Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus out smarts anti virus software, HELP !


  • This topic is locked This topic is locked
27 replies to this topic

#1 24tony

24tony

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 09 April 2013 - 12:32 PM

Hi

I have a P4 3.2HT, 1.5gig RAM 1.5tb HDD. I have been running XP home on this PC for 7 years. Recently IE8 has slowed down drastically. The PC also freezes whilst showing little memory use and low CPU usage. It also started to turn of my anti virus software (At the time AV). I had so much of a problem uninstalling AVG, even after using special uninstall software from the AVG site I gave up. I now have Avast free.
If I run Avast aswMBR.exe it shows 3 problems;

1) Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 3 (Text in yellow)
2) ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll >>UNKNOWN [0x8a6964f8]<< (Text in red)
3) \Driver\atapi[0x8a83ff38] -> IRP_MJ_CREATE -> 0x8a6964f8 (Text in red)

It did also show "Disk 0 unknown MBR code" but after several MBR rewrites it now shows "Disk 0 windows xp default MBR code".
I have tried Kaspersky, Codewalker, Dr Web, GMER and others, but none seem to be able to remove the pest.
I cannot start windows firewall as it is greyed out.
If I right click on "My Computer" and select "Properties" it no longer displays details of my PC under "Computer"

 

When booting, it seems to take ages from the pulsing blue bar to the welcome screen. It used to go from the blue bar to black for a short while then to the welcome screen. Now it's as if it boots up something (whilst the screen is black) before loading the operating system. As mentioned the MBR was not recognised at first, but now ok (I think).

 

It sometimes seems ok as a PC, but when using the internet or looking at security settings it seems to grind to a halt. I have run sfc /scannow but still the same. Many of the services will not start and it says I do not have permission to look at dependencies although it is an administrator account. If I right click on my LAN connection the PC freezes for 5 mins before showing the pop up status window.

 

I have pasted in the DDS log and attached the "Attach" log.

 

Any help would be much appreciated.

 

Tony

 

DDS log

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Tony Newton at 17:57:26 on 2013-04-09
.
============== Running Processes ================
.
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\SLEE503.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.yahoo.com/
uSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uWinlogon: Userinit = c:\windows\system32\userinit.exe
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\program files\spywareguard\dlprotect.dll
BHO: <No Name>: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - c:\program files\avast software\avast! ad blocker ie\Adblocker32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - LocalServer32 - <no file>
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\common\yhexbmesuk.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\common\yhexbmesuk.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [CookiePatrol] c:\progra~1\pestpa~1\CookiePatrol.exe
mRun: [PestPatrol Control Center] c:\progra~1\pestpa~1\PPControl.exe
mRun: [PPMemCheck] c:\progra~1\pestpa~1\PPMemCheck.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [SSS6_Suite] "c:\program files\steganos security suite 6\sss.exe" /booting
dRun: [SSS6_SAFE] "c:\program files\steganos security suite 6\safe.exe" /booting
dRun: [SSS6_SPM] "c:\program files\steganos security suite 6\spm.exe" /booting
dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRunOnce: [SSS2006] "c:\program files\steganos security suite 2006\SSS2006.exe" -firstboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: MaxRecentDocs = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoWinKey = dword:0
mPolicies-Explorer: NoNetConnextDisconnect = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:-1
mPolicies-Explorer: NoSMConfigurePrograms = dword:0
mPolicies-Explorer: NoControlPanle = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: NoAdminPage = dword:0
IE: &Yahoo! Search - /c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: My Password - c:\windows\system32\SUSBMyPwd.htm
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Yahoo! &Dictionary - /c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - /c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - /c:\program files\yahoo!\Common/ycsms.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {00000045-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/sg726acm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/Mydlink/activeX/DCP.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {3234504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/a/0/0/a0043c6c-8cd6-428e-9c9e-01883020f5ce/mpg4dmo.CAB
DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://e-mail.toyota-europe.com/,DanaInfo=ukburmfints01.toyotauk.com+iNotes6W.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} - hxxps://eu.mydlink.com/8D/activeX//TunnelX.ocx
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1362341553984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1362341441296
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - hxxps://eu.mydlink.com/8D/activeX//aplugLiteDL.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.1.90/activex/AMC.cab
DPF: {E87A4CD6-BA5F-4552-BC4F-8EC240A2755C} - hxxp://192.168.1.108:82/webrec.cab
DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} - hxxp://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8B87EF09-DEEF-48FF-B7A8-B25AE84E1331} : DHCPNameServer = 192.168.1.1
Handler: AutorunsDisabled - <Clsid value has no data>
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - <orphaned>
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - <orphaned>
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - <orphaned>
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - <orphaned>
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - <orphaned>
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages =  scecli scecli
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tony newton\application data\mozilla\firefox\profiles\kzuxufcr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Mixi.DJ Search
FF - prefs.js: browser.startup.homepage - hxxp://uk.search.yahoo.com/firefox/?fr=yff40-sfp
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\tony newton\application data\mozilla\firefox\profiles\kzuxufcr.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\tony newton\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\npMSDM.dll
FF - ExtSQL: 2013-02-20 11:18; pricepeep@getpricepeep.com; c:\documents and settings\tony newton\application data\mozilla\firefox\profiles\kzuxufcr.default\extensions\pricepeep@getpricepeep.com.xpi
FF - ExtSQL: 2013-03-17 19:36; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2013-04-06 13:04; plugin@selectionlinks.com; c:\documents and settings\tony newton\application data\mozilla\firefox\profiles\kzuxufcr.default\extensions\plugin@selectionlinks.com
FF - ExtSQL: 2013-04-06 13:07; ffxtlbr@mixidj.com; c:\documents and settings\tony newton\application data\mozilla\firefox\profiles\kzuxufcr.default\extensions\ffxtlbr@mixidj.com
FF - ExtSQL: 2013-04-06 13:09; {0F827075-B026-42F3-885D-98981EE7B1AE}; c:\documents and settings\all users\application data\browserprotect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF - ExtSQL: !HIDDEN! 2009-09-01 17:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.mixidj.tlbrSrchUrl -
FF - user.js: extensions.mixidj.id - 50d2dd7c000000000000001aee019cc6
FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
FF - user.js: extensions.mixidj.instlDay - 15801
FF - user.js: extensions.mixidj.vrsn - 1.8.4.1
FF - user.js: extensions.mixidj.vrsni - 1.8.4.1
FF - user.js: extensions.mixidj_i.vrsnTs - 1.8.4.113:07:51
FF - user.js: extensions.mixidj.prtnrId - mixidj
FF - user.js: extensions.mixidj.prdct - mixidj
FF - user.js: extensions.mixidj.aflt - babsst
FF - user.js: extensions.mixidj_i.smplGrp - none
FF - user.js: extensions.mixidj.tlbrId - mdelta
FF - user.js: extensions.mixidj.instlRef - sst
FF - user.js: extensions.mixidj.dfltLng - en
FF - user.js: extensions.mixidj_i.excTlbr - false
FF - user.js: extensions.mixidj.excTlbr - false
FF - user.js: extensions.mixidj.admin - false
FF - user.js: extensions.mixidj.autoRvrt - false
FF - user.js: extensions.mixidj.rvrt - false
FF - user.js: extensions.mixidj_i.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R? 2F397D6B5F0;2F397D6B5F0
R? 4868D6C2FA4;4868D6C2FA4
R? acfva;acfva
R? aswVmm;aswVmm
R? AVGIDSAgent;AVGIDSAgent
R? avgwd;AVG WatchDog
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? cpuz136;cpuz136
R? dgcfltr;DGC Filter Driver
R? EaseUS Agent;EaseUS Agent Service
R? fsssvc;Windows Live Family Safety Service
R? FTD2XX;FTD2XX.SYS FT8U2XX device driver
R? FVNETusbXP;Belkin 11Mbps Wireless USB Network Adapter®
R? Guard Agent;Guard Agent Service
R? IcRecUsb;IC Recorder Driver
R? LxrSGe10d;LxrSGe10d
R? McComponentHostService;McAfee Security Scan Component Host Service
R? NDISLOOP;Virtual TT-DVB USB Adapter Driver
R? nmwcdnsu;Nokia USB Flashing Phone Parent
R? nmwcdnsuc;Nokia USB Flashing Generic
R? P1171VID;Creative WebCam Notebook #2
R? pwdrvio;pwdrvio
R? pwdspio;pwdspio
R? SatSrv;Steganos AntiTheft
R? SolutoRemoteService;Soluto Remote Service
R? TTDVBUSB;TechnoTrend - TT-DVB USB Driver
R? Usblink;Usblink Driver
R? VC0130Afx;VC130 Audio FX
R? VC0130Aud;VC0130 Audio
R? VC0130Dev;Live! Cam Notebook Ultra
R? VC0130Vfx;VC0130 Video FX
R? vToolbarUpdater14.2.0;vToolbarUpdater14.2.0
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys)
S? !SASCORE;SAS Core Service
S? AsrVDrive;AsrVDrive
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswRvrt;aswRvrt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? camvid20;Philips ToUcam Camera; Video
S? EUBAKUP;EUBAKUP
S? EUBKMON;EUBKMON
S? EUDSKACS;EUDSKACS
S? EUFDDISK;EUFDDISK
S? fssfltr;fssfltr
S? NProtectService;Norton Unerase Protection
S? pnpshark;pnpshark
S? PQIMount;PQIMount
S? PQV2i;PQV2i
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SgtSch2Svc;Seagate Scheduler2 Service
S? SI3112r;Silicon Image SiI 3112 SATARaid Controller
S? SLEE_13_DRIVER;Steganos Live Encryption Engine 13 [Driver]
S? SLEE_503_DRIVER;Steganos Live Encryption Engine (Version 503) [Driver]
S? Soluto;Soluto
S? SolutoLauncherService;Soluto Launcher Service
S? SolutoService;Soluto PCGenome Core Service
S? st3shark;st3shark
S? vididr;Acronis Virtual Disk
S? vidsflt53;Acronis Disk Storage Filter (53)
S? vsdatant;vsdatant
S? vsmon;TrueVector Internet Monitor
.
=============== File Associations ===============
.
ShellExec: ApplicationInstaller.exe: Open=blank
ShellExec: ContentCopier.exe: Open=blank
ShellExec: GSpot.exe: open=blank
ShellExec: Paint Shop Pro.exe: open=blank
ShellExec: uharcd.exe: open=blank
ShellExec: WinUHA.EXE: open=blank
.
=============== Created Last 30 ================
.
2013-04-07 10:08:40 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-04-07 10:08:40 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-04-07 10:08:39 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-04-07 10:08:38 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-04-07 10:08:36 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-04-07 10:08:28 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2013-04-07 10:08:22 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-04-07 10:08:17 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-04-07 10:08:05 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-04-07 10:07:29 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2013-04-07 10:07:22 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-04-07 10:07:20 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-04-07 10:07:03 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2013-04-07 10:06:59 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2013-04-07 10:06:58 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2013-04-07 10:05:16 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2013-04-07 10:05:14 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2013-04-07 10:05:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2013-04-07 10:03:58 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2013-04-07 10:02:57 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2013-04-07 10:01:56 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2013-04-07 10:00:58 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2013-04-07 09:59:56 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2013-04-07 09:58:59 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2013-04-07 09:57:58 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2013-04-07 09:57:57 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2013-04-07 09:57:51 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2013-04-07 09:57:50 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2013-04-07 09:57:41 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2013-04-07 09:57:40 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2013-04-07 09:57:34 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2013-04-07 09:57:30 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2013-04-07 09:57:19 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2013-04-07 09:57:16 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2013-04-07 09:57:11 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2013-04-07 09:56:27 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2013-04-07 09:56:17 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2013-04-07 09:56:15 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2013-04-07 09:56:13 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2013-04-07 09:56:11 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2013-04-07 09:54:45 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2013-04-07 09:52:54 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2013-04-07 09:51:55 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2013-04-07 09:50:50 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2013-04-07 09:50:44 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-04-07 09:50:34 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-04-07 09:50:30 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-04-07 09:50:11 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-04-07 09:50:09 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-04-07 09:48:58 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
2013-04-07 09:47:47 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2013-04-07 09:47:47 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2013-04-07 09:47:16 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2013-04-07 09:47:16 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2013-04-07 09:47:15 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2013-04-07 09:47:14 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2013-04-07 09:47:04 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2013-04-07 09:47:04 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2013-04-07 09:47:02 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2013-04-07 09:46:59 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2013-04-07 09:46:47 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2013-04-07 09:46:46 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2013-04-07 09:46:45 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2013-04-07 09:46:42 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2013-04-07 09:46:40 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2013-04-07 09:43:59 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2013-04-07 09:42:48 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2013-04-07 09:42:46 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2013-04-07 09:42:45 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2013-04-07 09:42:42 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2013-04-07 09:42:40 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2013-04-07 09:42:38 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2013-04-07 09:42:37 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2013-04-07 09:42:36 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2013-04-07 09:42:35 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2013-04-07 09:42:33 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2013-04-07 09:42:16 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2013-04-07 09:42:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2013-04-07 09:42:14 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2013-04-07 09:40:55 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2013-04-07 09:39:59 77386 -c--a-w- c:\windows\system32\dllcache\el656nd5.sys
2013-04-07 09:38:44 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2013-04-07 09:37:58 131156 -c--a-w- c:\windows\system32\dllcache\digidbp.dll
2013-04-07 09:36:59 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2013-04-07 09:35:56 272640 -c--a-w- c:\windows\system32\dllcache\cinemclc.sys
2013-04-07 09:34:59 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2013-04-07 09:30:19 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2013-04-07 09:30:03 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2013-04-07 09:30:01 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2013-04-07 09:30:00 26568 -c--a-w- c:\windows\system32\dllcache\bcm4e5.sys
2013-04-07 09:28:59 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
2013-04-07 09:27:23 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2013-04-07 09:27:22 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2013-04-07 09:27:20 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2013-04-07 09:27:18 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys
2013-04-07 09:27:17 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2013-04-07 09:27:15 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2013-04-07 09:27:14 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys
2013-04-07 09:27:13 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys
2013-04-07 09:27:08 61440 -c--a-w- c:\windows\system32\dllcache\acerscad.dll
2013-04-07 09:27:05 84480 -c--a-w- c:\windows\system32\dllcache\ac97via.sys
2013-04-07 09:27:03 297728 -c--a-w- c:\windows\system32\dllcache\ac97sis.sys
2013-04-07 09:27:01 96256 -c--a-w- c:\windows\system32\dllcache\ac97intc.sys
2013-04-07 09:26:59 231552 -c--a-w- c:\windows\system32\dllcache\ac97ali.sys
2013-04-07 09:26:57 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2013-04-07 09:26:55 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll
2013-04-07 09:26:52 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2013-04-07 09:26:48 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2013-04-07 09:26:46 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2013-04-07 09:26:44 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2013-04-07 09:26:42 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2013-04-07 09:26:39 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2013-04-07 09:25:51 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-04-06 18:08:26 -------- d-----w- c:\documents and settings\tony newton\application data\SUPERAntiSpyware.com
2013-04-06 18:08:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-04-06 18:08:05 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-04-06 12:08:49 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-04-06 12:06:58 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2013-04-06 12:06:49 -------- d-----w- c:\program files\Soluto
2013-04-06 12:05:35 -------- d-----w- c:\documents and settings\all users\application data\Soluto
2013-04-06 12:04:15 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2013-04-06 12:04:14 -------- d-----w- c:\documents and settings\tony newton\application data\Babylon
2013-04-06 12:03:51 -------- d-----w- c:\program files\OApps
2013-04-05 20:00:02 22024 ----a-w- c:\windows\system32\drivers\AsrVDrive.sys
2013-04-05 20:00:02 -------- d-----w- c:\program files\ASRock Utility
2013-04-04 19:36:07 -------- d-----w- c:\documents and settings\tony newton\local settings\application data\Jiri_Cincura_-_x2develop
2013-03-29 18:21:55 2888384 ----a-w- c:\windows\system32\pwNative.exe
2013-03-29 18:21:54 15576 ------w- c:\windows\system32\pwdrvio.sys
2013-03-29 18:21:51 10200 ------w- c:\windows\system32\pwdspio.sys
2013-03-29 18:21:25 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.8
2013-03-28 20:41:14 -------- d-----w- c:\program files\ESET
2013-03-23 11:15:29 -------- d-----w- c:\documents and settings\tony newton\application data\Malwarebytes
2013-03-23 11:15:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-03-23 11:15:14 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-23 11:15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-22 18:39:42 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-03-22 16:33:24 -------- d---a-w- C:\$Anvi Rescue Disk$
2013-03-21 18:47:45 -------- d-----w- c:\documents and settings\tony newton\application data\Avast Ad Blocker
2013-03-19 20:16:05 -------- d-----w- c:\program files\Dropbox
2013-03-17 19:37:16 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-17 19:37:15 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-17 19:37:14 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-17 19:37:13 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-17 19:36:16 41664 ----a-w- c:\windows\avastSS.scr
2013-03-17 19:35:49 -------- d-----w- c:\program files\AVAST Software
2013-03-17 19:34:54 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-03-16 19:21:09 -------- d-sh--w- C:\BOOT
2013-03-16 12:28:32 -------- d-----w- C:\AVGTemp
2013-03-16 11:49:22 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2013-03-16 11:48:18 -------- d-----w- c:\program files\AVG
2013-03-15 20:16:21 -------- d-----w- c:\documents and settings\tony newton\Doctor Web
2013-03-14 18:30:57 -------- d-----w- c:\documents and settings\all users\application data\AVGGGG
2013-03-14 18:10:09 -------- d-----w- c:\documents and settings\all users\application data\Norton
2013-03-14 18:10:07 -------- d-----w- c:\program files\NortonInstaller
2013-03-14 18:10:07 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2013-03-14 17:43:41 6940 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-03-14 16:11:27 -------- d-----w- c:\documents and settings\all users\AVG Secure Search
2013-03-10 17:50:22 185672 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2013-03-10 17:50:21 14920 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2013-03-10 17:50:20 50248 ----a-w- c:\windows\system32\drivers\eubakup.sys
2013-03-10 17:50:18 40648 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2013-03-10 17:49:01 19528 ----a-w- c:\windows\system32\fbnative.exe
.
==================== Find3M  ====================
.
2013-03-23 23:11:25 321024 --sha-w- C:\EUMONBMP.SYS
2013-03-06 20:34:45 1528 ----a-w- c:\windows\SharedDLLs.REG
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-08 04:37:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-05 21:48:14 3006304 ----a-w- c:\windows\system32\AutoPartNt.exe
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-02-04 22:28:22 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-02-04 22:28:07 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
2013-02-04 22:27:40 169088 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-02-04 21:27:25 125472 ----a-w- c:\windows\system32\drivers\vididr.sys
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
.
============= FINISH: 17:59:53.00 ===============

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:28 PM

Posted 09 April 2013 - 12:53 PM


Hello 24tony

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 24tony

24tony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 09 April 2013 - 02:17 PM

HiGringo

 

I downloaded SecurityCheck and ran it. It did come up with:

 

Autolt Error

Line-1:

Error: Variable must be of type "Object.

 

Then ran and produced the log.

 

Downloaded AdwCleaner & RougeKiller and ran.

All 3 logs attached.

 

Firewall still cannot be accessed and that is mentioned in one of the logs.

It seems like the beast lives on (For now)

 

Many thanks for your help.

 

Tony

 


SecurityCheck Log

 

 Results of screen317's Security Check version 0.99.62 
 Windows XP Service Pack 3 x86 (UAC is enabled) 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 avast! Free Antivirus   
 avast! Ad Blocker   
 Desktop Resetter    
 McAfee Security Scan Plus  
 ZoneAlarm     
 ZoneAlarm Pro    
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Out of date HijackThis  installed!
 Spybot - Search & Destroy 1.2
 SpywareBlaster v3.5.1   
 SpywareGuard v2.2   
 SUPERAntiSpyware    
 Norton Ghost 9.0  
 HijackThis 1.99.1   
 CleanMyPC - Registry Cleaner 
 EasyCleaner    
 Java™ 6 Update 13 
 Java™ SE Runtime Environment 6 Update 1
 Java™ 6 Update 2 
 Java™ 6 Update 3 
 Java™ 6 Update 5 
 Java™ 6 Update 7 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 7 Adobe Reader out of Date!
 Mozilla Firefox (4.0.1)
 Google Chrome 26.0.1410.43 
````````Process Check: objlist.exe by Laurent```````` 
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


AdwCleaner Log

 

# AdwCleaner v2.200 - Logfile created 04/09/2013 at 19:38:06
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Tony Newton - TONY-78ZHQ8WG2D
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Tony Newton\Desktop\AdwCleaner\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Tony Newton\Application Data\Mozilla\Firefox\Profiles\kzuxufcr.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Documents and Settings\Tony Newton\Application Data\Mozilla\Firefox\Profiles\kzuxufcr.default\searchplugins\Conduit.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\~0
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\Tony Newton\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Tony Newton\Application Data\Mozilla\Firefox\Profiles\kzuxufcr.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Tony Newton\Application Data\Mozilla\Firefox\Profiles\kzuxufcr.default\CT2801948
Folder Deleted : C:\Documents and Settings\Tony Newton\Application Data\Mozilla\Firefox\Profiles\kzuxufcr.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
Folder Deleted : C:\Documents and Settings\Tony Newton\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Tony Newton\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Tony Newton\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\Tony Newton\Local Settings\Application Data\NCH_EN
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\NCH_EN
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\5e68adbe068eb12
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\NCH_EN
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\5e68adbe068eb12
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C2B905D-4DD8-40F4-B5C7-3F35FF1BEB70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25E3372C-86C9-4207-8BC5-1EBF79ECBB04}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A14E7D72-CE55-473D-835C-F919D4E45C97}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA9E2C49-8790-49AD-92B5-86A6E7CFD6E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NCH_EN Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3C2B905D-4DD8-40F4-B5C7-3F35FF1BEB70}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\NCH_EN
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v4.0.1 (en-GB)

File : C:\Documents and Settings\Tony Newton\Application Data\Mozilla\Firefox\Profiles\kzuxufcr.default\prefs.js

C:\Documents and Settings\Tony Newton\Application Data\Mozilla\Firefox\Profiles\kzuxufcr.default\user.js ... Deleted !

Deleted : user_pref("CT2801948..clientLogIsEnabled", false);
Deleted : user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2801948.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2801948.BrowserCompStateIsOpen_129799503686523541", true);
Deleted : user_pref("CT2801948.BrowserCompStateIsOpen_129815072111847605", true);
Deleted : user_pref("CT2801948.BrowserCompStateIsOpen_1359634298000", true);
Deleted : user_pref("CT2801948.CTID", "ct2801948");
Deleted : user_pref("CT2801948.CurrentServerDate", "6-4-2013");
Deleted : user_pref("CT2801948.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2801948.DialogsGetterLastCheckTime", "Sat Apr 06 2013 15:29:27 GMT+0100 (GMT Daylight T[...]
Deleted : user_pref("CT2801948.DownloadReferralCookieData", "");
Deleted : user_pref("CT2801948.EMailNotifierPollDate", "Fri Jul 15 2011 19:44:10 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2801948.FirstServerDate", "14-7-2011");
Deleted : user_pref("CT2801948.FirstTime", true);
Deleted : user_pref("CT2801948.FirstTimeFF3", true);
Deleted : user_pref("CT2801948.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2801948.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2801948.HasUserGlobalKeys", true);
Deleted : user_pref("CT2801948.Initialize", true);
Deleted : user_pref("CT2801948.InitializeCommonPrefs", true);
Deleted : user_pref("CT2801948.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2801948.InstallationId", "ConduitStubGeneric");
Deleted : user_pref("CT2801948.InstallationType", "ConduitStubIntegration");
Deleted : user_pref("CT2801948.InstalledDate", "Thu Jul 14 2011 17:08:11 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2801948.IsAlertDBUpdated", true);
Deleted : user_pref("CT2801948.IsGrouping", false);
Deleted : user_pref("CT2801948.IsInitSetupIni", true);
Deleted : user_pref("CT2801948.IsMulticommunity", false);
Deleted : user_pref("CT2801948.IsOpenThankYouPage", false);
Deleted : user_pref("CT2801948.IsOpenUninstallPage", true);
Deleted : user_pref("CT2801948.LanguagePackLastCheckTime", "Thu Jul 14 2011 17:08:17 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2801948.LastLogin_3.13.0.6", "Tue Aug 21 2012 20:27:30 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2801948.LastLogin_3.15.1.0", "Thu Nov 22 2012 05:49:24 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2801948.LastLogin_3.16.0.100", "Mon Feb 11 2013 03:29:20 GMT+0000 (GMT Standard Time)")[...]
Deleted : user_pref("CT2801948.LastLogin_3.16.0.3", "Thu Jan 03 2013 18:10:02 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2801948.LastLogin_3.18.0.7", "Sat Apr 06 2013 15:29:17 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2801948.LastLogin_3.5.0.12", "Fri Jul 15 2011 16:04:09 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2801948.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT2801948.Locale", "en-us");
Deleted : user_pref("CT2801948.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2801948.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2801948.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2801948.OriginalFirstVersion", "3.5.0.12");
Deleted : user_pref("CT2801948.RadioIsPodcast", false);
Deleted : user_pref("CT2801948.RadioMediaID", "21435220");
Deleted : user_pref("CT2801948.RadioMediaType", "Media Player");
Deleted : user_pref("CT2801948.RadioMenuSelectedID", "EBRadioMenu_CT280194821435220");
Deleted : user_pref("CT2801948.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2801948.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Deleted : user_pref("CT2801948.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...]
Deleted : user_pref("CT2801948.SavedHomepage", "hxxp://uk.yahoo.com/");
Deleted : user_pref("CT2801948.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2801948.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...]
Deleted : user_pref("CT2801948.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2801948.SearchInNewTabLastCheckTime", "Thu Jul 14 2011 17:08:09 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2801948.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2801948.ServiceMapLastCheckTime", "Sat Apr 06 2013 15:28:51 GMT+0100 (GMT Daylight Time[...]
Deleted : user_pref("CT2801948.SettingsLastCheckTime", "Thu Jul 14 2011 17:08:03 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2801948.SettingsLastUpdate", "1306530423");
Deleted : user_pref("CT2801948.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2801948.ThirdPartyComponentsLastCheck", "Thu Jul 14 2011 17:08:01 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT2801948.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2801948.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801948");
Deleted : user_pref("CT2801948.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2801948.UserID", "UN86191229120320647");
Deleted : user_pref("CT2801948.alertChannelId", "1194029");
Deleted : user_pref("CT2801948.ct2801948.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2801948.ct2801948.InvalidateCache", false);
Deleted : user_pref("CT2801948.ct2801948.LanguagePackLastCheckTime", "Sat Apr 06 2013 15:29:34 GMT+0100 (GMT D[...]
Deleted : user_pref("CT2801948.ct2801948.Locale", "en-us");
Deleted : user_pref("CT2801948.ct2801948.RadioLastCheckTime", "Sat Jul 16 2011 17:09:07 GMT+0100 (GMT Daylight[...]
Deleted : user_pref("CT2801948.ct2801948.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2801948.ct2801948.RadioLastUpdateServer", "129307496595170000");
Deleted : user_pref("CT2801948.ct2801948.SearchInNewTabLastCheckTime", "Sat Apr 06 2013 15:28:45 GMT+0100 (GMT[...]
Deleted : user_pref("CT2801948.ct2801948.SettingsLastCheckTime", "Sat Apr 06 2013 15:28:43 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2801948.ct2801948.SettingsLastUpdate", "1365235950");
Deleted : user_pref("CT2801948.ct2801948.ThirdPartyComponentsLastCheck", "Thu Jul 14 2011 17:08:11 GMT+0100 (G[...]
Deleted : user_pref("CT2801948.ct2801948.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2801948.ct2801948.globalFirstTimeInfoLastCheckTime", "Sun Jul 17 2011 16:04:07 GMT+0100[...]
Deleted : user_pref("CT2801948.ct2801948.toolbarAppMetaDataLastCheckTime", "Sat Apr 06 2013 15:29:35 GMT+0100 [...]
Deleted : user_pref("CT2801948.ct2801948.toolbarContextMenuLastCheckTime", "Thu Jul 14 2011 17:08:19 GMT+0100 [...]
Deleted : user_pref("CT2801948.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2801948.globalFirstTimeInfoLastCheckTime", "Fri Jul 15 2011 05:08:26 GMT+0100 (GMT Dayl[...]
Deleted : user_pref("CT2801948.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2801948.initDone", true);
Deleted : user_pref("CT2801948.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2801948.isFirstRadioInstallation", false);
Deleted : user_pref("CT2801948.myStuffEnabled", true);
Deleted : user_pref("CT2801948.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2801948.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2801948.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2801948.oldAppsList", "129306881620344305,129306881621438061,111,129306881624250628,129[...]
Deleted : user_pref("CT2801948.revertSettingsEnabled", true);
Deleted : user_pref("CT2801948.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2801948.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2801948.testingCtid", "");
Deleted : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Thu Jul 14 2011 17:08:07 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2801948.toolbarContextMenuLastCheckTime", "Thu Jul 14 2011 17:08:18 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2801948.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801948&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "NCH EN Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2801948/CT2801948[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2801948", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2801948/CT2801948[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2801948/CT2801948[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Tony Newton\\Appli[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/?d=4dd69845&i=23&t[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2801948");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2801948");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2801948");
Deleted : user_pref("CommunityToolbar.globalUserId", "5348bb99-d241-4069-9786-a96ed856e1f1");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801948");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jul 14 2011 17:08:0[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jul 17 2011 17:10:51 GMT+0100 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "9bdd4d03-e34b-4674-b7a1-1e53f5be9a82");
Deleted : user_pref("browser.search.defaultthis.engineName", "NCH EN Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&Sea[...]

-\\ Google Chrome v26.0.1410.43

File : C:\Documents and Settings\Tony Newton\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Documents and Settings\Tony Newton\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [25499 octets] - [09/04/2013 19:38:06]

########## EOF - C:\AdwCleaner[S1].txt - [25560 octets] ##########

 


RogueKiller Log

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Tony Newton [Admin rights]
Mode : Remove -- Date : 04/09/2013 20:00:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] StartupMonitor.exe -- C:\WINDOWS\StartupMonitor.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[TASK][SUSP PATH] Install_NSS.job : C:\Documents and Settings\Tony Newton\Desktop\Norton Security scan\NSSstub.exe /DownLoad [x] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_CREATE_NAMED_PIPE] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_CLOSE] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_READ] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_WRITE] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_QUERY_INFORMATION] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_SET_INFORMATION] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_QUERY_EA] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_SET_EA] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_FLUSH_BUFFERS] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_QUERY_VOLUME_INFORMATION] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_SET_VOLUME_INFORMATION] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_DIRECTORY_CONTROL] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_FILE_SYSTEM_CONTROL] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_DEVICE_CONTROL] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_SHUTDOWN] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_LOCK_CONTROL] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_CLEANUP] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_CREATE_MAILSLOT] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_QUERY_SECURITY] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_SET_SECURITY] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_POWER] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_SYSTEM_CONTROL] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_DEVICE_CHANGE] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_QUERY_QUOTA] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_SET_QUOTA] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)
IRP[IRP_MJ_PNP] :           -> HOOKED ([MAJOR] Unknown @ 0x8A73E1D0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

 127.0.0.1  localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 53fec186fe4d21581bdcebeae2f752d3
[BSP] 866c92cb65db255089a3c7373f2a75c5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 80003 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 163846935 | Size: 49999 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 266245245 | Size: 823864 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04092013_02d2000.txt >>
RKreport[1]_S_04092013_02d1955.txt ; RKreport[2]_D_04092013_02d2000.txt

 

 

 


 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:28 PM

Posted 09 April 2013 - 03:07 PM


Hello 24tony

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 24tony

24tony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 09 April 2013 - 04:14 PM

Hi Grino

 

The PC seems the same, its just as if it's a game of wits and it tries to slow down what you want to do if it has anything to do with security.

 

I Can turn on windows firewall, but under Advanced it states the files are corrupt. If I click on restore defaults, it is still the same. Always seems one step ahead!

 

It is a little better as I can now right click on connections (Newwork connections) and the window pops up straight away, as before it froze for several minutes.

 

Tony

 

 

 

 

ComboFix 13-04-09.01 - Tony Newton 09/04/2013  21:26:03.1.2 - x86
Running from: c:\documents and settings\Tony Newton\Desktop\Bleeping\ComboFix\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\8437165.pad
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Tony Newton\Favorites\Thumbs.db
c:\documents and settings\Tony Newton\Recent\Thumbs.db
c:\documents and settings\Tony Newton\WINDOWS
c:\windows\daemon.dll
c:\windows\EventSystem.log
c:\windows\is-LD4LL.exe
c:\windows\SET427.tmp
c:\windows\ST6UNST.000
c:\windows\system\BCBSMP35.BPL
c:\windows\system32\_005683_.tmp.dll
c:\windows\system32\_005684_.tmp.dll
c:\windows\system32\_005685_.tmp.dll
c:\windows\system32\_005686_.tmp.dll
c:\windows\system32\_005693_.tmp.dll
c:\windows\system32\_005694_.tmp.dll
c:\windows\system32\_005695_.tmp.dll
c:\windows\system32\_005696_.tmp.dll
c:\windows\system32\_005698_.tmp.dll
c:\windows\system32\_005699_.tmp.dll
c:\windows\system32\_005702_.tmp.dll
c:\windows\system32\_005703_.tmp.dll
c:\windows\system32\_005705_.tmp.dll
c:\windows\system32\_005706_.tmp.dll
c:\windows\system32\_005707_.tmp.dll
c:\windows\system32\_005709_.tmp.dll
c:\windows\system32\_005712_.tmp.dll
c:\windows\system32\_005713_.tmp.dll
c:\windows\system32\_005717_.tmp.dll
c:\windows\system32\_005718_.tmp.dll
c:\windows\system32\_005720_.tmp.dll
c:\windows\system32\_005723_.tmp.dll
c:\windows\system32\_005725_.tmp.dll
c:\windows\system32\_005726_.tmp.dll
c:\windows\system32\_005727_.tmp.dll
c:\windows\system32\_005728_.tmp.dll
c:\windows\system32\_005729_.tmp.dll
c:\windows\system32\_005732_.tmp.dll
c:\windows\system32\_005733_.tmp.dll
c:\windows\system32\_005734_.tmp.dll
c:\windows\system32\_005735_.tmp.dll
c:\windows\system32\_005736_.tmp.dll
c:\windows\system32\_005743_.tmp.dll
c:\windows\system32\C0130Afx.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\0691b279a910cfda.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\39a60887cde93279.fb
c:\windows\system32\Cache\3e22a148bc77f24b.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5fe680ff8011d242.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\acc4b0520b12ae7f.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b8e0fb6e1a5ac77b.fb
c:\windows\system32\Cache\c1650c9c85cef75b.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c54b9a5d372413b2.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e3fcc52432b9b711.fb
c:\windows\system32\Cache\ed583a6754284177.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fc9e02fe4c578ce4.fb
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET129.tmp
c:\windows\system32\SET12A.tmp
c:\windows\system32\SET12B.tmp
c:\windows\system32\SET12D.tmp
c:\windows\system32\SET12F.tmp
c:\windows\system32\SET131.tmp
c:\windows\system32\SET138.tmp
c:\windows\system32\SET139.tmp
c:\windows\system32\SET13C.tmp
c:\windows\system32\SET141.tmp
c:\windows\system32\SET142.tmp
c:\windows\system32\SET143.tmp
c:\windows\system32\SET145.tmp
c:\windows\system32\SET146.tmp
c:\windows\system32\SET147.tmp
c:\windows\system32\SET148.tmp
c:\windows\system32\SET149.tmp
c:\windows\system32\SET14B.tmp
c:\windows\system32\SET14C.tmp
c:\windows\system32\SET14D.tmp
c:\windows\system32\SET150.tmp
c:\windows\system32\SET157.tmp
c:\windows\system32\SET158.tmp
c:\windows\system32\SET159.tmp
c:\windows\system32\SET15C.tmp
c:\windows\system32\SET15E.tmp
c:\windows\system32\SET160.tmp
c:\windows\system32\SET167.tmp
c:\windows\system32\SET16A.tmp
c:\windows\system32\SET16B.tmp
c:\windows\system32\SET16D.tmp
c:\windows\system32\SET172.tmp
c:\windows\system32\SET173.tmp
c:\windows\system32\SET174.tmp
c:\windows\system32\SET175.tmp
c:\windows\system32\SET176.tmp
c:\windows\system32\SET17C.tmp
c:\windows\system32\SET181.tmp
c:\windows\system32\SET182.tmp
c:\windows\system32\SET185.tmp
c:\windows\system32\SET188.tmp
c:\windows\system32\SET189.tmp
c:\windows\system32\SET190.tmp
c:\windows\system32\SET191.tmp
c:\windows\system32\SET194.tmp
c:\windows\system32\SET198.tmp
c:\windows\system32\SET1A1.tmp
c:\windows\system32\SET1A2.tmp
c:\windows\system32\SET1A5.tmp
c:\windows\system32\SET1A7.tmp
c:\windows\system32\SET1A8.tmp
c:\windows\system32\SET1A9.tmp
c:\windows\system32\SET1AA.tmp
c:\windows\system32\SET1AB.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1BC.tmp
c:\windows\system32\SET1C1.tmp
c:\windows\system32\SET1C3.tmp
c:\windows\system32\SET1C5.tmp
c:\windows\system32\SET1C6.tmp
c:\windows\system32\SET1C7.tmp
c:\windows\system32\SET1CA.tmp
c:\windows\system32\SET1CB.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1D0.tmp
c:\windows\system32\SET1D4.tmp
c:\windows\system32\SET1D5.tmp
c:\windows\system32\SET1DB.tmp
c:\windows\system32\SET1DC.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1E5.tmp
c:\windows\system32\SET1EB.tmp
c:\windows\system32\SET1EC.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1EE.tmp
c:\windows\system32\SET1F0.tmp
c:\windows\system32\SET1F6.tmp
c:\windows\system32\SET202.tmp
c:\windows\system32\SET204.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET207.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET213.tmp
c:\windows\system32\SET215.tmp
c:\windows\system32\SET216.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21B.tmp
c:\windows\system32\SET21E.tmp
c:\windows\system32\SET223.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET230.tmp
c:\windows\system32\SET231.tmp
c:\windows\system32\SET238.tmp
c:\windows\system32\SET239.tmp
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET23D.tmp
c:\windows\system32\SET23E.tmp
c:\windows\system32\SET23F.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET242.tmp
c:\windows\system32\SET243.tmp
c:\windows\system32\SET244.tmp
c:\windows\system32\SET246.tmp
c:\windows\system32\SET247.tmp
c:\windows\system32\SET248.tmp
c:\windows\system32\SET24A.tmp
c:\windows\system32\SET24D.tmp
c:\windows\system32\SET252.tmp
c:\windows\system32\SET253.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET257.tmp
c:\windows\system32\SET259.tmp
c:\windows\system32\SET25A.tmp
c:\windows\system32\SET25B.tmp
c:\windows\system32\SET25D.tmp
c:\windows\system32\SET260.tmp
c:\windows\system32\SET262.tmp
c:\windows\system32\SET263.tmp
c:\windows\system32\SET266.tmp
c:\windows\system32\SET267.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SET26C.tmp
c:\windows\system32\SET26D.tmp
c:\windows\system32\SET26E.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET277.tmp
c:\windows\system32\SET27A.tmp
c:\windows\system32\SET27E.tmp
c:\windows\system32\SET280.tmp
c:\windows\system32\SET281.tmp
c:\windows\system32\SET283.tmp
c:\windows\system32\SET284.tmp
c:\windows\system32\SET285.tmp
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET28C.tmp
c:\windows\system32\SET28E.tmp
c:\windows\system32\SET28F.tmp
c:\windows\system32\SET293.tmp
c:\windows\system32\SET295.tmp
c:\windows\system32\SET297.tmp
c:\windows\system32\SET298.tmp
c:\windows\system32\SET299.tmp
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET29C.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2AB.tmp
c:\windows\system32\SET2AD.tmp
c:\windows\system32\SET2AE.tmp
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B1.tmp
c:\windows\system32\SET2B3.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2BA.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2D0.tmp
c:\windows\system32\SET2D1.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D5.tmp
c:\windows\system32\SET2DD.tmp
c:\windows\system32\SET2E4.tmp
c:\windows\system32\SET2E6.tmp
c:\windows\system32\SET2EF.tmp
c:\windows\system32\SET2F1.tmp
c:\windows\system32\SET304.tmp
c:\windows\system32\SET308.tmp
c:\windows\system32\SET30A.tmp
c:\windows\system32\SET30C.tmp
c:\windows\system32\SET312.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET324.tmp
c:\windows\system32\SET32A.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET32D.tmp
c:\windows\system32\SET32E.tmp
c:\windows\system32\SET334.tmp
c:\windows\system32\SET338.tmp
c:\windows\system32\SET346.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET349.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET356.tmp
c:\windows\system32\SET362.tmp
c:\windows\system32\SET372.tmp
c:\windows\system32\SET373.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A6.tmp
c:\windows\system32\SET3A7.tmp
c:\windows\system32\SET3A8.tmp
c:\windows\system32\SET3AA.tmp
c:\windows\system32\SET3AB.tmp
c:\windows\system32\SET3AC.tmp
c:\windows\system32\SET3AF.tmp
c:\windows\system32\SET3B1.tmp
c:\windows\system32\SET3B2.tmp
c:\windows\system32\SET3B4.tmp
c:\windows\system32\SET3B7.tmp
c:\windows\system32\SET3B9.tmp
c:\windows\system32\SET3BE.tmp
c:\windows\system32\SET3BF.tmp
c:\windows\system32\SET3C4.tmp
c:\windows\system32\SET3C7.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3D3.tmp
c:\windows\system32\SET3D6.tmp
c:\windows\system32\SET3D9.tmp
c:\windows\system32\SET3DB.tmp
c:\windows\system32\SET3DF.tmp
c:\windows\system32\SET3E1.tmp
c:\windows\system32\SET3E2.tmp
c:\windows\system32\SET3E6.tmp
c:\windows\system32\SET3E7.tmp
c:\windows\system32\SET3EB.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET3F6.tmp
c:\windows\system32\SET3F8.tmp
c:\windows\system32\SET3F9.tmp
c:\windows\system32\SET3FD.tmp
c:\windows\system32\SET3FF.tmp
c:\windows\system32\SET401.tmp
c:\windows\system32\SET687.tmp
c:\windows\system32\SET689.tmp
c:\windows\system32\SET68B.tmp
c:\windows\system32\SET68C.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SETE64.tmp
c:\windows\system32\SETE67.tmp
c:\windows\system32\SETE6C.tmp
c:\windows\system32\SETE94.tmp
c:\windows\system32\SETE9F.tmp
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\Windrv28.dat
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EPSONSTATUSAGENT2
-------\Service_EPSONStatusAgent2
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-09 to 2013-04-09  )))))))))))))))))))))))))))))))
.
.
2013-04-07 10:08 . 2008-04-14 04:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-04-07 10:08 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-04-07 10:08 . 2008-04-14 04:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-04-07 10:08 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-04-07 10:08 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-04-07 10:08 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2013-04-07 10:08 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-04-07 10:08 . 2008-04-13 21:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-04-07 10:08 . 2008-04-13 21:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-04-07 10:07 . 2008-04-13 23:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2013-04-07 10:07 . 2008-04-13 21:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-04-07 10:07 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-04-07 10:07 . 2001-08-17 12:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2013-04-07 10:06 . 2001-08-17 21:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2013-04-07 10:06 . 2001-08-17 21:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2013-04-07 10:05 . 2001-08-17 12:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2013-04-07 10:05 . 2008-04-13 21:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2013-04-07 10:05 . 2001-08-17 11:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2013-04-07 10:03 . 2001-08-17 12:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2013-04-07 10:02 . 2001-08-17 11:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2013-04-07 10:01 . 2001-08-17 13:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2013-04-07 10:00 . 2008-04-13 23:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2013-04-07 09:59 . 2008-04-13 21:05 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2013-04-07 09:58 . 2001-08-17 12:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2013-04-07 09:57 . 2001-08-17 21:36 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2013-04-07 09:57 . 2001-08-17 21:36 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2013-04-07 09:57 . 2008-04-14 04:42 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2013-04-07 09:57 . 2008-04-14 04:42 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2013-04-07 09:57 . 2001-08-17 11:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2013-04-07 09:57 . 2001-08-17 11:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2013-04-07 09:57 . 2001-08-17 21:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2013-04-07 09:57 . 2001-08-17 11:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2013-04-07 09:57 . 2008-04-13 23:10 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2013-04-07 09:57 . 2001-08-17 11:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2013-04-07 09:57 . 2001-08-17 21:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2013-04-07 09:56 . 2001-08-17 12:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2013-04-07 09:56 . 2001-08-17 12:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2013-04-07 09:56 . 2001-08-17 12:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2013-04-07 09:56 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2013-04-07 09:56 . 2001-08-17 12:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2013-04-07 09:54 . 2001-08-17 21:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2013-04-07 09:52 . 2001-08-17 21:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2013-04-07 09:51 . 2001-08-17 11:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2013-04-07 09:50 . 2008-04-13 23:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2013-04-07 09:50 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-04-07 09:50 . 2001-08-17 13:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-04-07 09:50 . 2008-04-13 23:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-04-07 09:50 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-04-07 09:50 . 2001-08-17 12:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-04-07 09:48 . 2008-04-13 21:09 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
2013-04-07 09:47 . 2001-08-17 21:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2013-04-07 09:47 . 2001-08-17 21:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2013-04-07 09:47 . 2008-04-14 04:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2013-04-07 09:47 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2013-04-07 09:47 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2013-04-07 09:47 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2013-04-07 09:47 . 2001-08-17 12:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2013-04-07 09:47 . 2001-08-17 12:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2013-04-07 09:47 . 2001-08-17 12:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2013-04-07 09:46 . 2008-04-13 23:24 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2013-04-07 09:46 . 2001-08-17 11:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2013-04-07 09:46 . 2001-08-17 21:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2013-04-07 09:46 . 2001-08-17 12:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2013-04-07 09:46 . 2001-08-17 12:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2013-04-07 09:46 . 2001-08-17 12:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2013-04-07 09:43 . 2001-08-17 13:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2013-04-07 09:42 . 2008-04-13 23:10 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2013-04-07 09:42 . 2001-08-17 12:51 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2013-04-07 09:42 . 2001-08-17 12:51 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2013-04-07 09:42 . 2008-04-13 23:15 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2013-04-07 09:42 . 2008-04-13 23:15 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2013-04-07 09:42 . 2001-08-17 11:49 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2013-04-07 09:42 . 2001-08-17 13:56 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2013-04-07 09:42 . 2001-08-17 11:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2013-04-07 09:42 . 2001-08-17 13:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2013-04-07 09:42 . 2001-08-17 11:15 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2013-04-07 09:42 . 2001-08-17 21:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2013-04-07 09:42 . 2001-08-17 11:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2013-04-07 09:42 . 2001-08-17 11:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2013-04-07 09:40 . 2001-08-17 21:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2013-04-07 09:39 . 2001-08-17 11:11 77386 -c--a-w- c:\windows\system32\dllcache\el656nd5.sys
2013-04-07 09:38 . 2001-08-17 12:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2013-04-07 09:37 . 2001-08-17 21:36 131156 -c--a-w- c:\windows\system32\dllcache\digidbp.dll
2013-04-07 09:36 . 2001-08-17 11:19 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2013-04-07 09:35 . 2001-08-17 13:02 272640 -c--a-w- c:\windows\system32\dllcache\cinemclc.sys
2013-04-07 09:34 . 2001-08-17 13:05 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2013-04-07 09:30 . 2001-08-17 21:36 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2013-04-07 09:30 . 2008-04-13 23:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2013-04-07 09:30 . 2001-08-17 12:28 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2013-04-07 09:30 . 2001-08-17 11:11 26568 -c--a-w- c:\windows\system32\dllcache\bcm4e5.sys
2013-04-07 09:28 . 2001-08-17 13:56 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
2013-04-07 09:27 . 2001-08-17 13:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2013-04-07 09:27 . 2001-08-17 11:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2013-04-07 09:27 . 2008-04-13 21:06 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2013-04-07 09:27 . 2001-08-17 11:19 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys
2013-04-07 09:27 . 2001-08-17 11:19 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2013-04-07 09:27 . 2001-08-17 11:19 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2013-04-07 09:27 . 2001-08-17 11:11 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys
2013-04-07 09:27 . 2001-08-17 12:53 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys
2013-04-07 09:27 . 2001-08-17 21:36 61440 -c--a-w- c:\windows\system32\dllcache\acerscad.dll
2013-04-07 09:27 . 2008-04-13 21:06 84480 -c--a-w- c:\windows\system32\dllcache\ac97via.sys
2013-04-07 09:27 . 2001-08-17 11:20 297728 -c--a-w- c:\windows\system32\dllcache\ac97sis.sys
2013-04-07 09:27 . 2001-08-17 11:20 96256 -c--a-w- c:\windows\system32\dllcache\ac97intc.sys
2013-04-07 09:26 . 2008-04-13 21:06 231552 -c--a-w- c:\windows\system32\dllcache\ac97ali.sys
2013-04-07 09:26 . 2001-08-17 12:52 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2013-04-07 09:26 . 2001-08-17 21:36 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll
2013-04-07 09:26 . 2001-08-17 13:55 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2013-04-07 09:26 . 2008-04-13 23:10 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2013-04-07 09:26 . 2001-08-17 11:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2013-04-07 09:26 . 2001-08-17 13:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2013-04-07 09:26 . 2001-08-17 12:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2013-04-07 09:26 . 2001-08-17 13:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2013-04-07 09:25 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-04-06 18:08 . 2013-04-06 18:08 -------- d-----w- c:\documents and settings\Tony Newton\Application Data\SUPERAntiSpyware.com
2013-04-06 18:08 . 2013-04-09 18:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-04-06 18:08 . 2013-04-06 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-04-06 12:08 . 2013-04-06 12:08 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-04-06 12:06 . 2013-04-04 16:19 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2013-04-06 12:06 . 2013-04-06 12:07 -------- d-----w- c:\program files\Soluto
2013-04-06 12:05 . 2013-04-06 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2013-04-05 20:00 . 2013-04-05 20:00 -------- d-----w- c:\program files\ASRock Utility
2013-04-05 20:00 . 2011-01-26 16:25 22024 ----a-w- c:\windows\system32\drivers\AsrVDrive.sys
2013-04-04 19:36 . 2013-04-04 19:36 -------- d-----w- c:\documents and settings\Tony Newton\Local Settings\Application Data\Jiri_Cincura_-_x2develop
2013-03-29 18:21 . 2013-03-07 13:37 2888384 ----a-w- c:\windows\system32\pwNative.exe
2013-03-29 18:21 . 2013-03-07 13:37 15576 ------w- c:\windows\system32\pwdrvio.sys
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-06 20:34 . 2013-03-06 20:34 1528 ----a-w- c:\windows\SharedDLLs.REG
2013-03-03 15:41 . 2013-03-03 15:41 8281168 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-02-12 00:32 . 2008-08-29 14:12 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2008-08-29 14:11 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 04:37 . 2013-02-08 04:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 04:37 . 2013-02-08 04:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-05 21:48 . 2013-02-05 21:48 3006304 ----a-w- c:\windows\system32\AutoPartNt.exe
2013-02-05 20:05 . 2001-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2001-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2001-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2005-08-19 14:14 385024 ----a-w- c:\windows\system32\html.iec
2013-02-04 22:28 . 2013-02-04 21:27 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-02-04 22:28 . 2013-02-04 21:27 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
2013-02-04 22:27 . 2013-02-04 21:26 169088 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-02-04 21:27 . 2013-02-04 21:27 125472 ----a-w- c:\windows\system32\drivers\vididr.sys
2013-01-26 03:55 . 2008-08-29 14:11 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-25 23:35 . 2013-03-10 17:49 19528 ----a-w- c:\windows\system32\fbnative.exe
2013-01-25 23:35 . 2013-03-10 17:50 185672 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2013-01-25 23:35 . 2013-03-10 17:50 40648 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2013-01-25 23:35 . 2013-03-10 17:50 14920 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2013-01-25 23:35 . 2013-03-10 17:50 50248 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-04-14 16:41 . 2011-05-12 16:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\documents and settings\Tony Newton\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\documents and settings\Tony Newton\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\documents and settings\Tony Newton\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\documents and settings\Tony Newton\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728]
"PestPatrol Control Center"="c:\progra~1\PESTPA~1\PPControl.exe" [2004-11-15 98304]
"PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 19968]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-04-19 935688]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-04-04 1285184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"SSS6_Suite"="c:\program files\Steganos Security Suite 6\sss.exe" [2004-01-29 827392]
"SSS6_SAFE"="c:\program files\Steganos Security Suite 6\safe.exe" [2004-02-02 204800]
"SSS6_SPM"="c:\program files\Steganos Security Suite 6\spm.exe" [2004-01-29 180224]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SSS2006"="c:\program files\Steganos Security Suite 2006\SSS2006.exe" [2006-02-01 5148672]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2006-10-1 376832]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2006-10-1 376832]
.
c:\documents and settings\Tony Newton\Start Menu\Programs\Startup\
avast! Free Antivirus.lnk - c:\program files\AVAST Software\Avast\AvastUI.exe [2013-3-17 4767304]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
Zone Labs Security (2).lnk - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe [2008-4-27 935688]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
adobe reader speed launch.lnk.disabled [2010-12-1 1766]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-8-20 169472]
Norton System Doctor.lnk - c:\program files\Norton Utilities\SYSDOC32.EXE [2005-8-20 24614]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"= 00000000
"MaxRecentDocs"= 0 (0x0)
"NoWinKey"= 0 (0x0)
"NoNetConnextDisconnect"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoControlPanle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BitWare Print Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BitWare Print Monitor.lnk
backup=c:\windows\pss\BitWare Print Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVB-USB Start Up Service.lnk]
backup=c:\windows\pss\DVB-USB Start Up Service.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON CardMonitor.lnk]
backup=c:\windows\pss\EPSON CardMonitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
backup=c:\windows\pss\LaunchU3.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tony Newton^Start Menu^Programs^Startup^SIGuardian.lnk]
backup=c:\windows\pss\SIGuardian.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2005-08-27 11:37 454144 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-02-06 17:02 170496 ----a-w- c:\program files\Common Files\ArcSoft\CONNECTION SERVICE\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2013-03-06 23:32 4767304 ----a-w- c:\program files\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2005-05-19 13:47 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2011-06-30 14:47 2638152 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2013-01-25 23:35 1372232 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2013-01-25 23:35 70728 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 17:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
2005-04-19 17:06 935688 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
R2 IcRecUsb;IC Recorder Driver;c:\windows\system32\Drivers\IcRecUsb.sys [x]
R3 2F397D6B5F0;2F397D6B5F0;c:\documents and settings\tony newton\local settings\temp\2F397D6B5F0.sys [x]
R3 4868D6C2FA4;4868D6C2FA4;c:\documents and settings\tony newton\local settings\temp\4868D6C2FA4.sys [x]
R3 acfva;acfva;c:\windows\system32\DRIVERS\ACFVA32.sys [x]
R3 aswVmm;aswVmm; [x]
R3 dgcfltr;DGC Filter Driver;c:\windows\system32\DRIVERS\ACFDCP32.sys [x]
R3 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [x]
R3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\Drivers\FTD2XX.sys [x]
R3 FVNETusbXP;Belkin 11Mbps Wireless USB Network Adapter®;c:\windows\system32\DRIVERS\bkusbxp.sys [x]
R3 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [x]
R3 LxrSGe10d;LxrSGe10d;c:\windows\system32\Drivers\LxrSge10d.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 NDISLOOP;Virtual TT-DVB USB Adapter Driver;c:\windows\system32\DRIVERS\ndisloop.sys [x]
R3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\DRIVERS\P1171Vid.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 SatSrv;Steganos AntiTheft;c:\windows\system32\SatSrv.exe [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [x]
R3 TTDVBUSB;TechnoTrend - TT-DVB USB Driver;c:\windows\system32\Drivers\ttdvbusb.sys [x]
R3 Usblink;Usblink Driver;c:\windows\system32\Drivers\ulink.sys [x]
R3 VC0130Afx;VC130 Audio FX;c:\windows\system32\Drivers\C0130Afx.sys [x]
R3 VC0130Aud;VC0130 Audio;c:\windows\system32\Drivers\C0130Aud.sys [x]
R3 VC0130Dev;Live! Cam Notebook Ultra;c:\windows\system32\DRIVERS\C0130Vid.sys [x]
R3 VC0130Vfx;VC0130 Video FX;c:\windows\system32\DRIVERS\C0130VFx.sys [x]
R3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\Drivers\XLoader.sys [x]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R4 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R4 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R4 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]
S0 pnpshark;pnpshark;c:\windows\system32\DRIVERS\pnpshark.sys [x]
S0 PQV2i;PQV2i; [x]
S0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S0 st3shark;st3shark;c:\windows\system32\DRIVERS\st3shark.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]
S1 PQIMount;PQIMount; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 SLEE_13_DRIVER;Steganos Live Encryption Engine 13 [Driver];c:\windows\system32\drivers\SLEE13.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 NProtectService;Norton Unerase Protection;c:\program files\Norton Utilities\NPROTECT.EXE [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 SLEE_503_DRIVER;Steganos Live Encryption Engine (Version 503) [Driver];c:\windows\system32\drivers\SLEE503.sys [x]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [x]
S3 AsrVDrive;AsrVDrive;c:\windows\system32\DRIVERS\AsrVDrive.sys [x]
S3 camvid20;Philips ToUcam Camera; Video [2001-08-17 223232]
S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x32.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-06 18:12 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:53]
.
2013-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-04-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-17 23:32]
.
2013-04-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-03 21:01]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-06 18:08]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-06 18:08]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1390067357-839522115-1004Core.job
- c:\documents and settings\Tony Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-25 09:05]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1390067357-839522115-1004UA.job
- c:\documents and settings\Tony Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-25 09:05]
.
2013-04-07 c:\windows\Tasks\MixPadReminder.job
- c:\program files\NCH Software\MixPad\mixpad.exe [2013-04-04 16:17]
.
2013-04-06 c:\windows\Tasks\stampShakeIcon.job
- c:\program files\NCH Software\Stamp\stamp.exe [2011-07-13 20:09]
.
2013-04-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0c667d43-1502-4213-91e1-9757012f097b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-04-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3a726ad6-9fce-4e47-9167-af550b679aef.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-04-09 c:\windows\Tasks\User_Feed_Synchronization-{772D1437-28E8-4ABF-8F5F-BC5A958122BC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: My Password - c:\windows\system32\SUSBMyPwd.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/Mydlink/activeX/DCP.cab
DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} - hxxps://eu.mydlink.com/8D/activeX//TunnelX.ocx
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - hxxps://eu.mydlink.com/8D/activeX//aplugLiteDL.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.1.90/activex/AMC.cab
DPF: {E87A4CD6-BA5F-4552-BC4F-8EC240A2755C} - hxxp://192.168.1.108:82/webrec.cab
FF - ProfilePath - c:\documents and settings\Tony Newton\Application Data\Mozilla\Firefox\Profiles\kzuxufcr.default\
FF - prefs.js: browser.search.selectedEngine - Mixi.DJ Search
FF - prefs.js: browser.startup.homepage - hxxp://uk.search.yahoo.com/firefox/?fr=yff40-sfp
FF - ExtSQL: 2013-02-20 11:18; pricepeep@getpricepeep.com; c:\documents and settings\Tony Newton\Application Data\Mozilla\Firefox\Profiles\kzuxufcr.default\extensions\pricepeep@getpricepeep.com.xpi
FF - ExtSQL: 2013-03-17 19:36; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-04-06 13:04; plugin@selectionlinks.com; c:\documents and settings\Tony Newton\Application Data\Mozilla\Firefox\Profiles\kzuxufcr.default\extensions\plugin@selectionlinks.com
FF - ExtSQL: 2013-04-06 13:07; ffxtlbr@mixidj.com; c:\documents and settings\Tony Newton\Application Data\Mozilla\Firefox\Profiles\kzuxufcr.default\extensions\ffxtlbr@mixidj.com
FF - ExtSQL: 2013-04-06 13:09; {0F827075-B026-42F3-885D-98981EE7B1AE}; c:\documents and settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF - ExtSQL: !HIDDEN! 2009-09-01 17:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-DupDetector_is1 - c:\program files\Prismatic Software\DupDetector\unins000.exe
AddRemove-{520C1D80-935C-42B9-9340-E883849D804F}_is1 - c:\program files\DriverTuner\unins000.exe
AddRemove-{DDFE692D-1C85-42C7-9642-EBE284AA4906} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{DDFE6~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-09 21:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-842925246-1390067357-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ì*9*W%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2780)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\documents and settings\Tony Newton\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\progra~1\JAMSOF~1\TREESI~1\FSizeCol.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SpywareGuard\spywareguard.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
- - - - - - - > 'explorer.exe'(1764)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\ieframe.dll
c:\documents and settings\Tony Newton\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\program files\SpywareGuard\dlprotect.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\progra~1\JAMSOF~1\TREESI~1\FSizeCol.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\GEARSec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Belkin\Belkin Power Management Software\RupsMon.exe
c:\windows\system32\SLEE503.exe
c:\program files\Speed Disk\nopdb.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDll32.exe
c:\windows\StartupMonitor.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\windows\system32\ZoneLabs\vsmon.exe
.
**************************************************************************
.
Completion time: 2013-04-09  21:57:49 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-09 20:57
.
Pre-Run: 4,470,079,488 bytes free
Post-Run: 4,408,176,640 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 501AF574F01238563BF6CCC540926E3A
 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:28 PM

Posted 09 April 2013 - 04:56 PM



Hello 24tony


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
  • and I will see if I want to see the whole report

    Malwarebytes Anti-Rootkit

    1.Download Malwarebytes Anti-Rootkit
    2.Unzip the contents to a folder in a convenient location.
    3.Open the folder where the contents were unzipped and run mbar.exe
    4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    6.Wait while the system shuts down and the cleanup process is performed.
    7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    • •Internet access
      •Windows Update
      •Windows Firewall
    9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
    10.Verify that your system is now functioning normally.

    If you have any problems running either one come back and let me know

    please reply with the reports from TDSSKiller and MBAR

    Gringo







I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 24tony

24tony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 10 April 2013 - 04:13 PM

 

HiGringo


I have ran TDSKiller but it did not find anything. Log pasted below.

When re booting the firewal is turned off as is windows udates. If I click on the security shield
in the system tray the security centre appears and I can turn on the firewall. After the fire wall is turned
on the security centre can no longer be accesed either from the control panel or the icon in the system tray.

Sometimes it does come back after 10 minutes or so.

 

 

Internet works ok.

 

I have installed and ran Malwarebytes, and the result was "Scan finished no Malware found".

 

06:03:04.0046 0644  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
06:03:06.0562 0644  ============================================================
06:03:06.0562 0644  Current date / time: 2013/04/10 06:03:06.0562
06:03:06.0562 0644  SystemInfo:
06:03:06.0562 0644 
06:03:06.0562 0644  OS Version: 5.1.2600 ServicePack: 3.0
06:03:06.0562 0644  Product type: Workstation
06:03:06.0562 0644  ComputerName: TONY-78ZHQ8WG2D
06:03:06.0562 0644  UserName: Tony Newton
06:03:06.0562 0644  Windows directory: C:\WINDOWS
06:03:06.0562 0644  System windows directory: C:\WINDOWS
06:03:06.0562 0644  Processor architecture: Intel x86
06:03:06.0562 0644  Number of processors: 2
06:03:06.0562 0644  Page size: 0x1000
06:03:06.0562 0644  Boot type: Normal boot
06:03:06.0562 0644  ============================================================
06:03:27.0187 0644  BG loaded
06:03:29.0109 0644  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:03:29.0234 0644  ============================================================
06:03:29.0234 0644  \Device\Harddisk0\DR0:
06:03:29.0265 0644  MBR partitions:
06:03:29.0265 0644  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
06:03:29.0281 0644  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C41B17, BlocksNum 0x61A7966
06:03:29.0281 0644  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xFDE947D, BlocksNum 0x6491C544
06:03:29.0281 0644  ============================================================
06:03:29.0625 0644  C: <-> \Device\Harddisk0\DR0\Partition1
06:03:29.0671 0644  E: <-> \Device\Harddisk0\DR0\Partition2
06:03:29.0765 0644  F: <-> \Device\Harddisk0\DR0\Partition3
06:03:29.0828 0644  ============================================================
06:03:29.0859 0644  Initialize success
06:03:29.0859 0644  ============================================================
06:04:00.0718 2824  ============================================================
06:04:00.0718 2824  Scan started
06:04:00.0718 2824  Mode: Manual;
06:04:00.0718 2824  ============================================================
06:04:06.0031 2824  ================ Scan system memory ========================
06:04:06.0046 2824  System memory - ok
06:04:06.0046 2824  ================ Scan services =============================
06:04:07.0687 2824  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
06:04:07.0718 2824  !SASCORE - ok
06:04:10.0750 2824  2F397D6B5F0 - ok
06:04:11.0625 2824  4868D6C2FA4 - ok
06:04:12.0000 2824  [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883           C:\WINDOWS\system32\DRIVERS\61883.sys
06:04:12.0281 2824  61883 - ok
06:04:12.0312 2824  Abiosdsk - ok
06:04:12.0343 2824  abp480n5 - ok
06:04:13.0375 2824  [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
06:04:13.0406 2824  ACDaemon - ok
06:04:13.0468 2824  [ 28A975ABE637C5171C4CB652220B989E ] acfva           C:\WINDOWS\system32\DRIVERS\ACFVA32.sys
06:04:13.0546 2824  acfva - ok
06:04:13.0953 2824  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:04:14.0015 2824  ACPI - ok
06:04:14.0093 2824  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
06:04:14.0140 2824  ACPIEC - ok
06:04:14.0859 2824  [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:04:15.0046 2824  AdobeFlashPlayerUpdateSvc - ok
06:04:15.0062 2824  adpu160m - ok
06:04:16.0000 2824  [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
06:04:16.0046 2824  aeaudio - ok
06:04:16.0109 2824  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
06:04:16.0109 2824  aec - ok
06:04:16.0937 2824  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc             C:\WINDOWS\system32\drivers\Afc.sys
06:04:16.0937 2824  Afc - ok
06:04:18.0890 2824  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
06:04:19.0000 2824  AFD - ok
06:04:20.0062 2824  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
06:04:20.0203 2824  agp440 - ok
06:04:20.0218 2824  Aha154x - ok
06:04:20.0250 2824  aic78u2 - ok
06:04:20.0265 2824  aic78xx - ok
06:04:20.0375 2824  [ 235CED68762538AAE388CCA5CDC0441A ] alcan5wn        C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
06:04:20.0796 2824  alcan5wn - ok
06:04:21.0562 2824  [ D6652432D103B4228FFAD7A754A374B5 ] alcaudsl        C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
06:04:21.0765 2824  alcaudsl - ok
06:04:25.0093 2824  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
06:04:25.0109 2824  Alerter - ok
06:04:25.0140 2824  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
06:04:25.0156 2824  ALG - ok
06:04:25.0171 2824  AliIde - ok
06:04:25.0187 2824  amsint - ok
06:04:25.0234 2824  [ 9410A723F054537B3304B30D0680B0EC ] AnyDVD          C:\WINDOWS\system32\Drivers\AnyDVD.sys
06:04:25.0234 2824  AnyDVD - ok
06:04:28.0218 2824  [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:04:28.0281 2824  Apple Mobile Device - ok
06:04:28.0296 2824  AppMgmt - ok
06:04:29.0765 2824  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:04:29.0843 2824  Arp1394 - ok
06:04:29.0859 2824  asc - ok
06:04:29.0875 2824  asc3350p - ok
06:04:29.0890 2824  asc3550 - ok
06:04:30.0171 2824  [ 54AB078660E536DA72B21A27F56B035B ] Aspi32          C:\WINDOWS\system32\drivers\aspi32.sys
06:04:30.0218 2824  Aspi32 - ok
06:04:33.0671 2824  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
06:04:34.0093 2824  aspnet_state - ok
06:04:34.0687 2824  [ CC420FB70FF2E866C418EFA9E0B3FE36 ] AsrVDrive       C:\WINDOWS\system32\DRIVERS\AsrVDrive.sys
06:04:34.0859 2824  AsrVDrive - ok
06:04:34.0984 2824  [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
06:04:34.0984 2824  aswFsBlk - ok
06:04:36.0796 2824  [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
06:04:36.0796 2824  aswMonFlt - ok
06:04:36.0843 2824  [ C1A411B7CCD604554D96EFDAC2F83617 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
06:04:36.0843 2824  AswRdr - ok
06:04:39.0218 2824  [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
06:04:39.0343 2824  aswRvrt - ok
06:04:43.0000 2824  [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
06:04:43.0015 2824  aswSnx - ok
06:04:43.0703 2824  [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
06:04:43.0718 2824  aswSP - ok
06:04:43.0781 2824  [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
06:04:43.0796 2824  aswTdi - ok
06:04:45.0375 2824  [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
06:04:45.0406 2824  aswVmm - ok
06:04:45.0546 2824  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:04:45.0640 2824  AsyncMac - ok
06:04:46.0171 2824  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
06:04:46.0187 2824  atapi - ok
06:04:46.0203 2824  Atdisk - ok
06:04:46.0953 2824  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:04:47.0171 2824  Atmarpc - ok
06:04:47.0437 2824  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
06:04:47.0453 2824  AudioSrv - ok
06:04:47.0968 2824  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
06:04:48.0000 2824  audstub - ok
06:04:49.0390 2824  [ 1B58EE9929BAB30D06092E584F7D899F ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
06:04:49.0390 2824  Automatic LiveUpdate Scheduler - ok
06:04:49.0500 2824  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
06:04:49.0515 2824  avast! Antivirus - ok
06:04:49.0968 2824  [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc             C:\WINDOWS\system32\DRIVERS\avc.sys
06:04:49.0984 2824  Avc - ok
06:04:52.0671 2824  AVGIDSAgent - ok
06:04:53.0843 2824  [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
06:04:53.0984 2824  Avgmfx86 - ok
06:04:54.0078 2824  [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
06:04:54.0109 2824  Avgrkx86 - ok
06:04:54.0125 2824  avgwd - ok
06:04:54.0609 2824  [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt         C:\WINDOWS\System32\Drivers\BANTExt.sys
06:04:54.0828 2824  BANTExt - ok
06:04:54.0859 2824  [ 1B9C81AB9A456EABD9F8335F04B5F495 ] basic2          C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
06:04:54.0937 2824  basic2 - ok
06:04:55.0015 2824  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
06:04:55.0031 2824  Beep - ok
06:04:55.0328 2824  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
06:04:57.0031 2824  BITS - ok
06:04:57.0984 2824  [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:04:58.0000 2824  Bonjour Service - ok
06:04:58.0125 2824  [ F934D1B230F84E1D19DD00AC5A7A83ED ] BRIDGE          C:\WINDOWS\system32\DRIVERS\bridge.sys
06:04:58.0156 2824  BRIDGE - ok
06:04:58.0218 2824  [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP        C:\WINDOWS\system32\DRIVERS\bridge.sys
06:04:58.0234 2824  BridgeMP - ok
06:04:58.0359 2824  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
06:04:58.0375 2824  Browser - ok
06:04:58.0593 2824  [ BC48A0CEE1C2DD2A29A17BBE2F739421 ] BtAudio         C:\WINDOWS\system32\DRIVERS\btaudio.sys
06:04:58.0656 2824  BtAudio - ok
06:04:58.0687 2824  [ 26A9953FC52826896B5099E640E98DCD ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
06:04:58.0734 2824  BTDriver - ok
06:04:58.0906 2824  [ B279426E3C0C344893ED78A613A73BDE ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
06:04:59.0000 2824  BthEnum - ok
06:04:59.0125 2824  [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
06:04:59.0421 2824  BthPan - ok
06:04:59.0484 2824  [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
06:04:59.0593 2824  BTHPORT - ok
06:04:59.0781 2824  [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ         C:\WINDOWS\System32\bthserv.dll
06:05:00.0062 2824  BthServ - ok
06:05:00.0203 2824  [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
06:05:00.0265 2824  BTHUSB - ok
06:05:00.0468 2824  [ 2066D4375BAE126E2E28964D2E07E405 ] BTKRNL          C:\WINDOWS\system32\drivers\btkrnl.sys
06:05:01.0046 2824  BTKRNL - ok
06:05:01.0140 2824  [ 1EA96C0FA2E13D8B716DEA7034617B9B ] BTSERIAL        C:\WINDOWS\system32\drivers\btserial.sys
06:05:01.0171 2824  BTSERIAL - ok
06:05:01.0296 2824  [ D266F8D4AB9E31CA54CFA2CCB6FBCD49 ] BTSLBCSP        C:\WINDOWS\system32\drivers\btslbcsp.sys
06:05:01.0640 2824  BTSLBCSP - ok
06:05:01.0718 2824  [ 9DB4FCB7BC45E6B08A865E48BCF82C7A ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
06:05:01.0906 2824  btwdins - ok
06:05:02.0546 2824  [ 9965059DE311D518B91C7A4D7716DFE4 ] BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
06:05:02.0609 2824  BTWDNDIS - ok
06:05:02.0953 2824  [ 43BB99F4FEBADA59D261A8A5E0CA6BEB ] btwhid          C:\WINDOWS\system32\DRIVERS\btwhid.sys
06:05:03.0203 2824  btwhid - ok
06:05:04.0109 2824  [ B140856668032CD86E0A6739C92A5A02 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
06:05:04.0250 2824  BTWUSB - ok
06:05:04.0562 2824  [ 5F68A3AB60262E3BF5B5C6C926E53525 ] camvid20        C:\WINDOWS\system32\DRIVERS\camdrv21.sys
06:05:04.0578 2824  camvid20 - ok
06:05:04.0609 2824  catchme - ok
06:05:04.0859 2824  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
06:05:04.0921 2824  cbidf2k - ok
06:05:05.0718 2824  [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8         C:\Program Files\Canon\CAL\CALMAIN.exe
06:05:05.0796 2824  CCALib8 - ok
06:05:06.0906 2824  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:05:07.0000 2824  CCDECODE - ok
06:05:07.0031 2824  cd20xrnt - ok
06:05:07.0656 2824  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
06:05:07.0656 2824  Cdaudio - ok
06:05:07.0937 2824  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
06:05:08.0062 2824  Cdfs - ok
06:05:08.0125 2824  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:05:08.0140 2824  Cdrom - ok
06:05:08.0156 2824  Changer - ok
06:05:08.0203 2824  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc           C:\WINDOWS\system32\cisvc.exe
06:05:08.0218 2824  cisvc - ok
06:05:08.0265 2824  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
06:05:08.0296 2824  ClipSrv - ok
06:05:09.0171 2824  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:05:11.0078 2824  clr_optimization_v2.0.50727_32 - ok
06:05:11.0187 2824  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:05:11.0578 2824  clr_optimization_v4.0.30319_32 - ok
06:05:11.0593 2824  CmdIde - ok
06:05:13.0234 2824  [ E5ADEEF2C0DB43964223F408F1FCC97E ] cmuda           C:\WINDOWS\system32\drivers\cmuda.sys
06:05:13.0375 2824  cmuda - ok
06:05:13.0406 2824  COMSysApp - ok
06:05:13.0453 2824  Cpqarray - ok
06:05:13.0546 2824  cpuz136 - ok
06:05:13.0593 2824  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
06:05:13.0609 2824  CryptSvc - ok
06:05:13.0625 2824  dac2w2k - ok
06:05:13.0656 2824  dac960nt - ok
06:05:13.0703 2824  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
06:05:13.0781 2824  DcomLaunch - ok
06:05:13.0843 2824  [ 598206189E6152435C4E4FE66ED73F18 ] dgcfltr         C:\WINDOWS\system32\DRIVERS\ACFDCP32.sys
06:05:13.0859 2824  dgcfltr - ok
06:05:14.0171 2824  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
06:05:14.0171 2824  Dhcp - ok
06:05:14.0296 2824  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
06:05:14.0312 2824  Disk - ok
06:05:14.0328 2824  dmadmin - ok
06:05:14.0562 2824  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
06:05:14.0781 2824  dmboot - ok
06:05:14.0968 2824  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
06:05:15.0015 2824  dmio - ok
06:05:15.0140 2824  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
06:05:15.0156 2824  dmload - ok
06:05:15.0390 2824  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
06:05:15.0437 2824  dmserver - ok
06:05:16.0046 2824  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
06:05:16.0062 2824  DMusic - ok
06:05:16.0140 2824  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
06:05:16.0140 2824  Dnscache - ok
06:05:16.0312 2824  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
06:05:16.0468 2824  Dot3svc - ok
06:05:16.0515 2824  dpti2o - ok
06:05:16.0984 2824  [ B625D3CC8B586ECC83215E9E5E031AD8 ] dptrackerd      C:\WINDOWS\system32\drivers\dptrackerd.sys
06:05:16.0984 2824  dptrackerd - ok
06:05:17.0109 2824  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
06:05:17.0109 2824  drmkaud - ok
06:05:17.0156 2824  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
06:05:17.0171 2824  EapHost - ok
06:05:17.0406 2824  [ 98CB51EC5384635EA6B303D5648EEF1F ] EaseUS Agent    C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
06:05:17.0531 2824  EaseUS Agent - ok
06:05:17.0593 2824  [ C61C83501268B0110B5C5DB7E63DEE0C ] ElbyCDFL        C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
06:05:17.0625 2824  ElbyCDFL - ok
06:05:17.0687 2824  [ 084A13F18856D610D44D3109A9D2ACDE ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
06:05:17.0687 2824  ElbyCDIO - ok
06:05:18.0062 2824  [ DF9957DB3BFE5136AAD3C2C101806C98 ] ElbyDelay       C:\WINDOWS\system32\Drivers\ElbyDelay.sys
06:05:18.0062 2824  ElbyDelay - ok
06:05:18.0093 2824  EPSON_PM_RPCV2_02 - ok
06:05:18.0156 2824  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
06:05:18.0156 2824  ERSvc - ok
06:05:18.0406 2824  [ 84D5EF7D2E978B999610482286B772DC ] EUBAKUP         C:\WINDOWS\system32\drivers\eubakup.sys
06:05:18.0406 2824  EUBAKUP - ok
06:05:18.0484 2824  [ DA4230C9F3375A94DF36F140425336B9 ] EUBKMON         C:\WINDOWS\system32\drivers\EUBKMON.sys
06:05:18.0593 2824  EUBKMON - ok
06:05:19.0031 2824  [ CEF620676E9D8F1207D92FCDEB63F074 ] EUDSKACS        C:\WINDOWS\system32\drivers\eudskacs.sys
06:05:19.0031 2824  EUDSKACS - ok
06:05:19.0281 2824  [ F1BB27BC6DD385C154666ADE0D28387B ] EUFDDISK        C:\WINDOWS\system32\drivers\EuFdDisk.sys
06:05:19.0281 2824  EUFDDISK - ok
06:05:19.0328 2824  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
06:05:19.0343 2824  Eventlog - ok
06:05:19.0593 2824  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
06:05:19.0625 2824  EventSystem - ok
06:05:19.0796 2824  [ C823DEBE2548656549F84A875D65237B ] Fallback        C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
06:05:19.0843 2824  Fallback - ok
06:05:19.0984 2824  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
06:05:20.0015 2824  Fastfat - ok
06:05:20.0109 2824  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
06:05:20.0140 2824  FastUserSwitchingCompatibility - ok
06:05:20.0250 2824  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
06:05:20.0265 2824  Fdc - ok
06:05:20.0296 2824  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
06:05:20.0296 2824  Fips - ok
06:05:20.0328 2824  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:05:20.0343 2824  Flpydisk - ok
06:05:20.0421 2824  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
06:05:20.0437 2824  FltMgr - ok
06:05:20.0593 2824  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:05:20.0593 2824  FontCache3.0.0.0 - ok
06:05:20.0703 2824  [ 6483414841D4CAB6C3B4DB2AC6EDD70B ] Fsks            C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
06:05:20.0734 2824  Fsks - ok
06:05:20.0812 2824  [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
06:05:20.0812 2824  fssfltr - ok
06:05:21.0140 2824  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
06:05:21.0406 2824  fsssvc - ok
06:05:21.0515 2824  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:05:21.0531 2824  Fs_Rec - ok
06:05:21.0625 2824  [ B907D2B20DB2F6392995F5379E2A9666 ] FTD2XX          C:\WINDOWS\system32\Drivers\FTD2XX.sys
06:05:21.0640 2824  FTD2XX - ok
06:05:22.0562 2824  [ F8C2888B12253D8390C94887FFB699F2 ] FTDIBUS         C:\WINDOWS\system32\drivers\ftdibus.sys
06:05:22.0593 2824  FTDIBUS - ok
06:05:22.0781 2824  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:05:22.0875 2824  Ftdisk - ok
06:05:22.0953 2824  [ E4CF4C1F9E3D57A66850F484C08E9ECF ] FTSER2K         C:\WINDOWS\system32\drivers\ftser2k.sys
06:05:22.0984 2824  FTSER2K - ok
06:05:23.0140 2824  [ 21DB115BB123A0C29F6B7ED9C76BFBD6 ] FVNETusbXP      C:\WINDOWS\system32\DRIVERS\bkusbxp.sys
06:05:23.0156 2824  FVNETusbXP - ok
06:05:23.0265 2824  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GearAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
06:05:23.0281 2824  GearAspiWDM - ok
06:05:23.0375 2824  [ B6E01969246FCB67470E87E6957EE147 ] GEARSecurity    C:\WINDOWS\System32\GEARSec.exe
06:05:23.0375 2824  GEARSecurity - ok
06:05:23.0421 2824  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\WINDOWS\system32\giveio.sys
06:05:23.0453 2824  giveio - ok
06:05:23.0515 2824  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:05:23.0546 2824  Gpc - ok
06:05:23.0593 2824  [ 2FC26B450D640F72E59F43DF1D48F439 ] Guard Agent     C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
06:05:23.0734 2824  Guard Agent - ok
06:05:23.0921 2824  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
06:05:23.0937 2824  gupdate - ok
06:05:23.0968 2824  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
06:05:23.0984 2824  gupdatem - ok
06:05:24.0093 2824  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
06:05:24.0093 2824  gusvc - ok
06:05:24.0296 2824  [ 4236E014632F4163F53EBB717F41594C ] HCF_MSFT        C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
06:05:24.0328 2824  HCF_MSFT - ok
06:05:24.0453 2824  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:05:24.0468 2824  helpsvc - ok
06:05:24.0515 2824  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
06:05:24.0546 2824  HidServ - ok
06:05:24.0984 2824  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:05:25.0000 2824  hidusb - ok
06:05:25.0140 2824  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
06:05:25.0234 2824  hkmsvc - ok
06:05:25.0250 2824  hpn - ok
06:05:25.0281 2824  hpt3xx - ok
06:05:25.0359 2824  [ 970178E8E003EB1481293830069624B9 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
06:05:25.0406 2824  HSFHWBS2 - ok
06:05:26.0078 2824  [ EBB354438A4C5A3327FB97306260714A ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
06:05:26.0453 2824  HSF_DP - ok
06:05:27.0640 2824  [ 74E379857D4C0DFB56DE2D19B8F4C434 ] hsf_msft        C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
06:05:27.0843 2824  hsf_msft - ok
06:05:28.0093 2824  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
06:05:28.0187 2824  HTTP - ok
06:05:28.0250 2824  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
06:05:28.0359 2824  HTTPFilter - ok
06:05:28.0375 2824  i2omgmt - ok
06:05:28.0421 2824  i2omp - ok
06:05:28.0500 2824  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:05:28.0531 2824  i8042prt - ok
06:05:28.0843 2824  [ 16E441DC4DAF703FB0B0FE474830FF53 ] IcRecUsb        C:\WINDOWS\system32\Drivers\IcRecUsb.sys
06:05:28.0843 2824  IcRecUsb - ok
06:05:30.0312 2824  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
06:05:30.0406 2824  IDriverT - ok
06:05:32.0843 2824  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:05:33.0765 2824  idsvc - ok
06:05:34.0531 2824  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
06:05:34.0546 2824  Imapi - ok
06:05:35.0250 2824  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
06:05:35.0437 2824  ImapiService - ok
06:05:35.0500 2824  ini910u - ok
06:05:36.0546 2824  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
06:05:36.0640 2824  IntelIde - ok
06:05:37.0015 2824  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:05:37.0031 2824  intelppm - ok
06:05:37.0109 2824  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
06:05:37.0203 2824  ip6fw - ok
06:05:37.0328 2824  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:05:37.0453 2824  IpFilterDriver - ok
06:05:37.0921 2824  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:05:38.0000 2824  IpInIp - ok
06:05:38.0078 2824  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:05:38.0109 2824  IpNat - ok
06:05:38.0281 2824  [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
06:05:38.0328 2824  iPod Service - ok
06:05:38.0390 2824  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:05:38.0390 2824  IPSec - ok
06:05:38.0453 2824  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
06:05:38.0468 2824  IRENUM - ok
06:05:38.0546 2824  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:05:38.0562 2824  isapnp - ok
06:05:38.0609 2824  [ 8F1BA487B35F0C8F637E05113AA815F8 ] itchfltr        C:\WINDOWS\system32\DRIVERS\itchfltr.sys
06:05:38.0625 2824  itchfltr - ok
06:05:38.0796 2824  [ 890369AED0DDE1A98F09F7DC239CA2BD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
06:05:38.0812 2824  JavaQuickStarterService - ok
06:05:38.0859 2824  [ 9C5E3FDBFCC30CF71A49CA178B9AD442 ] K56             C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
06:05:38.0875 2824  K56 - ok
06:05:38.0921 2824  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:05:38.0921 2824  Kbdclass - ok
06:05:38.0968 2824  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:05:39.0015 2824  kbdhid - ok
06:05:39.0078 2824  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
06:05:39.0093 2824  kmixer - ok
06:05:39.0140 2824  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
06:05:39.0156 2824  KSecDD - ok
06:05:39.0218 2824  [ A006D66EDB128FB9AB940A903FDF792E ] L8042pr2        C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
06:05:39.0234 2824  L8042pr2 - ok
06:05:39.0281 2824  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
06:05:39.0328 2824  lanmanserver - ok
06:05:39.0390 2824  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
06:05:39.0453 2824  lanmanworkstation - ok
06:05:39.0484 2824  lbrtfdc - ok
06:05:39.0546 2824  [ 63B00A26F62572E0D58E6C8D3B32BF59 ] LHidFlt2        C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
06:05:39.0562 2824  LHidFlt2 - ok
06:05:39.0609 2824  [ A8742865E15A57B426EFCC5FF744D6D3 ] LHidUsb         C:\WINDOWS\system32\Drivers\LHidUsb.Sys
06:05:39.0625 2824  LHidUsb - ok
06:05:39.0796 2824  [ 89BFFB6A09652DA7D019A387354D0D19 ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
06:05:39.0843 2824  LiveUpdate - ok
06:05:39.0906 2824  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
06:05:39.0968 2824  LmHosts - ok
06:05:40.0031 2824  [ 03ABEF1A29ADDC98C32ED0F336B98E90 ] LMouFlt2        C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
06:05:40.0031 2824  LMouFlt2 - ok
06:05:40.0093 2824  [ 8C138D4112E9BDF428070D4AF6C4AD3E ] LxrSGe10d       C:\WINDOWS\system32\Drivers\LxrSge10d.sys
06:05:40.0140 2824  LxrSGe10d - ok
06:05:40.0156 2824  LxrSGe10s - ok
06:05:40.0171 2824  McComponentHostService - ok
06:05:40.0234 2824  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
06:05:40.0250 2824  MDM - ok
06:05:40.0312 2824  [ 1968508ADB20192A03A30C25F16DB506 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\ACFSDK32.sys
06:05:40.0343 2824  mdmxsdk - ok
06:05:40.0390 2824  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
06:05:40.0421 2824  Messenger - ok
06:05:40.0468 2824  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
06:05:40.0484 2824  mnmdd - ok
06:05:40.0531 2824  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
06:05:40.0562 2824  mnmsrvc - ok
06:05:40.0640 2824  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
06:05:40.0656 2824  Modem - ok
06:05:40.0718 2824  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
06:05:40.0765 2824  MODEMCSA - ok
06:05:40.0812 2824  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:05:40.0812 2824  Mouclass - ok
06:05:40.0843 2824  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:05:40.0859 2824  mouhid - ok
06:05:40.0890 2824  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
06:05:40.0906 2824  MountMgr - ok
06:05:40.0937 2824  mraid35x - ok
06:05:40.0968 2824  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:05:40.0984 2824  MRxDAV - ok
06:05:41.0062 2824  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:05:41.0078 2824  MRxSmb - ok
06:05:41.0156 2824  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
06:05:41.0250 2824  MSDTC - ok
06:05:41.0343 2824  [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV            C:\WINDOWS\system32\DRIVERS\msdv.sys
06:05:41.0359 2824  MSDV - ok
06:05:41.0406 2824  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
06:05:41.0421 2824  Msfs - ok
06:05:41.0453 2824  MSIServer - ok
06:05:41.0531 2824  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:05:41.0546 2824  MSKSSRV - ok
06:05:41.0593 2824  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:05:41.0625 2824  MSPCLOCK - ok
06:05:41.0687 2824  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
06:05:41.0703 2824  MSPQM - ok
06:05:41.0765 2824  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:05:41.0781 2824  mssmbios - ok
06:05:41.0843 2824  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
06:05:41.0875 2824  MSTEE - ok
06:05:41.0921 2824  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
06:05:41.0937 2824  Mup - ok
06:05:42.0031 2824  [ 88705DC61B9275B82E48904D53031F5B ] n558            C:\WINDOWS\system32\Drivers\n558.sys
06:05:42.0046 2824  n558 - ok
06:05:42.0093 2824  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:05:42.0109 2824  NABTSFEC - ok
06:05:42.0171 2824  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
06:05:42.0218 2824  napagent - ok
06:05:42.0250 2824  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
06:05:42.0296 2824  NDIS - ok
06:05:42.0359 2824  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:05:42.0375 2824  NdisIP - ok
06:05:42.0437 2824  [ A8652FCA7D6DBAD1C5A5714A09BDD617 ] NDISLOOP        C:\WINDOWS\system32\DRIVERS\ndisloop.sys
06:05:42.0453 2824  NDISLOOP - ok
06:05:42.0500 2824  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:05:42.0515 2824  NdisTapi - ok
06:05:42.0578 2824  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:05:42.0593 2824  Ndisuio - ok
06:05:42.0656 2824  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:05:42.0671 2824  NdisWan - ok
06:05:42.0718 2824  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
06:05:42.0734 2824  NDProxy - ok
06:05:42.0796 2824  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
06:05:42.0796 2824  NetBIOS - ok
06:05:42.0859 2824  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
06:05:42.0859 2824  NetBT - ok
06:05:42.0921 2824  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
06:05:42.0984 2824  NetDDE - ok
06:05:43.0015 2824  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
06:05:43.0031 2824  NetDDEdsdm - ok
06:05:43.0093 2824  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
06:05:43.0109 2824  Netlogon - ok
06:05:43.0171 2824  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
06:05:43.0218 2824  Netman - ok
06:05:43.0281 2824  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:05:43.0281 2824  NetTcpPortSharing - ok
06:05:43.0312 2824  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:05:43.0328 2824  NIC1394 - ok
06:05:43.0406 2824  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
06:05:43.0453 2824  Nla - ok
06:05:43.0531 2824  [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm              C:\WINDOWS\system32\DRIVERS\NMnt.sys
06:05:43.0546 2824  nm - ok
06:05:43.0609 2824  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmb.sys
06:05:43.0625 2824  nmwcd - ok
06:05:43.0671 2824  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbo.sys
06:05:43.0687 2824  nmwcdc - ok
06:05:43.0781 2824  [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu        C:\WINDOWS\system32\drivers\nmwcdnsu.sys
06:05:43.0796 2824  nmwcdnsu - ok
06:05:43.0843 2824  [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc       C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
06:05:43.0859 2824  nmwcdnsuc - ok
06:05:44.0031 2824  [ 5D052CC17CED48518C688C63C96AF814 ] Norton Ghost    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
06:05:44.0218 2824  Norton Ghost - ok
06:05:44.0265 2824  [ C0E6AFD4C945331475141F0FBB7F950E ] NPDriver        C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
06:05:44.0281 2824  NPDriver - ok
06:05:44.0312 2824  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
06:05:44.0328 2824  Npfs - ok
06:05:44.0406 2824  [ 236408D8B6263F3C6FB992B6D2B4BDA6 ] NProtectService C:\Program Files\Norton Utilities\NPROTECT.EXE
06:05:44.0406 2824  NProtectService - ok
06:05:44.0484 2824  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
06:05:44.0546 2824  Ntfs - ok
06:05:44.0593 2824  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
06:05:44.0625 2824  NtLmSsp - ok
06:05:44.0750 2824  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
06:05:44.0859 2824  NtmsSvc - ok
06:05:44.0921 2824  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
06:05:44.0953 2824  Null - ok
06:05:45.0125 2824  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:05:45.0156 2824  nv - ok
06:05:45.0218 2824  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:05:45.0234 2824  NwlnkFlt - ok
06:05:45.0312 2824  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:05:45.0312 2824  NwlnkFwd - ok
06:05:45.0359 2824  [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx        C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
06:05:45.0359 2824  NwlnkIpx - ok
06:05:45.0390 2824  [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb         C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
06:05:45.0406 2824  NwlnkNb - ok
06:05:45.0437 2824  [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx        C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
06:05:45.0437 2824  NwlnkSpx - ok
06:05:45.0500 2824  [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent      C:\WINDOWS\System32\ipxsap.dll
06:05:45.0546 2824  NwSapAgent - ok
06:05:45.0609 2824  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:05:45.0656 2824  ohci1394 - ok
06:05:45.0750 2824  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:05:45.0750 2824  ose - ok
06:05:45.0843 2824  [ 25069801C85D6DEEF75E8C221F37DCB2 ] P1171VID        C:\WINDOWS\system32\DRIVERS\P1171Vid.sys
06:05:45.0890 2824  P1171VID - ok
06:05:45.0968 2824  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
06:05:45.0984 2824  Parport - ok
06:05:46.0031 2824  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
06:05:46.0046 2824  PartMgr - ok
06:05:46.0093 2824  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
06:05:46.0093 2824  ParVdm - ok
06:05:46.0156 2824  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
06:05:46.0171 2824  pccsmcfd - ok
06:05:46.0234 2824  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
06:05:46.0250 2824  PCI - ok
06:05:46.0281 2824  PCIDump - ok
06:05:46.0312 2824  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
06:05:46.0312 2824  PCIIde - ok
06:05:46.0359 2824  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
06:05:46.0375 2824  Pcmcia - ok
06:05:46.0406 2824  PDCOMP - ok
06:05:46.0437 2824  PDFRAME - ok
06:05:46.0453 2824  PDRELI - ok
06:05:46.0484 2824  PDRFRAME - ok
06:05:46.0515 2824  perc2 - ok
06:05:46.0546 2824  perc2hib - ok
06:05:46.0656 2824  [ 444F122E68DB44C0589227781F3C8B3F ] Pfc             C:\WINDOWS\system32\drivers\pfc.sys
06:05:46.0656 2824  Pfc - ok
06:05:46.0718 2824  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
06:05:46.0781 2824  PlugPlay - ok
06:05:46.0812 2824  [ E68DAAC907BB158C55AD55D01D6E31BA ] pnpshark        C:\WINDOWS\system32\DRIVERS\pnpshark.sys
06:05:46.0828 2824  pnpshark - ok
06:05:46.0875 2824  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
06:05:46.0890 2824  PolicyAgent - ok
06:05:46.0953 2824  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:05:46.0968 2824  PptpMiniport - ok
06:05:47.0000 2824  [ 52D60EB121B01C6C2FF7F4C6AD123105 ] PQIMount        C:\WINDOWS\system32\drivers\PQIMount.sys
06:05:47.0015 2824  PQIMount - ok
06:05:47.0046 2824  [ B26019A686D36E22F954E67C8FEC4297 ] PQNTDrv         C:\WINDOWS\system32\drivers\PQNTDrv.sys
06:05:47.0062 2824  PQNTDrv - ok
06:05:47.0078 2824  [ BE254A867101A7F347C31D2F89325AB2 ] PQV2i           C:\WINDOWS\system32\drivers\PQV2i.sys
06:05:47.0093 2824  PQV2i - ok
06:05:47.0125 2824  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
06:05:47.0140 2824  Processor - ok
06:05:47.0171 2824  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
06:05:47.0187 2824  ProtectedStorage - ok
06:05:47.0234 2824  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
06:05:47.0234 2824  PSched - ok
06:05:47.0281 2824  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:05:47.0281 2824  Ptilink - ok
06:05:47.0343 2824  [ 2F4FADDCDBC6DC301F3CB9FFFB4B4A09 ] pwdrvio         C:\WINDOWS\system32\pwdrvio.sys
06:05:47.0375 2824  pwdrvio - ok
06:05:47.0406 2824  [ B75CF7AAE69964EBBE5B875AC81231CD ] pwdspio         C:\WINDOWS\system32\pwdspio.sys
06:05:47.0421 2824  pwdspio - ok
06:05:47.0437 2824  PxHelp20 - ok
06:05:47.0484 2824  ql1080 - ok
06:05:47.0515 2824  Ql10wnt - ok
06:05:47.0531 2824  ql12160 - ok
06:05:47.0546 2824  ql1240 - ok
06:05:47.0578 2824  ql1280 - ok
06:05:47.0609 2824  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:05:47.0625 2824  RasAcd - ok
06:05:47.0671 2824  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
06:05:47.0718 2824  RasAuto - ok
06:05:47.0734 2824  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:05:47.0750 2824  Rasl2tp - ok
06:05:47.0796 2824  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
06:05:47.0828 2824  RasMan - ok
06:05:47.0859 2824  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:05:47.0859 2824  RasPppoe - ok
06:05:47.0875 2824  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
06:05:47.0890 2824  Raspti - ok
06:05:47.0937 2824  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:05:47.0984 2824  Rdbss - ok
06:05:48.0015 2824  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:05:48.0031 2824  RDPCDD - ok
06:05:48.0109 2824  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
06:05:48.0125 2824  RDPWD - ok
06:05:48.0171 2824  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
06:05:48.0218 2824  RDSessMgr - ok
06:05:48.0281 2824  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
06:05:48.0296 2824  redbook - ok
06:05:48.0359 2824  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
06:05:48.0437 2824  RemoteAccess - ok
06:05:48.0546 2824  [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
06:05:48.0578 2824  RFCOMM - ok
06:05:48.0640 2824  [ BB7549BD94D1AAC3599C7606C50C48A0 ] Rksample        C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
06:05:48.0640 2824  Rksample - ok
06:05:48.0703 2824  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
06:05:48.0750 2824  RpcLocator - ok
06:05:48.0812 2824  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
06:05:48.0843 2824  RpcSs - ok
06:05:48.0890 2824  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
06:05:48.0937 2824  RSVP - ok
06:05:48.0984 2824  [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
06:05:48.0984 2824  RTL8023xp - ok
06:05:49.0031 2824  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
06:05:49.0062 2824  rtl8139 - ok
06:05:49.0109 2824  [ B32377A519C8A45BBA50058A00D7ECA1 ] Rupsmon         C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe
06:05:49.0109 2824  Rupsmon - ok
06:05:49.0156 2824  SABProcEnum - ok
06:05:49.0171 2824  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
06:05:49.0187 2824  SamSs - ok
06:05:49.0250 2824  [ 641C4EFF228D46F017A7B8F3A82F0F9C ] SandraDataSrv   C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
06:05:49.0265 2824  SandraDataSrv - ok
06:05:49.0375 2824  [ 65B2497498694C5AEC411B91544A0431 ] SandraTheSrv    C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
06:05:49.0421 2824  SandraTheSrv - ok
06:05:49.0500 2824  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
06:05:49.0500 2824  SASDIFSV - ok
06:05:49.0531 2824  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
06:05:49.0546 2824  SASKUTIL - ok
06:05:49.0593 2824  [ 022643F27BE83E60A752240016914776 ] SatSrv          C:\WINDOWS\system32\SatSrv.exe
06:05:49.0625 2824  SatSrv - ok
06:05:49.0718 2824  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
06:05:49.0750 2824  SCardSvr - ok
06:05:49.0796 2824  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
06:05:49.0843 2824  Schedule - ok
06:05:49.0906 2824  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:05:49.0906 2824  Secdrv - ok
06:05:49.0953 2824  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
06:05:49.0984 2824  seclogon - ok
06:05:50.0046 2824  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
06:05:50.0109 2824  SENS - ok
06:05:50.0140 2824  [ 2EC41A96D0DC98BD119BF325E0B9F392 ] Ser2pl          C:\WINDOWS\system32\DRIVERS\ser2pl.sys
06:05:50.0156 2824  Ser2pl - ok
06:05:50.0187 2824  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
06:05:50.0187 2824  serenum - ok
06:05:50.0218 2824  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
06:05:50.0234 2824  Serial - ok
06:05:50.0296 2824  [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
06:05:50.0312 2824  ServiceLayer - ok
06:05:50.0468 2824  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
06:05:50.0468 2824  Sfloppy - ok
06:05:50.0578 2824  [ C950D0381B42A54541CD55ADCCF3D75B ] SgtSch2Svc      C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
06:05:50.0578 2824  SgtSch2Svc - ok
06:05:50.0656 2824  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
06:05:50.0671 2824  SharedAccess - ok
06:05:50.0718 2824  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
06:05:50.0750 2824  ShellHWDetection - ok
06:05:50.0781 2824  [ 0917EB303A2BC3E122F2777DAEF1A63C ] SI3112r         C:\WINDOWS\system32\DRIVERS\SI3112r.sys
06:05:50.0812 2824  SI3112r - ok
06:05:50.0859 2824  [ 78B1A1523265E5DBCCED0C814AC719DE ] SiFilter        C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
06:05:50.0859 2824  SiFilter - ok
06:05:50.0890 2824  Simbad - ok
06:05:50.0921 2824  [ 17F8208256434AB3B975BAC90BA090F0 ] SLEE_13_DRIVER  C:\WINDOWS\system32\drivers\SLEE13.sys
06:05:50.0937 2824  SLEE_13_DRIVER - ok
06:05:50.0984 2824  [ B8D4C2C67D30893490ABF9C33D431AEB ] SLEE_503_DRIVER C:\WINDOWS\system32\drivers\SLEE503.sys
06:05:51.0015 2824  SLEE_503_DRIVER - ok
06:05:51.0046 2824  [ 2D3D6B9B128F1F3F28D532D2867758DB ] SLEE_503_SERVICE C:\WINDOWS\system32\SLEE503.exe
06:05:51.0078 2824  SLEE_503_SERVICE - ok
06:05:51.0109 2824  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:05:51.0125 2824  SLIP - ok
06:05:51.0234 2824  [ 7D9B50329AF9FD94B0529282530D2CB7 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
06:05:51.0265 2824  smwdm - ok
06:05:51.0312 2824  [ 98B44C15B4EED76AA8DCCB64A4CA11AF ] snapman         C:\WINDOWS\system32\DRIVERS\snapman.sys
06:05:51.0328 2824  snapman - ok
06:05:51.0375 2824  [ D9E8E0CE154A2F6430D9EFABDF730867 ] SoftFax         C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
06:05:51.0390 2824  SoftFax - ok
06:05:51.0437 2824  [ FF35C2D01AC36B446A1B997F305F0FC2 ] Soluto          C:\WINDOWS\system32\DRIVERS\Soluto.sys
06:05:51.0453 2824  Soluto - ok
06:05:51.0515 2824  [ 5CE883854994648CD93057090F0DB46A ] SolutoLauncherService C:\Program Files\Soluto\SolutoLauncherService.exe
06:05:51.0531 2824  SolutoLauncherService - ok
06:05:51.0781 2824  [ D42211CC76FA06AC37943F1DDF75CFE9 ] SolutoRemoteService C:\Program Files\Soluto\SolutoRemoteService.exe
06:05:51.0812 2824  SolutoRemoteService - ok
06:05:51.0890 2824  [ BCE7320E3CC75FA0136B12CBB9340ABC ] SolutoService   C:\Program Files\Soluto\SolutoService.exe
06:05:51.0921 2824  SolutoService - ok
06:05:51.0968 2824  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
06:05:51.0984 2824  SONYPVU1 - ok
06:05:52.0000 2824  Sparrow - ok
06:05:52.0078 2824  [ 386F361B0F179428A091E3FAC97A3403 ] Speed Disk service C:\Program Files\Speed Disk\nopdb.exe
06:05:52.0078 2824  Speed Disk service - ok
06:05:52.0140 2824  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
06:05:52.0156 2824  splitter - ok
06:05:52.0203 2824  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
06:05:52.0218 2824  Spooler - ok
06:05:52.0250 2824  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
06:05:52.0265 2824  sr - ok
06:05:52.0312 2824  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
06:05:52.0343 2824  srservice - ok
06:05:52.0406 2824  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
06:05:52.0406 2824  Srv - ok
06:05:52.0453 2824  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
06:05:52.0484 2824  SSDPSRV - ok
06:05:52.0546 2824  [ F7CD574CFF0E0DF2CED11710ACFB60A2 ] st3shark        C:\WINDOWS\system32\DRIVERS\st3shark.sys
06:05:52.0578 2824  st3shark - ok
06:05:52.0671 2824  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
06:05:52.0734 2824  stisvc - ok
06:05:52.0781 2824  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:05:52.0812 2824  streamip - ok
06:05:52.0843 2824  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
06:05:52.0843 2824  swenum - ok
06:05:52.0890 2824  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
06:05:52.0906 2824  swmidi - ok
06:05:52.0921 2824  SwPrv - ok
06:05:52.0984 2824  symc810 - ok
06:05:53.0000 2824  symc8xx - ok
06:05:53.0046 2824  [ C9B8F325B2A22CDA1BDA7B25181B1389 ] SymEvent        C:\Program Files\Symantec\SYMEVENT.SYS
06:05:53.0062 2824  SymEvent - ok
06:05:53.0093 2824  sym_hi - ok
06:05:53.0125 2824  sym_u3 - ok
06:05:53.0171 2824  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
06:05:53.0187 2824  sysaudio - ok
06:05:53.0234 2824  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
06:05:53.0265 2824  SysmonLog - ok
06:05:53.0328 2824  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
06:05:53.0359 2824  TapiSrv - ok
06:05:53.0390 2824  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:05:53.0406 2824  Tcpip - ok
06:05:53.0453 2824  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
06:05:53.0484 2824  TDPIPE - ok
06:05:53.0531 2824  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
06:05:53.0546 2824  TDTCP - ok
06:05:53.0593 2824  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
06:05:53.0609 2824  TermDD - ok
06:05:53.0750 2824  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
06:05:53.0796 2824  TermService - ok
06:05:53.0843 2824  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
06:05:53.0875 2824  Themes - ok
06:05:53.0953 2824  [ D8A96D0E25D43FDAC3BED09ADF39FDE9 ] timounter       C:\WINDOWS\system32\DRIVERS\timntr.sys
06:05:54.0000 2824  timounter - ok
06:05:54.0078 2824  [ 8021A499DB46B2961C285168671CB9AF ] Tones           C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
06:05:54.0093 2824  Tones - ok
06:05:54.0125 2824  TosIde - ok
06:05:54.0187 2824  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
06:05:54.0218 2824  TrkWks - ok
06:05:54.0281 2824  [ C34EFC84F9CEBCFDA27CFB9724FEE0D8 ] TTDVBUSB        C:\WINDOWS\system32\Drivers\ttdvbusb.sys
06:05:54.0296 2824  TTDVBUSB - ok
06:05:54.0343 2824  [ 8F861EDA21C05857EB8197300A92501C ] tunmp           C:\WINDOWS\system32\DRIVERS\tunmp.sys
06:05:54.0343 2824  tunmp - ok
06:05:54.0375 2824  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
06:05:54.0390 2824  Udfs - ok
06:05:54.0421 2824  ultra - ok
06:05:54.0453 2824  UnlockerDriver4 - ok
06:05:54.0515 2824  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
06:05:54.0531 2824  Update - ok
06:05:54.0593 2824  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
06:05:54.0625 2824  upnphost - ok
06:05:54.0656 2824  [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev        C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
06:05:54.0687 2824  upperdev - ok
06:05:54.0750 2824  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
06:05:54.0796 2824  UPS - ok
06:05:54.0843 2824  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
06:05:54.0859 2824  USBAAPL - ok
06:05:54.0906 2824  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
06:05:54.0921 2824  usbaudio - ok
06:05:54.0968 2824  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:05:54.0968 2824  usbccgp - ok
06:05:55.0031 2824  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:05:55.0046 2824  usbehci - ok
06:05:55.0093 2824  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:05:55.0093 2824  usbhub - ok
06:05:55.0156 2824  [ 5512152FB6ECE76648787B617E60BCE9 ] Usblink         C:\WINDOWS\system32\Drivers\ulink.sys
06:05:55.0187 2824  Usblink - ok
06:05:55.0218 2824  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:05:55.0234 2824  usbohci - ok
06:05:55.0265 2824  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:05:55.0281 2824  usbprint - ok
06:05:55.0312 2824  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:05:55.0312 2824  usbscan - ok
06:05:55.0375 2824  [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser          C:\WINDOWS\system32\drivers\usbser.sys
06:05:55.0390 2824  usbser - ok
06:05:55.0453 2824  [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt      C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
06:05:55.0453 2824  UsbserFilt - ok
06:05:55.0500 2824  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:05:55.0515 2824  USBSTOR - ok
06:05:55.0531 2824  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:05:55.0546 2824  usbuhci - ok
06:05:55.0593 2824  [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
06:05:55.0609 2824  usb_rndisx - ok
06:05:55.0671 2824  [ 269C0ADE94B90029B12497747BE408CB ] V124            C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
06:05:55.0687 2824  V124 - ok
06:05:55.0750 2824  [ E8532CCC886588219BCEB3EA6F9F5339 ] VC0130Afx       C:\WINDOWS\system32\Drivers\C0130Afx.sys
06:05:55.0781 2824  VC0130Afx - ok
06:05:55.0906 2824  [ 92241598E6A261F999AC511881A90A29 ] VC0130Aud       C:\WINDOWS\system32\Drivers\C0130Aud.sys
06:05:55.0921 2824  VC0130Aud - ok
06:05:56.0000 2824  [ CB33FAB1B831583683893450E670D176 ] VC0130Dev       C:\WINDOWS\system32\DRIVERS\C0130Vid.sys
06:05:56.0031 2824  VC0130Dev - ok
06:05:56.0093 2824  [ 8C6FC17847495C39A46F61584102A52F ] VC0130Vfx       C:\WINDOWS\system32\DRIVERS\C0130VFx.sys
06:05:56.0109 2824  VC0130Vfx - ok
06:05:56.0187 2824  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
06:05:56.0203 2824  VgaSave - ok
06:05:56.0234 2824  ViaIde - ok
06:05:56.0281 2824  [ 149EC3E217F9D11E9CA6C54CE3D70C73 ] vididr          C:\WINDOWS\system32\DRIVERS\vididr.sys
06:05:56.0328 2824  vididr - ok
06:05:56.0375 2824  [ E31E9CD40677B84B3ADAA7A0D80DC439 ] vidsflt53       C:\WINDOWS\system32\DRIVERS\vsflt53.sys
06:05:56.0390 2824  vidsflt53 - ok
06:05:56.0421 2824  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
06:05:56.0437 2824  VolSnap - ok
06:05:56.0484 2824  [ 1B648150030FAD2F07BA2EE7BB94CD25 ] vsdatant        C:\WINDOWS\system32\vsdatant.sys
06:05:56.0515 2824  vsdatant - ok
06:05:56.0546 2824  vsmon - ok
06:05:56.0609 2824  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
06:05:56.0656 2824  VSS - ok
06:05:56.0671 2824  vToolbarUpdater14.2.0 - ok
06:05:56.0765 2824  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
06:05:56.0796 2824  W32Time - ok
06:05:56.0859 2824  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:05:56.0859 2824  Wanarp - ok
06:05:56.0937 2824  [ 4A954A20A4C73D6DB13C0FE25F3F1B0C ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
06:05:56.0984 2824  wceusbsh - ok
06:05:57.0062 2824  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
06:05:57.0093 2824  Wdf01000 - ok
06:05:57.0125 2824  WDICA - ok
06:05:57.0171 2824  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
06:05:57.0203 2824  wdmaud - ok
06:05:57.0250 2824  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
06:05:57.0281 2824  WebClient - ok
06:05:57.0390 2824  [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE ] winachsf        C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
06:05:57.0421 2824  winachsf - ok
06:05:57.0546 2824  [ 097A8291DF541F9B9AF2C500797CDCAA ] WinDriver6      C:\WINDOWS\system32\drivers\windrvr6.sys
06:05:57.0562 2824  WinDriver6 - ok
06:05:57.0625 2824  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
06:05:57.0640 2824  winmgmt - ok
06:05:57.0765 2824  [ D1AE912012D01F63ACADEBB331BA853C ] WISTechVIDCAP   C:\WINDOWS\system32\drivers\Xstream.sys
06:05:57.0781 2824  WISTechVIDCAP - ok
06:05:57.0875 2824  [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc      C:\Program Files\Windows Live\installer\WLSetupSvc.exe
06:05:57.0875 2824  WLSetupSvc - ok
06:05:57.0937 2824  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
06:05:57.0953 2824  WmdmPmSN - ok
06:05:58.0093 2824  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
06:05:58.0109 2824  WmiApSrv - ok
06:05:58.0203 2824  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
06:05:58.0250 2824  WMPNetworkSvc - ok
06:05:58.0312 2824  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
06:05:58.0328 2824  WpdUsb - ok
06:05:58.0468 2824  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:05:58.0500 2824  WPFFontCache_v0400 - ok
06:05:58.0546 2824  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:05:58.0562 2824  WS2IFSL - ok
06:05:58.0625 2824  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
06:05:58.0671 2824  wscsvc - ok
06:05:58.0750 2824  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:05:58.0750 2824  WSTCODEC - ok
06:05:58.0812 2824  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
06:05:58.0843 2824  wuauserv - ok
06:05:58.0906 2824  [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:05:58.0906 2824  WudfPf - ok
06:05:58.0968 2824  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:05:58.0984 2824  WudfRd - ok
06:05:59.0031 2824  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
06:05:59.0062 2824  WudfSvc - ok
06:05:59.0171 2824  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
06:05:59.0218 2824  WZCSVC - ok
06:05:59.0265 2824  [ 95359ADD6B38C73859457C3743788912 ] XLoader         C:\WINDOWS\system32\Drivers\XLoader.sys
06:05:59.0281 2824  XLoader - ok
06:05:59.0343 2824  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
06:05:59.0453 2824  xmlprov - ok
06:05:59.0593 2824  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
06:05:59.0656 2824  YahooAUService - ok
06:05:59.0750 2824  [ 6776F1A30B364B0BF32225E28F67FA72 ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
06:05:59.0765 2824  yukonwxp - ok
06:05:59.0906 2824  ================ Scan global ===============================
06:05:59.0953 2824  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
06:06:00.0031 2824  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
06:06:00.0062 2824  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
06:06:00.0109 2824  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
06:06:00.0125 2824  [Global] - ok
06:06:00.0125 2824  ================ Scan MBR ==================================
06:06:00.0140 2824  [ D1C93F13A2F67A018E30276E471B64A4 ] \Device\Harddisk0\DR0
06:06:04.0093 2824  \Device\Harddisk0\DR0 - ok
06:06:04.0093 2824  ================ Scan VBR ==================================
06:06:04.0109 2824  [ 3E87E29C4A909BD6203CC0C744C37E3B ] \Device\Harddisk0\DR0\Partition1
06:06:04.0109 2824  \Device\Harddisk0\DR0\Partition1 - ok
06:06:04.0156 2824  [ 2E49F9C2A7FB5608B0C6BEADC662B5E2 ] \Device\Harddisk0\DR0\Partition2
06:06:04.0171 2824  \Device\Harddisk0\DR0\Partition2 - ok
06:06:04.0203 2824  [ 4C5B315539ED505E764BD208DE0DBD45 ] \Device\Harddisk0\DR0\Partition3
06:06:04.0234 2824  \Device\Harddisk0\DR0\Partition3 - ok
06:06:04.0234 2824  ================ Scan active images ========================
06:06:04.0250 2824  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
06:06:04.0250 2824  C:\WINDOWS\system32\drivers\intelppm.sys - ok
06:06:04.0265 2824  [ 2B298519EDBFCF451D43E0F1E8F1006D ] C:\WINDOWS\system32\drivers\nv4_mini.sys
06:06:04.0265 2824  C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
06:06:04.0281 2824  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
06:06:04.0281 2824  C:\WINDOWS\system32\drivers\videoprt.sys - ok
06:06:04.0296 2824  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
06:06:04.0296 2824  C:\WINDOWS\system32\drivers\usbport.sys - ok
06:06:04.0328 2824  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
06:06:04.0328 2824  C:\WINDOWS\system32\drivers\usbehci.sys - ok
06:06:04.0343 2824  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
06:06:04.0343 2824  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
06:06:04.0359 2824  [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] C:\WINDOWS\system32\drivers\Rtlnicxp.sys
06:06:04.0359 2824  C:\WINDOWS\system32\drivers\Rtlnicxp.sys - ok
06:06:04.0375 2824  [ 4236E014632F4163F53EBB717F41594C ] C:\WINDOWS\system32\drivers\HCF_MSFT.sys
06:06:04.0375 2824  C:\WINDOWS\system32\drivers\HCF_MSFT.sys - ok
06:06:04.0375 2824  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
06:06:04.0390 2824  C:\WINDOWS\system32\drivers\modem.sys - ok
06:06:04.0390 2824  [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
06:06:04.0390 2824  C:\WINDOWS\system32\drivers\usbohci.sys - ok
06:06:04.0406 2824  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
06:06:04.0406 2824  C:\WINDOWS\system32\drivers\fdc.sys - ok
06:06:04.0421 2824  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
06:06:04.0421 2824  C:\WINDOWS\system32\drivers\parport.sys - ok
06:06:04.0421 2824  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
06:06:04.0421 2824  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
06:06:04.0437 2824  [ A006D66EDB128FB9AB940A903FDF792E ] C:\WINDOWS\system32\drivers\L8042PR2.SYS
06:06:04.0437 2824  C:\WINDOWS\system32\drivers\L8042PR2.SYS - ok
06:06:04.0453 2824  [ 03ABEF1A29ADDC98C32ED0F336B98E90 ] C:\WINDOWS\system32\drivers\LMouFlt2.Sys
06:06:04.0453 2824  C:\WINDOWS\system32\drivers\LMouFlt2.Sys - ok
06:06:04.0468 2824  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
06:06:04.0468 2824  C:\WINDOWS\system32\drivers\mouclass.sys - ok
06:06:04.0468 2824  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
06:06:04.0468 2824  C:\WINDOWS\system32\drivers\serial.sys - ok
06:06:04.0484 2824  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] C:\WINDOWS\system32\drivers\afc.sys
06:06:04.0484 2824  C:\WINDOWS\system32\drivers\afc.sys - ok
06:06:04.0500 2824  [ DF9957DB3BFE5136AAD3C2C101806C98 ] C:\WINDOWS\system32\drivers\ElbyDelay.sys
06:06:04.0500 2824  C:\WINDOWS\system32\drivers\ElbyDelay.sys - ok
06:06:04.0500 2824  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
06:06:04.0500 2824  C:\WINDOWS\system32\drivers\imapi.sys - ok
06:06:04.0515 2824  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
06:06:04.0515 2824  C:\WINDOWS\system32\drivers\serenum.sys - ok
06:06:04.0531 2824  [ C61C83501268B0110B5C5DB7E63DEE0C ] C:\WINDOWS\system32\drivers\ElbyCDFL.sys
06:06:04.0531 2824  C:\WINDOWS\system32\drivers\ElbyCDFL.sys - ok
06:06:04.0562 2824  [ 9410A723F054537B3304B30D0680B0EC ] C:\WINDOWS\system32\drivers\AnyDVD.sys
06:06:04.0562 2824  C:\WINDOWS\system32\drivers\AnyDVD.sys - ok
06:06:04.0593 2824  [ 444F122E68DB44C0589227781F3C8B3F ] C:\WINDOWS\system32\drivers\pfc.sys
06:06:04.0593 2824  C:\WINDOWS\system32\drivers\pfc.sys - ok
06:06:04.0609 2824  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
06:06:04.0609 2824  C:\WINDOWS\system32\drivers\cdrom.sys - ok
06:06:04.0640 2824  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
06:06:04.0640 2824  C:\WINDOWS\system32\drivers\ks.sys - ok
06:06:04.0656 2824  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
06:06:04.0656 2824  C:\WINDOWS\system32\drivers\redbook.sys - ok
06:06:04.0687 2824  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
06:06:04.0687 2824  C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
06:06:04.0718 2824  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
06:06:04.0718 2824  C:\WINDOWS\system32\drivers\drmk.sys - ok
06:06:04.0750 2824  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
06:06:04.0750 2824  C:\WINDOWS\system32\drivers\portcls.sys - ok
06:06:04.0765 2824  [ E5ADEEF2C0DB43964223F408F1FCC97E ] C:\WINDOWS\system32\drivers\cmuda.sys
06:06:04.0765 2824  C:\WINDOWS\system32\drivers\cmuda.sys - ok
06:06:04.0781 2824  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
06:06:04.0781 2824  C:\WINDOWS\system32\drivers\audstub.sys - ok
06:06:04.0812 2824  [ BC48A0CEE1C2DD2A29A17BBE2F739421 ] C:\WINDOWS\system32\drivers\btaudio.sys
06:06:04.0812 2824  C:\WINDOWS\system32\drivers\btaudio.sys - ok
06:06:04.0828 2824  [ 3E5D89099DED9E86E5639F411693218F ] C:\WINDOWS\system32\drivers\stream.sys
06:06:04.0828 2824  C:\WINDOWS\system32\drivers\stream.sys - ok
06:06:04.0859 2824  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
06:06:04.0859 2824  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
06:06:04.0875 2824  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
06:06:04.0875 2824  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
06:06:04.0906 2824  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
06:06:04.0906 2824  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
06:06:04.0921 2824  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
06:06:04.0921 2824  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
06:06:04.0953 2824  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
06:06:04.0953 2824  C:\WINDOWS\system32\drivers\msgpc.sys - ok
06:06:04.0984 2824  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
06:06:04.0984 2824  C:\WINDOWS\system32\drivers\psched.sys - ok
06:06:05.0000 2824  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
06:06:05.0000 2824  C:\WINDOWS\system32\drivers\raspptp.sys - ok
06:06:05.0031 2824  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
06:06:05.0031 2824  C:\WINDOWS\system32\drivers\tdi.sys - ok
06:06:05.0046 2824  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
06:06:05.0046 2824  C:\WINDOWS\system32\drivers\ptilink.sys - ok
06:06:05.0078 2824  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
06:06:05.0078 2824  C:\WINDOWS\system32\drivers\raspti.sys - ok
06:06:05.0093 2824  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
06:06:05.0093 2824  C:\WINDOWS\system32\drivers\termdd.sys - ok
06:06:05.0109 2824  [ CC420FB70FF2E866C418EFA9E0B3FE36 ] C:\WINDOWS\system32\drivers\AsrVDrive.sys
06:06:05.0109 2824  C:\WINDOWS\system32\drivers\AsrVDrive.sys - ok
06:06:05.0125 2824  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
06:06:05.0125 2824  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
06:06:05.0140 2824  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
06:06:05.0140 2824  C:\WINDOWS\system32\drivers\swenum.sys - ok
06:06:05.0156 2824  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
06:06:05.0156 2824  C:\WINDOWS\system32\drivers\update.sys - ok
06:06:05.0171 2824  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
06:06:05.0171 2824  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
06:06:05.0187 2824  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
06:06:05.0187 2824  C:\WINDOWS\system32\drivers\usbd.sys - ok
06:06:05.0218 2824  [ 097A8291DF541F9B9AF2C500797CDCAA ] C:\WINDOWS\system32\drivers\windrvr6.sys
06:06:05.0234 2824  C:\WINDOWS\system32\drivers\windrvr6.sys - ok
06:06:05.0250 2824  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
06:06:05.0250 2824  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
06:06:05.0265 2824  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
06:06:05.0265 2824  C:\WINDOWS\system32\drivers\usbhub.sys - ok
06:06:05.0281 2824  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
06:06:05.0281 2824  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
06:06:05.0281 2824  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
06:06:05.0281 2824  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
06:06:05.0296 2824  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
06:06:05.0296 2824  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
06:06:05.0312 2824  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
06:06:05.0312 2824  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
06:06:05.0328 2824  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
06:06:05.0328 2824  C:\WINDOWS\system32\drivers\beep.sys - ok
06:06:05.0359 2824  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
06:06:05.0359 2824  C:\WINDOWS\system32\drivers\hidparse.sys - ok
06:06:05.0375 2824  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
06:06:05.0375 2824  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
06:06:05.0390 2824  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
06:06:05.0390 2824  C:\WINDOWS\system32\drivers\null.sys - ok
06:06:05.0406 2824  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
06:06:05.0406 2824  C:\WINDOWS\system32\drivers\vga.sys - ok
06:06:05.0437 2824  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
06:06:05.0437 2824  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
06:06:05.0453 2824  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
06:06:05.0453 2824  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
06:06:05.0468 2824  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
06:06:05.0468 2824  C:\WINDOWS\system32\drivers\msfs.sys - ok
06:06:05.0484 2824  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
06:06:05.0484 2824  C:\WINDOWS\system32\drivers\npfs.sys - ok
06:06:05.0500 2824  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
06:06:05.0500 2824  C:\WINDOWS\system32\drivers\rasacd.sys - ok
06:06:05.0515 2824  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
06:06:05.0515 2824  C:\WINDOWS\system32\drivers\ipsec.sys - ok
06:06:05.0531 2824  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
06:06:05.0531 2824  C:\WINDOWS\system32\drivers\tcpip.sys - ok
06:06:05.0531 2824  [ 33E21FFB063CA6C7E00D568467DC72E4 ] C:\WINDOWS\system32\drivers\aswTdi.sys
06:06:05.0546 2824  C:\WINDOWS\system32\drivers\aswTdi.sys - ok
06:06:05.0562 2824  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
06:06:05.0562 2824  C:\WINDOWS\system32\drivers\ipnat.sys - ok
06:06:05.0578 2824  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
06:06:05.0578 2824  C:\WINDOWS\system32\drivers\netbt.sys - ok
06:06:05.0593 2824  [ C1A411B7CCD604554D96EFDAC2F83617 ] C:\WINDOWS\system32\drivers\aswRdr.sys
06:06:05.0593 2824  C:\WINDOWS\system32\drivers\aswRdr.sys - ok
06:06:05.0609 2824  [ 1B648150030FAD2F07BA2EE7BB94CD25 ] C:\WINDOWS\system32\vsdatant.sys
06:06:05.0609 2824  C:\WINDOWS\system32\vsdatant.sys - ok
06:06:05.0625 2824  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
06:06:05.0625 2824  C:\WINDOWS\system32\drivers\afd.sys - ok
06:06:05.0640 2824  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
06:06:05.0640 2824  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
06:06:05.0656 2824  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
06:06:05.0656 2824  C:\WINDOWS\system32\drivers\netbios.sys - ok
06:06:05.0671 2824  [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
06:06:05.0671 2824  C:\WINDOWS\system32\drivers\processr.sys - ok
06:06:05.0687 2824  [ 39763504067962108505BFF25F024345 ] C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
06:06:05.0687 2824  C:\Program Files\SUPERAntiSpyware\sasdifsv.sys - ok
06:06:05.0703 2824  [ 77B9FC20084B48408AD3E87570EB4A85 ] C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
06:06:05.0703 2824  C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok
06:06:05.0718 2824  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
06:06:05.0718 2824  C:\WINDOWS\system32\drivers\rdbss.sys - ok
06:06:05.0734 2824  [ 17F8208256434AB3B975BAC90BA090F0 ] C:\WINDOWS\system32\drivers\slee13.sys
06:06:05.0734 2824  C:\WINDOWS\system32\drivers\slee13.sys - ok
06:06:05.0750 2824  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
06:06:05.0750 2824  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
06:06:05.0765 2824  [ 52D60EB121B01C6C2FF7F4C6AD123105 ] C:\WINDOWS\system32\drivers\PQIMount.sys
06:06:05.0765 2824  C:\WINDOWS\system32\drivers\PQIMount.sys - ok
06:06:05.0781 2824  [ B26019A686D36E22F954E67C8FEC4297 ] C:\WINDOWS\system32\drivers\PQNTDRV.sys
06:06:05.0781 2824  C:\WINDOWS\system32\drivers\PQNTDRV.sys - ok
06:06:05.0796 2824  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
06:06:05.0796 2824  C:\WINDOWS\system32\drivers\fips.sys - ok
06:06:05.0812 2824  [ 6FC4AA106AA505394C908D37CCCB9148 ] C:\WINDOWS\system32\drivers\aswSP.sys
06:06:05.0812 2824  C:\WINDOWS\system32\drivers\aswSP.sys - ok
06:06:05.0828 2824  [ 5D7BE7B19E827125E016325334E58FF1 ] C:\WINDOWS\system32\drivers\BANTExt.sys
06:06:05.0828 2824  C:\WINDOWS\system32\drivers\BANTExt.sys - ok
06:06:05.0843 2824  [ CEF620676E9D8F1207D92FCDEB63F074 ] C:\WINDOWS\system32\drivers\eudskacs.sys
06:06:05.0843 2824  C:\WINDOWS\system32\drivers\eudskacs.sys - ok
06:06:05.0859 2824  [ F1BB27BC6DD385C154666ADE0D28387B ] C:\WINDOWS\system32\drivers\EuFdDisk.sys
06:06:05.0859 2824  C:\WINDOWS\system32\drivers\EuFdDisk.sys - ok
06:06:05.0875 2824  [ 0E604867FC28F00D91CB0B00D2EC830D ] C:\WINDOWS\system32\drivers\aswSnx.sys
06:06:05.0875 2824  C:\WINDOWS\system32\drivers\aswSnx.sys - ok
06:06:05.0890 2824  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
06:06:05.0890 2824  C:\WINDOWS\system32\ntdll.dll - ok
06:06:05.0906 2824  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
06:06:05.0906 2824  C:\WINDOWS\system32\smss.exe - ok
06:06:05.0921 2824  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
06:06:05.0921 2824  C:\WINDOWS\system32\autochk.exe - ok
06:06:05.0937 2824  [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
06:06:05.0937 2824  C:\WINDOWS\system32\drivers\usbccgp.sys - ok
06:06:05.0953 2824  [ B625D3CC8B586ECC83215E9E5E031AD8 ] C:\WINDOWS\system32\drivers\dptrackerd.sys
06:06:05.0953 2824  C:\WINDOWS\system32\drivers\dptrackerd.sys - ok
06:06:05.0968 2824  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] C:\WINDOWS\system32\drivers\usbscan.sys
06:06:05.0968 2824  C:\WINDOWS\system32\drivers\usbscan.sys - ok
06:06:05.0984 2824  [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
06:06:05.0984 2824  C:\WINDOWS\system32\drivers\usbstor.sys - ok
06:06:06.0000 2824  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
06:06:06.0000 2824  C:\WINDOWS\system32\sfcfiles.dll - ok
06:06:06.0015 2824  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
06:06:06.0015 2824  C:\WINDOWS\system32\drivers\cdfs.sys - ok
06:06:06.0031 2824  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
06:06:06.0031 2824  C:\WINDOWS\system32\drivers\hidclass.sys - ok
06:06:06.0046 2824  [ A8742865E15A57B426EFCC5FF744D6D3 ] C:\WINDOWS\system32\drivers\LHidUsb.sys
06:06:06.0046 2824  C:\WINDOWS\system32\drivers\LHidUsb.sys - ok
06:06:06.0062 2824  [ CE97845D2E3F0D274B8BAC1ED07C6149 ] C:\WINDOWS\system32\drivers\usbcamd2.sys
06:06:06.0062 2824  C:\WINDOWS\system32\drivers\usbcamd2.sys - ok
06:06:06.0078 2824  [ 5F68A3AB60262E3BF5B5C6C926E53525 ] C:\WINDOWS\system32\drivers\camdrv21.sys
06:06:06.0078 2824  C:\WINDOWS\system32\drivers\camdrv21.sys - ok
06:06:06.0093 2824  [ E919708DB44ED8543A7C017953148330 ] C:\WINDOWS\system32\drivers\usbaudio.sys
06:06:06.0093 2824  C:\WINDOWS\system32\drivers\usbaudio.sys - ok
06:06:06.0109 2824  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
06:06:06.0109 2824  C:\WINDOWS\system32\drivers\atapi.sys - ok
06:06:06.0125 2824  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
06:06:06.0125 2824  C:\WINDOWS\system32\drivers\wmilib.sys - ok
06:06:06.0140 2824  [ 63B00A26F62572E0D58E6C8D3B32BF59 ] C:\WINDOWS\system32\drivers\LHidFlt2.Sys
06:06:06.0140 2824  C:\WINDOWS\system32\drivers\LHidFlt2.Sys - ok
06:06:06.0156 2824  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
06:06:06.0156 2824  C:\WINDOWS\system32\drivers\mouhid.sys - ok
06:06:06.0171 2824  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
06:06:06.0171 2824  C:\WINDOWS\system32\drivers\dxapi.sys - ok
06:06:06.0187 2824  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
06:06:06.0187 2824  C:\WINDOWS\system32\watchdog.sys - ok
06:06:06.0203 2824  [ BD39EC6064A1B5DFDABCF312A38A37EE ] C:\WINDOWS\system32\win32k.sys
06:06:06.0203 2824  C:\WINDOWS\system32\win32k.sys - ok
06:06:06.0218 2824  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
06:06:06.0218 2824  C:\WINDOWS\system32\csrsrv.dll - ok
06:06:06.0234 2824  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
06:06:06.0234 2824  C:\WINDOWS\system32\csrss.exe - ok
06:06:06.0250 2824  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
06:06:06.0250 2824  C:\WINDOWS\system32\basesrv.dll - ok
06:06:06.0265 2824  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
06:06:06.0265 2824  C:\WINDOWS\system32\winsrv.dll - ok
06:06:06.0281 2824  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
06:06:06.0281 2824  C:\WINDOWS\system32\gdi32.dll - ok
06:06:06.0312 2824  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
06:06:06.0312 2824  C:\WINDOWS\system32\kernel32.dll - ok
06:06:06.0328 2824  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
06:06:06.0328 2824  C:\WINDOWS\system32\user32.dll - ok
06:06:06.0343 2824  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
06:06:06.0343 2824  C:\WINDOWS\system32\drivers\dxg.sys - ok
06:06:06.0359 2824  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
06:06:06.0359 2824  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
06:06:06.0375 2824  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
06:06:06.0375 2824  C:\WINDOWS\system32\drivers\hidusb.sys - ok
06:06:06.0390 2824  [ 66C217ADC165BE397788EBC24BF21D2C ] C:\WINDOWS\system32\nv4_disp.dll
06:06:06.0390 2824  C:\WINDOWS\system32\nv4_disp.dll - ok
06:06:06.0406 2824  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
06:06:06.0406 2824  C:\WINDOWS\system32\vga.dll - ok
06:06:06.0421 2824  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
06:06:06.0421 2824  C:\WINDOWS\system32\winlogon.exe - ok
06:06:06.0437 2824  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
06:06:06.0437 2824  C:\WINDOWS\system32\advapi32.dll - ok
06:06:06.0453 2824  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
06:06:06.0453 2824  C:\WINDOWS\system32\rpcrt4.dll - ok
06:06:06.0468 2824  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
06:06:06.0468 2824  C:\WINDOWS\system32\authz.dll - ok
06:06:06.0484 2824  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
06:06:06.0484 2824  C:\WINDOWS\system32\msvcrt.dll - ok
06:06:06.0500 2824  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
06:06:06.0500 2824  C:\WINDOWS\system32\secur32.dll - ok
06:06:06.0515 2824  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
06:06:06.0515 2824  C:\WINDOWS\system32\crypt32.dll - ok
06:06:06.0531 2824  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
06:06:06.0531 2824  C:\WINDOWS\system32\msasn1.dll - ok
06:06:06.0546 2824  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
06:06:06.0546 2824  C:\WINDOWS\system32\nddeapi.dll - ok
06:06:06.0562 2824  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
06:06:06.0562 2824  C:\WINDOWS\system32\profmap.dll - ok
06:06:06.0578 2824  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
06:06:06.0578 2824  C:\WINDOWS\system32\netapi32.dll - ok
06:06:06.0593 2824  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
06:06:06.0593 2824  C:\WINDOWS\system32\userenv.dll - ok
06:06:06.0609 2824  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
06:06:06.0609 2824  C:\WINDOWS\system32\psapi.dll - ok
06:06:06.0625 2824  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
06:06:06.0625 2824  C:\WINDOWS\system32\regapi.dll - ok
06:06:06.0640 2824  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
06:06:06.0640 2824  C:\WINDOWS\system32\setupapi.dll - ok
06:06:06.0656 2824  [ 4A954A20A4C73D6DB13C0FE25F3F1B0C ] C:\WINDOWS\system32\drivers\wceusbsh.sys
06:06:06.0656 2824  C:\WINDOWS\system32\drivers\wceusbsh.sys - ok
06:06:06.0687 2824  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
06:06:06.0687 2824  C:\WINDOWS\system32\imagehlp.dll - ok
06:06:06.0703 2824  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
06:06:06.0703 2824  C:\WINDOWS\system32\version.dll - ok
06:06:06.0703 2824  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
06:06:06.0703 2824  C:\WINDOWS\system32\winsta.dll - ok
06:06:06.0718 2824  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
06:06:06.0718 2824  C:\WINDOWS\system32\wintrust.dll - ok
06:06:06.0734 2824  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
06:06:06.0734 2824  C:\WINDOWS\system32\ws2_32.dll - ok
06:06:06.0750 2824  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
06:06:06.0750 2824  C:\WINDOWS\system32\imm32.dll - ok
06:06:06.0765 2824  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
06:06:06.0765 2824  C:\WINDOWS\system32\ws2help.dll - ok
06:06:06.0781 2824  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
06:06:06.0781 2824  C:\WINDOWS\system32\kbdus.dll - ok
06:06:06.0796 2824  [ DAB9952E3626D84E74CBF4958B1B1F52 ] C:\WINDOWS\system32\kbduk.dll
06:06:06.0796 2824  C:\WINDOWS\system32\kbduk.dll - ok
06:06:06.0812 2824  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
06:06:06.0812 2824  C:\WINDOWS\system32\msgina.dll - ok
06:06:06.0828 2824  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
06:06:06.0828 2824  C:\WINDOWS\system32\comctl32.dll - ok
06:06:06.0843 2824  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
06:06:06.0843 2824  C:\WINDOWS\system32\odbc32.dll - ok
06:06:06.0859 2824  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
06:06:06.0859 2824  C:\WINDOWS\system32\comdlg32.dll - ok
06:06:06.0875 2824  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
06:06:06.0875 2824  C:\WINDOWS\system32\shell32.dll - ok
06:06:06.0890 2824  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
06:06:06.0890 2824  C:\WINDOWS\system32\shlwapi.dll - ok
06:06:06.0906 2824  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
06:06:06.0906 2824  C:\WINDOWS\system32\sxs.dll - ok
06:06:06.0921 2824  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
06:06:06.0921 2824  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
06:06:06.0937 2824  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
06:06:06.0937 2824  C:\WINDOWS\system32\odbcint.dll - ok
06:06:06.0953 2824  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
06:06:06.0953 2824  C:\WINDOWS\system32\shsvcs.dll - ok
06:06:06.0968 2824  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
06:06:06.0968 2824  C:\WINDOWS\system32\sfc.dll - ok
06:06:06.0984 2824  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
06:06:06.0984 2824  C:\WINDOWS\system32\sfc_os.dll - ok
06:06:07.0000 2824  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
06:06:07.0000 2824  C:\WINDOWS\system32\ole32.dll - ok
06:06:07.0015 2824  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
06:06:07.0015 2824  C:\WINDOWS\system32\apphelp.dll - ok
06:06:07.0031 2824  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
06:06:07.0031 2824  C:\WINDOWS\system32\services.exe - ok
06:06:07.0046 2824  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
06:06:07.0046 2824  C:\WINDOWS\system32\lsass.exe - ok
06:06:07.0062 2824  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
06:06:07.0062 2824  C:\WINDOWS\system32\ncobjapi.dll - ok
06:06:07.0078 2824  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
06:06:07.0078 2824  C:\WINDOWS\system32\lsasrv.dll - ok
06:06:07.0093 2824  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
06:06:07.0093 2824  C:\WINDOWS\system32\msvcp60.dll - ok
06:06:07.0109 2824  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
06:06:07.0109 2824  C:\WINDOWS\system32\scesrv.dll - ok
06:06:07.0125 2824  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
06:06:07.0125 2824  C:\WINDOWS\system32\mpr.dll - ok
06:06:07.0140 2824  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
06:06:07.0140 2824  C:\WINDOWS\system32\umpnpmgr.dll - ok
06:06:07.0171 2824  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
06:06:07.0171 2824  C:\WINDOWS\system32\ntdsapi.dll - ok
06:06:07.0203 2824  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
06:06:07.0203 2824  C:\WINDOWS\system32\shimeng.dll - ok
06:06:07.0218 2824  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
06:06:07.0218 2824  C:\WINDOWS\AppPatch\acadproc.dll - ok
06:06:07.0234 2824  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
06:06:07.0234 2824  C:\WINDOWS\system32\dnsapi.dll - ok
06:06:07.0250 2824  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
06:06:07.0250 2824  C:\WINDOWS\system32\wldap32.dll - ok
06:06:07.0265 2824  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
06:06:07.0265 2824  C:\WINDOWS\system32\samlib.dll - ok
06:06:07.0281 2824  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
06:06:07.0281 2824  C:\WINDOWS\system32\samsrv.dll - ok
06:06:07.0296 2824  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
06:06:07.0296 2824  C:\WINDOWS\system32\cryptdll.dll - ok
06:06:07.0312 2824  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
06:06:07.0312 2824  C:\WINDOWS\AppPatch\acgenral.dll - ok
06:06:07.0343 2824  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
06:06:07.0343 2824  C:\WINDOWS\system32\oleaut32.dll - ok
06:06:07.0359 2824  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
06:06:07.0359 2824  C:\WINDOWS\system32\winmm.dll - ok
06:06:07.0375 2824  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
06:06:07.0375 2824  C:\WINDOWS\system32\msacm32.dll - ok
06:06:07.0406 2824  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
06:06:07.0406 2824  C:\WINDOWS\system32\uxtheme.dll - ok
06:06:07.0437 2824  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
06:06:07.0437 2824  C:\WINDOWS\system32\msapsspc.dll - ok
06:06:07.0437 2824  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
06:06:07.0437 2824  C:\WINDOWS\system32\msvcrt40.dll - ok
06:06:07.0468 2824  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
06:06:07.0468 2824  C:\WINDOWS\system32\schannel.dll - ok
06:06:07.0484 2824  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
06:06:07.0484 2824  C:\WINDOWS\system32\digest.dll - ok
06:06:07.0500 2824  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
06:06:07.0500 2824  C:\WINDOWS\system32\msnsspc.dll - ok
06:06:07.0531 2824  [ 3F790874A85819E94574F3E7AF9C5806 ] C:\WINDOWS\system32\msctfime.ime
06:06:07.0546 2824  C:\WINDOWS\system32\msctfime.ime - ok
06:06:07.0562 2824  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
06:06:07.0562 2824  C:\WINDOWS\system32\msprivs.dll - ok
06:06:07.0578 2824  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
06:06:07.0578 2824  C:\WINDOWS\system32\kerberos.dll - ok
06:06:07.0593 2824  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
06:06:07.0593 2824  C:\WINDOWS\system32\msv1_0.dll - ok
06:06:07.0609 2824  [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
06:06:07.0609 2824  C:\WINDOWS\system32\atmfd.dll - ok
06:06:07.0625 2824  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
06:06:07.0625 2824  C:\WINDOWS\system32\iphlpapi.dll - ok
06:06:07.0640 2824  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
06:06:07.0640 2824  C:\WINDOWS\system32\netlogon.dll - ok
06:06:07.0656 2824  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
06:06:07.0656 2824  C:\WINDOWS\system32\w32time.dll - ok
06:06:07.0671 2824  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
06:06:07.0687 2824  C:\WINDOWS\system32\wdigest.dll - ok
06:06:07.0703 2824  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
06:06:07.0703 2824  C:\WINDOWS\system32\rsaenh.dll - ok
06:06:07.0718 2824  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
06:06:07.0718 2824  C:\WINDOWS\system32\winscard.dll - ok
06:06:07.0750 2824  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
06:06:07.0750 2824  C:\WINDOWS\system32\wtsapi32.dll - ok
06:06:07.0765 2824  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
06:06:07.0765 2824  C:\WINDOWS\system32\scecli.dll - ok
06:06:07.0796 2824  [ CCDA8D84FD02AEC52E62F296433AE9DC ] C:\WINDOWS\system32\drivers\aswFsBlk.sys
06:06:07.0796 2824  C:\WINDOWS\system32\drivers\aswFsBlk.sys - ok
06:06:07.0812 2824  [ A6E20E62871A28A0F1C05B1681848FA7 ] C:\WINDOWS\system32\drivers\aswMonFlt.sys
06:06:07.0812 2824  C:\WINDOWS\system32\drivers\aswMonFlt.sys - ok
06:06:07.0812 2824  [ 16E441DC4DAF703FB0B0FE474830FF53 ] C:\WINDOWS\system32\drivers\IcRecUsb.sys
06:06:07.0812 2824  C:\WINDOWS\system32\drivers\IcRecUsb.sys - ok
06:06:07.0843 2824  [ EAA6324F51214D2F6718977EC9CE0DEF ] C:\WINDOWS\system32\drivers\WudfPf.sys
06:06:07.0843 2824  C:\WINDOWS\system32\drivers\WudfPf.sys - ok
06:06:07.0875 2824  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
06:06:07.0875 2824  C:\WINDOWS\system32\svchost.exe - ok
06:06:07.0921 2824  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
06:06:07.0921 2824  C:\WINDOWS\system32\ntmarta.dll - ok
06:06:07.0921 2824  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
06:06:07.0921 2824  C:\WINDOWS\system32\rpcss.dll - ok
06:06:07.0953 2824  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
06:06:07.0953 2824  C:\WINDOWS\system32\xpsp2res.dll - ok
06:06:07.0953 2824  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
06:06:07.0953 2824  C:\WINDOWS\system32\eventlog.dll - ok
06:06:07.0968 2824  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:06:07.0984 2824  C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe - ok
06:06:08.0000 2824  [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
06:06:08.0000 2824  C:\WINDOWS\system32\mscoree.dll - ok
06:06:08.0031 2824  [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
06:06:08.0046 2824  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
06:06:08.0062 2824  [ FB53A700132D9A97D1E10E9F80BD6174 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
06:06:08.0062 2824  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
06:06:08.0078 2824  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
06:06:08.0078 2824  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
06:06:08.0093 2824  [ 09523AFBC5937D7CC786FC9C74D2D516 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
06:06:08.0093 2824  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll - ok
06:06:08.0109 2824  [ 4B3685AA700084E4ED6635FC1EFD9CC2 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
06:06:08.0109 2824  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll - ok
06:06:08.0109 2824  [ B9153B3A2F653DED6560FB8AAD38AE08 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\0f410e5729f64f2acc084505f01f863f\PresentationFontCache.ni.exe
06:06:08.0125 2824  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\0f410e5729f64f2acc084505f01f863f\PresentationFontCache.ni.exe - ok
06:06:08.0140 2824  [ C1649188479440AA5834EDA555445CDC ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
06:06:08.0140 2824  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll - ok
06:06:08.0140 2824  [ C87FED0BF3CA6E9A5D7EA4B1B947AC89 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll
06:06:08.0140 2824  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll - ok
06:06:08.0156 2824  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
06:06:08.0156 2824  C:\WINDOWS\system32\logonui.exe - ok
06:06:08.0171 2824  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
06:06:08.0171 2824  C:\WINDOWS\system32\duser.dll - ok
06:06:08.0187 2824  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
06:06:08.0187 2824  C:\WINDOWS\system32\msimg32.dll - ok
06:06:08.0203 2824  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
06:06:08.0203 2824  C:\WINDOWS\system32\oleacc.dll - ok
06:06:08.0218 2824  [ 17170EF2E1B181CBF056A894362A4B69 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll
06:06:08.0218 2824  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll - ok
06:06:08.0250 2824  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
06:06:08.0250 2824  C:\WINDOWS\system32\clbcatq.dll - ok
06:06:08.0281 2824  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
06:06:08.0281 2824  C:\WINDOWS\system32\comres.dll - ok
06:06:08.0296 2824  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
06:06:08.0296 2824  C:\WINDOWS\system32\shgina.dll - ok
06:06:08.0328 2824  [ 15F5D3FC818E98A14C22D80B0606F825 ] C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
06:06:08.0328 2824  C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll - ok
06:06:08.0343 2824  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
06:06:08.0343 2824  C:\WINDOWS\system32\shfolder.dll - ok
06:06:08.0375 2824  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
06:06:08.0375 2824  C:\WINDOWS\system32\mswsock.dll - ok
06:06:08.0406 2824  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
06:06:08.0406 2824  C:\WINDOWS\system32\hnetcfg.dll - ok
06:06:08.0421 2824  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
06:06:08.0421 2824  C:\WINDOWS\system32\wshtcpip.dll - ok
06:06:08.0437 2824  [ 811BB60991FC03A63F2F844A3F9C6488 ] C:\WINDOWS\system32\wshisn.dll
06:06:08.0437 2824  C:\WINDOWS\system32\wshisn.dll - ok
06:06:08.0468 2824  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
06:06:08.0468 2824  C:\WINDOWS\system32\wsock32.dll - ok
06:06:08.0500 2824  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
06:06:08.0500 2824  C:\WINDOWS\system32\winrnr.dll - ok
06:06:08.0515 2824  [ 46C55935FA730144449C884A472827E0 ] C:\WINDOWS\system32\wshbth.dll
06:06:08.0515 2824  C:\WINDOWS\system32\wshbth.dll - ok
06:06:08.0531 2824  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
06:06:08.0531 2824  C:\WINDOWS\system32\rasadhlp.dll - ok
06:06:08.0546 2824  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
06:06:08.0546 2824  C:\WINDOWS\system32\cscdll.dll - ok
06:06:08.0578 2824  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
06:06:08.0578 2824  C:\WINDOWS\system32\dimsntfy.dll - ok
06:06:08.0593 2824  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
06:06:08.0593 2824  C:\WINDOWS\system32\wlnotify.dll - ok
06:06:08.0625 2824  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
06:06:08.0625 2824  C:\WINDOWS\system32\winspool.drv - ok
06:06:08.0640 2824  [ D7DCFB4D0C58FFB569DE93E1681FD37A ] C:\WINDOWS\system32\WgaLogon.dll
06:06:08.0640 2824  C:\WINDOWS\system32\WgaLogon.dll - ok
06:06:08.0656 2824  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] C:\WINDOWS\system32\WudfSvc.dll
06:06:08.0656 2824  C:\WINDOWS\system32\WudfSvc.dll - ok
06:06:08.0687 2824  [ 708E6997420592E033CF01B60E6E4223 ] C:\WINDOWS\system32\WudfPlatform.dll
06:06:08.0703 2824  C:\WINDOWS\system32\WudfPlatform.dll - ok
06:06:08.0718 2824  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
06:06:08.0718 2824  C:\WINDOWS\system32\msxml3.dll - ok
06:06:08.0750 2824  [ C6EE3A87FE609D3E1DB9DBD072A248DE ] C:\WINDOWS\system32\drivers\fssfltr_tdi.sys
06:06:08.0750 2824  C:\WINDOWS\system32\drivers\fssfltr_tdi.sys - ok
06:06:08.0765 2824  [ 8B8B1BE2DBA4025DA6786C645F77F123 ] C:\WINDOWS\system32\drivers\nwlnkipx.sys
06:06:08.0765 2824  C:\WINDOWS\system32\drivers\nwlnkipx.sys - ok
06:06:08.0781 2824  [ 56D34A67C05E94E16377C60609741FF8 ] C:\WINDOWS\system32\drivers\nwlnknb.sys
06:06:08.0781 2824  C:\WINDOWS\system32\drivers\nwlnknb.sys - ok
06:06:08.0796 2824  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
06:06:08.0796 2824  C:\WINDOWS\system32\dhcpcsvc.dll - ok
06:06:08.0812 2824  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
06:06:08.0812 2824  C:\WINDOWS\system32\dnsrslvr.dll - ok
06:06:08.0859 2824  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
06:06:08.0859 2824  C:\WINDOWS\system32\lmhsvc.dll - ok
06:06:08.0890 2824  [ 41735B82DB57E4EBE9504EC400FD120E ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
06:06:08.0890 2824  C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok
06:06:08.0906 2824  [ 81BC2B7B6C5C46EB31DEDAC66548053E ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
06:06:08.0906 2824  C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
06:06:08.0921 2824  [ 4021AEBD765FBFD22E5E7B21FB0E9549 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
06:06:08.0921 2824  C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
06:06:08.0953 2824  [ 35868C1F8B1BFF5CA1F957E3548A96FC ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
06:06:08.0953 2824  C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
06:06:08.0968 2824  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
06:06:08.0984 2824  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
06:06:09.0000 2824  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
06:06:09.0000 2824  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
06:06:09.0015 2824  [ E9CE9F8CD76B81B1CE5C9F3F58D0591A ] C:\Program Files\AVAST Software\Avast\ashBase.dll
06:06:09.0015 2824  C:\Program Files\AVAST Software\Avast\ashBase.dll - ok
06:06:09.0031 2824  [ FFF65CA2746E1FA5673D2BF2CC706955 ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
06:06:09.0031 2824  C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
06:06:09.0046 2824  [ 5AACF4B4DEE1972B7952E8A747122232 ] C:\WINDOWS\system32\wininet.dll
06:06:09.0046 2824  C:\WINDOWS\system32\wininet.dll - ok
06:06:09.0062 2824  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
06:06:09.0062 2824  C:\WINDOWS\system32\normaliz.dll - ok
06:06:09.0078 2824  [ C332870084DB9164F465D6F1B7472728 ] C:\WINDOWS\system32\urlmon.dll
06:06:09.0078 2824  C:\WINDOWS\system32\urlmon.dll - ok
06:06:09.0093 2824  [ 47464CA4943F82E1B8FCB2C57DA15F83 ] C:\WINDOWS\system32\iertutil.dll
06:06:09.0093 2824  C:\WINDOWS\system32\iertutil.dll - ok
06:06:09.0109 2824  [ 47742160BBC1B66D0CB09AA45F907540 ] C:\Program Files\AVAST Software\Avast\avBugReport.exe
06:06:09.0109 2824  C:\Program Files\AVAST Software\Avast\avBugReport.exe - ok
06:06:09.0125 2824  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
06:06:09.0125 2824  C:\WINDOWS\system32\dbghelp.dll - ok
06:06:09.0140 2824  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
06:06:09.0140 2824  C:\WINDOWS\system32\winhttp.dll - ok
06:06:09.0171 2824  [ 0127F0E5C76C1C02842952DD7B38157A ] C:\Program Files\AVAST Software\Avast\1033\Base.dll
06:06:09.0171 2824  C:\Program Files\AVAST Software\Avast\1033\Base.dll - ok
06:06:09.0171 2824  [ 31472162FB12CFE31226343FDEE94318 ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
06:06:09.0171 2824  C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
06:06:09.0187 2824  [ 129D3C6FF2E0C60FBD757C63C72F15B8 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
06:06:09.0187 2824  C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
06:06:09.0203 2824  [ 1BE8D8DCCEBD1174BCC22D0BC575C237 ] C:\Program Files\AVAST Software\Avast\ashServ.dll
06:06:09.0203 2824  C:\Program Files\AVAST Software\Avast\ashServ.dll - ok
06:06:09.0218 2824  [ FD639FEEE160F399DB58A3FDB2E0DF4D ] C:\Program Files\AVAST Software\Avast\aswAux.dll
06:06:09.0218 2824  C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
06:06:09.0234 2824  [ 3B8707AC8BB05CD0D4D96333D4411EE7 ] C:\Program Files\AVAST Software\Avast\ashTask.dll
06:06:09.0234 2824  C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
06:06:09.0250 2824  [ 8588D68F3A51C147EA8019E496F805EB ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
06:06:09.0250 2824  C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok
06:06:09.0265 2824  [ 720B5083FC3037150801504F9ECA1591 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
06:06:09.0265 2824  C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
06:06:09.0281 2824  [ F5FEDB7D35E030A2DACD40FB3245C765 ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
06:06:09.0281 2824  C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
06:06:09.0296 2824  [ 482310DD75538EB321210FF1E2538C72 ] C:\Program Files\AVAST Software\Avast\Aavm4h.dll
06:06:09.0296 2824  C:\Program Files\AVAST Software\Avast\Aavm4h.dll - ok
06:06:09.0296 2824  [ 1650A06EB48C18969057761AFCCBF001 ] C:\Program Files\AVAST Software\Avast\avastIP.dll
06:06:09.0296 2824  C:\Program Files\AVAST Software\Avast\avastIP.dll - ok
06:06:09.0328 2824  [ 682F67B86B4F586D813BACA7A0AA06A7 ] C:\Program Files\AVAST Software\Avast\aswIdle.dll
06:06:09.0328 2824  C:\Program Files\AVAST Software\Avast\aswIdle.dll - ok
06:06:09.0343 2824  [ EB6613261E287A8B9783C9C8B7F118F8 ] C:\Program Files\AVAST Software\Avast\aswDld.dll
06:06:09.0343 2824  C:\Program Files\AVAST Software\Avast\aswDld.dll - ok
06:06:09.0375 2824  [ 20EEC2605DC89048E9989FE8D73E26BD ] C:\Program Files\AVAST Software\Avast\aswStrm.dll
06:06:09.0375 2824  C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok
06:06:09.0406 2824  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
06:06:09.0406 2824  C:\WINDOWS\system32\schedsvc.dll - ok
06:06:09.0421 2824  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
06:06:09.0421 2824  C:\WINDOWS\system32\msidle.dll - ok
06:06:09.0453 2824  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
06:06:09.0453 2824  C:\WINDOWS\system32\spoolsv.exe - ok
06:06:09.0468 2824  [ 0378823D809E1128699FBF95B785D406 ] C:\Program Files\AVAST Software\Avast\defs\13040900\aswEngin.dll
06:06:09.0468 2824  C:\Program Files\AVAST Software\Avast\defs\13040900\aswEngin.dll - ok
06:06:09.0484 2824  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
06:06:09.0484 2824  C:\WINDOWS\system32\audiosrv.dll - ok
06:06:09.0515 2824  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
06:06:09.0515 2824  C:\WINDOWS\system32\wkssvc.dll - ok
06:06:09.0531 2824  [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] C:\WINDOWS\system32\drivers\nwlnkspx.sys
06:06:09.0531 2824  C:\WINDOWS\system32\drivers\nwlnkspx.sys - ok
06:06:09.0546 2824  [ 64790077F7574E0EB97F3CD2C7B46796 ] C:\Program Files\AVAST Software\Avast\defs\13040900\aswCmnIS.dll
06:06:09.0546 2824  C:\Program Files\AVAST Software\Avast\defs\13040900\aswCmnIS.dll - ok
06:06:09.0546 2824  [ DE5ED4F129994D26135D4F89AA2DD649 ] C:\Program Files\AVAST Software\Avast\defs\13040900\aswCmnOS.dll
06:06:09.0546 2824  C:\Program Files\AVAST Software\Avast\defs\13040900\aswCmnOS.dll - ok
06:06:09.0578 2824  [ DDAF3D6628EF96C14E0B46F317A1FD7F ] C:\Program Files\AVAST Software\Avast\defs\13040900\aswCmnBS.dll
06:06:09.0578 2824  C:\Program Files\AVAST Software\Avast\defs\13040900\aswCmnBS.dll - ok
06:06:09.0593 2824  [ 6769DBB1021EA758A86E0D8927F49E69 ] C:\Program Files\AVAST Software\Avast\defs\13040900\aswScan.dll
06:06:09.0609 2824  C:\Program Files\AVAST Software\Avast\defs\13040900\aswScan.dll - ok
06:06:09.0609 2824  [ 8539ED943138AF05A92BD69A4DA092B2 ] C:\Program Files\AVAST Software\Avast\defs\13040900\aswRep.dll
06:06:09.0609 2824  C:\Program Files\AVAST Software\Avast\defs\13040900\aswRep.dll - ok
06:06:09.0640 2824  [ B592D0F64CD6B523029FA1AED2022106 ] C:\Program Files\AVAST Software\Avast\defs\13040900\aswFiDb.dll
06:06:09.0640 2824  C:\Program Files\AVAST Software\Avast\defs\13040900\aswFiDb.dll - ok
06:06:09.0656 2824  [ 591A506D2EA85F9FCBCF71F567AF7E6C ] C:\Program Files\AVAST Software\Avast\defs\13040900\algo.dll
06:06:09.0656 2824  C:\Program Files\AVAST Software\Avast\defs\13040900\algo.dll - ok
06:06:09.0671 2824  [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
06:06:09.0671 2824  C:\WINDOWS\system32\fltlib.dll - ok
06:06:09.0703 2824  [ 4AE04D9608F272F3F468B34F2F1329E5 ] C:\Program Files\AVAST Software\Avast\AhResBhv.dll
06:06:09.0703 2824  C:\Program Files\AVAST Software\Avast\AhResBhv.dll - ok
06:06:09.0734 2824  [ 94868FC1295C8B76B8D45C1F44D9F653 ] C:\Program Files\AVAST Software\Avast\AhResJs.dll
06:06:09.0734 2824  C:\Program Files\AVAST Software\Avast\AhResJs.dll - ok
06:06:09.0750 2824  [ DEA9DFD3E83F48D7005E066011D340F7 ] C:\Program Files\AVAST Software\Avast\AhResMai.dll
06:06:09.0750 2824  C:\Program Files\AVAST Software\Avast\AhResMai.dll - ok
06:06:09.0765 2824  [ 903FF9BA73E379237C0EDDDA8F17168C ] C:\Program Files\AVAST Software\Avast\Setup\setiface.dll
06:06:09.0765 2824  C:\Program Files\AVAST Software\Avast\Setup\setiface.dll - ok
06:06:09.0781 2824  [ C03EC02F6C9F492293D78F850E2E48FC ] C:\Program Files\AVAST Software\Avast\AhResMes.dll
06:06:09.0781 2824  C:\Program Files\AVAST Software\Avast\AhResMes.dll - ok
06:06:09.0796 2824  [ 15D7A4070D2B52D2EEA8D99E551E9E53 ] C:\Program Files\AVAST Software\Avast\AhResNS.dll
06:06:09.0796 2824  C:\Program Files\AVAST Software\Avast\AhResNS.dll - ok
06:06:09.0812 2824  [ A46789AD5F3A85470F898B15D5C056BD ] C:\Program Files\AVAST Software\Avast\AhResP2P.dll
06:06:09.0812 2824  C:\Program Files\AVAST Software\Avast\AhResP2P.dll - ok
06:06:09.0843 2824  [ B2D91A72C78D27D9A25FFF8BAF6EB2F4 ] C:\Program Files\AVAST Software\Avast\AhResStd.dll
06:06:09.0843 2824  C:\Program Files\AVAST Software\Avast\AhResStd.dll - ok
06:06:09.0859 2824  [ 39F39B23969512842F6A6D259E68FF11 ] C:\Program Files\AVAST Software\Avast\AhResWS.dll
06:06:09.0859 2824  C:\Program Files\AVAST Software\Avast\AhResWS.dll - ok
06:06:09.0875 2824  [ 106B2C1DE615E08AFF9CE2A02E04F7CC ] C:\Program Files\AVAST Software\Avast\defs\13040900\ArPot.dll
06:06:09.0875 2824  C:\Program Files\AVAST Software\Avast\defs\13040900\ArPot.dll - ok
06:06:09.0890 2824  [ 2C8F7A0B6D023C6DD817E999528F2F98 ] C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
06:06:09.0890 2824  C:\Program Files\AVAST Software\Avast\ashMaiSv.dll - ok
06:06:09.0937 2824  [ 9C70887708A7C88D20DD215AC5AA757F ] C:\Program Files\AVAST Software\Avast\libeay32.dll
06:06:09.0937 2824  C:\Program Files\AVAST Software\Avast\libeay32.dll - ok
06:06:09.0953 2824  [ AF718FFE60D958E590AF49C4FC3BD6A6 ] C:\Program Files\AVAST Software\Avast\ssleay32.dll
06:06:09.0953 2824  C:\Program Files\AVAST Software\Avast\ssleay32.dll - ok
06:06:09.0968 2824  [ B6D90C99A72044AEF85A2B7D78FEBEF4 ] C:\Program Files\AVAST Software\Avast\defs\13040900\exts.dll
06:06:09.0968 2824  C:\Program Files\AVAST Software\Avast\defs\13040900\exts.dll - ok
06:06:09.0984 2824  [ C339473B25526F866DBB21425F3D8F3A ] C:\Program Files\AVAST Software\Avast\ashWebSv.dll
06:06:09.0984 2824  C:\Program Files\AVAST Software\Avast\ashWebSv.dll - ok
06:06:10.0000 2824  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
06:06:10.0000 2824  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
06:06:10.0015 2824  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
06:06:10.0015 2824  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
06:06:10.0046 2824  [ A7F63C1F5CE020AA24CDCEFB422CF9E3 ] C:\Program Files\AVAST Software\Avast\defs\13040900\aswAR.dll
06:06:10.0046 2824  C:\Program Files\AVAST Software\Avast\defs\13040900\aswAR.dll - ok
06:06:10.0062 2824  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
06:06:10.0062 2824  C:\WINDOWS\system32\security.dll - ok
06:06:10.0078 2824  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
06:06:10.0078 2824  C:\WINDOWS\system32\rtutils.dll - ok
06:06:10.0078 2824  [ 9EEFE69139FDBB4A3C327630F8EB993A ] C:\WINDOWS\system32\wlanapi.dll
06:06:10.0078 2824  C:\WINDOWS\system32\wlanapi.dll - ok
06:06:10.0093 2824  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
06:06:10.0093 2824  C:\WINDOWS\system32\wzcsapi.dll - ok
06:06:10.0109 2824  [ DF7A5058504EE982914A3C24676F4485 ] C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
06:06:10.0109 2824  C:\Program Files\AVAST Software\Avast\ashWsFtr.dll - ok
06:06:10.0125 2824  [ 9D2680936DA1CB440E34482C6CAD9098 ] C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll
06:06:10.0125 2824  C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll - ok
06:06:10.0140 2824  [ 5775948A68E9D5D5064E8AF3DA9D2C16 ] C:\Program Files\AVAST Software\Avast\defs\13040900\swhealthex.dll
06:06:10.0156 2824  C:\Program Files\AVAST Software\Avast\defs\13040900\swhealthex.dll - ok
06:06:10.0156 2824  [ 899C7993A7DE3061C74623F5523BC21D ] C:\Program Files\AVAST Software\Avast\Setup\avast.setup
06:06:10.0171 2824  C:\Program Files\AVAST Software\Avast\Setup\avast.setup - ok
06:06:10.0171 2824  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
06:06:10.0187 2824  C:\WINDOWS\system32\cscui.dll - ok
06:06:10.0187 2824  [ 83D722F311011FB0E521737F724DEB90 ] C:\Program Files\AVAST Software\Avast\defs\13040900\aswRawFS.dll
06:06:10.0203 2824  C:\Program Files\AVAST Software\Avast\defs\13040900\aswRawFS.dll - ok
06:06:10.0218 2824  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
06:06:10.0218 2824  C:\WINDOWS\system32\powrprof.dll - ok
06:06:10.0218 2824  [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\system32\dpcdll.dll
06:06:10.0218 2824  C:\WINDOWS\system32\dpcdll.dll - ok
06:06:10.0234 2824  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
06:06:10.0234 2824  C:\WINDOWS\system32\wdmaud.drv - ok
06:06:10.0250 2824  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
06:06:10.0250 2824  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
06:06:10.0250 2824  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
06:06:10.0250 2824  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
06:06:10.0265 2824  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
06:06:10.0265 2824  C:\WINDOWS\system32\drivers\splitter.sys - ok
06:06:10.0265 2824  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
06:06:10.0265 2824  C:\WINDOWS\system32\drivers\aec.sys - ok
06:06:10.0265 2824  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
06:06:10.0265 2824  C:\WINDOWS\system32\drivers\swmidi.sys - ok
06:06:10.0281 2824  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
06:06:10.0281 2824  C:\WINDOWS\system32\drivers\dmusic.sys - ok
06:06:10.0296 2824  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
06:06:10.0296 2824  C:\WINDOWS\system32\drivers\kmixer.sys - ok
06:06:10.0296 2824  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
06:06:10.0296 2824  C:\WINDOWS\system32\oledlg.dll - ok
06:06:10.0312 2824  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
06:06:10.0312 2824  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
06:06:10.0312 2824  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
06:06:10.0312 2824  C:\WINDOWS\system32\msacm32.drv - ok
06:06:10.0328 2824  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
06:06:10.0328 2824  C:\WINDOWS\system32\midimap.dll - ok
06:06:10.0343 2824  [ 5C5E3AFD499E5146FEF1DA5EF8A23205 ] C:\Program Files\AVAST Software\Avast\dbghelp.dll
06:06:10.0343 2824  C:\Program Files\AVAST Software\Avast\dbghelp.dll - ok
06:06:10.0375 2824  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
06:06:10.0375 2824  C:\WINDOWS\system32\mprapi.dll - ok
06:06:10.0375 2824  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
06:06:10.0375 2824  C:\WINDOWS\system32\activeds.dll - ok
06:06:10.0421 2824  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
06:06:10.0421 2824  C:\WINDOWS\system32\adsldpc.dll - ok
06:06:10.0421 2824  [ 72F2CFC7653FB5ABB85789D28E26A643 ] C:\WINDOWS\system32\atl.dll
06:06:10.0421 2824  C:\WINDOWS\system32\atl.dll - ok
06:06:10.0453 2824  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
06:06:10.0453 2824  C:\WINDOWS\system32\userinit.exe - ok
06:06:10.0484 2824  [ 44B1C057B30890C55FB6F4C1582E8522 ] C:\Program Files\AVAST Software\Avast\snxhk.dll
06:06:10.0484 2824  C:\Program Files\AVAST Software\Avast\snxhk.dll - ok
06:06:10.0515 2824  [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe
06:06:10.0515 2824  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
06:06:10.0531 2824  [ AB3C4A3667AEAD147F175721D8719B78 ] C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
06:06:10.0531 2824  C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe - ok
06:06:10.0562 2824  [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
06:06:10.0562 2824  C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
06:06:10.0578 2824  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
06:06:10.0578 2824  C:\WINDOWS\explorer.exe - ok
06:06:10.0593 2824  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
06:06:10.0593 2824  C:\WINDOWS\system32\browseui.dll - ok
06:06:10.0609 2824  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
06:06:10.0609 2824  C:\WINDOWS\system32\msi.dll - ok
06:06:10.0625 2824  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
06:06:10.0625 2824  C:\WINDOWS\system32\shdocvw.dll - ok
06:06:10.0656 2824  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
06:06:10.0656 2824  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
06:06:10.0656 2824  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
06:06:10.0656 2824  C:\WINDOWS\system32\cryptui.dll - ok
06:06:10.0671 2824  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
06:06:10.0671 2824  C:\WINDOWS\system32\riched20.dll - ok
06:06:10.0703 2824  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
06:06:10.0703 2824  C:\WINDOWS\system32\webclnt.dll - ok
06:06:10.0703 2824  [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
06:06:10.0703 2824  C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
06:06:10.0718 2824  [ 56DEC67E273BA88A630C4B7B29D9D7BB ] C:\Program Files\AVAST Software\Avast\ashShell.dll
06:06:10.0718 2824  C:\Program Files\AVAST Software\Avast\ashShell.dll - ok
06:06:10.0750 2824  [ D1F4EF194A129726FBF30E2F514824AA ] C:\Documents and Settings\Tony Newton\Application Data\Dropbox\bin\DropboxExt.17.dll
06:06:10.0750 2824  C:\Documents and Settings\Tony Newton\Application Data\Dropbox\bin\DropboxExt.17.dll - ok
06:06:10.0765 2824  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
06:06:10.0765 2824  C:\WINDOWS\system32\drivers\parvdm.sys - ok
06:06:10.0765 2824  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
06:06:10.0765 2824  C:\WINDOWS\system32\mstask.dll - ok
06:06:10.0796 2824  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
06:06:10.0796 2824  C:\WINDOWS\system32\desk.cpl - ok
06:06:10.0812 2824  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
06:06:10.0812 2824  C:\WINDOWS\system32\themeui.dll - ok
06:06:10.0828 2824  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] C:\Program Files\SUPERAntiSpyware\SASCore.exe
06:06:10.0828 2824  C:\Program Files\SUPERAntiSpyware\SASCore.exe - ok
06:06:10.0828 2824  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
06:06:10.0828 2824  C:\WINDOWS\system32\actxprxy.dll - ok
06:06:10.0859 2824  [ CDE968DF7EA866320EFB8762B50E0AD7 ] C:\Program Files\SpywareGuard\spywareguard.dll
06:06:10.0859 2824  C:\Program Files\SpywareGuard\spywareguard.dll - ok
06:06:10.0890 2824  [ 64B33CC5BF131DEF2721394CF9B3F8ED ] C:\WINDOWS\system32\msvbvm60.dll
06:06:10.0890 2824  C:\WINDOWS\system32\msvbvm60.dll - ok
06:06:10.0921 2824  [ 2975C66459C426C20BC22D639DF6B611 ] C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
06:06:10.0921 2824  C:\Program Files\SUPERAntiSpyware\SASSEH.DLL - ok
06:06:10.0937 2824  [ 769DB4F484957CC98153B3C1B5D1162F ] C:\Program Files\Common Files\ArcSoft\CONNECTION SERVICE\Bin\ACService.exe
06:06:10.0953 2824  C:\Program Files\Common Files\ArcSoft\CONNECTION SERVICE\Bin\ACService.exe - ok
06:06:10.0968 2824  [ 54AB078660E536DA72B21A27F56B035B ] C:\WINDOWS\system32\drivers\ASPI32.SYS
06:06:10.0968 2824  C:\WINDOWS\system32\drivers\ASPI32.SYS - ok
06:06:11.0000 2824  [ A9A3DAA780CA6C9671A19D52456705B4 ] C:\WINDOWS\system32\alrsvc.dll
06:06:11.0000 2824  C:\WINDOWS\system32\alrsvc.dll - ok
06:06:11.0015 2824  [ 1B58EE9929BAB30D06092E584F7D899F ] C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
06:06:11.0015 2824  C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe - ok
06:06:11.0031 2824  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL
06:06:11.0031 2824  C:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL - ok
06:06:11.0062 2824  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL
06:06:11.0062 2824  C:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL - ok
06:06:11.0078 2824  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
06:06:11.0078 2824  C:\WINDOWS\system32\rasapi32.dll - ok
06:06:11.0109 2824  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
06:06:11.0109 2824  C:\WINDOWS\system32\cmd.exe - ok
06:06:11.0125 2824  [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
06:06:11.0125 2824  C:\WINDOWS\system32\qmgr.dll - ok
06:06:11.0140 2824  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
06:06:11.0140 2824  C:\WINDOWS\system32\rasman.dll - ok
06:06:11.0156 2824  [ 1C87705CCB2F60172B0FC86B5D82F00D ] C:\Program Files\Bonjour\mDNSResponder.exe
06:06:11.0156 2824  C:\Program Files\Bonjour\mDNSResponder.exe - ok
06:06:11.0171 2824  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
06:06:11.0171 2824  C:\WINDOWS\system32\tapi32.dll - ok
06:06:11.0187 2824  [ 59570CA554C9D75E72241AC3252E84BD ] C:\WINDOWS\system32\ieframe.dll
06:06:11.0187 2824  C:\WINDOWS\system32\ieframe.dll - ok
06:06:11.0203 2824  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:06:11.0218 2824  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
06:06:11.0218 2824  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
06:06:11.0218 2824  C:\WINDOWS\system32\netman.dll - ok
06:06:11.0234 2824  [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
06:06:11.0234 2824  C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
06:06:11.0250 2824  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
06:06:11.0250 2824  C:\WINDOWS\system32\netshell.dll - ok
06:06:11.0265 2824  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
06:06:11.0265 2824  C:\WINDOWS\system32\cryptsvc.dll - ok
06:06:11.0281 2824  [ 084A13F18856D610D44D3109A9D2ACDE ] C:\WINDOWS\system32\drivers\ElbyCDIO.sys
06:06:11.0281 2824  C:\WINDOWS\system32\drivers\ElbyCDIO.sys - ok
06:06:11.0296 2824  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
06:06:11.0296 2824  C:\WINDOWS\system32\certcli.dll - ok
06:06:11.0312 2824  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
06:06:11.0312 2824  C:\WINDOWS\system32\credui.dll - ok
06:06:11.0328 2824  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
06:06:11.0328 2824  C:\WINDOWS\system32\dot3api.dll - ok
06:06:11.0343 2824  [ C823DEBE2548656549F84A875D65237B ] C:\WINDOWS\system32\drivers\HSF_FALL.sys
06:06:11.0343 2824  C:\WINDOWS\system32\drivers\HSF_FALL.sys - ok
06:06:11.0359 2824  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
06:06:11.0359 2824  C:\WINDOWS\system32\esent.dll - ok
06:06:11.0375 2824  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
06:06:11.0375 2824  C:\WINDOWS\system32\dot3dlg.dll - ok
06:06:11.0390 2824  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
06:06:11.0390 2824  C:\WINDOWS\system32\onex.dll - ok
06:06:11.0406 2824  [ 6483414841D4CAB6C3B4DB2AC6EDD70B ] C:\WINDOWS\system32\drivers\HSF_FSKS.sys
06:06:11.0406 2824  C:\WINDOWS\system32\drivers\HSF_FSKS.sys - ok
06:06:11.0421 2824  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
06:06:11.0421 2824  C:\WINDOWS\system32\eappcfg.dll - ok
06:06:11.0437 2824  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
06:06:11.0437 2824  C:\WINDOWS\system32\eappprxy.dll - ok
06:06:11.0453 2824  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
06:06:11.0453 2824  C:\WINDOWS\system32\wzcsvc.dll - ok
06:06:11.0468 2824  [ B6E01969246FCB67470E87E6957EE147 ] C:\WINDOWS\system32\gearsec.exe
06:06:11.0468 2824  C:\WINDOWS\system32\gearsec.exe - ok
06:06:11.0484 2824  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
06:06:11.0500 2824  C:\WINDOWS\system32\wmi.dll - ok
06:06:11.0515 2824  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
06:06:11.0531 2824  C:\WINDOWS\system32\eapolqec.dll - ok
06:06:11.0593 2824  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
06:06:11.0593 2824  C:\WINDOWS\system32\qutil.dll - ok
06:06:11.0593 2824  [ 408DDD80EEDE47175F6844817B90213E ] C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
06:06:11.0593 2824  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - ok
06:06:11.0625 2824  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
06:06:11.0625 2824  C:\WINDOWS\system32\ersvc.dll - ok
06:06:11.0640 2824  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
06:06:11.0640 2824  C:\WINDOWS\system32\es.dll - ok
06:06:11.0671 2824  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
06:06:11.0671 2824  C:\WINDOWS\system32\hidserv.dll - ok
06:06:11.0687 2824  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
06:06:11.0687 2824  C:\WINDOWS\system32\hid.dll - ok
06:06:11.0703 2824  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
06:06:11.0703 2824  C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll - ok
06:06:11.0734 2824  [ 890369AED0DDE1A98F09F7DC239CA2BD ] C:\Program Files\Java\jre6\bin\jqs.exe
06:06:11.0734 2824  C:\Program Files\Java\jre6\bin\jqs.exe - ok
06:06:11.0750 2824  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll
06:06:11.0750 2824  C:\Program Files\Java\jre6\bin\msvcr71.dll - ok
06:06:11.0765 2824  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
06:06:11.0765 2824  C:\WINDOWS\system32\pdh.dll - ok
06:06:11.0781 2824  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
06:06:11.0781 2824  C:\WINDOWS\system32\odbcbcp.dll - ok
06:06:11.0796 2824  [ 9C5E3FDBFCC30CF71A49CA178B9AD442 ] C:\WINDOWS\system32\drivers\HSF_K56K.sys
06:06:11.0796 2824  C:\WINDOWS\system32\drivers\HSF_K56K.sys - ok
06:06:11.0812 2824  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
06:06:11.0812 2824  C:\WINDOWS\system32\srvsvc.dll - ok
06:06:11.0828 2824  [ 11F714F85530A2BD134074DC30E99FCA ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
06:06:11.0828 2824  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE - ok
06:06:11.0843 2824  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
06:06:11.0843 2824  C:\WINDOWS\system32\netmsg.dll - ok
06:06:11.0859 2824  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
06:06:11.0859 2824  C:\WINDOWS\system32\drivers\srv.sys - ok
06:06:11.0875 2824  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\TONYNE~1\LOCALS~1\Temp\C11075EC-4765-4271-8E7C-6AF7B4C00FFE.exe
06:06:11.0875 2824  C:\DOCUME~1\TONYNE~1\LOCALS~1\Temp\C11075EC-4765-4271-8E7C-6AF7B4C00FFE.exe - ok
06:06:11.0890 2824  [ 1968508ADB20192A03A30C25F16DB506 ] C:\WINDOWS\system32\drivers\ACFSDK32.sys
06:06:11.0890 2824  C:\WINDOWS\system32\drivers\ACFSDK32.sys - ok
06:06:11.0906 2824  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
06:06:11.0906 2824  C:\WINDOWS\system32\spoolss.dll - ok
06:06:11.0921 2824  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
06:06:11.0921 2824  C:\WINDOWS\system32\localspl.dll - ok
06:06:11.0921 2824  [ 236408D8B6263F3C6FB992B6D2B4BDA6 ] C:\Program Files\Norton Utilities\NPROTECT.EXE
06:06:11.0921 2824  C:\Program Files\Norton Utilities\NPROTECT.EXE - ok
06:06:11.0937 2824  [ 188C35ED1EF2C869B06F7C75278EBA11 ] C:\WINDOWS\system32\AdobePDF.dll
06:06:11.0937 2824  C:\WINDOWS\system32\AdobePDF.dll - ok
06:06:11.0953 2824  [ B4767F8A4CCE93CB91CC8DFAAA317BC8 ] C:\Program Files\Adobe\Acrobat 6.0\Distillr\adistres.dll
06:06:11.0968 2824  C:\Program Files\Adobe\Acrobat 6.0\Distillr\adistres.dll - ok
06:06:11.0984 2824  [ C263A9C9956C77AF46B3CAB05878833B ] C:\Program Files\Norton Utilities\S32KRNLL.DLL
06:06:11.0984 2824  C:\Program Files\Norton Utilities\S32KRNLL.DLL - ok
06:06:12.0000 2824  [ A5ED1C29F3DCC942F82CC0298EF0AC6C ] C:\Program Files\Norton Utilities\NUMISC.DLL
06:06:12.0000 2824  C:\Program Files\Norton Utilities\NUMISC.DLL - ok
06:06:12.0015 2824  [ BB8063D7D166F72B77AA4B87EE0D96C7 ] C:\Program Files\Norton Utilities\S32UTILL.DLL
06:06:12.0015 2824  C:\Program Files\Norton Utilities\S32UTILL.DLL - ok
06:06:12.0031 2824  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
06:06:12.0031 2824  C:\WINDOWS\system32\linkinfo.dll - ok
06:06:12.0046 2824  [ 543A6623FFFA728047BE3CFBFD31627E ] C:\Program Files\Common Files\Symantec Shared\SYMMIGR8.DLL
06:06:12.0046 2824  C:\Program Files\Common Files\Symantec Shared\SYMMIGR8.DLL - ok
06:06:12.0062 2824  [ C2D3D47E3750D2EF1E1A80869BF4D380 ] C:\WINDOWS\system32\bwprnmon.dll
06:06:12.0062 2824  C:\WINDOWS\system32\bwprnmon.dll - ok
06:06:12.0078 2824  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
06:06:12.0078 2824  C:\WINDOWS\system32\cnbjmon.dll - ok
06:06:12.0093 2824  [ 76848CB1AA5818DB47D5F5986E0A7485 ] C:\WINDOWS\system32\mfc42.dll
06:06:12.0093 2824  C:\WINDOWS\system32\mfc42.dll - ok
06:06:12.0093 2824  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
06:06:12.0093 2824  C:\WINDOWS\system32\ntshrui.dll - ok
06:06:12.0109 2824  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
06:06:12.0109 2824  C:\WINDOWS\system32\perfos.dll - ok
06:06:12.0125 2824  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
06:06:12.0125 2824  C:\WINDOWS\system32\perfdisk.dll - ok
06:06:12.0140 2824  [ B0DC770150508725BA55BC134100967F ] C:\WINDOWS\system32\bthcrp.dll
06:06:12.0140 2824  C:\WINDOWS\system32\bthcrp.dll - ok
06:06:12.0156 2824  [ C3BAE34C750374F454D8CC96EE3CEB11 ] C:\WINDOWS\system32\WidcommSdk.dll
06:06:12.0156 2824  C:\WINDOWS\system32\WidcommSdk.dll - ok
06:06:12.0171 2824  [ ED21C88605B7C319002F9A6D03C1816B ] C:\WINDOWS\system32\wbtapi.dll
06:06:12.0171 2824  C:\WINDOWS\system32\wbtapi.dll - ok
06:06:12.0187 2824  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
06:06:12.0187 2824  C:\WINDOWS\system32\cfgmgr32.dll - ok
06:06:12.0203 2824  [ A4EC6B9766E2A7FAA77283697BC5C307 ] C:\WINDOWS\system32\E_FLBCKE.DLL
06:06:12.0203 2824  C:\WINDOWS\system32\E_FLBCKE.DLL - ok
06:06:12.0218 2824  [ 9BC6DD6633C08173B5CB0244C23DEA5B ] C:\WINDOWS\system32\E_SL2330.DLL
06:06:12.0218 2824  C:\WINDOWS\system32\E_SL2330.DLL - ok
06:06:12.0234 2824  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
06:06:12.0234 2824  C:\WINDOWS\system32\ipsecsvc.dll - ok
06:06:12.0250 2824  [ 1E5C7984CF487F3935902ED6565E4450 ] C:\WINDOWS\system32\EBPMON2.DLL
06:06:12.0250 2824  C:\WINDOWS\system32\EBPMON2.DLL - ok
06:06:12.0265 2824  [ 4B83FCBBE72AF5F99D109798653E8B78 ] C:\WINDOWS\system32\ipxsap.dll
06:06:12.0265 2824  C:\WINDOWS\system32\ipxsap.dll - ok
06:06:12.0281 2824  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
06:06:12.0281 2824  C:\WINDOWS\system32\oakley.dll - ok
06:06:12.0296 2824  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
06:06:12.0296 2824  C:\WINDOWS\system32\winipsec.dll - ok
06:06:12.0312 2824  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
06:06:12.0312 2824  C:\WINDOWS\system32\pstorsvc.dll - ok
06:06:12.0343 2824  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
06:06:12.0343 2824  C:\WINDOWS\system32\psbase.dll - ok
06:06:12.0343 2824  [ B92A85618A470F4406CEE8785CE89B4F ] C:\WINDOWS\system32\rtm.dll
06:06:12.0343 2824  C:\WINDOWS\system32\rtm.dll - ok
06:06:12.0375 2824  [ D05AB88927849DF74CF4F1C303DAEB4F ] C:\WINDOWS\system32\adptif.dll
06:06:12.0375 2824  C:\WINDOWS\system32\adptif.dll - ok
06:06:12.0390 2824  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
06:06:12.0390 2824  C:\WINDOWS\system32\dssenh.dll - ok
06:06:12.0406 2824  [ B32377A519C8A45BBA50058A00D7ECA1 ] C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe
06:06:12.0406 2824  C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe - ok
06:06:12.0421 2824  [ 322FD75A97DBA67FC8F97A9957F857F1 ] C:\WINDOWS\system32\mdimon.dll
06:06:12.0421 2824  C:\WINDOWS\system32\mdimon.dll - ok
06:06:12.0437 2824  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
06:06:12.0437 2824  C:\WINDOWS\system32\pjlmon.dll - ok
06:06:12.0453 2824  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
06:06:12.0453 2824  C:\WINDOWS\system32\tcpmon.dll - ok
06:06:12.0468 2824  [ EA8D71B740EAEE3F8720F0B544F0B929 ] C:\PROGRA~1\NORTON~3\NPCOMSVR.DLL
06:06:12.0468 2824  C:\PROGRA~1\NORTON~3\NPCOMSVR.DLL - ok
06:06:12.0484 2824  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
06:06:12.0484 2824  C:\WINDOWS\system32\usbmon.dll - ok
06:06:12.0500 2824  [ EA8647A21BCB56C5F15712D4B7407501 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
06:06:12.0500 2824  C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
06:06:12.0515 2824  [ 6050BCC1B23F3DF7A1876CBDCBAC8232 ] C:\Program Files\Belkin\Belkin Power Management Software\msvcp60.dll
06:06:12.0515 2824  C:\Program Files\Belkin\Belkin Power Management Software\msvcp60.dll - ok
06:06:12.0531 2824  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
06:06:12.0531 2824  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
06:06:12.0546 2824  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
06:06:12.0546 2824  C:\WINDOWS\system32\win32spl.dll - ok
06:06:12.0562 2824  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
06:06:12.0562 2824  C:\WINDOWS\system32\netrap.dll - ok
06:06:12.0578 2824  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
06:06:12.0578 2824  C:\WINDOWS\system32\seclogon.dll - ok
06:06:12.0593 2824  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
06:06:12.0593 2824  C:\WINDOWS\system32\sens.dll - ok
06:06:12.0625 2824  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
06:06:12.0625 2824  C:\WINDOWS\system32\inetpp.dll - ok
06:06:12.0640 2824  [ C950D0381B42A54541CD55ADCCF3D75B ] C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
06:06:12.0640 2824  C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe - ok
06:06:12.0640 2824  [ C444B433A340C24B51A2DACE9D13FC70 ] C:\WINDOWS\system32\zipfldr.dll
06:06:12.0640 2824  C:\WINDOWS\system32\zipfldr.dll - ok
06:06:12.0656 2824  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
06:06:12.0656 2824  C:\WINDOWS\system32\verclsid.exe - ok
06:06:12.0656 2824  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
06:06:12.0671 2824  C:\WINDOWS\system32\upnp.dll - ok
06:06:12.0671 2824  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
06:06:12.0671 2824  C:\WINDOWS\system32\ssdpapi.dll - ok
06:06:12.0687 2824  [ 5A4F817B49902B9E4DEEF845C5E8EA7D ] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
06:06:12.0687 2824  C:\PROGRA~1\PESTPA~1\CookiePatrol.exe - ok
06:06:12.0703 2824  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
06:06:12.0703 2824  C:\WINDOWS\system32\webcheck.dll - ok
06:06:12.0718 2824  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
06:06:12.0718 2824  C:\WINDOWS\system32\mlang.dll - ok
06:06:12.0718 2824  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
06:06:12.0718 2824  C:\WINDOWS\system32\stobject.dll - ok
06:06:12.0734 2824  [ B8D4C2C67D30893490ABF9C33D431AEB ] C:\WINDOWS\system32\drivers\slee503.sys
06:06:12.0734 2824  C:\WINDOWS\system32\drivers\slee503.sys - ok
06:06:12.0750 2824  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
06:06:12.0750 2824  C:\WINDOWS\system32\batmeter.dll - ok
06:06:12.0750 2824  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
06:06:12.0765 2824  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
06:06:12.0765 2824  [ 2D3D6B9B128F1F3F28D532D2867758DB ] C:\WINDOWS\system32\slee503.exe
06:06:12.0765 2824  C:\WINDOWS\system32\slee503.exe - ok
06:06:12.0781 2824  [ D9E8E0CE154A2F6430D9EFABDF730867 ] C:\WINDOWS\system32\drivers\HSF_FAXX.sys
06:06:12.0781 2824  C:\WINDOWS\system32\drivers\HSF_FAXX.sys - ok
06:06:12.0796 2824  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
06:06:12.0796 2824  C:\WINDOWS\system32\sensapi.dll - ok
06:06:12.0812 2824  [ 5CE883854994648CD93057090F0DB46A ] C:\Program Files\Soluto\SolutoLauncherService.exe
06:06:12.0812 2824  C:\Program Files\Soluto\SolutoLauncherService.exe - ok
06:06:12.0812 2824  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
06:06:12.0812 2824  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
06:06:12.0828 2824  [ 25DF346804BDBB9973AF9645F13A6793 ] C:\PROGRA~1\PESTPA~1\PPControl.exe
06:06:12.0828 2824  C:\PROGRA~1\PESTPA~1\PPControl.exe - ok
06:06:12.0843 2824  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
06:06:12.0843 2824  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
06:06:12.0843 2824  [ 19F959D9C9BBF638181FF307FC042E6A ] C:\PROGRA~1\PESTPA~1\unzip32.dll
06:06:12.0843 2824  C:\PROGRA~1\PESTPA~1\unzip32.dll - ok
06:06:12.0859 2824  [ BCE7320E3CC75FA0136B12CBB9340ABC ] C:\Program Files\Soluto\SolutoService.exe
06:06:12.0859 2824  C:\Program Files\Soluto\SolutoService.exe - ok
06:06:12.0859 2824  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\48991598.sys
06:06:12.0859 2824  C:\WINDOWS\system32\drivers\48991598.sys - ok
06:06:12.0875 2824  [ 8783DB0B018082051FB4BA3B9E0237CD ] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
06:06:12.0875 2824  C:\PROGRA~1\PESTPA~1\PPMemCheck.exe - ok
06:06:12.0890 2824  [ 064805A7893898CBF058086832217771 ] C:\WINDOWS\StartupMonitor.exe
06:06:12.0890 2824  C:\WINDOWS\StartupMonitor.exe - ok
06:06:12.0890 2824  [ F282D4EDD85D53E20D902CC92190C5F5 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
06:06:12.0890 2824  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
06:06:12.0906 2824  [ 3E5A70FB3E83B0B3B688E7A3BEAC45D2 ] C:\PROGRA~1\PESTPA~1\PPServer.dll
06:06:12.0906 2824  C:\PROGRA~1\PESTPA~1\PPServer.dll - ok
06:06:12.0921 2824  [ 3E4C03CEFAD8DE135263236B61A49C90 ] C:\WINDOWS\system32\NeroCheck.exe
06:06:12.0921 2824  C:\WINDOWS\system32\NeroCheck.exe - ok
06:06:12.0937 2824  [ 796AE3FD7E60D52D51279D048946187D ] C:\PROGRA~1\PESTPA~1\PPEngine.dll
06:06:12.0937 2824  C:\PROGRA~1\PESTPA~1\PPEngine.dll - ok
06:06:12.0937 2824  [ 35725DCD484543D71D8871482178BE5F ] C:\WINDOWS\LOGI_MWX.EXE
06:06:12.0937 2824  C:\WINDOWS\LOGI_MWX.EXE - ok
06:06:12.0953 2824  [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
06:06:12.0953 2824  C:\WINDOWS\system32\rundll32.exe - ok
06:06:12.0968 2824  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
06:06:12.0968 2824  C:\WINDOWS\system32\netcfgx.dll - ok
06:06:12.0968 2824  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
06:06:12.0968 2824  C:\WINDOWS\system32\clusapi.dll - ok
06:06:12.0984 2824  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
06:06:12.0984 2824  C:\WINDOWS\system32\rasmans.dll - ok
06:06:13.0000 2824  [ BAC4E154F30ABA45BB99C0BB9196A57E ] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
06:06:13.0000 2824  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe - ok
06:06:13.0000 2824  [ F759A6E14403BC3D7A55CCAD1B8F7B4A ] C:\WINDOWS\system32\hticons.dll
06:06:13.0000 2824  C:\WINDOWS\system32\hticons.dll - ok
06:06:13.0015 2824  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
06:06:13.0015 2824  C:\WINDOWS\system32\cryptnet.dll - ok
06:06:13.0031 2824  [ 80AA4214C5BC0A355151BD115017313F ] C:\WINDOWS\system32\bthprops.cpl
06:06:13.0031 2824  C:\WINDOWS\system32\bthprops.cpl - ok
06:06:13.0046 2824  [ B1762156256B0238C21BAA4C06CEF727 ] C:\WINDOWS\system32\devmgr.dll
06:06:13.0046 2824  C:\WINDOWS\system32\devmgr.dll - ok
06:06:13.0062 2824  [ 57ED0C448C5EB9E50686E3BF676E35C1 ] C:\WINDOWS\system32\vsutil.dll
06:06:13.0062 2824  C:\WINDOWS\system32\vsutil.dll - ok
06:06:13.0062 2824  [ 386F361B0F179428A091E3FAC97A3403 ] C:\Program Files\Speed Disk\NOPDB.EXE
06:06:13.0062 2824  C:\Program Files\Speed Disk\NOPDB.EXE - ok
06:06:13.0078 2824  [ 05F92D62C93162920AB1F6613855642A ] C:\WINDOWS\system32\vsinit.dll
06:06:13.0078 2824  C:\WINDOWS\system32\vsinit.dll - ok
06:06:13.0093 2824  [ 6846929A8E33AB1C3717A7E07CEFE826 ] C:\WINDOWS\system32\vspubapi.dll
06:06:13.0093 2824  C:\WINDOWS\system32\vspubapi.dll - ok
06:06:13.0093 2824  [ 82B596AE057FC2DE1A806433595A1401 ] C:\Program Files\Soluto\Soluto.exe
06:06:13.0093 2824  C:\Program Files\Soluto\Soluto.exe - ok
06:06:13.0109 2824  [ 2CD923F0B61AA43EA139C9DE8D56344E ] C:\Program Files\Speed Disk\SDEXCEPTION.DLL
06:06:13.0109 2824  C:\Program Files\Speed Disk\SDEXCEPTION.DLL - ok
06:06:13.0109 2824  [ 0D94A2344F8FC243576615FA313CF28E ] C:\Program Files\Zone Labs\ZoneAlarm\framewrk.dll
06:06:13.0109 2824  C:\Program Files\Zone Labs\ZoneAlarm\framewrk.dll - ok
06:06:13.0140 2824  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
06:06:13.0140 2824  C:\WINDOWS\system32\srsvc.dll - ok
06:06:13.0156 2824  [ FDC700F278A38C40C37ECBB008EE9B65 ] C:\PROGRA~1\SPEEDD~1\SDOPTIONS.DLL
06:06:13.0156 2824  C:\PROGRA~1\SPEEDD~1\SDOPTIONS.DLL - ok
06:06:13.0171 2824  [ F1AA28ECD22CF1F7F03CFDF6C76ADF6E ] C:\Program Files\Speed Disk\MESSAGE.DLL
06:06:13.0171 2824  C:\Program Files\Speed Disk\MESSAGE.DLL - ok
06:06:13.0171 2824  [ 8021A499DB46B2961C285168671CB9AF ] C:\WINDOWS\system32\drivers\HSF_TONE.sys
06:06:13.0187 2824  C:\WINDOWS\system32\drivers\HSF_TONE.sys - ok
06:06:13.0187 2824  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
06:06:13.0187 2824  C:\WINDOWS\system32\wiaservc.dll - ok
06:06:13.0203 2824  [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
06:06:13.0203 2824  C:\WINDOWS\system32\drprov.dll - ok
06:06:13.0218 2824  [ 9E40BC27EBB86E605F80DF4D7A889FF2 ] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
06:06:13.0218 2824  C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE - ok
06:06:13.0218 2824  [ 86E7B431A007C09437A3F9744FAA6440 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll
06:06:13.0218 2824  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll - ok
06:06:13.0234 2824  [ 269C0ADE94B90029B12497747BE408CB ] C:\WINDOWS\system32\drivers\HSF_V124.sys
06:06:13.0234 2824  C:\WINDOWS\system32\drivers\HSF_V124.sys - ok
06:06:13.0250 2824  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
06:06:13.0250 2824  C:\WINDOWS\system32\trkwks.dll - ok
06:06:13.0250 2824  [ A4180047B099783347B16F8A7CD2B4A2 ] C:\Program Files\Soluto\PCGAppControlPluginLoader.exe
06:06:13.0250 2824  C:\Program Files\Soluto\PCGAppControlPluginLoader.exe - ok
06:06:13.0265 2824  [ FF0D86E06FE782D9A45E2E39D8F9C829 ] C:\Program Files\Soluto\PCGConfiguration.dll
06:06:13.0265 2824  C:\Program Files\Soluto\PCGConfiguration.dll - ok
06:06:13.0281 2824  [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
06:06:13.0281 2824  C:\WINDOWS\system32\ntlanman.dll - ok
06:06:13.0281 2824  [ 2F9DD8B63A1FE8F05410C561EDB367FD ] C:\Program Files\Soluto\PCGRSPProbe.dll
06:06:13.0281 2824  C:\Program Files\Soluto\PCGRSPProbe.dll - ok
06:06:13.0296 2824  [ D29679768B36B020F393BDE107D0B3D0 ] C:\Program Files\Soluto\PCGHIDProbe.dll
06:06:13.0296 2824  C:\Program Files\Soluto\PCGHIDProbe.dll - ok
06:06:13.0312 2824  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
06:06:13.0312 2824  C:\WINDOWS\system32\mscms.dll - ok
06:06:13.0312 2824  [ 59FAB13F9BA5150CA1B1B9658AA67A97 ] C:\Program Files\Soluto\PCGBootVisualizingCommon.dll
06:06:13.0312 2824  C:\Program Files\Soluto\PCGBootVisualizingCommon.dll - ok
06:06:13.0328 2824  [ 25191FF7340E21976D5F37736E6DA069 ] C:\Program Files\Soluto\PCGDriverProbe.dll
06:06:13.0328 2824  C:\Program Files\Soluto\PCGDriverProbe.dll - ok
06:06:13.0343 2824  [ 67A6C40BDF6D1E659CF5D59280C287E6 ] C:\Program Files\Soluto\PCGDatabase.dll
06:06:13.0343 2824  C:\Program Files\Soluto\PCGDatabase.dll - ok
06:06:13.0343 2824  [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
06:06:13.0343 2824  C:\WINDOWS\system32\netui0.dll - ok
06:06:13.0359 2824  [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
06:06:13.0359 2824  C:\WINDOWS\system32\netui1.dll - ok
06:06:13.0375 2824  [ B938937E97C32157D6763D54BB0D024E ] C:\Program Files\Logitech\MouseWare\system\EVENTEX.DLL
06:06:13.0375 2824  C:\Program Files\Logitech\MouseWare\system\EVENTEX.DLL - ok
06:06:13.0375 2824  [ 11CF5FCEA69846A078556304E3657962 ] C:\WINDOWS\system32\COMNCTR.DLL
06:06:13.0375 2824  C:\WINDOWS\system32\COMNCTR.DLL - ok
06:06:13.0390 2824  [ A430FAAE0A4DB973500B6C882F8848E5 ] C:\Program Files\Logitech\MouseWare\system\MFC42.DLL
06:06:13.0390 2824  C:\Program Files\Logitech\MouseWare\system\MFC42.DLL - ok
06:06:13.0406 2824  [ 96643D20AD4CF14709A673167CFEDB1F ] C:\Program Files\Soluto\PCGCommunication.dll
06:06:13.0406 2824  C:\Program Files\Soluto\PCGCommunication.dll - ok
06:06:13.0406 2824  [ E4C94D737A20BFE95DC31EB46F146E5D ] C:\Program Files\Soluto\PCGPostBootResources.dll
06:06:13.0406 2824  C:\Program Files\Soluto\PCGPostBootResources.dll - ok
06:06:13.0421 2824  [ B2A361DC1088BD2C03A428C85FFA79A0 ] C:\Program Files\Soluto\PCGClientCommon.dll
06:06:13.0421 2824  C:\Program Files\Soluto\PCGClientCommon.dll - ok
06:06:13.0437 2824  [ 5761194A3BFF787639A384385776021B ] C:\Program Files\Soluto\PCGAzureShared.dll
06:06:13.0437 2824  C:\Program Files\Soluto\PCGAzureShared.dll - ok
06:06:13.0437 2824  [ D8AC0BA0F483C84252EEE4BDBEA7BE1B ] C:\Program Files\Soluto\PCGFramework.dll
06:06:13.0437 2824  C:\Program Files\Soluto\PCGFramework.dll - ok
06:06:13.0453 2824  [ 751184DF487A1B3C95CB29B0D0069C28 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
06:06:13.0453 2824  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - ok
06:06:13.0468 2824  [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
06:06:13.0468 2824  C:\WINDOWS\system32\davclnt.dll - ok
06:06:13.0484 2824  [ 049EB3C18DD71B96075DD7DA48043FDF ] C:\WINDOWS\system32\ZoneLabs\vsmon.exe
06:06:13.0484 2824  C:\WINDOWS\system32\ZoneLabs\vsmon.exe - ok
06:06:13.0484 2824  [ 1C55D0245047795650059256C8B38B85 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\12e6fc3379d21e7199de9530a50aac3c\Soluto.ni.exe
06:06:13.0484 2824  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\12e6fc3379d21e7199de9530a50aac3c\Soluto.ni.exe - ok
06:06:13.0500 2824  [ 347F21144FC4C98F2CF0A1C316349829 ] C:\Program Files\Soluto\Microsoft.ServiceHosting.ServiceRuntime.dll
06:06:13.0500 2824  C:\Program Files\Soluto\Microsoft.ServiceHosting.ServiceRuntime.dll - ok
06:06:13.0515 2824  [ C88FA98176AAD77E213B6F90A6158233 ] C:\Program Files\Logitech\MouseWare\system\ccresrce.dll
06:06:13.0515 2824  C:\Program Files\Logitech\MouseWare\system\ccresrce.dll - ok
06:06:13.0515 2824  ============================================================
06:06:13.0515 2824  Scan finished
06:06:13.0515 2824  ============================================================
06:06:13.0531 2928  Detected object count: 0
06:06:13.0531 2928  Actual detected object count: 0

 

 


Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.10.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tony Newton :: TONY-78ZHQ8WG2D [administrator]

10/04/2013 21:40:14
mbar-log-2013-04-10 (21-40-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29429
Time elapsed: 30 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

  

   



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:28 PM

Posted 10 April 2013 - 04:19 PM


Hello 24tony



Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
  • Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 24tony

24tony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 10 April 2013 - 04:19 PM

Gringo

 

One more thing I meant to mention was the "Advanced tab" on the windows firewall. It tells me the "The network connection settings have become corrupted. To fix this click restore defaults" but if I click on fix, the message is still the same and it does not fix anything. It sounds like it needs a part of the registry repairing.

Tony



#10 24tony

24tony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 10 April 2013 - 04:26 PM

Gringo

 

It looks like I posted as you had already made another suggestion.

 

Please find log pasted below.


Tony

 

Farbar Service Scanner Version: 03-03-2013
Ran by Tony Newton (administrator) on 10-04-2013 at 22:21:20
Running from "C:\Documents and Settings\Tony Newton\Desktop\Bleeping\Farbar"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2005-08-19 14:52] - [2008-04-14 06:42] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2008-08-29 15:11] - [2009-02-06 12:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
aswTdi(17) BRIDGE(10) BridgeMP(9) fssfltr(11) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(14) NwlnkNb(15) PSched(7) RFCOMM(13) Tcpip(4)
0x110000000500000001000000020000000300000004000000110000000C000000100000000600000007000000090000000A000000080000000B0000000D0000000E0000000F000000
IpSec Tag value is correct.

**** End of log ****



Gringo

 

It looks like I posted as you had already made another suggestion.

 

Please find log pasted below.


Tony

 

Farbar Service Scanner Version: 03-03-2013
Ran by Tony Newton (administrator) on 10-04-2013 at 22:21:20
Running from "C:\Documents and Settings\Tony Newton\Desktop\Bleeping\Farbar"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2005-08-19 14:52] - [2008-04-14 06:42] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2008-08-29 15:11] - [2009-02-06 12:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
aswTdi(17) BRIDGE(10) BridgeMP(9) fssfltr(11) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(14) NwlnkNb(15) PSched(7) RFCOMM(13) Tcpip(4)
0x110000000500000001000000020000000300000004000000110000000C000000100000000600000007000000090000000A000000080000000B0000000D0000000E0000000F000000
IpSec Tag value is correct.

**** End of log ****



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:28 PM

Posted 10 April 2013 - 04:54 PM


Hello

I would like you to download The Services repair tool and save it to your desktop

right click on the file and select "Run as Administrator"

When the tool is complete please restart the computer and rerun Farbars service Scanner again and post the report please and let me know how things are after running the tool

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 24tony

24tony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 11 April 2013 - 04:55 AM

Hi Gringo

 

I downloaded the Security repair tool and tried to right click and run as administraor, but
I had a message stating a policy does not allow blank passwords. I entered "adminsttrator" & "blank" (as in nothing)

The program ran and I re booted and re ran Farbar. The log is attached below. It had still managed to
turn off the firewall and windows updates.

I turned on the firewall and windows updated and rebooted just to give a second chance, but update was still on
And the Firewall was turned off.
 
There are more programs and services listed on the "Exceptions" tab of the "Windows Firewall" popup, and it
still states under "Advanced" that the files are corrupt. If I click on restore defaults, it is still the same.

Many things now work better but not quite back to normal. I can right click on connections and the status
box pops up immediately when before it took 5 minutes.

A while ago it turned off Zone alarm, Avast and Windows firewall on every boot. It would not allow AVG to run at all and it did
not want me to uninstall it either! Thats why I have Avast.

 

Nearly there!

 

Tony

 

 

Farbar Service Scanner Version: 03-03-2013
Ran by Tony Newton (administrator) on 11-04-2013 at 10:19:16
Running from "C:\Documents and Settings\Tony Newton\Desktop\Bleeping\Farbar"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2005-08-19 14:52] - [2008-04-14 06:42] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2008-08-29 15:11] - [2009-02-06 12:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
aswTdi(17) BRIDGE(10) BridgeMP(9) fssfltr(11) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(14) NwlnkNb(15) PSched(7) RFCOMM(13) Tcpip(4)
0x110000000500000001000000020000000300000004000000110000000C000000100000000600000007000000090000000A000000080000000B0000000D0000000E0000000F000000
IpSec Tag value is correct.

**** End of log ****



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:28 PM

Posted 11 April 2013 - 08:37 AM

It looks like you have zone alarm installed and that will turn off windows firewall



:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.These logs are looking allot better. But we still have some work to do.


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job
  • Programs to remove

    • Adobe Reader 7.0
      BitLord 1.1
      Conduit Engine
      eMule
      J2SE Runtime Environment 5.0 Update 4
      J2SE Runtime Environment 5.0 Update 6
      Java™ 6 Update 13
      Java™ 6 Update 2
      Java™ 6 Update 3
      Java™ 6 Update 5
      Java™ 6 Update 7
      Java™ SE Runtime Environment 6 Update 1
      McAfee Security Scan Plus



  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
  • .


    Update Adobe reader
    • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

      You can download it from http://www.adobe.com/products/acrobat/readstep2.html
      After installing the latest Adobe Reader, uninstall all previous versions.
      If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

        Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

    Clean Out Temp Files
    • This small application you may want to keep and use once a week to keep the computer clean.

      Download CCleaner from here http://www.ccleaner.com/
      • Run the installer to install the application.
      • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
      • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
      • Click Run Cleaner.
      • Close CCleaner.
: Malwarebytes' Anti-Malware :
  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




    Download HijackThis
    • Go Here to download HijackThis program
    • Save HijackThis to your desktop.
    • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
    • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
    • copy and paste hijackthis report into the topic
    "information and logs"
    • In your next post I need the following
      • Log From MBAM
      • report from Hijackthis
      • let me know of any problems you may have had
      • How is the computer doing now?
    Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 24tony

24tony
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 11 April 2013 - 11:25 AM


Hi Gringo


All done, when I was uninstalling Java It was trying to register BHO's and DLL's when being removed.

 

I accidently removed Java™ 6 Update 11 which was not on your list.

 

I thought Java was a legit program.

 

The Emule progam has not been used for 5 years, and I never used Bit Lord at all. Not sure if they pose a threat just by being there?

Malwarebytes and Hijackthis log pasted below.

 

If I scan with Avast mbr I still get these 2 items in red.

ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll >>UNKNOWN [0x8a9a5008]<<

\Driver\atapi[0x8ac43b60] -> IRP_MJ_CREATE -> 0x8a9a5008


GMER also shows a strange module called "__________" (10 underscores)

Are these items suspect?

Tony

 


GMER 2.1.19155 - http://www.gmer.net
Rootkit quick scan 2013-04-11 17:18:43
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 SAMSUNG_HD103UI rev.1AA01113 931.51GB
Running: 96328.exe; Driver: C:\DOCUME~1\TONYNE~1\LOCALS~1\Temp\kfriauog.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwEnumerateKey [0xB736B847]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwEnumerateValueKey [0xB736B6B2]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwCreateProcessEx [0xB741CBA0]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObMakeTemporaryObject

---- Devices - GMER 2.1 ----

Device          \Driver\atapi \Device\Ide\IdePort0                                                     8A9A5008
Device                                                                                                 8A9A5008
Device          \Driver\atapi \Device\Ide\IdePort1                                                     8A9A5008
Device          \Driver\atapi \Device\Ide\IdePort2                                                     8A9A5008
Device          \Driver\atapi \Device\Ide\IdePort3                                                     8A9A5008
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17                                           8A9A5008
Device          \Driver\st3shark \Device\Scsi\st3shark1Port4Path0Target0Lun0                           8A6A9008
Device          \Driver\st3shark \Device\Scsi\st3shark1                                                8A6A9008
Device          \FileSystem\Ntfs \Ntfs                                                                 aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                 SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                               PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice  \FileSystem\Fastfat \Fat                                                               SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device          \Driver\Tcpip \Device\Ip                                                               vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\Tcpip \Device\Tcp                                                              vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\Tcpip \Device\Udp                                                              vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                              aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\Tcpip \Device\RawIp                                                            vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Modules - GMER 2.1 ----

Module          _________                                                                              F748F000-F74A7000 (98304 bytes)

---- EOF - GMER 2.1 ----

 


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.11.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tony Newton :: TONY-78ZHQ8WG2D [administrator]

11/04/2013 16:12:26
mbam-log-2013-04-11 (16-12-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243634
Time elapsed: 11 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HIJACK THIS LOG


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:29:51, on 11/04/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\SLEE503.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Soluto\SolutoService.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Tony Newton\Desktop\Bleeping\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-842925246-1390067357-839522115-1004\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User '?')
O4 - HKUS\S-1-5-18\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'Default user')
O4 - S-1-5-21-842925246-1390067357-839522115-1004 Startup: avast! Free Antivirus.lnk = C:\Program Files\AVAST Software\Avast\AvastUI.exe (User '?')
O4 - S-1-5-21-842925246-1390067357-839522115-1004 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User '?')
O4 - S-1-5-21-842925246-1390067357-839522115-1004 Startup: Zone Labs Security (2).lnk = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (User '?')
O4 - S-1-5-18 Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User '?')
O4 - .DEFAULT Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O4 - Startup: avast! Free Antivirus.lnk = C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Zone Labs Security (2).lnk = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Global Startup: AutorunsDisabled
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: My Password - C:\WINDOWS\system32\SUSBMyPwd.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} (DCPForm Control 1.0.1.1) - file:///D:/Mydlink/activeX/DCP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://e-mail.toyota-europe.com/,DanaInfo=ukburmfints01.toyotauk.com+iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} (TunnelX Control) - https://eu.mydlink.com/8D/activeX//TunnelX.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1362341553984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1362341441296
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} (Gif89 Lite +Audio Class) - https://eu.mydlink.com/8D/activeX//aplugLiteDL.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://192.168.1.90/activex/AMC.cab
O16 - DPF: {E87A4CD6-BA5F-4552-BC4F-8EC240A2755C} (WebRecClient Control) - http://192.168.1.108:82/webrec.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SmartGenie (LxrSGe10s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSge10s.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\WINDOWS\system32\SatSrv.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - Soluto - C:\Program Files\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 16158 bytes



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:28 PM

Posted 11 April 2013 - 12:01 PM


Greetings

Looking thru the reports just now I notice allot and I mean allot of security programs installed - I find it allot better to have a few good one and let them do their job instead of allot of them fighting each other


Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - S-1-5-18 Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User '?')
      O4 - .DEFAULT Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
      O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
      O4 - Global Startup: AutorunsDisabled


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
  • When the scan is complete
    • If no threats were found
      • put a checkmark in "Uninstall application on close"
      • close program
      • report to me that nothing was found
    • If threats were found
      • click on "list of threats found"
      • click on "export to text file" and save it as ESET SCAN and save to the desktop
      • Click on back
      • put a checkmark in "Uninstall application on close"
      • click on finish
      • close program
      • copy and paste the report here
    Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users