb - ok
15:01:54.0718 2920  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
15:01:54.0875 2920  hkmsvc - ok
15:01:54.0890 2920  hpn - ok
15:01:55.0046 2920  [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:01:55.0078 2920  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
15:01:55.0078 2920  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
15:01:55.0125 2920  [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:01:55.0156 2920  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
15:01:55.0156 2920  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
15:01:55.0281 2920  [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:01:55.0328 2920  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
15:01:55.0328 2920  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
15:01:55.0421 2920  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:01:55.0515 2920  HPZid412 - ok
15:01:55.0578 2920  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:01:55.0640 2920  HPZipr12 - ok
15:01:55.0718 2920  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:01:55.0812 2920  HPZius12 - ok
15:01:55.0812 2920  HSFHWAZL - ok
15:01:55.0812 2920  HSF_DPV - ok
15:01:55.0921 2920  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
15:01:55.0953 2920  HTTP - ok
15:01:56.0000 2920  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
15:01:56.0187 2920  HTTPFilter - ok
15:01:56.0187 2920  i2omgmt - ok
15:01:56.0203 2920  i2omp - ok
15:01:56.0250 2920  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:01:56.0343 2920  i8042prt - ok
15:01:56.0671 2920  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:01:56.0765 2920  idsvc - ok
15:01:56.0765 2920  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
15:01:56.0890 2920  Imapi - ok
15:01:56.0921 2920  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:01:57.0140 2920  ImapiService - ok
15:01:57.0156 2920  ini910u - ok
15:01:57.0171 2920  IntelIde - ok
15:01:57.0218 2920  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:01:57.0312 2920  intelppm - ok
15:01:57.0328 2920  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
15:01:57.0453 2920  Ip6Fw - ok
15:01:57.0531 2920  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:02:00.0234 2920  IpFilterDriver - ok
15:02:00.0265 2920  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:02:00.0515 2920  IpInIp - ok
15:02:00.0562 2920  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:02:00.0703 2920  IpNat - ok
15:02:01.0015 2920  [ 49918803B661367023BF325CF602AFDC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:02:01.0093 2920  iPod Service - ok
15:02:01.0125 2920  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:02:01.0203 2920  IPSec - ok
15:02:01.0218 2920  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
15:02:01.0359 2920  IRENUM - ok
15:02:01.0375 2920  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:02:01.0500 2920  isapnp - ok
15:02:01.0796 2920  [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:02:01.0812 2920  JavaQuickStarterService - ok
15:02:01.0875 2920  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:02:02.0031 2920  Kbdclass - ok
15:02:02.0093 2920  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
15:02:02.0203 2920  kmixer - ok
15:02:02.0234 2920  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
15:02:02.0265 2920  KSecDD - ok
15:02:02.0296 2920  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
15:02:02.0343 2920  LanmanServer - ok
15:02:02.0406 2920  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:02:02.0515 2920  lanmanworkstation - ok
15:02:02.0515 2920  lbrtfdc - ok
15:02:02.0796 2920  [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
15:02:03.0281 2920  LiveUpdate - ok
15:02:03.0593 2920  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
15:02:03.0687 2920  LmHosts - ok
15:02:03.0765 2920  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
15:02:03.0796 2920  MBAMSwissArmy - ok
15:02:03.0812 2920  MCSTRM - ok
15:02:03.0812 2920  mdmxsdk - ok
15:02:03.0875 2920  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
15:02:04.0031 2920  Messenger - ok
15:02:04.0078 2920  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
15:02:04.0234 2920  mnmdd - ok
15:02:04.0281 2920  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
15:02:04.0421 2920  mnmsrvc - ok
15:02:04.0453 2920  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
15:02:04.0578 2920  Modem - ok
15:02:04.0593 2920  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:02:04.0718 2920  Mouclass - ok
15:02:04.0750 2920  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:02:04.0890 2920  mouhid - ok
15:02:04.0906 2920  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
15:02:04.0984 2920  MountMgr - ok
15:02:05.0000 2920  mraid35x - ok
15:02:05.0000 2920  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:02:05.0093 2920  MRxDAV - ok
15:02:05.0140 2920  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:02:05.0265 2920  MRxSmb - ok
15:02:05.0281 2920  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:02:05.0343 2920  MSDTC - ok
15:02:05.0359 2920  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:02:05.0437 2920  Msfs - ok
15:02:05.0437 2920  MSIServer - ok
15:02:05.0468 2920  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:02:05.0546 2920  MSKSSRV - ok
15:02:05.0593 2920  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:02:05.0734 2920  MSPCLOCK - ok
15:02:05.0765 2920  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
15:02:05.0843 2920  MSPQM - ok
15:02:05.0937 2920  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:02:06.0062 2920  mssmbios - ok
15:02:06.0109 2920  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
15:02:06.0140 2920  Mup - ok
15:02:06.0250 2920  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
15:02:06.0421 2920  napagent - ok
15:02:06.0453 2920  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
15:02:06.0562 2920  NDIS - ok
15:02:06.0625 2920  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:02:06.0656 2920  NdisTapi - ok
15:02:06.0718 2920  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:02:06.0828 2920  Ndisuio - ok
15:02:06.0859 2920  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:02:06.0968 2920  NdisWan - ok
15:02:07.0000 2920  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
15:02:07.0046 2920  NDProxy - ok
15:02:07.0109 2920  [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
15:02:07.0125 2920  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:02:07.0125 2920  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:02:07.0187 2920  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
15:02:07.0296 2920  NetBIOS - ok
15:02:07.0343 2920  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
15:02:07.0437 2920  NetBT - ok
15:02:07.0500 2920  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
15:02:07.0671 2920  NetDDE - ok
15:02:07.0687 2920  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
15:02:07.0812 2920  NetDDEdsdm - ok
15:02:07.0906 2920  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:02:08.0015 2920  Netlogon - ok
15:02:08.0062 2920  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
15:02:08.0156 2920  Netman - ok
15:02:08.0187 2920  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:02:08.0281 2920  NetTcpPortSharing - ok
15:02:08.0734 2920  [ B5AB1108B377B5F3D37409FABDA01453 ] NETw4x32        C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
15:02:09.0125 2920  NETw4x32 - ok
15:02:09.0328 2920  [ 91F027C242D3FF6E5C09F92A0518297F ] NETw5x32        C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
15:02:09.0718 2920  NETw5x32 - ok
15:02:09.0734 2920  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:02:09.0906 2920  NIC1394 - ok
15:02:09.0937 2920  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
15:02:10.0031 2920  Nla - ok
15:02:10.0296 2920  [ E584D6668E6A3923FF32E026A5ED2A03 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
15:02:10.0328 2920  NMIndexingService - ok
15:02:10.0406 2920  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:02:10.0515 2920  Npfs - ok
15:02:10.0546 2920  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:02:10.0671 2920  Ntfs - ok
15:02:10.0687 2920  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
15:02:10.0781 2920  NtLmSsp - ok
15:02:10.0843 2920  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
15:02:10.0937 2920  NtmsSvc - ok
15:02:10.0968 2920  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:02:11.0062 2920  Null - ok
15:02:11.0312 2920  [ E036D93B0E073650CF6CF826CD9E1FBE ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:02:11.0640 2920  nv - ok
15:02:11.0671 2920  [ 8CE9B8F0E1D36BAE1C9FCC0693FE09BF ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
15:02:11.0718 2920  NVSvc - ok
15:02:11.0796 2920  [ 091A1284AA583288B64DCD370D1B421E ] NWADI           C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
15:02:11.0812 2920  NWADI - ok
15:02:11.0875 2920  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:02:12.0109 2920  NwlnkFlt - ok
15:02:12.0109 2920  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:02:12.0234 2920  NwlnkFwd - ok
15:02:12.0265 2920  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:02:12.0343 2920  ohci1394 - ok
15:02:12.0421 2920  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:02:12.0437 2920  ose - ok
15:02:12.0625 2920  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:02:12.0968 2920  osppsvc - ok
15:02:13.0000 2920  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
15:02:13.0125 2920  Parport - ok
15:02:13.0125 2920  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
15:02:13.0281 2920  PartMgr - ok
15:02:13.0296 2920  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
15:02:13.0375 2920  ParVdm - ok
15:02:13.0390 2920  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
15:02:13.0468 2920  PCI - ok
15:02:13.0484 2920  PCIDump - ok
15:02:13.0484 2920  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
15:02:13.0578 2920  PCIIde - ok
15:02:13.0625 2920  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
15:02:13.0687 2920  Pcmcia - ok
15:02:13.0687 2920  PDCOMP - ok
15:02:13.0687 2920  PDFRAME - ok
15:02:13.0703 2920  PDRELI - ok
15:02:13.0703 2920  PDRFRAME - ok
15:02:13.0703 2920  perc2 - ok
15:02:13.0703 2920  perc2hib - ok
15:02:13.0750 2920  [ ED2E7F396B4098608C95BC3806BDF6FC ] pfc             C:\WINDOWS\system32\drivers\pfc.sys
15:02:13.0750 2920  pfc ( UnsignedFile.Multi.Generic ) - warning
15:02:13.0750 2920  pfc - detected UnsignedFile.Multi.Generic (1)
15:02:13.0781 2920  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
15:02:13.0828 2920  PlugPlay - ok
15:02:13.0859 2920  [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
15:02:13.0875 2920  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:02:13.0875 2920  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:02:13.0875 2920  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
15:02:13.0953 2920  PolicyAgent - ok
15:02:13.0984 2920  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:02:14.0046 2920  PptpMiniport - ok
15:02:14.0062 2920  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:02:14.0125 2920  ProtectedStorage - ok
15:02:14.0125 2920  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
15:02:14.0218 2920  PSched - ok
15:02:14.0234 2920  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:02:14.0312 2920  Ptilink - ok
15:02:14.0359 2920  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:02:14.0375 2920  PxHelp20 - ok
15:02:14.0437 2920  [ C8DA4746D1C87FE3E5DCC3CE86218B62 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:02:14.0453 2920  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
15:02:14.0453 2920  QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
15:02:14.0531 2920  [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:02:14.0546 2920  QBFCService ( UnsignedFile.Multi.Generic ) - warning
15:02:14.0546 2920  QBFCService - detected UnsignedFile.Multi.Generic (1)
15:02:14.0625 2920  [ 0C7B65C8743442A37152FCFAC5F7D16A ] QBVSS           C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
15:02:14.0687 2920  QBVSS ( UnsignedFile.Multi.Generic ) - warning
15:02:14.0687 2920  QBVSS - detected UnsignedFile.Multi.Generic (1)
15:02:14.0703 2920  ql1080 - ok
15:02:14.0703 2920  Ql10wnt - ok
15:02:14.0703 2920  ql12160 - ok
15:02:14.0703 2920  ql1240 - ok
15:02:14.0718 2920  ql1280 - ok
15:02:14.0734 2920  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:02:14.0921 2920  RasAcd - ok
15:02:14.0953 2920  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
15:02:15.0031 2920  RasAuto - ok
15:02:15.0046 2920  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:02:15.0125 2920  Rasl2tp - ok
15:02:15.0156 2920  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
15:02:15.0234 2920  RasMan - ok
15:02:15.0250 2920  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:02:15.0328 2920  RasPppoe - ok
15:02:15.0375 2920  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
15:02:15.0468 2920  Raspti - ok
15:02:15.0484 2920  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:02:15.0578 2920  Rdbss - ok
15:02:15.0578 2920  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:02:15.0656 2920  RDPCDD - ok
15:02:15.0687 2920  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:02:15.0765 2920  rdpdr - ok
15:02:15.0812 2920  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
15:02:15.0828 2920  RDPWD - ok
15:02:15.0890 2920  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
15:02:15.0984 2920  RDSessMgr - ok
15:02:15.0984 2920  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
15:02:16.0062 2920  redbook - ok
15:02:16.0156 2920  [ C96980CCCF84329824623B0B50383703 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:02:16.0171 2920  RegSrvc - ok
15:02:16.0218 2920  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
15:02:16.0312 2920  RemoteAccess - ok
15:02:16.0343 2920  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
15:02:16.0421 2920  RemoteRegistry - ok
15:02:16.0562 2920  [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
15:02:16.0593 2920  RichVideo ( UnsignedFile.Multi.Generic ) - warning
15:02:16.0593 2920  RichVideo - detected UnsignedFile.Multi.Generic (1)
15:02:16.0625 2920  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:02:16.0625 2920  rimmptsk - ok
15:02:16.0640 2920  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:02:16.0671 2920  rimsptsk - ok
15:02:16.0687 2920  [ D231B577024AA324AF13A42F3A807D10 ] rismxdp         C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:02:16.0718 2920  rismxdp - ok
15:02:16.0750 2920  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
15:02:16.0828 2920  RpcLocator - ok
15:02:16.0859 2920  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
15:02:16.0921 2920  RpcSs - ok
15:02:16.0937 2920  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
15:02:17.0015 2920  RSVP - ok
15:02:17.0015 2920  RT73 - ok
15:02:17.0078 2920  [ 0FCB7EEB0E81A777735A5AF185F56C2B ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
15:02:17.0140 2920  S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
15:02:17.0140 2920  S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
15:02:17.0203 2920  [ 96B4494D4734970F47C566E098C4F527 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:02:17.0218 2920  s24trans - ok
15:02:17.0234 2920  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
15:02:17.0312 2920  SamSs - ok
15:02:17.0328 2920  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
15:02:17.0390 2920  SCardSvr - ok
15:02:17.0421 2920  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
15:02:17.0500 2920  Schedule - ok
15:02:17.0546 2920  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:02:17.0625 2920  sdbus - ok
15:02:17.0718 2920  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
15:02:17.0765 2920  SDScannerService - ok
15:02:17.0828 2920  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
15:02:17.0890 2920  SDUpdateService - ok
15:02:17.0937 2920  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
15:02:17.0937 2920  SDWSCService - ok
15:02:17.0968 2920  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:02:18.0046 2920  Secdrv - ok
15:02:18.0109 2920  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
15:02:18.0187 2920  seclogon - ok
15:02:18.0218 2920  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
15:02:18.0312 2920  SENS - ok
15:02:18.0359 2920  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
15:02:18.0437 2920  Serial - ok
15:02:18.0468 2920  [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
15:02:18.0562 2920  sffdisk - ok
15:02:18.0578 2920  [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
15:02:18.0671 2920  sffp_sd - ok
15:02:18.0703 2920  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
15:02:18.0765 2920  Sfloppy - ok
15:02:18.0796 2920  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
15:02:18.0890 2920  SharedAccess - ok
15:02:18.0953 2920  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:02:20.0125 2920  ShellHWDetection - ok
15:02:20.0140 2920  Simbad - ok
15:02:20.0140 2920  Sparrow - ok
15:02:20.0203 2920  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
15:02:20.0406 2920  splitter - ok
15:02:20.0437 2920  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
15:02:20.0468 2920  Spooler - ok
15:02:20.0500 2920  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
15:02:20.0578 2920  sr - ok
15:02:20.0609 2920  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
15:02:20.0671 2920  srservice - ok
15:02:20.0687 2920  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
15:02:20.0703 2920  Srv - ok
15:02:20.0750 2920  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
15:02:20.0843 2920  SSDPSRV - ok
15:02:20.0906 2920  [ 951801DFB54D86F611F0AF47825476F9 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
15:02:20.0984 2920  STHDA - ok
15:02:21.0015 2920  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
15:02:21.0109 2920  StillCam - ok
15:02:21.0156 2920  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
15:02:21.0265 2920  stisvc - ok
15:02:21.0281 2920  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
15:02:21.0390 2920  swenum - ok
15:02:21.0421 2920  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
15:02:21.0531 2920  swmidi - ok
15:02:21.0531 2920  SwPrv - ok
15:02:21.0531 2920  symc810 - ok
15:02:21.0531 2920  symc8xx - ok
15:02:21.0546 2920  sym_hi - ok
15:02:21.0546 2920  sym_u3 - ok
15:02:21.0593 2920  [ DC1E7EE0A6494CD79D624BD8D5DA8BFB ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:02:21.0609 2920  SynTP - ok
15:02:21.0625 2920  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
15:02:21.0734 2920  sysaudio - ok
15:02:21.0765 2920  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
15:02:21.0875 2920  SysmonLog - ok
15:02:21.0906 2920  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
15:02:22.0031 2920  TapiSrv - ok
15:02:22.0062 2920  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:02:22.0125 2920  Tcpip - ok
15:02:22.0156 2920  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
15:02:22.0281 2920  TDPIPE - ok
15:02:22.0296 2920  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
15:02:22.0406 2920  TDTCP - ok
15:02:22.0421 2920  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
15:02:22.0500 2920  TermDD - ok
15:02:22.0546 2920  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
15:02:22.0625 2920  TermService - ok
15:02:22.0656 2920  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
15:02:22.0656 2920  Themes - ok
15:02:22.0703 2920  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
15:02:22.0781 2920  TlntSvr - ok
15:02:22.0781 2920  TosIde - ok
15:02:22.0781 2920  tosporte - ok
15:02:22.0796 2920  tosrfbd - ok
15:02:22.0796 2920  tosrfbnp - ok
15:02:22.0796 2920  Tosrfcom - ok
15:02:22.0796 2920  Tosrfhid - ok
15:02:22.0812 2920  tosrfnds - ok
15:02:22.0812 2920  Tosrfusb - ok
15:02:22.0843 2920  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
15:02:22.0937 2920  TrkWks - ok
15:02:22.0968 2920  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
15:02:23.0031 2920  Udfs - ok
15:02:23.0031 2920  ultra - ok
15:02:23.0062 2920  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
15:02:23.0140 2920  Update - ok
15:02:23.0171 2920  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
15:02:23.0265 2920  upnphost - ok
15:02:23.0265 2920  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
15:02:23.0343 2920  UPS - ok
15:02:23.0390 2920  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
15:02:23.0406 2920  USBAAPL - ok
15:02:23.0468 2920  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:02:23.0546 2920  usbccgp - ok
15:02:23.0578 2920  [ 2825E0E294686A26506690059E1F437A ] USBCCID         C:\WINDOWS\system32\DRIVERS\usbccid.sys
15:02:23.0593 2920  USBCCID - ok
15:02:23.0625 2920  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:02:23.0703 2920  usbehci - ok
15:02:23.0750 2920  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:02:23.0843 2920  usbhub - ok
15:02:23.0890 2920  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:02:24.0046 2920  usbprint - ok
15:02:24.0093 2920  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:02:24.0187 2920  usbscan - ok
15:02:24.0234 2920  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:02:24.0312 2920  USBSTOR - ok
15:02:24.0375 2920  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:02:24.0468 2920  usbuhci - ok
15:02:24.0484 2920  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
15:02:24.0546 2920  VgaSave - ok
15:02:24.0546 2920  ViaIde - ok
15:02:24.0578 2920  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
15:02:24.0781 2920  VolSnap - ok
15:02:24.0843 2920  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
15:02:24.0937 2920  VSS - ok
15:02:24.0953 2920  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
15:02:25.0046 2920  W32Time - ok
15:02:25.0062 2920  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:02:25.0125 2920  Wanarp - ok
15:02:25.0125 2920  WDICA - ok
15:02:25.0156 2920  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
15:02:25.0250 2920  wdmaud - ok
15:02:25.0281 2920  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
15:02:25.0390 2920  WebClient - ok
15:02:25.0406 2920  winachsf - ok
15:02:25.0453 2920  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
15:02:25.0562 2920  winmgmt - ok
15:02:25.0625 2920  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
15:02:25.0812 2920  WinRM - ok
15:02:25.0859 2920  [ C9B9942EECA0B82E35D60627E365510A ] WLANKEEPER      C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
15:02:25.0875 2920  WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
15:02:25.0875 2920  WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
15:02:25.0875 2920  wltrysvc - ok
15:02:25.0921 2920  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
15:02:25.0937 2920  WmdmPmSN - ok
15:02:25.0984 2920  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
15:02:26.0046 2920  Wmi - ok
15:02:26.0078 2920  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:02:26.0234 2920  WmiAcpi - ok
15:02:26.0281 2920  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:02:26.0421 2920  WmiApSrv - ok
15:02:26.0531 2920  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
15:02:26.0625 2920  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
15:02:26.0625 2920  WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
15:02:26.0703 2920  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:02:26.0781 2920  WPFFontCache_v0400 - ok
15:02:26.0843 2920  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:02:27.0015 2920  WS2IFSL - ok
15:02:27.0031 2920  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
15:02:27.0125 2920  wscsvc - ok
15:02:27.0140 2920  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
15:02:27.0218 2920  wuauserv - ok
15:02:27.0250 2920  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:02:27.0281 2920  WudfPf - ok
15:02:27.0281 2920  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:02:27.0296 2920  WudfRd - ok
15:02:27.0359 2920  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
15:02:27.0375 2920  WudfSvc - ok
15:02:27.0437 2920  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
15:02:27.0515 2920  WZCSVC - ok
15:02:27.0531 2920  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
15:02:27.0609 2920  xmlprov - ok
15:02:27.0625 2920  ================ Scan global ===============================
15:02:27.0656 2920  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:02:27.0687 2920  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:02:27.0703 2920  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:02:27.0734 2920  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:02:27.0734 2920  [Global] - ok
15:02:27.0734 2920  ================ Scan MBR ==================================
15:02:27.0750 2920  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:02:27.0750 2920  Suspicious mbr (Forged): \Device\Harddisk0\DR0
15:02:27.0781 2920  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
15:02:27.0781 2920  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
15:02:27.0812 2920  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:02:27.0812 2920  \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:02:27.0812 2920  ================ Scan VBR ==================================
15:02:27.0812 2920  [ DD09EC923C6DBCAED699C27F375B011A ] \Device\Harddisk0\DR0\Partition1
15:02:27.0812 2920  \Device\Harddisk0\DR0\Partition1 - ok
15:02:27.0812 2920  ================ Scan active images ========================
15:02:27.0812 2920  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
15:02:27.0812 2920  C:\WINDOWS\system32\drivers\intelppm.sys - ok
15:02:27.0828 2920  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
15:02:27.0828 2920  C:\WINDOWS\system32\drivers\videoprt.sys - ok
15:02:27.0828 2920  [ E036D93B0E073650CF6CF826CD9E1FBE ] C:\WINDOWS\system32\drivers\nv4_mini.sys
15:02:27.0828 2920  C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
15:02:27.0828 2920  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
15:02:27.0828 2920  C:\WINDOWS\system32\drivers\usbport.sys - ok
15:02:27.0843 2920  [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
15:02:27.0843 2920  C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
15:02:27.0843 2920  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
15:02:27.0843 2920  C:\WINDOWS\system32\drivers\usbehci.sys - ok
15:02:27.0843 2920  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
15:02:27.0843 2920  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
15:02:27.0843 2920  [ 91F027C242D3FF6E5C09F92A0518297F ] C:\WINDOWS\system32\drivers\NETw5x32.sys
15:02:27.0843 2920  C:\WINDOWS\system32\drivers\NETw5x32.sys - ok
15:02:27.0859 2920  [ D0692F7B8217E3B82D2BFAC535816117 ] C:\WINDOWS\system32\drivers\b57xp32.sys
15:02:27.0859 2920  C:\WINDOWS\system32\drivers\b57xp32.sys - ok
15:02:27.0859 2920  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
15:02:27.0859 2920  C:\WINDOWS\system32\drivers\nic1394.sys - ok
15:02:27.0859 2920  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] C:\WINDOWS\system32\drivers\rimmptsk.sys
15:02:27.0859 2920  C:\WINDOWS\system32\drivers\rimmptsk.sys - ok
15:02:27.0859 2920  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] C:\WINDOWS\system32\drivers\sdbus.sys
15:02:27.0859 2920  C:\WINDOWS\system32\drivers\sdbus.sys - ok
15:02:27.0875 2920  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
15:02:27.0875 2920  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
15:02:27.0875 2920  [ A4216C71DD4F60B26418CCFD99CD0815 ] C:\WINDOWS\system32\drivers\rimsptsk.sys
15:02:27.0875 2920  C:\WINDOWS\system32\drivers\rimsptsk.sys - ok
15:02:27.0875 2920  [ D231B577024AA324AF13A42F3A807D10 ] C:\WINDOWS\system32\drivers\rixdptsk.sys
15:02:27.0875 2920  C:\WINDOWS\system32\drivers\rixdptsk.sys - ok
15:02:27.0890 2920  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
15:02:27.0890 2920  C:\WINDOWS\system32\drivers\mouclass.sys - ok
15:02:27.0890 2920  [ DC1E7EE0A6494CD79D624BD8D5DA8BFB ] C:\WINDOWS\system32\drivers\SynTP.sys
15:02:27.0890 2920  C:\WINDOWS\system32\drivers\SynTP.sys - ok
15:02:27.0890 2920  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
15:02:27.0890 2920  C:\WINDOWS\system32\drivers\usbd.sys - ok
15:02:27.0890 2920  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
15:02:27.0890 2920  C:\WINDOWS\system32\drivers\imapi.sys - ok
15:02:27.0906 2920  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
15:02:27.0906 2920  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
15:02:27.0906 2920  [ ED2E7F396B4098608C95BC3806BDF6FC ] C:\WINDOWS\system32\drivers\pfc.sys
15:02:27.0906 2920  C:\WINDOWS\system32\drivers\pfc.sys - ok
15:02:27.0906 2920  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
15:02:27.0906 2920  C:\WINDOWS\system32\drivers\cdrom.sys - ok
15:02:27.0906 2920  [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\system32\drivers\cmbatt.sys
15:02:27.0906 2920  C:\WINDOWS\system32\drivers\cmbatt.sys - ok
15:02:27.0921 2920  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
15:02:27.0921 2920  C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
15:02:27.0921 2920  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
15:02:27.0921 2920  C:\WINDOWS\system32\drivers\ks.sys - ok
15:02:27.0921 2920  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
15:02:27.0921 2920  C:\WINDOWS\system32\drivers\redbook.sys - ok
15:02:27.0921 2920  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
15:02:27.0921 2920  C:\WINDOWS\system32\drivers\audstub.sys - ok
15:02:27.0937 2920  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
15:02:27.0937 2920  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
15:02:27.0937 2920  [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
15:02:27.0937 2920  C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
15:02:27.0937 2920  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
15:02:27.0937 2920  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
15:02:27.0953 2920  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
15:02:27.0953 2920  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
15:02:27.0953 2920  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
15:02:27.0953 2920  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
15:02:27.0953 2920  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
15:02:27.0953 2920  C:\WINDOWS\system32\drivers\msgpc.sys - ok
15:02:27.0953 2920  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
15:02:27.0953 2920  C:\WINDOWS\system32\drivers\psched.sys - ok
15:02:27.0968 2920  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
15:02:27.0968 2920  C:\WINDOWS\system32\drivers\raspptp.sys - ok
15:02:27.0968 2920  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
15:02:27.0968 2920  C:\WINDOWS\system32\drivers\tdi.sys - ok
15:02:27.0968 2920  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
15:02:27.0968 2920  C:\WINDOWS\system32\drivers\ptilink.sys - ok
15:02:27.0968 2920  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
15:02:27.0984 2920  C:\WINDOWS\system32\drivers\raspti.sys - ok
15:02:27.0984 2920  [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
15:02:27.0984 2920  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
15:02:27.0984 2920  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
15:02:27.0984 2920  C:\WINDOWS\system32\drivers\termdd.sys - ok
15:02:27.0984 2920  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
15:02:27.0984 2920  C:\WINDOWS\system32\drivers\swenum.sys - ok
15:02:28.0000 2920  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
15:02:28.0000 2920  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
15:02:28.0000 2920  [ 091A1284AA583288B64DCD370D1B421E ] C:\WINDOWS\system32\drivers\NWADIenum.sys
15:02:28.0000 2920  C:\WINDOWS\system32\drivers\NWADIenum.sys - ok
15:02:28.0000 2920  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
15:02:28.0000 2920  C:\WINDOWS\system32\drivers\update.sys - ok
15:02:28.0000 2920  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
15:02:28.0000 2920  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
15:02:28.0015 2920  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
15:02:28.0015 2920  C:\WINDOWS\system32\drivers\usbhub.sys - ok
15:02:28.0015 2920  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
15:02:28.0015 2920  C:\WINDOWS\system32\drivers\drmk.sys - ok
15:02:28.0015 2920  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
15:02:28.0015 2920  C:\WINDOWS\system32\drivers\portcls.sys - ok
15:02:28.0031 2920  [ 951801DFB54D86F611F0AF47825476F9 ] C:\WINDOWS\system32\drivers\sthda.sys
15:02:28.0031 2920  C:\WINDOWS\system32\drivers\sthda.sys - ok
15:02:28.0031 2920  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
15:02:28.0031 2920  C:\WINDOWS\system32\drivers\fdc.sys - ok
15:02:28.0031 2920  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
15:02:28.0031 2920  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
15:02:28.0031 2920  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
15:02:28.0031 2920  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
15:02:28.0046 2920  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
15:02:28.0046 2920  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
15:02:28.0046 2920  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
15:02:28.0046 2920  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
15:02:28.0046 2920  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
15:02:28.0046 2920  C:\WINDOWS\system32\drivers\beep.sys - ok
15:02:28.0046 2920  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
15:02:28.0046 2920  C:\WINDOWS\system32\drivers\null.sys - ok
15:02:28.0062 2920  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
15:02:28.0062 2920  C:\WINDOWS\system32\drivers\vga.sys - ok
15:02:28.0062 2920  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
15:02:28.0062 2920  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
15:02:28.0062 2920  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
15:02:28.0062 2920  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
15:02:28.0078 2920  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
15:02:28.0078 2920  C:\WINDOWS\system32\drivers\msfs.sys - ok
15:02:28.0078 2920  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
15:02:28.0078 2920  C:\WINDOWS\system32\drivers\ipsec.sys - ok
15:02:28.0078 2920  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
15:02:28.0078 2920  C:\WINDOWS\system32\drivers\npfs.sys - ok
15:02:28.0078 2920  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
15:02:28.0078 2920  C:\WINDOWS\system32\drivers\rasacd.sys - ok
15:02:28.0093 2920  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
15:02:28.0093 2920  C:\WINDOWS\system32\drivers\tcpip.sys - ok
15:02:28.0093 2920  [ 33E21FFB063CA6C7E00D568467DC72E4 ] C:\WINDOWS\system32\drivers\aswTdi.sys
15:02:28.0093 2920  C:\WINDOWS\system32\drivers\aswTdi.sys - ok
15:02:28.0093 2920  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
15:02:28.0093 2920  C:\WINDOWS\system32\drivers\ipnat.sys - ok
15:02:28.0109 2920  [ C1A411B7CCD604554D96EFDAC2F83617 ] C:\WINDOWS\system32\drivers\aswRdr.sys
15:02:28.0109 2920  C:\WINDOWS\system32\drivers\aswRdr.sys - ok
15:02:28.0109 2920  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
15:02:28.0109 2920  C:\WINDOWS\system32\drivers\netbt.sys - ok
15:02:28.0109 2920  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
15:02:28.0109 2920  C:\WINDOWS\system32\drivers\afd.sys - ok
15:02:28.0109 2920  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
15:02:28.0109 2920  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
15:02:28.0125 2920  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
15:02:28.0125 2920  C:\WINDOWS\system32\drivers\netbios.sys - ok
15:02:28.0125 2920  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
15:02:28.0125 2920  C:\WINDOWS\system32\drivers\rdbss.sys - ok
15:02:28.0125 2920  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
15:02:28.0125 2920  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
15:02:28.0125 2920  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
15:02:28.0125 2920  C:\WINDOWS\system32\drivers\fips.sys - ok
15:02:28.0140 2920  [ 6FC4AA106AA505394C908D37CCCB9148 ] C:\WINDOWS\system32\drivers\aswSP.sys
15:02:28.0140 2920  C:\WINDOWS\system32\drivers\aswSP.sys - ok
15:02:28.0140 2920  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
15:02:28.0140 2920  C:\WINDOWS\system32\drivers\wanarp.sys - ok
15:02:28.0140 2920  [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
15:02:28.0140 2920  C:\WINDOWS\system32\drivers\arp1394.sys - ok
15:02:28.0156 2920  [ 0E604867FC28F00D91CB0B00D2EC830D ] C:\WINDOWS\system32\drivers\aswSnx.sys
15:02:28.0156 2920  C:\WINDOWS\system32\drivers\aswSnx.sys - ok
15:02:28.0156 2920  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
15:02:28.0156 2920  C:\WINDOWS\system32\smss.exe - ok
15:02:28.0156 2920  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
15:02:28.0156 2920  C:\WINDOWS\system32\ntdll.dll - ok
15:02:28.0156 2920  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
15:02:28.0156 2920  C:\WINDOWS\system32\autochk.exe - ok
15:02:28.0171 2920  [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] C:\WINDOWS\system32\drivers\oz776.sys
15:02:28.0171 2920  C:\WINDOWS\system32\drivers\oz776.sys - ok
15:02:28.0171 2920  [ 017DAECF0ED3AA731313433601EC40FA ] C:\WINDOWS\system32\drivers\smclib.sys
15:02:28.0171 2920  C:\WINDOWS\system32\drivers\smclib.sys - ok
15:02:28.0171 2920  [ A9C25C9A8F9DA7F25C14D84C4CE845A3 ] C:\WINDOWS\system32\sdnclean.exe
15:02:28.0171 2920  C:\WINDOWS\system32\sdnclean.exe - ok
15:02:28.0171 2920  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
15:02:28.0171 2920  C:\WINDOWS\system32\sfcfiles.dll - ok
15:02:28.0187 2920  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
15:02:28.0187 2920  C:\WINDOWS\system32\drivers\cdfs.sys - ok
15:02:28.0187 2920  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
15:02:28.0187 2920  C:\WINDOWS\system32\drivers\hidclass.sys - ok
15:02:28.0187 2920  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
15:02:28.0187 2920  C:\WINDOWS\system32\drivers\hidparse.sys - ok
15:02:28.0187 2920  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
15:02:28.0187 2920  C:\WINDOWS\system32\drivers\hidusb.sys - ok
15:02:28.0203 2920  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
15:02:28.0203 2920  C:\WINDOWS\system32\drivers\mouhid.sys - ok
15:02:28.0203 2920  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
15:02:28.0203 2920  C:\WINDOWS\system32\drivers\atapi.sys - ok
15:02:28.0203 2920  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
15:02:28.0203 2920  C:\WINDOWS\system32\drivers\wmilib.sys - ok
15:02:28.0218 2920  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
15:02:28.0218 2920  C:\WINDOWS\system32\drivers\dxapi.sys - ok
15:02:28.0218 2920  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
15:02:28.0218 2920  C:\WINDOWS\system32\watchdog.sys - ok
15:02:28.0218 2920  [ BD39EC6064A1B5DFDABCF312A38A37EE ] C:\WINDOWS\system32\win32k.sys
15:02:28.0218 2920  C:\WINDOWS\system32\win32k.sys - ok
15:02:28.0218 2920  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
15:02:28.0218 2920  C:\WINDOWS\system32\csrss.exe - ok
15:02:28.0234 2920  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:02:28.0234 2920  C:\WINDOWS\system32\basesrv.dll - ok
15:02:28.0234 2920  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
15:02:28.0234 2920  C:\WINDOWS\system32\csrsrv.dll - ok
15:02:28.0234 2920  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
15:02:28.0234 2920  C:\WINDOWS\system32\gdi32.dll - ok
15:02:28.0250 2920  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:02:28.0250 2920  C:\WINDOWS\system32\winsrv.dll - ok
15:02:28.0250 2920  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
15:02:28.0250 2920  C:\WINDOWS\system32\kernel32.dll - ok
15:02:28.0250 2920  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
15:02:28.0250 2920  C:\WINDOWS\system32\user32.dll - ok
15:02:28.0250 2920  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
15:02:28.0250 2920  C:\WINDOWS\system32\drivers\dxg.sys - ok
15:02:28.0265 2920  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
15:02:28.0265 2920  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
15:02:28.0265 2920  [ 4EE4C8579186A51C5663D50497D23933 ] C:\WINDOWS\system32\nv4_disp.dll
15:02:28.0265 2920  C:\WINDOWS\system32\nv4_disp.dll - ok
15:02:28.0265 2920  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
15:02:28.0265 2920  C:\WINDOWS\system32\vga.dll - ok
15:02:28.0265 2920  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
15:02:28.0265 2920  C:\WINDOWS\system32\winlogon.exe - ok
15:02:28.0281 2920  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
15:02:28.0281 2920  C:\WINDOWS\system32\advapi32.dll - ok
15:02:28.0281 2920  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
15:02:28.0281 2920  C:\WINDOWS\system32\rpcrt4.dll - ok
15:02:28.0281 2920  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
15:02:28.0281 2920  C:\WINDOWS\system32\secur32.dll - ok
15:02:28.0296 2920  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
15:02:28.0296 2920  C:\WINDOWS\system32\authz.dll - ok
15:02:28.0296 2920  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
15:02:28.0296 2920  C:\WINDOWS\system32\msvcrt.dll - ok
15:02:28.0296 2920  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
15:02:28.0296 2920  C:\WINDOWS\system32\crypt32.dll - ok
15:02:28.0296 2920  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
15:02:28.0296 2920  C:\WINDOWS\system32\msasn1.dll - ok
15:02:28.0312 2920  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
15:02:28.0312 2920  C:\WINDOWS\system32\nddeapi.dll - ok
15:02:28.0312 2920  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
15:02:28.0312 2920  C:\WINDOWS\system32\netapi32.dll - ok
15:02:28.0312 2920  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
15:02:28.0312 2920  C:\WINDOWS\system32\profmap.dll - ok
15:02:28.0328 2920  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
15:02:28.0328 2920  C:\WINDOWS\system32\userenv.dll - ok
15:02:28.0328 2920  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
15:02:28.0328 2920  C:\WINDOWS\system32\psapi.dll - ok
15:02:28.0328 2920  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
15:02:28.0328 2920  C:\WINDOWS\system32\regapi.dll - ok
15:02:28.0328 2920  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
15:02:28.0328 2920  C:\WINDOWS\system32\setupapi.dll - ok
15:02:28.0343 2920  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
15:02:28.0343 2920  C:\WINDOWS\system32\version.dll - ok
15:02:28.0343 2920  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
15:02:28.0343 2920  C:\WINDOWS\system32\winsta.dll - ok
15:02:28.0343 2920  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
15:02:28.0343 2920  C:\WINDOWS\system32\imagehlp.dll - ok
15:02:28.0343 2920  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
15:02:28.0343 2920  C:\WINDOWS\system32\wintrust.dll - ok
15:02:28.0359 2920  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
15:02:28.0359 2920  C:\WINDOWS\system32\ws2_32.dll - ok
15:02:28.0359 2920  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
15:02:28.0359 2920  C:\WINDOWS\system32\ws2help.dll - ok
15:02:28.0359 2920  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
15:02:28.0359 2920  C:\WINDOWS\system32\imm32.dll - ok
15:02:28.0375 2920  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
15:02:28.0375 2920  C:\WINDOWS\system32\shlwapi.dll - ok
15:02:28.0375 2920  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
15:02:28.0375 2920  C:\WINDOWS\system32\atl.dll - ok
15:02:28.0375 2920  [ D175F91A4C98B8848818C9B5089F88A2 ] C:\WINDOWS\system32\wininet.dll
15:02:28.0375 2920  C:\WINDOWS\system32\wininet.dll - ok
15:02:28.0375 2920  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
15:02:28.0375 2920  C:\WINDOWS\system32\normaliz.dll - ok
15:02:28.0390 2920  [ 84A5C7B9B1B82F94A8245781FD44D8BA ] C:\WINDOWS\system32\urlmon.dll
15:02:28.0390 2920  C:\WINDOWS\system32\urlmon.dll - ok
15:02:28.0390 2920  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
15:02:28.0390 2920  C:\WINDOWS\system32\ole32.dll - ok
15:02:28.0390 2920  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
15:02:28.0390 2920  C:\WINDOWS\system32\oleaut32.dll - ok
15:02:28.0390 2920  [ D1B3D1E05BEDC8F9B0BBBC03D6033F82 ] C:\WINDOWS\system32\iertutil.dll
15:02:28.0390 2920  C:\WINDOWS\system32\iertutil.dll - ok
15:02:28.0406 2920  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
15:02:28.0406 2920  C:\WINDOWS\system32\sxs.dll - ok
15:02:28.0406 2920  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
15:02:28.0406 2920  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
15:02:28.0406 2920  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
15:02:28.0406 2920  C:\WINDOWS\system32\winmm.dll - ok
15:02:28.0406 2920  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
15:02:28.0406 2920  C:\WINDOWS\system32\shell32.dll - ok
15:02:28.0421 2920  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
15:02:28.0421 2920  C:\WINDOWS\system32\comctl32.dll - ok
15:02:28.0421 2920  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
15:02:28.0421 2920  C:\WINDOWS\system32\kbdus.dll - ok
15:02:28.0421 2920  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
15:02:28.0421 2920  C:\WINDOWS\system32\msgina.dll - ok
15:02:28.0437 2920  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
15:02:28.0437 2920  C:\WINDOWS\system32\odbc32.dll - ok
15:02:28.0437 2920  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
15:02:28.0437 2920  C:\WINDOWS\system32\comdlg32.dll - ok
15:02:28.0437 2920  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
15:02:28.0437 2920  C:\WINDOWS\system32\odbcint.dll - ok
15:02:28.0437 2920  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
15:02:28.0437 2920  C:\WINDOWS\system32\shsvcs.dll - ok
15:02:28.0453 2920  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
15:02:28.0453 2920  C:\WINDOWS\system32\sfc.dll - ok
15:02:28.0453 2920  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
15:02:28.0453 2920  C:\WINDOWS\system32\sfc_os.dll - ok
15:02:28.0453 2920  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
15:02:28.0453 2920  C:\WINDOWS\system32\apphelp.dll - ok
15:02:28.0453 2920  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:02:28.0453 2920  C:\WINDOWS\system32\services.exe - ok
15:02:28.0468 2920  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
15:02:28.0468 2920  C:\WINDOWS\system32\lsass.exe - ok
15:02:28.0468 2920  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
15:02:28.0468 2920  C:\WINDOWS\system32\lsasrv.dll - ok
15:02:28.0468 2920  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
15:02:28.0468 2920  C:\WINDOWS\system32\ncobjapi.dll - ok
15:02:28.0484 2920  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
15:02:28.0484 2920  C:\WINDOWS\system32\msvcp60.dll - ok
15:02:28.0484 2920  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
15:02:28.0484 2920  C:\WINDOWS\system32\mpr.dll - ok
15:02:28.0484 2920  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
15:02:28.0484 2920  C:\WINDOWS\system32\scesrv.dll - ok
15:02:28.0484 2920  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
15:02:28.0484 2920  C:\WINDOWS\system32\dnsapi.dll - ok
15:02:28.0500 2920  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
15:02:28.0500 2920  C:\WINDOWS\system32\ntdsapi.dll - ok
15:02:28.0500 2920  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
15:02:28.0500 2920  C:\WINDOWS\system32\umpnpmgr.dll - ok
15:02:28.0500 2920  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
15:02:28.0500 2920  C:\WINDOWS\system32\shimeng.dll - ok
15:02:28.0515 2920  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
15:02:28.0515 2920  C:\WINDOWS\system32\wldap32.dll - ok
15:02:28.0515 2920  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll
15:02:28.0515 2920  C:\WINDOWS\AppPatch\AcAdProc.dll - ok
15:02:28.0515 2920  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
15:02:28.0515 2920  C:\WINDOWS\system32\samlib.dll - ok
15:02:28.0515 2920  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
15:02:28.0515 2920  C:\WINDOWS\system32\samsrv.dll - ok
15:02:28.0531 2920  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
15:02:28.0531 2920  C:\WINDOWS\system32\cryptdll.dll - ok
15:02:28.0531 2920  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
15:02:28.0531 2920  C:\WINDOWS\AppPatch\acgenral.dll - ok
15:02:28.0531 2920  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
15:02:28.0531 2920  C:\WINDOWS\system32\msacm32.dll - ok
15:02:28.0531 2920  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
15:02:28.0531 2920  C:\WINDOWS\system32\uxtheme.dll - ok
15:02:28.0546 2920  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
15:02:28.0546 2920  C:\WINDOWS\system32\msapsspc.dll - ok
15:02:28.0546 2920  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
15:02:28.0546 2920  C:\WINDOWS\system32\msvcrt40.dll - ok
15:02:28.0546 2920  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
15:02:28.0546 2920  C:\WINDOWS\system32\digest.dll - ok
15:02:28.0562 2920  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
15:02:28.0562 2920  C:\WINDOWS\system32\schannel.dll - ok
15:02:28.0562 2920  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
15:02:28.0562 2920  C:\WINDOWS\system32\msnsspc.dll - ok
15:02:28.0562 2920  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
15:02:28.0562 2920  C:\WINDOWS\system32\msctfime.ime - ok
15:02:28.0562 2920  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
15:02:28.0562 2920  C:\WINDOWS\system32\msprivs.dll - ok
15:02:28.0578 2920  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
15:02:28.0578 2920  C:\WINDOWS\system32\kerberos.dll - ok
15:02:28.0578 2920  [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
15:02:28.0578 2920  C:\WINDOWS\system32\atmfd.dll - ok
15:02:28.0578 2920  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
15:02:28.0578 2920  C:\WINDOWS\system32\msv1_0.dll - ok
15:02:28.0593 2920  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
15:02:28.0593 2920  C:\WINDOWS\system32\iphlpapi.dll - ok
15:02:28.0593 2920  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
15:02:28.0593 2920  C:\WINDOWS\system32\netlogon.dll - ok
15:02:28.0593 2920  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
15:02:28.0593 2920  C:\WINDOWS\system32\w32time.dll - ok
15:02:28.0593 2920  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
15:02:28.0593 2920  C:\WINDOWS\system32\wdigest.dll - ok
15:02:28.0609 2920  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
15:02:28.0609 2920  C:\WINDOWS\system32\rsaenh.dll - ok
15:02:28.0609 2920  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
15:02:28.0609 2920  C:\WINDOWS\system32\winscard.dll - ok
15:02:28.0609 2920  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
15:02:28.0609 2920  C:\WINDOWS\system32\wtsapi32.dll - ok
15:02:28.0609 2920  [ CCDA8D84FD02AEC52E62F296433AE9DC ] C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:02:28.0609 2920  C:\WINDOWS\system32\drivers\aswFsBlk.sys - ok
15:02:28.0625 2920  [ A6E20E62871A28A0F1C05B1681848FA7 ] C:\WINDOWS\system32\drivers\aswMonFlt.sys
15:02:28.0625 2920  C:\WINDOWS\system32\drivers\aswMonFlt.sys - ok
15:02:28.0625 2920  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
15:02:28.0625 2920  C:\WINDOWS\system32\scecli.dll - ok
15:02:28.0625 2920  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
15:02:28.0625 2920  C:\WINDOWS\system32\svchost.exe - ok
15:02:28.0640 2920  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
15:02:28.0640 2920  C:\WINDOWS\system32\ntmarta.dll - ok
15:02:28.0640 2920  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
15:02:28.0640 2920  C:\WINDOWS\system32\rpcss.dll - ok
15:02:28.0640 2920  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
15:02:28.0640 2920  C:\WINDOWS\system32\xpsp2res.dll - ok
15:02:28.0640 2920  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
15:02:28.0640 2920  C:\WINDOWS\system32\eventlog.dll - ok
15:02:28.0656 2920  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
15:02:28.0656 2920  C:\WINDOWS\system32\hnetcfg.dll - ok
15:02:28.0656 2920  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
15:02:28.0656 2920  C:\WINDOWS\system32\mswsock.dll - ok
15:02:28.0656 2920  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
15:02:28.0656 2920  C:\WINDOWS\system32\wshtcpip.dll - ok
15:02:28.0656 2920  [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
15:02:28.0656 2920  C:\Program Files\Bonjour\mdnsNSP.dll - ok
15:02:28.0671 2920  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
15:02:28.0671 2920  C:\WINDOWS\system32\winrnr.dll - ok
15:02:28.0671 2920  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
15:02:28.0671 2920  C:\WINDOWS\system32\rasadhlp.dll - ok
15:02:28.0671 2920  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
15:02:28.0671 2920  C:\WINDOWS\system32\logonui.exe - ok
15:02:28.0687 2920  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
15:02:28.0687 2920  C:\WINDOWS\system32\duser.dll - ok
15:02:28.0687 2920  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
15:02:28.0687 2920  C:\WINDOWS\system32\msimg32.dll - ok
15:02:28.0687 2920  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
15:02:28.0687 2920  C:\WINDOWS\system32\oleacc.dll - ok
15:02:28.0687 2920  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
15:02:28.0687 2920  C:\WINDOWS\system32\dsound.dll - ok
15:02:28.0703 2920  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
15:02:28.0703 2920  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
15:02:28.0703 2920  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
15:02:28.0703 2920  C:\WINDOWS\system32\cscdll.dll - ok
15:02:28.0703 2920  [ 0FCB7EEB0E81A777735A5AF185F56C2B ] C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
15:02:28.0703 2920  C:\Program Files\Intel\WiFi\bin\S24EvMon.exe - ok
15:02:28.0718 2920  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
15:02:28.0718 2920  C:\WINDOWS\system32\dimsntfy.dll - ok
15:02:28.0718 2920  [ 96B4494D4734970F47C566E098C4F527 ] C:\WINDOWS\system32\drivers\s24trans.sys
15:02:28.0718 2920  C:\WINDOWS\system32\drivers\s24trans.sys - ok
15:02:28.0718 2920  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
15:02:28.0718 2920  C:\WINDOWS\system32\wlnotify.dll - ok
15:02:28.0718 2920  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
15:02:28.0718 2920  C:\WINDOWS\system32\winspool.drv - ok
15:02:28.0734 2920  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
15:02:28.0734 2920  C:\WINDOWS\system32\clbcatq.dll - ok
15:02:28.0734 2920  [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
15:02:28.0734 2920  C:\WINDOWS\system32\WgaLogon.dll - ok
15:02:28.0734 2920  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
15:02:28.0734 2920  C:\WINDOWS\system32\comres.dll - ok
15:02:28.0734 2920  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
15:02:28.0734 2920  C:\WINDOWS\system32\shgina.dll - ok
15:02:28.0750 2920  [ 6D436018286F6889CD0BB6ABE99DA0A5 ] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
15:02:28.0750 2920  C:\Program Files\Intel\WiFi\bin\IntStngs.dll - ok
15:02:28.0750 2920  [ 1CA64E4EDEA94FDA75212C4BD150658F ] C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
15:02:28.0750 2920  C:\Program Files\Intel\WiFi\bin\iWMSProv.dll - ok
15:02:28.0750 2920  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
15:02:28.0750 2920  C:\WINDOWS\system32\msxml3.dll - ok
15:02:28.0765 2920  [ 41C03A40A2038F3AE5046F7A9D2BAE57 ] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
15:02:28.0765 2920  C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll - ok
15:02:28.0765 2920  [ 2DA4B9E658702B414A9DBE701A8B230E ] C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.dll
15:02:28.0765 2920  C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.dll - ok
15:02:28.0765 2920  [ 11ADD8816D61A6025844EB5123EC92D3 ] C:\Program Files\Common Files\Intel\WirelessCommon\libeay32.dll
15:02:28.0765 2920  C:\Program Files\Common Files\Intel\WirelessCommon\libeay32.dll - ok
15:02:28.0781 2920  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
15:02:28.0781 2920  C:\WINDOWS\system32\wsock32.dll - ok
15:02:28.0781 2920  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
15:02:28.0781 2920  C:\WINDOWS\system32\netcfgx.dll - ok
15:02:28.0781 2920  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
15:02:28.0781 2920  C:\WINDOWS\system32\clusapi.dll - ok
15:02:28.0781 2920  [ DB7F68F6BC8A940A0DF9899C45EA9EEF ] C:\Program Files\Intel\WiFi\bin\KMMDLPlugins\SupplicantPlugin.dll
15:02:28.0781 2920  C:\Program Files\Intel\WiFi\bin\KMMDLPlugins\SupplicantPlugin.dll - ok
15:02:28.0796 2920  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
15:02:28.0796 2920  C:\WINDOWS\system32\dhcpcsvc.dll - ok
15:02:28.0796 2920  [ 2133B82CD52F1B62CDEA633769819A60 ] C:\Program Files\Common Files\System\ado\msado15.dll
15:02:28.0796 2920  C:\Program Files\Common Files\System\ado\msado15.dll - ok
15:02:28.0796 2920  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
15:02:28.0796 2920  C:\WINDOWS\system32\dnsrslvr.dll - ok
15:02:28.0796 2920  [ 01F0CBEB457CAE7EF0CA52C7CCA5B0E8 ] C:\WINDOWS\system32\msdart.dll
15:02:28.0796 2920  C:\WINDOWS\system32\msdart.dll - ok
15:02:28.0812 2920  [ DC095DB6D468CB5B653E05F865487E57 ] C:\Program Files\Common Files\System\Ole DB\oledb32.dll
15:02:28.0812 2920  C:\Program Files\Common Files\System\Ole DB\oledb32.dll - ok
15:02:28.0843 2920  [ F86A2C7C279C746D5C5E06941ED4C337 ] C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
15:02:28.0843 2920  C:\Program Files\Common Files\System\Ole DB\oledb32r.dll - ok
15:02:28.0843 2920  [ 1ED4C96EC76C3DDFCABD7644DA23F4B6 ] C:\Program Files\Common Files\System\Ole DB\msdasql.dll
15:02:28.0843 2920  C:\Program Files\Common Files\System\Ole DB\msdasql.dll - ok
15:02:28.0843 2920  [ 73BAFFA0B02320690CDC606241078CE4 ] C:\Program Files\Common Files\System\Ole DB\msdatl3.dll
15:02:28.0843 2920  C:\Program Files\Common Files\System\Ole DB\msdatl3.dll - ok
15:02:28.0859 2920  [ 8985FCECE06A74017E23DDD093E34D4E ] C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll
15:02:28.0859 2920  C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll - ok
15:02:28.0859 2920  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
15:02:28.0859 2920  C:\WINDOWS\system32\lmhsvc.dll - ok
15:02:28.0859 2920  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
15:02:28.0859 2920  C:\WINDOWS\system32\comsvcs.dll - ok
15:02:28.0859 2920  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
15:02:28.0859 2920  C:\WINDOWS\system32\wzcsvc.dll - ok
15:02:28.0859 2920  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
15:02:28.0859 2920  C:\WINDOWS\system32\rtutils.dll - ok
15:02:28.0859 2920  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
15:02:28.0859 2920  C:\WINDOWS\system32\wmi.dll - ok
15:02:28.0859 2920  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
15:02:28.0859 2920  C:\WINDOWS\system32\eapolqec.dll - ok
15:02:28.0875 2920  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
15:02:28.0875 2920  C:\WINDOWS\system32\colbact.dll - ok
15:02:28.0875 2920  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
15:02:28.0875 2920  C:\WINDOWS\system32\qutil.dll - ok
15:02:28.0875 2920  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
15:02:28.0875 2920  C:\WINDOWS\system32\mtxclu.dll - ok
15:02:28.0875 2920  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
15:02:28.0875 2920  C:\WINDOWS\system32\dot3api.dll - ok
15:02:28.0875 2920  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
15:02:28.0875 2920  C:\WINDOWS\system32\esent.dll - ok
15:02:28.0875 2920  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
15:02:28.0875 2920  C:\WINDOWS\system32\resutils.dll - ok
15:02:28.0875 2920  [ 1B05DCC75FBB903A17E3E0DDAEA8D508 ] C:\WINDOWS\system32\odbcjt32.dll
15:02:28.0875 2920  C:\WINDOWS\system32\odbcjt32.dll - ok
15:02:28.0875 2920  [ 9E70016C950B1F8FDEAA6F067E2E25A8 ] C:\WINDOWS\system32\msjet40.dll
15:02:28.0875 2920  C:\WINDOWS\system32\msjet40.dll - ok
15:02:28.0890 2920  [ AFDC647D16B285B9AE6140335B3B3255 ] C:\WINDOWS\system32\mswstr10.dll
15:02:28.0890 2920  C:\WINDOWS\system32\mswstr10.dll - ok
15:02:28.0890 2920  [ 5CE275CDC5FFB77B1EC29DBDFE4B6689 ] C:\WINDOWS\system32\odbcji32.dll
15:02:28.0890 2920  C:\WINDOWS\system32\odbcji32.dll - ok
15:02:28.0890 2920  [ 7E2B58CE8C4013287371667880B1080D ] C:\WINDOWS\system32\msjint40.dll
15:02:28.0890 2920  C:\WINDOWS\system32\msjint40.dll - ok
15:02:28.0890 2920  [ 0D14F07B29FBF0D750AA2495DD72B968 ] C:\WINDOWS\system32\msjter40.dll
15:02:28.0890 2920  C:\WINDOWS\system32\msjter40.dll - ok
15:02:28.0890 2920  [ 2C288AA87E4723AC9FF4D76A192EC3F8 ] C:\WINDOWS\system32\odbccp32.dll
15:02:28.0890 2920  C:\WINDOWS\system32\odbccp32.dll - ok
15:02:28.0890 2920  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
15:02:28.0890 2920  C:\WINDOWS\system32\rastls.dll - ok
15:02:28.0890 2920  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
15:02:28.0890 2920  C:\WINDOWS\system32\cryptui.dll - ok
15:02:28.0906 2920  [ 41735B82DB57E4EBE9504EC400FD120E ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:02:28.0906 2920  C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok
15:02:28.0906 2920  [ 142CEDECAE89E372EE347681C3FBB257 ] C:\Program Files\Common Files\System\msadc\msadce.dll
15:02:28.0906 2920  C:\Program Files\Common Files\System\msadc\msadce.dll - ok
15:02:28.0906 2920  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
15:02:28.0906 2920  C:\WINDOWS\system32\mprapi.dll - ok
15:02:28.0906 2920  [ 81E9041DAC0983AACE5C8920AF73D64E ] C:\Program Files\Common Files\System\msadc\msadcer.dll
15:02:28.0906 2920  C:\Program Files\Common Files\System\msadc\msadcer.dll - ok
15:02:28.0906 2920  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
15:02:28.0906 2920  C:\WINDOWS\system32\activeds.dll - ok
15:02:28.0906 2920  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
15:02:28.0906 2920  C:\WINDOWS\system32\adsldpc.dll - ok
15:02:28.0906 2920  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
15:02:28.0906 2920  C:\WINDOWS\system32\rasapi32.dll - ok
15:02:28.0906 2920  [ 81BC2B7B6C5C46EB31DEDAC66548053E ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
15:02:28.0906 2920  C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
15:02:28.0921 2920  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
15:02:28.0921 2920  C:\WINDOWS\system32\rasman.dll - ok
15:02:28.0921 2920  [ 4021AEBD765FBFD22E5E7B21FB0E9549 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
15:02:28.0921 2920  C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
15:02:28.0921 2920  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
15:02:28.0921 2920  C:\WINDOWS\system32\tapi32.dll - ok
15:02:28.0921 2920  [ 35868C1F8B1BFF5CA1F957E3548A96FC ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
15:02:28.0921 2920  C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
15:02:28.0921 2920  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
15:02:28.0921 2920  C:\WINDOWS\system32\riched20.dll - ok
15:02:28.0921 2920  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
15:02:28.0921 2920  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
15:02:28.0921 2920  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
15:02:28.0921 2920  C:\WINDOWS\system32\raschap.dll - ok
15:02:28.0921 2920  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
15:02:28.0921 2920  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
15:02:28.0937 2920  [ E9CE9F8CD76B81B1CE5C9F3F58D0591A ] C:\Program Files\AVAST Software\Avast\ashBase.dll
15:02:28.0937 2920  C:\Program Files\AVAST Software\Avast\ashBase.dll - ok
15:02:28.0937 2920  [ FFF65CA2746E1FA5673D2BF2CC706955 ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
15:02:28.0937 2920  C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
15:02:28.0937 2920  [ 47742160BBC1B66D0CB09AA45F907540 ] C:\Program Files\AVAST Software\Avast\avBugReport.exe
15:02:28.0937 2920  C:\Program Files\AVAST Software\Avast\avBugReport.exe - ok
15:02:28.0937 2920  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
15:02:28.0937 2920  C:\WINDOWS\system32\dbghelp.dll - ok
15:02:28.0937 2920  [ 0127F0E5C76C1C02842952DD7B38157A ] C:\Program Files\AVAST Software\Avast\1033\Base.dll
15:02:28.0937 2920  C:\Program Files\AVAST Software\Avast\1033\Base.dll - ok
15:02:28.0937 2920  [ 1BE8D8DCCEBD1174BCC22D0BC575C237 ] C:\Program Files\AVAST Software\Avast\ashServ.dll
15:02:28.0937 2920  C:\Program Files\AVAST Software\Avast\ashServ.dll - ok
15:02:28.0937 2920  [ FD639FEEE160F399DB58A3FDB2E0DF4D ] C:\Program Files\AVAST Software\Avast\aswAux.dll
15:02:28.0937 2920  C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
15:02:28.0953 2920  [ 3B8707AC8BB05CD0D4D96333D4411EE7 ] C:\Program Files\AVAST Software\Avast\ashTask.dll
15:02:28.0953 2920  C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
15:02:28.0953 2920  [ 8588D68F3A51C147EA8019E496F805EB ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
15:02:28.0953 2920  C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok
15:02:28.0953 2920  [ 720B5083FC3037150801504F9ECA1591 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
15:02:28.0953 2920  C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
15:02:28.0953 2920  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
15:02:28.0953 2920  C:\WINDOWS\system32\winhttp.dll - ok
15:02:28.0953 2920  [ F5FEDB7D35E030A2DACD40FB3245C765 ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
15:02:28.0953 2920  C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
15:02:28.0953 2920  [ 129D3C6FF2E0C60FBD757C63C72F15B8 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
15:02:28.0953 2920  C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
15:02:28.0953 2920  [ 31472162FB12CFE31226343FDEE94318 ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
15:02:28.0953 2920  C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
15:02:28.0953 2920  [ 482310DD75538EB321210FF1E2538C72 ] C:\Program Files\AVAST Software\Avast\Aavm4h.dll
15:02:28.0953 2920  C:\Program Files\AVAST Software\Avast\Aavm4h.dll - ok
15:02:28.0968 2920  [ 1650A06EB48C18969057761AFCCBF001 ] C:\Program Files\AVAST Software\Avast\avastIP.dll
15:02:28.0968 2920  C:\Program Files\AVAST Software\Avast\avastIP.dll - ok
15:02:28.0968 2920  [ 682F67B86B4F586D813BACA7A0AA06A7 ] C:\Program Files\AVAST Software\Avast\aswIdle.dll
15:02:28.0968 2920  C:\Program Files\AVAST Software\Avast\aswIdle.dll - ok
15:02:28.0968 2920  [ EB6613261E287A8B9783C9C8B7F118F8 ] C:\Program Files\AVAST Software\Avast\aswDld.dll
15:02:28.0968 2920  C:\Program Files\AVAST Software\Avast\aswDld.dll - ok
15:02:28.0968 2920  [ 20EEC2605DC89048E9989FE8D73E26BD ] C:\Program Files\AVAST Software\Avast\aswStrm.dll
15:02:28.0968 2920  C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok
15:02:28.0968 2920  [ 371E07F0CCF9EC383809C5870CE6092B ] C:\Program Files\AVAST Software\Avast\defs\13031401\aswEngin.dll
15:02:28.0968 2920  C:\Program Files\AVAST Software\Avast\defs\13031401\aswEngin.dll - ok
15:02:28.0968 2920  [ 6A7CE64B54608DB4B632011419F1FA0D ] C:\Program Files\Intel\WiFi\bin\KMMDLPlugins\WSCPlugin.dll
15:02:28.0968 2920  C:\Program Files\Intel\WiFi\bin\KMMDLPlugins\WSCPlugin.dll - ok
15:02:28.0968 2920  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
15:02:28.0968 2920  C:\WINDOWS\system32\schedsvc.dll - ok
15:02:28.0984 2920  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
15:02:28.0984 2920  C:\WINDOWS\system32\msidle.dll - ok
15:02:28.0984 2920  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
15:02:28.0984 2920  C:\WINDOWS\system32\spoolsv.exe - ok
15:02:28.0984 2920  [ E479DDDD960DCCD8B5338B6E0F34AA97 ] C:\Program Files\AVAST Software\Avast\defs\13031401\aswCmnIS.dll
15:02:28.0984 2920  C:\Program Files\AVAST Software\Avast\defs\13031401\aswCmnIS.dll - ok
15:02:28.0984 2920  [ 3E4604CDB52F5E242C6E7D373160A684 ] C:\Program Files\AVAST Software\Avast\defs\13031401\aswCmnOS.dll
15:02:28.0984 2920  C:\Program Files\AVAST Software\Avast\defs\13031401\aswCmnOS.dll - ok
15:02:28.0984 2920  [ 08CEB05CD6B318D1E36CB122B062FFE4 ] C:\Program Files\AVAST Software\Avast\defs\13031401\aswCmnBS.dll
15:02:28.0984 2920  C:\Program Files\AVAST Software\Avast\defs\13031401\aswCmnBS.dll - ok
15:02:28.0984 2920  [ C3BEA4CDBE9805415372CA9757FD8149 ] C:\Program Files\AVAST Software\Avast\defs\13031401\aswScan.dll
15:02:28.0984 2920  C:\Program Files\AVAST Software\Avast\defs\13031401\aswScan.dll - ok
15:02:28.0984 2920  [ 8539ED943138AF05A92BD69A4DA092B2 ] C:\Program Files\AVAST Software\Avast\defs\13031401\aswRep.dll
15:02:28.0984 2920  C:\Program Files\AVAST Software\Avast\defs\13031401\aswRep.dll - ok
15:02:28.0984 2920  [ 0928FFC8BD4391F5878AD08085AE676E ] C:\Program Files\AVAST Software\Avast\defs\13031401\aswFiDb.dll
15:02:28.0984 2920  C:\Program Files\AVAST Software\Avast\defs\13031401\aswFiDb.dll - ok
15:02:29.0000 2920  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
15:02:29.0000 2920  C:\WINDOWS\system32\audiosrv.dll - ok
15:02:29.0000 2920  [ 74708005E0D326E022B8C8EA678795E8 ] C:\Program Files\AVAST Software\Avast\defs\13031401\algo.dll
15:02:29.0000 2920  C:\Program Files\AVAST Software\Avast\defs\13031401\algo.dll - ok
15:02:29.0000 2920  [ 86D007E7A654B9A71D1D7D856B104353 ] C:\WINDOWS\system32\scardsvr.exe
15:02:29.0000 2920  C:\WINDOWS\system32\scardsvr.exe - ok
15:02:29.0000 2920  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
15:02:29.0000 2920  C:\WINDOWS\system32\wkssvc.dll - ok
15:02:29.0000 2920  [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
15:02:29.0000 2920  C:\WINDOWS\system32\fltlib.dll - ok
15:02:29.0000 2920  [ 903FF9BA73E379237C0EDDDA8F17168C ] C:\Program Files\AVAST Software\Avast\Setup\setiface.dll
15:02:29.0000 2920  C:\Program Files\AVAST Software\Avast\Setup\setiface.dll - ok
15:02:29.0000 2920  [ 4AE04D9608F272F3F468B34F2F1329E5 ] C:\Program Files\AVAST Software\Avast\AhResBhv.dll
15:02:29.0000 2920  C:\Program Files\AVAST Software\Avast\AhResBhv.dll - ok
15:02:29.0015 2920  [ 94868FC1295C8B76B8D45C1F44D9F653 ] C:\Program Files\AVAST Software\Avast\AhResJs.dll
15:02:29.0015 2920  C:\Program Files\AVAST Software\Avast\AhResJs.dll - ok
15:02:29.0015 2920  [ DEA9DFD3E83F48D7005E066011D340F7 ] C:\Program Files\AVAST Software\Avast\AhResMai.dll
15:02:29.0015 2920  C:\Program Files\AVAST Software\Avast\AhResMai.dll - ok
15:02:29.0015 2920  [ C03EC02F6C9F492293D78F850E2E48FC ] C:\Program Files\AVAST Software\Avast\AhResMes.dll
15:02:29.0015 2920  C:\Program Files\AVAST Software\Avast\AhResMes.dll - ok
15:02:29.0015 2920  [ 15D7A4070D2B52D2EEA8D99E551E9E53 ] C:\Program Files\AVAST Software\Avast\AhResNS.dll
15:02:29.0015 2920  C:\Program Files\AVAST Software\Avast\AhResNS.dll - ok
15:02:29.0015 2920  [ A46789AD5F3A85470F898B15D5C056BD ] C:\Program Files\AVAST Software\Avast\AhResP2P.dll
15:02:29.0015 2920  C:\Program Files\AVAST Software\Avast\AhResP2P.dll - ok
15:02:29.0015 2920  [ B2D91A72C78D27D9A25FFF8BAF6EB2F4 ] C:\Program Files\AVAST Software\Avast\AhResStd.dll
15:02:29.0015 2920  C:\Program Files\AVAST Software\Avast\AhResStd.dll - ok
15:02:29.0015 2920  [ 39F39B23969512842F6A6D259E68FF11 ] C:\Program Files\AVAST Software\Avast\AhResWS.dll
15:02:29.0015 2920  C:\Program Files\AVAST Software\Avast\AhResWS.dll - ok
15:02:29.0015 2920  [ 106B2C1DE615E08AFF9CE2A02E04F7CC ] C:\Program Files\AVAST Software\Avast\defs\13031401\ArPot.dll
15:02:29.0015 2920  C:\Program Files\AVAST Software\Avast\defs\13031401\ArPot.dll - ok
15:02:29.0031 2920  [ 2C8F7A0B6D023C6DD817E999528F2F98 ] C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
15:02:29.0031 2920  C:\Program Files\AVAST Software\Avast\ashMaiSv.dll - ok
15:02:29.0031 2920  [ AF718FFE60D958E590AF49C4FC3BD6A6 ] C:\Program Files\AVAST Software\Avast\ssleay32.dll
15:02:29.0031 2920  C:\Program Files\AVAST Software\Avast\ssleay32.dll - ok
15:02:29.0031 2920  [ 9C70887708A7C88D20DD215AC5AA757F ] C:\Program Files\AVAST Software\Avast\libeay32.dll
15:02:29.0031 2920  C:\Program Files\AVAST Software\Avast\libeay32.dll - ok
15:02:29.0031 2920  [ B6D90C99A72044AEF85A2B7D78FEBEF4 ] C:\Program Files\AVAST Software\Avast\defs\13031401\exts.dll
15:02:29.0031 2920  C:\Program Files\AVAST Software\Avast\defs\13031401\exts.dll - ok
15:02:29.0031 2920  [ C339473B25526F866DBB21425F3D8F3A ] C:\Program Files\AVAST Software\Avast\ashWebSv.dll
15:02:29.0031 2920  C:\Program Files\AVAST Software\Avast\ashWebSv.dll - ok
15:02:29.0031 2920  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
15:02:29.0031 2920  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
15:02:29.0031 2920  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
15:02:29.0031 2920  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
15:02:29.0046 2920  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
15:02:29.0046 2920  C:\WINDOWS\system32\security.dll - ok
15:02:29.0046 2920  [ 9EEFE69139FDBB4A3C327630F8EB993A ] C:\WINDOWS\system32\wlanapi.dll
15:02:29.0046 2920  C:\WINDOWS\system32\wlanapi.dll - ok
15:02:29.0046 2920  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
15:02:29.0046 2920  C:\WINDOWS\system32\wzcsapi.dll - ok
15:02:29.0046 2920  [ DF7A5058504EE982914A3C24676F4485 ] C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
15:02:29.0046 2920  C:\Program Files\AVAST Software\Avast\ashWsFtr.dll - ok
15:02:29.0046 2920  [ A7F63C1F5CE020AA24CDCEFB422CF9E3 ] C:\Program Files\AVAST Software\Avast\defs\13031401\aswAR.dll
15:02:29.0046 2920  C:\Program Files\AVAST Software\Avast\defs\13031401\aswAR.dll - ok
15:02:29.0046 2920  [ 9D2680936DA1CB440E34482C6CAD9098 ] C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll
15:02:29.0046 2920  C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll - ok
15:02:29.0046 2920  [ 83D722F311011FB0E521737F724DEB90 ] C:\Program Files\AVAST Software\Avast\defs\13031401\aswRawFS.dll
15:02:29.0046 2920  C:\Program Files\AVAST Software\Avast\defs\13031401\aswRawFS.dll - ok
15:02:29.0046 2920  [ B64224E2F1555C85A20F0370AA0C1FC4 ] C:\Program Files\Intel\WiFi\bin\supplicant.dll
15:02:29.0046 2920  C:\Program Files\Intel\WiFi\bin\supplicant.dll - ok
15:02:29.0062 2920  [ 9B913CEB84F41DBC20E46EDFFF7818B3 ] C:\Program Files\AVAST Software\Avast\defs\13031401\swhealthex.dll
15:02:29.0062 2920  C:\Program Files\AVAST Software\Avast\defs\13031401\swhealthex.dll - ok
15:02:29.0062 2920  [ 899C7993A7DE3061C74623F5523BC21D ] C:\Program Files\AVAST Software\Avast\Setup\avast.setup
15:02:29.0062 2920  C:\Program Files\AVAST Software\Avast\Setup\avast.setup - ok
15:02:29.0062 2920  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
15:02:29.0062 2920  C:\WINDOWS\system32\powrprof.dll - ok
15:02:29.0062 2920  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
15:02:29.0062 2920  C:\WINDOWS\system32\oledlg.dll - ok
15:02:29.0062 2920  [ 5C5E3AFD499E5146FEF1DA5EF8A23205 ] C:\Program Files\AVAST Software\Avast\dbghelp.dll
15:02:29.0062 2920  C:\Program Files\AVAST Software\Avast\dbghelp.dll - ok
15:02:29.0062 2920  [ 53249B2147DDC8212B290ACF80570290 ] C:\WINDOWS\system32\ieframe.dll
15:02:29.0062 2920  C:\WINDOWS\system32\ieframe.dll - ok
15:02:29.0062 2920  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
15:02:29.0062 2920  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
15:02:29.0078 2920  [ 44B1C057B30890C55FB6F4C1582E8522 ] C:\Program Files\AVAST Software\Avast\snxhk.dll
15:02:29.0078 2920  C:\Program Files\AVAST Software\Avast\snxhk.dll - ok
15:02:29.0078 2920  [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe
15:02:29.0078 2920  C:\WINDOWS\system32\mpnotify.exe - ok
15:02:29.0078 2920  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
15:02:29.0078 2920  C:\WINDOWS\system32\webclnt.dll - ok
15:02:29.0078 2920  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
15:02:29.0078 2920  C:\WINDOWS\system32\drivers\parport.sys - ok
15:02:29.0078 2920  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
15:02:29.0078 2920  C:\WINDOWS\system32\drivers\serial.sys - ok
15:02:29.0078 2920  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
15:02:29.0078 2920  C:\WINDOWS\system32\rasmans.dll - ok
15:02:29.0078 2920  [ 4451CC2275B04043EC2BCC757AF97291 ] C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
15:02:29.0078 2920  C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe - ok
15:02:29.0078 2920  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
15:02:29.0078 2920  C:\WINDOWS\system32\sens.dll - ok
15:02:29.0093 2920  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
15:02:29.0093 2920  C:\WINDOWS\system32\winipsec.dll - ok
15:02:29.0093 2920  [ F49DABE4B824B9BF35E5F541A6CAAF26 ] C:\WINDOWS\system32\BCMLogon.dll
15:02:29.0093 2920  C:\WINDOWS\system32\BCMLogon.dll - ok
15:02:29.0093 2920  [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\WINDOWS\system32\MFC71.DLL
15:02:29.0093 2920  C:\WINDOWS\system32\MFC71.DLL - ok
15:02:29.0093 2920  [ 1562FF50D634BE4B2DA04F023297858B ] C:\Program Files\Adobe\Elements Organizer 8.0\platform.DLL
15:02:29.0093 2920  C:\Program Files\Adobe\Elements Organizer 8.0\platform.DLL - ok
15:02:29.0093 2920  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
15:02:29.0093 2920  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
15:02:29.0093 2920  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\system32\MSVCR71.DLL
15:02:29.0093 2920  C:\WINDOWS\system32\MSVCR71.DLL - ok
15:02:29.0093 2920  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\WINDOWS\system32\MSVCP71.DLL
15:02:29.0093 2920  C:\WINDOWS\system32\MSVCP71.DLL - ok
15:02:29.0109 2920  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
15:02:29.0109 2920  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
15:02:29.0109 2920  [ 3DEBBECF665DCDDE3A95D9B902010817 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:02:29.0109 2920  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
15:02:29.0109 2920  [ 55E7B39D4FE95A0716E1C3E290C8C919 ] C:\WINDOWS\system32\NetProvCredMan.dll
15:02:29.0109 2920  C:\WINDOWS\system32\NetProvCredMan.dll - ok
15:02:29.0109 2920  [ 6C63DC384A15E2AFD4A860031EF40267 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
15:02:29.0109 2920  C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
15:02:29.0109 2920  [ 2503287BD19AE52E36E9DE42834A2AC0 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
15:02:29.0109 2920  C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
15:02:29.0109 2920  [ 6FE3E3A215E55C76A811B9B56A5AEB09 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
15:02:29.0109 2920  C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
15:02:29.0109 2920  [ D8D46A439659B8B43A41B266E4646527 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
15:02:29.0109 2920  C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
15:02:29.0109 2920  [ 794950DB77AA590C2964ECA0A5874A09 ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
15:02:29.0109 2920  C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
15:02:29.0125 2920  [ 250BF888DDBE88D61EB19A9D4957C794 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
15:02:29.0125 2920  C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
15:02:29.0125 2920  [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
15:02:29.0125 2920  C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
15:02:29.0125 2920  [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
15:02:29.0125 2920  C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
15:02:29.0125 2920  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
15:02:29.0125 2920  C:\WINDOWS\system32\cscui.dll - ok
15:02:29.0125 2920  [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
15:02:29.0125 2920  C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
15:02:29.0125 2920  [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
15:02:29.0125 2920  C:\WINDOWS\system32\dpcdll.dll - ok
15:02:29.0125 2920  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
15:02:29.0125 2920  C:\WINDOWS\system32\wdmaud.drv - ok
15:02:29.0140 2920  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
15:02:29.0140 2920  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
15:02:29.0140 2920  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
15:02:29.0140 2920  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
15:02:29.0140 2920  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
15:02:29.0140 2920  C:\WINDOWS\system32\drivers\splitter.sys - ok
15:02:29.0140 2920  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
15:02:29.0140 2920  C:\WINDOWS\system32\drivers\aec.sys - ok
15:02:29.0140 2920  [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
15:02:29.0140 2920  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
15:02:29.0140 2920  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
15:02:29.0140 2920  C:\WINDOWS\system32\drivers\swmidi.sys - ok
15:02:29.0140 2920  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
15:02:29.0140 2920  C:\WINDOWS\system32\userinit.exe - ok
15:02:29.0140 2920  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
15:02:29.0140 2920  C:\WINDOWS\system32\drivers\dmusic.sys - ok
15:02:29.0156 2920  [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
15:02:29.0156 2920  C:\WINDOWS\system32\WgaTray.exe - ok
15:02:29.0156 2920  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
15:02:29.0156 2920  C:\WINDOWS\system32\drivers\kmixer.sys - ok
15:02:29.0156 2920  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
15:02:29.0156 2920  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
15:02:29.0156 2920  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
15:02:29.0156 2920  C:\WINDOWS\system32\msacm32.drv - ok
15:02:29.0156 2920  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
15:02:29.0156 2920  C:\WINDOWS\system32\midimap.dll - ok
15:02:29.0156 2920  [ 37CF2461CB5E40C4CFAB82C8FC79A2BC ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
15:02:29.0156 2920  C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
15:02:29.0156 2920  [ 1224BC6DE919F8CD8C1C945280E63852 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
15:02:29.0156 2920  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
15:02:29.0156 2920  [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\WINDOWS\system32\dnssd.dll
15:02:29.0156 2920  C:\WINDOWS\system32\dnssd.dll - ok
15:02:29.0171 2920  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
15:02:29.0171 2920  C:\Program Files\Bonjour\mDNSResponder.exe - ok
15:02:29.0171 2920  [ 905B5BF5BE0A86E8412801BF20357195 ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
15:02:29.0171 2920  C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
15:02:29.0171 2920  [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
15:02:29.0171 2920  C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
15:02:29.0171 2920  [ 5D76C8CC87D0EFBE0B4A3BEF6B67EBF0 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
15:02:29.0171 2920  C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
15:02:29.0171 2920  [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
15:02:29.0171 2920  C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
15:02:29.0171 2920  [ 5E33C164DC7FA74728D8A83036C438BB ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
15:02:29.0171 2920  C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
15:02:29.0171 2920  [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
15:02:29.0171 2920  C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
15:02:29.0187 2920  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:02:29.0187 2920  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
15:02:29.0187 2920  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
15:02:29.0187 2920  C:\WINDOWS\explorer.exe - ok
15:02:29.0187 2920  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
15:02:29.0187 2920  C:\WINDOWS\system32\msi.dll - ok
15:02:29.0187 2920  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
15:02:29.0187 2920  C:\WINDOWS\system32\cryptnet.dll - ok
15:02:29.0187 2920  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
15:02:29.0187 2920  C:\WINDOWS\system32\sensapi.dll - ok
15:02:29.0187 2920  [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
15:02:29.0187 2920  C:\WINDOWS\system32\LegitCheckControl.dll - ok
15:02:29.0187 2920  [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
15:02:29.0187 2920  C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
15:02:29.0187 2920  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
15:02:29.0187 2920  C:\WINDOWS\system32\mstask.dll - ok
15:02:29.0203 2920  [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
15:02:29.0203 2920  C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
15:02:29.0203 2920  [ B218AF9E706D47FF01403D62796840FC ] C:\WINDOWS\system32\browseui.dll
15:02:29.0203 2920  C:\WINDOWS\system32\browseui.dll - ok
15:02:29.0203 2920  [ B04DB1F0B2652FCBCCC5FD0C46579F0F ] C:\WINDOWS\system32\mscoree.dll
15:02:29.0203 2920  C:\WINDOWS\system32\mscoree.dll - ok
15:02:29.0203 2920  [ 653CC3873858FC4473F800228053364B ] C:\WINDOWS\system32\shdocvw.dll
15:02:29.0203 2920  C:\WINDOWS\system32\shdocvw.dll - ok
15:02:29.0203 2920  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
15:02:29.0203 2920  C:\WINDOWS\system32\cryptsvc.dll - ok
15:02:29.0203 2920  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
15:02:29.0203 2920  C:\WINDOWS\system32\certcli.dll - ok
15:02:29.0203 2920  [ C37B83B51CDF10E5BB6F78A7E4FED11A ] C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:02:29.0203 2920  C:\Program Files\Intel\WiFi\bin\EvtEng.exe - ok
15:02:29.0218 2920  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
15:02:29.0218 2920  C:\WINDOWS\system32\es.dll - ok
15:02:29.0218 2920  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
15:02:29.0218 2920  C:\WINDOWS\system32\ersvc.dll - ok
15:02:29.0218 2920  [ 56DEC67E273BA88A630C4B7B29D9D7BB ] C:\Program Files\AVAST Software\Avast\ashShell.dll
15:02:29.0218 2920  C:\Program Files\AVAST Software\Avast\ashShell.dll - ok
15:02:29.0218 2920  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
15:02:29.0218 2920  C:\WINDOWS\system32\desk.cpl - ok
15:02:29.0218 2920  [ FDA5B90363233297D7F68B03FD472F16 ] C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
15:02:29.0218 2920  C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll - ok
15:02:29.0218 2920  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
15:02:29.0218 2920  C:\WINDOWS\system32\themeui.dll - ok
15:02:29.0218 2920  [ AF0A9D65D0C38447FC5499316705EF35 ] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
15:02:29.0218 2920  C:\Program Files\Intel\WiFi\bin\MurocApi.dll - ok
15:02:29.0234 2920  [ 4EA92135C436D18975C2EBEC242B71DA ] C:\WINDOWS\system32\icmp.dll
15:02:29.0234 2920  C:\WINDOWS\system32\icmp.dll - ok
15:02:29.0234 2920  [ 2E47A3A393595161A21969FB5821404B ] C:\Program Files\Intel\WiFi\bin\pfQOSMgr.dll
15:02:29.0234 2920  C:\Program Files\Intel\WiFi\bin\pfQOSMgr.dll - ok
15:02:29.0234 2920  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
15:02:29.0234 2920  C:\WINDOWS\system32\actxprxy.dll - ok
15:02:29.0234 2920  [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:02:29.0234 2920  C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll - ok
15:02:29.0234 2920  [ 159FAC880722B49645E056A558B03E26 ] C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
15:02:29.0234 2920  C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll - ok
15:02:29.0234 2920  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
15:02:29.0234 2920  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
15:02:29.0234 2920  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
15:02:29.0234 2920  C:\WINDOWS\system32\cmd.exe - ok
15:02:29.0234 2920  [ 14229263AA19C704E0D6D2E7404A8455 ] C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:02:29.0234 2920  C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL - ok
15:02:29.0250 2920  [ 7C0F8B4103945FA2CB695004804D65BB ] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
15:02:29.0250 2920  C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll - ok
15:02:29.0250 2920  [ 999DB5F88C8E145CCA9D471E33227143 ] C:\Program Files\Java\jre7\bin\jqs.exe
15:02:29.0250 2920  C:\Program Files\Java\jre7\bin\jqs.exe - ok
15:02:29.0250 2920  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
15:02:29.0250 2920  C:\WINDOWS\system32\spoolss.dll - ok
15:02:29.0250 2920  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
15:02:29.0250 2920  C:\WINDOWS\system32\localspl.dll - ok
15:02:29.0250 2920  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
15:02:29.0250 2920  C:\WINDOWS\system32\cnbjmon.dll - ok
15:02:29.0250 2920  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
15:02:29.0250 2920  C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
15:02:29.0250 2920  [ 8A43F48D1FE0FA3F762A72D6D48E81AE ] C:\WINDOWS\system32\CNMLM8V.DLL
15:02:29.0250 2920  C:\WINDOWS\system32\CNMLM8V.DLL - ok
15:02:29.0265 2920  [ 0A0C8331E26F1EC7741CCE6A91E9167D ] C:\WINDOWS\system32\hpf3l082.dll
15:02:29.0265 2920  C:\WINDOWS\system32\hpf3l082.dll - ok
15:02:29.0265 2920  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
15:02:29.0265 2920  C:\WINDOWS\system32\pdh.dll - ok
15:02:29.0265 2920  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
15:02:29.0265 2920  C:\WINDOWS\system32\pjlmon.dll - ok
15:02:29.0265 2920  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
15:02:29.0265 2920  C:\WINDOWS\system32\tcpmon.dll - ok
15:02:29.0265 2920  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
15:02:29.0265 2920  C:\WINDOWS\system32\odbcbcp.dll - ok
15:02:29.0265 2920  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
15:02:29.0265 2920  C:\WINDOWS\system32\usbmon.dll - ok
15:02:29.0265 2920  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
15:02:29.0265 2920  C:\WINDOWS\system32\srvsvc.dll - ok
15:02:29.0265 2920  [ 21E3BD7693DBEC620075B8DA77E148B2 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8V.DLL
15:02:29.0265 2920  C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8V.DLL - ok
15:02:29.0281 2920  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
15:02:29.0281 2920  C:\WINDOWS\system32\netmsg.dll - ok
15:02:29.0281 2920  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
15:02:29.0281 2920  C:\WINDOWS\system32\perfos.dll - ok
15:02:29.0281 2920  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
15:02:29.0281 2920  C:\WINDOWS\system32\perfdisk.dll - ok
15:02:29.0281 2920  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
15:02:29.0281 2920  C:\WINDOWS\system32\drivers\srv.sys - ok
15:02:29.0281 2920  [ 73347ECA7A6D327BA43C40CB56BCA659 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp082.dll
15:02:29.0281 2920  C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp082.dll - ok
15:02:29.0281 2920  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
15:02:29.0281 2920  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
15:02:29.0281 2920  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
15:02:29.0281 2920  C:\WINDOWS\system32\win32spl.dll - ok
15:02:29.0296 2920  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
15:02:29.0296 2920  C:\WINDOWS\system32\netman.dll - ok
15:02:29.0296 2920  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
15:02:29.0296 2920  C:\WINDOWS\system32\netrap.dll - ok
15:02:29.0296 2920  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
15:02:29.0296 2920  C:\WINDOWS\system32\inetpp.dll - ok
15:02:29.0296 2920  [ 2969D26EEE289BE7422AA46FC55F4E38 ] C:\WINDOWS\system32\HPZinw12.dll
15:02:29.0296 2920  C:\WINDOWS\system32\HPZinw12.dll - ok
15:02:29.0296 2920  [ 8CE9B8F0E1D36BAE1C9FCC0693FE09BF ] C:\WINDOWS\system32\nvsvc32.exe
15:02:29.0296 2920  C:\WINDOWS\system32\nvsvc32.exe - ok
15:02:29.0296 2920  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
15:02:29.0296 2920  C:\WINDOWS\system32\netshell.dll - ok
15:02:29.0296 2920  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
15:02:29.0296 2920  C:\WINDOWS\system32\credui.dll - ok
15:02:29.0296 2920  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
15:02:29.0296 2920  C:\WINDOWS\system32\dot3dlg.dll - ok
15:02:29.0312 2920  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
15:02:29.0312 2920  C:\WINDOWS\system32\onex.dll - ok
15:02:29.0312 2920  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
15:02:29.0312 2920  C:\WINDOWS\system32\eappcfg.dll - ok
15:02:29.0312 2920  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
15:02:29.0312 2920  C:\WINDOWS\system32\eappprxy.dll - ok
15:02:29.0312 2920  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\0B30768E-3740-407E-986D-CE64D5BED898.exe
15:02:29.0312 2920  C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\0B30768E-3740-407E-986D-CE64D5BED898.exe - ok
15:02:29.0312 2920  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
15:02:29.0312 2920  C:\WINDOWS\system32\linkinfo.dll - ok
15:02:29.0312 2920  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
15:02:29.0312 2920  C:\WINDOWS\system32\ntshrui.dll - ok
15:02:29.0312 2920  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
15:02:29.0312 2920  C:\WINDOWS\system32\ipsecsvc.dll - ok
15:02:29.0328 2920  [ C8DA4746D1C87FE3E5DCC3CE86218B62 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:02:29.0328 2920  C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe - ok
15:02:29.0328 2920  [ BAFC9706BDF425A02B66468AB2605C59 ] C:\WINDOWS\system32\HPZipm12.dll
15:02:29.0328 2920  C:\WINDOWS\system32\HPZipm12.dll - ok
15:02:29.0328 2920  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
15:02:29.0328 2920  C:\WINDOWS\system32\oakley.dll - ok
15:02:29.0328 2920  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
15:02:29.0328 2920  C:\WINDOWS\system32\verclsid.exe - ok
15:02:29.0328 2920  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
15:02:29.0328 2920  C:\WINDOWS\system32\pstorsvc.dll - ok
15:02:29.0328 2920  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
15:02:29.0328 2920  C:\WINDOWS\system32\psbase.dll - ok
15:02:29.0328 2920  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
15:02:29.0328 2920  C:\WINDOWS\system32\dssenh.dll - ok
15:02:29.0328 2920  [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
15:02:29.0328 2920  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
15:02:29.0343 2920  [ ADA23DCD5DD87CA957AAF1DE9D6CE292 ] C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL
15:02:29.0343 2920  C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL - ok
15:02:29.0343 2920  [ 82A98D0EB83505529AD81E4C1FADC37D ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll
15:02:29.0343 2920  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll - ok
15:02:29.0343 2920  [ A43BF2D628B419B9661FFF7F46553B64 ] C:\WINDOWS\system32\nvcpl.dll
15:02:29.0343 2920  C:\WINDOWS\system32\nvcpl.dll - ok
15:02:29.0343 2920  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\53889667.sys
15:02:29.0343 2920  C:\WINDOWS\system32\drivers\53889667.sys - ok
15:02:29.0343 2920  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
15:02:29.0343 2920  C:\WINDOWS\system32\webcheck.dll - ok
15:02:29.0343 2920  [ F77BDB7467F79F47252B34FE3B756865 ] C:\WINDOWS\system32\nvapi.dll
15:02:29.0343 2920  C:\WINDOWS\system32\nvapi.dll - ok
15:02:29.0343 2920  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
15:02:29.0343 2920  C:\WINDOWS\system32\mlang.dll - ok
15:02:29.0359 2920  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
15:02:29.0359 2920  C:\WINDOWS\system32\stobject.dll - ok
15:02:29.0359 2920  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
15:02:29.0359 2920  C:\WINDOWS\system32\batmeter.dll - ok
15:02:29.0359 2920  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
15:02:29.0359 2920  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
15:02:29.0359 2920  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
15:02:29.0359 2920  C:\WINDOWS\system32\mydocs.dll - ok
15:02:29.0359 2920  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
15:02:29.0359 2920  C:\WINDOWS\system32\upnp.dll - ok
15:02:29.0359 2920  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
15:02:29.0359 2920  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
15:02:29.0359 2920  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
15:02:29.0359 2920  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
15:02:29.0359 2920  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
15:02:29.0359 2920  C:\WINDOWS\system32\ssdpapi.dll - ok
15:02:29.0375 2920  [ C5C4E695E5EB733849FD43C75631C097 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
15:02:29.0375 2920  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
15:02:29.0375 2920  [ 56F676060D70BA066459478824510BEA ] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
15:02:29.0375 2920  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - ok
15:02:29.0375 2920  [ 49385AFEE6EDFA0A0177BE6651AADD77 ] C:\Program Files\QuickTime\QTTask.exe
15:02:29.0375 2920  C:\Program Files\QuickTime\QTTask.exe - ok
15:02:29.0375 2920  [ 6CB635902C90A17668B82020E1DAEFD6 ] C:\WINDOWS\system32\nvdisps.dll
15:02:29.0375 2920  C:\WINDOWS\system32\nvdisps.dll - ok
15:02:29.0375 2920  [ D7FC7B3BDAE8C0202961A4DF17B0F293 ] C:\Program Files\CyberLink\PowerDVD\CLRCEngine3.dll
15:02:29.0375 2920  C:\Program Files\CyberLink\PowerDVD\CLRCEngine3.dll - ok
15:02:29.0375 2920  [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
15:02:29.0375 2920  C:\WINDOWS\system32\rundll32.exe - ok
15:02:29.0375 2920  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\CyberLink\PowerDVD\msvcr71.dll
15:02:29.0375 2920  C:\Program Files\CyberLink\PowerDVD\msvcr71.dll - ok
15:02:29.0390 2920  [ 1A43049D8316814EAC578953D6D52F42 ] C:\WINDOWS\system32\SynCOM.dll
15:02:29.0390 2920  C:\WINDOWS\system32\SynCOM.dll - ok
15:02:29.0390 2920  [ 6804F21614462E4651998D530E8E4445 ] C:\WINDOWS\system32\SynTPAPI.dll
15:02:29.0390 2920  C:\WINDOWS\system32\SynTPAPI.dll - ok
15:02:29.0390 2920  [ 3D51F8D38A5FE3EC219F33E83607BCDE ] C:\WINDOWS\system32\nwiz.exe
15:02:29.0390 2920  C:\WINDOWS\system32\nwiz.exe - ok
15:02:29.0390 2920  [ 8112D0DACAE746290FC87B3A980FA719 ] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
15:02:29.0390 2920  C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe - ok
15:02:29.0390 2920  [ 0A429C99CAE89CBD00D0451A5402C3A1 ] C:\WINDOWS\inf\unregmp2.exe
15:02:29.0390 2920  C:\WINDOWS\inf\unregmp2.exe - ok
15:02:29.0390 2920  [ 405D6C6C1D5D255CB4EF1BFD1CE305E8 ] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
15:02:29.0390 2920  C:\Program Files\CyberLink\PowerDVD\Language\Language.exe - ok
15:02:29.0390 2920  [ 0DCAC41EB58A45049BD7FF665C32D5F4 ] C:\Program Files\iTunes\iTunesHelper.exe
15:02:29.0390 2920  C:\Program Files\iTunes\iTunesHelper.exe - ok
15:02:29.0390 2920  [ FDA1BA7B2179F29D6DEB3DEC9C9037D0 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
15:02:29.0390 2920  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll - ok
15:02:29.0406 2920  [ 459AC8E1633F6E7BE79741770651589C ] C:\WINDOWS\system32\nvmctray.dll
15:02:29.0406 2920  C:\WINDOWS\system32\nvmctray.dll - ok
15:02:29.0406 2920  [ 0C7B65C8743442A37152FCFAC5F7D16A ] C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
15:02:29.0406 2920  C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe - ok
15:02:29.0406 2920  [ A055FB9195BAD9F2C7AD18B2FA9FF87C ] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe
15:02:29.0406 2920  C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe - ok
15:02:29.0406 2920  [ 6100E5D3BF5D587B450AA481693EF30B ] C:\Program Files\Synaptics\SynTP\DellTpad.exe
15:02:29.0406 2920  C:\Program Files\Synaptics\SynTP\DellTpad.exe - ok
15:02:29.0406 2920  [ 4F5562F8C92EEDA83761244AC3655ADA ] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
15:02:29.0406 2920  C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe - ok
15:02:29.0406 2920  [ 2BF492D8BA3B74BC92A0264D4CEAA724 ] C:\WINDOWS\system32\nview.dll
15:02:29.0406 2920  C:\WINDOWS\system32\nview.dll - ok
15:02:29.0406 2920  [ 5335512D063A28C72C89B959264129A7 ] C:\WINDOWS\system32\nvwddi.dll
15:02:29.0406 2920  C:\WINDOWS\system32\nvwddi.dll - ok
15:02:29.0406 2920  [ E4CE6C4AE730E0EC87FC5DA4CD1946AD ] C:\Program Files\iTunes\iTunesHelper.dll
15:02:29.0406 2920  C:\Program Files\iTunes\iTunesHelper.dll - ok
15:02:29.0421 2920  [ E7BE61EB1BDE3921FF0CDD24F1535332 ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
15:02:29.0421 2920  C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
15:02:29.0421 2920  [ D21B30A0A07EBB5AD6D5750735D90555 ] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
15:02:29.0421 2920  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe - ok
15:02:29.0421 2920  [ 93A67AD03FD9C2286A4A5AD9A67F381A ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
15:02:29.0421 2920  C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
15:02:29.0421 2920  [ 06A4250C9E3606CAE3F68DA45702F342 ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
15:02:29.0421 2920  C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
15:02:29.0421 2920  [ 53F773212D7A94E3C0300E787DA45FD9 ] C:\Program Files\Common Files\Intel\WirelessCommon\CustomUIResource.dll
15:02:29.0421 2920  C:\Program Files\Common Files\Intel\WirelessCommon\CustomUIResource.dll - ok
15:02:29.0421 2920  [ 17CEC1CB41C5580DBE20984FC73BC4F4 ] C:\WINDOWS\system32\WLTRAY.EXE
15:02:29.0421 2920  C:\WINDOWS\system32\WLTRAY.EXE - ok
15:02:29.0421 2920  [ 1F3FF6C062B311FE410EC89F6BFAC213 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
15:02:29.0421 2920  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
15:02:29.0437 2920  [ 2788FFD617D6FBE7F6407F1F5A6F18B5 ] C:\Program Files\Intel\WiFi\bin\DbEngine.dll
15:02:29.0437 2920  C:\Program Files\Intel\WiFi\bin\DbEngine.dll - ok
15:02:29.0437 2920  [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
15:02:29.0437 2920  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
15:02:29.0437 2920  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
15:02:29.0437 2920  C:\WINDOWS\system32\cfgmgr32.dll - ok
15:02:29.0437 2920  [ 1986443C2F2C0E2A18E908DD241BF84D ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll
15:02:29.0437 2920  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll - ok
15:02:29.0437 2920  [ E5BC8D93CDCB957146D971647849A154 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
15:02:29.0437 2920  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll - ok
15:02:29.0437 2920  [ 8F2097E8B174F38178570C611464935F ] C:\WINDOWS\system32\ATL71.DLL
15:02:29.0437 2920  C:\WINDOWS\system32\ATL71.DLL - ok
15:02:29.0437 2920  [ EEA46BF5D63A96B21E24FD0EFE4CAD56 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
15:02:29.0437 2920  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
15:02:29.0437 2920  [ D4931277DF5393E84A48B27DF40914E3 ] C:\WINDOWS\system32\riched32.dll
15:02:29.0437 2920  C:\WINDOWS\system32\riched32.dll - ok
15:02:29.0453 2920  [ 07BBB3CBB86D2626B46BC1D210C4781B ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
15:02:29.0453 2920  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll - ok
15:02:29.0453 2920  [ 0CD9F5C092E218600FF761F05921B180 ] C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\WiWiTray.dll
15:02:29.0453 2920  C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\WiWiTray.dll - ok
15:02:29.0453 2920  [ D34A527493F39AF4491B3E909DC697CA ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
15:02:29.0453 2920  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll - ok
15:02:29.0453 2920  [ 81ADBC4E31A721AEF23251A952049BA2 ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
15:02:29.0453 2920  C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
15:02:29.0453 2920  [ EBA5A99CE5D25EEB9AD88AF367D47B4D ] C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\ConnMgr.dll
15:02:29.0453 2920  C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\ConnMgr.dll - ok
15:02:29.0453 2920  [ B5A4EBA9487F08BECC843A87422B8052 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
15:02:29.0453 2920  C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe - ok
15:02:29.0453 2920  [ 148C545849C1379A3D4448F5DE768E86 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
15:02:29.0453 2920  C:\Program Files\AVAST Software\Avast\AvastUI.exe - ok
15:02:29.0468 2920  [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
15:02:29.0468 2920  C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
15:02:29.0468 2920  [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
15:02:29.0468 2920  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
15:02:29.0468 2920  [ 3E930C641079443D4DE036167A69CAA2 ] C:\Program Files\Messenger\msmsgs.exe
15:02:29.0468 2920  C:\Program Files\Messenger\msmsgs.exe - ok
15:02:29.0468 2920  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
15:02:29.0468 2920  C:\WINDOWS\system32\ctfmon.exe - ok
15:02:29.0468 2920  [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
15:02:29.0468 2920  C:\WINDOWS\system32\msisip.dll - ok
15:02:29.0468 2920  [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
15:02:29.0468 2920  C:\WINDOWS\system32\wshext.dll - ok
15:02:29.0468 2920  [ 7943A80F1A6FD37969AACD411B511F91 ] C:\WINDOWS\system32\WindowsPowerShell\v1.0\pwrshsip.dll
15:02:29.0468 2920  C:\WINDOWS\system32\WindowsPowerShell\v1.0\pwrshsip.dll - ok
15:02:29.0468 2920  [ ADCFBA92C21CCC3F3D0AB7AFE576A3B1 ] C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
15:02:29.0468 2920  C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll - ok
15:02:29.0484 2920  [ 44AD39A50E3E4956E0BB91917DD7D619 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
15:02:29.0484 2920  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll - ok
15:02:29.0484 2920  [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
15:02:29.0484 2920  C:\WINDOWS\system32\drprov.dll - ok
15:02:29.0484 2920  [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
15:02:29.0484 2920  C:\WINDOWS\system32\ntlanman.dll - ok
15:02:29.0484 2920  [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
15:02:29.0484 2920  C:\WINDOWS\system32\netui0.dll - ok
15:02:29.0484 2920  [ ABFA19E156B6C9A8139966A1575027EB ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll
15:02:29.0484 2920  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll - ok
15:02:29.0484 2920  [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
15:02:29.0484 2920  C:\WINDOWS\system32\netui1.dll - ok
15:02:29.0484 2920  [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
15:02:29.0484 2920  C:\WINDOWS\system32\davclnt.dll - ok
15:02:29.0500 2920  [ 22A6446883EFB70F82AD96E510AD5A1C ] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
15:02:29.0500 2920  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - ok
15:02:29.0500 2920  [ C96980CCCF84329824623B0B50383703 ] C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:02:29.0500 2920  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe - ok
15:02:29.0500 2920  [ 4C867B62F6100C107A3A8F5E7A10461D ] C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl
15:02:29.0500 2920  C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl - ok
15:02:29.0500 2920  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
15:02:29.0500 2920  C:\WINDOWS\system32\shfolder.dll - ok
15:02:29.0500 2920  [ AD739DC6E2EFB5F55F181A3EF54A206E ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
15:02:29.0500 2920  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll - ok
15:02:29.0500 2920  [ B2D4A37B12F04736362268FFC5B6F5BF ] C:\Program Files\AVAST Software\Avast\aswUtil.dll
15:02:29.0500 2920  C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok
15:02:29.0500 2920  [ D9AF104F7E21FA859EFA3C67E5522E88 ] C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl
15:02:29.0500 2920  C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl - ok
15:02:29.0500 2920  [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
15:02:29.0500 2920  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll - ok
15:02:29.0515 2920  [ 9C2543A7AC524CAA63B26A16D4E3AD39 ] C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
15:02:29.0515 2920  C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl - ok
15:02:29.0515 2920  [ 5422CB64444C33F029483552A8FACE37 ] C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl
15:02:29.0515 2920  C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl - ok
15:02:29.0515 2920  [ AEB9DD47B76075B05E27874384544F39 ] C:\Program Files\Spybot - Search & Destroy 2\vclie150.bpl
15:02:29.0515 2920  C:\Program Files\Spybot - Search & Destroy 2\vclie150.bpl - ok
15:02:29.0515 2920  [ FA27F4DF4015B22F04B5D18044A24322 ] C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
15:02:29.0515 2920  C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl - ok
15:02:29.0515 2920  [ 04C91A0C40904714EBA36C6FC5038FFA ] C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
15:02:29.0515 2920  C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe - ok
15:02:29.0515 2920  [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
15:02:29.0515 2920  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll - ok
15:02:29.0515 2920  [ 7EA351E5AB744DC2C22D98E23485A262 ] C:\Program Files\AVAST Software\Avast\aswAra.dll
15:02:29.0515 2920  C:\Program Files\AVAST Software\Avast\aswAra.dll - ok
15:02:29.0531 2920  [ 0FDABB1FD68CBC557084E16B0EA2F731 ] C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl
15:02:29.0531 2920  C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl - ok
15:02:29.0531 2920  [ 64AE5305771907914386081B15CB92BD ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
15:02:29.0531 2920  C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - ok
15:02:29.0531 2920  [ 105ED75F4CEE9E58152061520DAA4ABD ] C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl
15:02:29.0531 2920  C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl - ok
15:02:29.0531 2920  [ 520C1168F1D8447EFDE7C101CA5E75EC ] C:\Program Files\AVAST Software\Avast\aswData.dll
15:02:29.0531 2920  C:\Program Files\AVAST Software\Avast\aswData.dll - ok
15:02:29.0531 2920  [ 86E99E1222E671408ED5E8618521AEEB ] C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
15:02:29.0531 2920  C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl - ok
15:02:29.0531 2920  [ 08C8FD7B2F760CC6A1D25279DD6BBDA0 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
15:02:29.0531 2920  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll - ok
15:02:29.0531 2920  ============================================================
15:02:29.0531 2920  Scan finished
15:02:29.0531 2920  ============================================================
15:02:29.0640 1420  Detected object count: 18
15:02:29.0640 1420  Actual detected object count: 18
15:04:27.0937 1420  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0937 1420  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0937 1420  CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0937 1420  CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0937 1420  CSRBC ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0937 1420  CSRBC ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0937 1420  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0937 1420  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0937 1420  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0937 1420  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0937 1420  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0937 1420  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0937 1420  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0937 1420  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0937 1420  pfc ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0937 1420  pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0953 1420  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0953 1420  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0953 1420  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0953 1420  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0953 1420  QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0953 1420  QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0953 1420  QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0953 1420  QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0953 1420  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0953 1420  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0953 1420  S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0953 1420  S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0953 1420  WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0953 1420  WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:27.0953 1420  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:27.0953 1420  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:28.0781 1420  \Device\Harddisk0\DR0\# - copied to quarantine
15:04:28.0781 1420  \Device\Harddisk0\DR0 - copied to quarantine
15:04:28.0906 1420  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:04:28.0921 1420  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:04:28.0984 1420  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:04:37.0328 1420  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:04:37.0406 1420  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:04:39.0484 1420  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:04:39.0484 1420  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:04:39.0484 1420  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:04:39.0500 1420  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:04:39.0546 1420  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:04:41.0546 1420  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:04:41.0546 1420  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:04:41.0562 1420  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
15:04:41.0562 1420  \Device\Harddisk0\DR0 - ok
15:04:41.0578 1420  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
15:04:41.0578 1420  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:04:41.0578 1420  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:10:44.0828 2808  Deinitialize success


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

 

15:13:10.0218 3008  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:13:12.0265 3008  ============================================================
15:13:12.0265 3008  Current date / time: 2013/03/14 15:13:12.0265
15:13:12.0265 3008  SystemInfo:
15:13:12.0265 3008 
15:13:12.0265 3008  OS Version: 5.1.2600 ServicePack: 3.0
15:13:12.0265 3008  Product type: Workstation
15:13:12.0265 3008  ComputerName: SHARON-FDF52AE8
15:13:12.0265 3008  UserName: Sharon McGuire
15:13:12.0265 3008  Windows directory: C:\WINDOWS
15:13:12.0265 3008  System windows directory: C:\WINDOWS
15:13:12.0265 3008  Processor architecture: Intel x86
15:13:12.0265 3008  Number of processors: 2
15:13:12.0265 3008  Page size: 0x1000
15:13:12.0265 3008  Boot type: Normal boot
15:13:12.0265 3008  ============================================================
15:13:24.0828 3008  BG loaded
15:13:26.0640 3008  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:13:26.0750 3008  ============================================================
15:13:26.0750 3008  \Device\Harddisk0\DR0:
15:13:26.0750 3008  MBR partitions:
15:13:26.0750 3008  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
15:13:26.0750 3008  ============================================================
15:13:26.0937 3008  C: <-> \Device\Harddisk0\DR0\Partition1
15:13:26.0953 3008  ============================================================
15:13:26.0953 3008  Initialize success
15:13:26.0953 3008  ============================================================
15:14:42.0437 2952  Deinitialize success



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:31 PM

Posted 14 March 2013 - 06:47 PM


Hello CNC

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
 ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 CNC

CNC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 14 March 2013 - 08:33 PM

here is the report from combofix.....I'll try to do some testing while you review it. Thanks.

 

******************************************************************************************************************************************************************************

ComboFix 13-03-13.02 - Sharon McGuire 03/14/2013  21:15:00.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.994 [GMT -4:00]
Running from: c:\documents and settings\Sharon McGuire\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sharon McGuire\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-15 to 2013-03-15  )))))))))))))))))))))))))))))))
.
.
2013-03-14 19:04 . 2013-03-14 19:04 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-14 17:56 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-03-14 17:56 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-03-14 17:56 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-03-14 17:56 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-03-14 17:56 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-03-14 17:55 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2013-03-14 17:55 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-03-14 17:55 . 2004-08-04 02:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-03-14 17:55 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2013-03-14 17:55 . 2004-08-04 02:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-03-14 17:55 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2013-03-14 17:55 . 2004-08-04 02:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-03-14 17:55 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-03-14 17:53 . 2001-08-17 17:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2013-03-14 17:52 . 2001-08-18 02:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2013-03-14 17:51 . 2008-04-14 00:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2013-03-14 17:50 . 2001-08-17 18:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2013-03-14 17:49 . 2001-08-18 02:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2013-03-14 17:48 . 2001-08-18 02:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2013-03-14 17:47 . 2001-08-17 17:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2013-03-14 17:46 . 2001-08-18 02:36 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2013-03-14 17:45 . 2001-08-17 17:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2013-03-14 17:44 . 2001-08-18 02:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2013-03-14 17:43 . 2001-08-17 16:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2013-03-14 17:42 . 2001-08-17 16:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2013-03-14 17:42 . 2001-08-18 02:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2013-03-14 17:42 . 2001-08-17 16:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2013-03-14 17:42 . 2001-08-17 17:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2013-03-14 17:42 . 2001-08-17 17:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2013-03-14 17:42 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2013-03-14 17:42 . 2001-08-17 16:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2013-03-14 17:42 . 2001-08-17 16:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2013-03-14 17:42 . 2001-08-17 16:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2013-03-14 17:42 . 2004-08-04 02:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2013-03-14 17:42 . 2001-08-17 16:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2013-03-14 17:40 . 2001-08-17 17:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-03-14 17:40 . 2001-08-17 18:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-03-14 17:40 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-03-14 17:40 . 2001-08-17 18:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-03-14 17:40 . 2001-08-17 17:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-03-14 17:40 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2013-03-14 17:40 . 2001-08-17 17:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2013-03-14 17:38 . 2004-08-04 02:41 606684 -c--a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2013-03-14 17:37 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2013-03-14 17:36 . 2001-08-18 02:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2013-03-14 17:35 . 2001-08-17 17:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2013-03-14 17:34 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-03-14 17:33 . 2001-08-17 16:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2013-03-14 17:32 . 2001-08-17 17:50 144896 -c--a-w- c:\windows\system32\dllcache\epcfw2k.sys
2013-03-14 17:31 . 2001-08-17 16:14 952007 -c--a-w- c:\windows\system32\dllcache\diwan.sys
2013-03-14 17:30 . 2008-04-14 00:11 249856 -c--a-w- c:\windows\system32\dllcache\ctmasetp.dll
2013-03-14 17:29 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2013-03-14 17:28 . 2001-08-17 18:56 342336 -c--a-w- c:\windows\system32\dllcache\banshee.dll
2013-03-14 17:27 . 2001-08-17 16:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2013-03-14 17:26 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-03-14 16:50 . 2013-03-14 16:50 -------- d-----w- c:\documents and settings\Sharon McGuire\Application Data\Ahead
2013-03-14 16:36 . 2013-03-14 16:36 -------- d-----w- c:\documents and settings\Sharon McGuire\Local Settings\Application Data\Sun
2013-03-14 16:24 . 2013-03-14 16:24 -------- d-----w- c:\program files\Common Files\Java
2013-03-14 16:23 . 2013-03-14 16:23 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-14 16:23 . 2013-03-14 16:23 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-14 16:23 . 2013-03-14 16:23 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-13 18:23 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-13 18:23 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-13 18:23 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-13 18:23 . 2013-03-06 22:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-13 18:22 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-13 18:22 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-13 18:22 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-13 18:22 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-13 18:22 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-13 18:21 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-13 18:18 . 2013-03-13 18:18 -------- d-----w- c:\program files\AVAST Software
2013-03-13 18:18 . 2013-03-13 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-03-13 16:57 . 2013-03-14 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-03-13 16:53 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-03-13 16:53 . 2013-03-13 16:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-03-13 01:36 . 2013-03-13 01:36 15859416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-13 01:09 . 2013-03-13 01:09 -------- d-----w- c:\documents and settings\Sharon McGuire\Application Data\Malwarebytes
2013-03-13 01:08 . 2013-03-13 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-03-13 01:08 . 2013-03-13 01:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-13 01:08 . 2012-12-14 20:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 00:32 . 2013-03-13 00:32 -------- d-----w- c:\documents and settings\Administrator
2013-03-12 13:02 . 2013-03-12 13:02 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2013-02-27 02:35 . 2013-03-13 19:34 -------- d-----w- c:\documents and settings\Sharon McGuire\Application Data\WindowsDatabase
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 16:23 . 2010-08-23 18:08 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 01:37 . 2012-03-28 12:35 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 01:37 . 2012-03-28 12:35 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-05 20:05 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-04 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-17 06:28 . 2010-08-23 16:05 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-07 01:19 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"nwiz"="nwiz.exe" [2008-05-07 1630208]
"NvMediaCenter"="NvMCTray.dll" [2008-05-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-07 13529088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-10-26 2643320]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\Sharon McGuire\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-12-6 6186872]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [N/A]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-12-6 1176464]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2009\QBW32.EXE [2012-12-6 1181584]
SolidWorks Background Downloader.lnk - c:\program files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2010-12-26 1826600]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McComponentHostService"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/13/2013 2:22 PM 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/13/2013 2:22 PM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/13/2013 2:23 PM 368176]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/6/2009 6:06 AM 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/13/2013 2:23 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/13/2013 2:22 PM 66336]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [1/10/2012 10:56 AM 1248256]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [3/13/2013 12:53 PM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3/13/2013 12:53 PM 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [3/13/2013 12:54 PM 168384]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/13/2013 2:22 PM 164736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 15:23 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 16:35]
.
2013-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2013-03-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-13 22:32]
.
2013-03-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-03-13 18:08]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-05 12:24]
.
2013-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-05 12:24]
.
2013-03-13 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-03-13 18:07]
.
2013-03-13 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-03-13 18:07]
.
2013-03-15 c:\windows\Tasks\User_Feed_Synchronization-{98DBECE4-74B4-4A3C-9EAB-D47CB8C9A5D1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-12632188.sys
SafeBoot-67618738.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-14 21:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,71,20,4a,84,6f,56,42,bc,44,2c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,71,20,4a,84,6f,56,42,bc,44,2c,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3568)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-03-14  21:23:53
ComboFix-quarantined-files.txt  2013-03-15 01:23
ComboFix2.txt  2013-03-14 14:42
.
Pre-Run: 60,430,172,160 bytes free
Post-Run: 60,517,138,432 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 57BBB0D4191548C75FAC373E7CAD9CCE
 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:31 PM

Posted 15 March 2013 - 07:21 AM

How are things doing now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 CNC

CNC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 15 March 2013 - 08:28 AM

everything seems to be working fine....are there any special tests I need to do?



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:31 PM

Posted 15 March 2013 - 10:05 AM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • Adobe Reader X (10.1.4)
      Java™ 6 Update 21


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
  • .



    Update Adobe reader
    • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

      You can download it from http://www.adobe.com/products/acrobat/readstep2.html
      After installing the latest Adobe Reader, uninstall all previous versions.
      If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

        Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

    Clean Out Temp Files
    • This small application you may want to keep and use once a week to keep the computer clean.

      Download CCleaner from here http://www.ccleaner.com/
      • Run the installer to install the application.
      • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
      • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
      • Click Run Cleaner.
      • Close CCleaner.
: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


    Download HijackThis
    • Go Here to download HijackThis program
    • Save HijackThis to your desktop.
    • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
    • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
    • copy and paste hijackthis report into the topic
    "information and logs"
    • In your next post I need the following
      • Log From MBAM
      • report from Hijackthis
      • let me know of any problems you may have had
      • How is the computer doing now?
    Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 CNC

CNC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 16 March 2013 - 08:35 PM

OK...got that done...no problems...computer seems to be working fine now.

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.16.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sharon McGuire :: SHARON-FDF52AE8 [administrator]

3/15/2013 11:33:57 PM
mbam-log-2013-03-15 (23-33-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231663
Time elapsed: 6 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:41 PM, on 3/16/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sharon McGuire\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE
O4 - Global Startup: SolidWorks Background Downloader.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282581328500
O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13843 bytes






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users