Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wave slider muting automatically, and Strange audio coming from speakers


  • This topic is locked This topic is locked
23 replies to this topic

#1 jthorne76

jthorne76

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 07 June 2013 - 08:37 AM

I recently "acquired" a new to me laptop from a family member, running windows XP SP3. I noticed after a few minutes of operating the sound was not working. I opened the volume control and found the Wave slider was all the way down, when I moved it back up I had what sounded like TV adds playing through my speakers. It seems to occur more often when connected to the internet, but does occur some when disconnected. 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Jodi at 22:30:31 on 2013-06-06
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.432 [GMT -4:00]
.
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
\??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\AOL Computer Checkup\sdccont.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\AOL Computer Checkup\sdccont.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = www.aol.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [MakiwaraNotify] "c:\program files\aol computer checkup\sdccont.exe" /dummy /cfg "c:\program files\aol computer checkup\uiframework\common\PCPowerCare.xml" /notificationtoaster /mutexname notificationtoaster /hideWindow
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10q_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxp://static-www3.cdn.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368992213359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{06E87073-016D-462D-8DB7-0EF926DB7B19} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 255968]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AOL Computer Checkup;AOL Computer Checkup;c:\program files\aol computer checkup\sdcService.exe [2013-3-13 584568]
.
=============== Created Last 30 ================
.
2013-06-04 22:58:23 -------- d-----w- c:\documents and settings\jodi\application data\DVDVideoSoftIEHelpers
2013-06-04 22:57:37 -------- d-----w- c:\program files\DVDVideoSoft
2013-06-04 22:57:37 -------- d-----w- c:\program files\common files\DVDVideoSoft
2013-06-04 22:57:37 -------- d-----w- c:\documents and settings\jodi\application data\DVDVideoSoft
2013-06-04 00:20:49 -------- d-----w- c:\documents and settings\all users\application data\WEBREG
2013-06-03 23:09:25 278016 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5oe.dll
2013-06-03 23:09:25 118272 ----a-w- c:\windows\system32\hpz3l5oe.dll
2013-06-03 23:03:34 -------- d-----w- c:\program files\common files\HP
2013-06-03 23:03:28 -------- d-----w- c:\program files\common files\Hewlett-Packard
2013-06-03 23:02:41 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2013-06-03 23:02:40 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2013-06-03 23:02:40 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2013-06-03 23:02:38 267608 ----a-w- c:\windows\system32\hpzids01.dll
2013-06-03 23:02:26 729088 ----a-w- c:\windows\system32\hpwwiax4.dll
2013-06-03 23:02:26 593920 ----a-w- c:\windows\system32\hpwtscl3.dll
2013-06-03 23:02:26 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2013-06-03 23:02:26 294912 ----a-w- c:\windows\system32\hpovst11.dll
2013-05-28 02:34:19 -------- d-----w- c:\documents and settings\jodi\application data\Malwarebytes
2013-05-28 02:33:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-05-28 02:33:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-28 02:33:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-21 17:54:15 -------- d-----w- c:\program files\Microsoft
2013-05-21 17:54:04 -------- d-----w- c:\program files\MSN Toolbar
2013-05-21 17:52:10 -------- d-----w- c:\program files\Bing Bar Installer
2013-05-21 17:52:02 -------- d-----w- c:\program files\HP Photo Creations
2013-05-21 17:52:02 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations
2013-05-21 17:51:41 -------- d-----w- c:\documents and settings\jodi\application data\HpUpdate
2013-05-21 17:50:42 273256 ------w- c:\windows\system32\HPDiscoPM8e11.dll
2013-05-21 17:50:40 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_PSB210.dll
2013-05-21 17:50:35 232296 ----a-w- c:\windows\system32\hpinksts8e11.dll
2013-05-21 17:50:34 264552 ----a-w- c:\windows\system32\hpinksts8e11LM.dll
2013-05-21 17:50:34 213352 ----a-w- c:\windows\system32\hpinkcoi8e11.dll
2013-05-21 17:48:24 -------- d-----w- c:\program files\HP
2013-05-20 02:52:08 -------- d-sh--w- C:\found.000
2013-05-19 18:20:47 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-05-19 18:20:47 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-05-19 18:20:43 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-05-19 18:20:43 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-05-19 02:27:33 -------- d-----w- c:\documents and settings\all users\application data\CraftEdge
2013-05-19 02:06:24 -------- d-----w- c:\windows\SystemRepair
2013-05-19 02:06:17 -------- d-----w- c:\documents and settings\jodi\application data\AOL
2013-05-19 02:06:17 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
2013-05-19 02:05:11 -------- d-----w- c:\program files\common files\Software Update Utility
2013-05-19 02:04:54 -------- d-----w- c:\documents and settings\all users\application data\AOL Computer Checkup
2013-05-19 02:03:12 -------- d-----w- c:\program files\AOL Computer Checkup
2013-05-19 02:02:29 -------- d-----w- c:\documents and settings\jodi\Downloads
2013-05-19 01:36:56 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-05-10 07:57:26 187456 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ------w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-02 14:09:52 4550656 -c--a-w- c:\windows\system32\GPhotos.scr
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500BEVS-75UST0 rev.01.01A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89AC52E2
user & kernel MBR OK 
.
============= FINISH: 22:37:00.90 ===============
 

Attached File  attach.txt   21KB   1 downloads



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 AM

Posted 08 June 2013 - 05:13 PM


Hello jthorne76

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jthorne76

jthorne76
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 10 June 2013 - 05:31 PM

Here is the ADWcleaner log, computer still doing the same thing,about to run the Junkware Removal Tool now, will post the log as soon as it is done.
 
# AdwCleaner v2.303 - Logfile created 06/10/2013 at 18:24:43
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jodi - JODI-F05344198D
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jodi\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Documents and Settings\Jodi\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Documents and Settings\Jeremy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [7050 octets] - [10/06/2013 17:19:39]
AdwCleaner[S2].txt - [1055 octets] - [10/06/2013 18:18:00]
AdwCleaner[S3].txt - [988 octets] - [10/06/2013 18:24:43]
 
########## EOF - C:\AdwCleaner[S3].txt - [1047 octets] ##########


#4 jthorne76

jthorne76
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 10 June 2013 - 05:55 PM

Here is the Junkware Removal Tool log, I checked right before posting this, and still have the muted wave slider, and pop up adds playing in the background.
 
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Jodi on Mon 06/10/2013 at 18:36:16.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\Jodi\Local Settings\Application Data\visi_coupon"
Successfully deleted: [Folder] "C:\Program Files\coupons"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/10/2013 at 18:52:40.98
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 AM

Posted 10 June 2013 - 07:43 PM


Hello jthorne76

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 jthorne76

jthorne76
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 10 June 2013 - 08:36 PM

Here is the combofix log, pop up adds are gone, and wave has not muted for the past 10-15 minutes
 
 
 
ComboFix 13-06-08.02 - Jodi 06/10/2013  20:58:58.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.935 [GMT -4:00]
Running from: c:\documents and settings\Jodi\My Documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1700                     .MRK
c:\windows\system32\drivers\DELL_XPS_Vostro 1700                     .MRK
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET7E.tmp
c:\windows\system32\SET8C.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-11 to 2013-06-11  )))))))))))))))))))))))))))))))
.
.
2013-06-10 21:33 . 2013-06-10 21:33 -------- d-----w- c:\windows\ERUNT
2013-06-10 21:33 . 2013-06-10 22:31 -------- d-----w- C:\JRT
2013-06-07 23:41 . 2013-06-07 23:41 -------- d-----w- c:\documents and settings\Jodi\Application Data\ElevatedDiagnostics
2013-06-04 22:57 . 2013-06-04 22:59 -------- d-----w- c:\documents and settings\Jodi\Application Data\DVDVideoSoft
2013-06-04 22:57 . 2013-06-04 22:58 -------- d-----w- c:\program files\DVDVideoSoft
2013-06-04 22:57 . 2013-06-04 22:58 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2013-06-04 00:20 . 2013-06-04 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2013-06-03 23:11 . 2013-06-04 00:21 -------- d-----w- c:\documents and settings\Jodi\Application Data\HP
2013-06-03 23:09 . 2013-06-03 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2013-06-03 23:09 . 2008-12-01 14:05 118272 ----a-w- c:\windows\system32\hpz3l5oe.dll
2013-06-03 23:09 . 2008-12-01 14:02 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5oe.dll
2013-06-03 23:05 . 2013-06-03 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2013-06-03 23:03 . 2013-06-03 23:03 -------- d-----w- c:\program files\Common Files\HP
2013-06-03 23:03 . 2013-06-03 23:03 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2013-06-03 23:02 . 2010-02-01 06:54 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2013-06-03 23:02 . 2010-02-01 06:54 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2013-06-03 23:02 . 2010-02-01 06:54 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2013-06-03 23:02 . 2010-05-31 04:36 267608 ----a-w- c:\windows\system32\hpzids01.dll
2013-06-03 23:02 . 2010-02-01 06:54 729088 ----a-w- c:\windows\system32\hpwwiax4.dll
2013-06-03 23:02 . 2010-02-01 06:54 593920 ----a-w- c:\windows\system32\hpwtscl3.dll
2013-06-03 23:02 . 2010-02-01 06:54 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2013-06-03 23:02 . 2010-02-01 06:54 294912 ----a-w- c:\windows\system32\hpovst11.dll
2013-06-03 02:12 . 2013-06-03 22:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2013-05-28 02:34 . 2013-05-28 02:34 -------- d-----w- c:\documents and settings\Jodi\Application Data\Malwarebytes
2013-05-28 02:33 . 2013-05-28 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-05-28 02:33 . 2013-05-28 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-28 02:33 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-25 16:02 . 2013-05-25 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2013-05-21 17:54 . 2013-06-07 17:15 -------- d-----w- c:\program files\Microsoft
2013-05-21 17:53 . 2013-05-21 17:53 -------- d-----w- c:\program files\Microsoft Silverlight
2013-05-21 17:52 . 2013-05-21 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2013-05-21 17:52 . 2013-05-21 17:52 -------- d-----w- c:\program files\HP Photo Creations
2013-05-21 17:51 . 2013-05-21 17:51 -------- d-----w- c:\documents and settings\Jodi\Application Data\HpUpdate
2013-05-21 17:50 . 2010-06-14 20:04 273256 ------w- c:\windows\system32\HPDiscoPM8e11.dll
2013-05-21 17:50 . 2010-06-14 20:48 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_PSB210.dll
2013-05-21 17:50 . 2010-06-14 20:48 232296 ----a-w- c:\windows\system32\hpinksts8e11.dll
2013-05-21 17:50 . 2010-06-14 20:48 264552 ----a-w- c:\windows\system32\hpinksts8e11LM.dll
2013-05-21 17:50 . 2010-06-14 20:48 213352 ----a-w- c:\windows\system32\hpinkcoi8e11.dll
2013-05-21 17:48 . 2013-06-03 23:05 -------- d-----w- c:\program files\HP
2013-05-21 17:12 . 2013-05-30 11:40 -------- d-----w- c:\documents and settings\Jeremy
2013-05-20 02:52 . 2013-05-20 02:52 -------- d-----w- C:\found.000
2013-05-19 18:20 . 2008-04-14 09:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-05-19 18:20 . 2008-04-14 09:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-05-19 18:20 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-05-19 18:20 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-05-19 17:54 . 2013-05-19 17:54 -------- d-----w- c:\documents and settings\Default User\Application Data\TuneUp Software
2013-05-19 02:27 . 2013-05-19 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CraftEdge
2013-05-19 02:06 . 2013-05-20 17:24 -------- d-----w- c:\windows\SystemRepair
2013-05-19 02:06 . 2013-05-19 02:06 -------- d-----w- c:\documents and settings\Jodi\Application Data\AOL
2013-05-19 02:04 . 2013-05-19 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Computer Checkup
2013-05-19 02:03 . 2013-05-20 17:24 -------- d-----w- c:\program files\AOL Computer Checkup
2013-05-19 02:02 . 2013-05-19 02:04 -------- d-----w- c:\documents and settings\Jodi\Downloads
2013-05-19 01:36 . 2013-05-19 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 22:17 . 2004-08-04 01:07 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2004-08-04 01:07 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2004-08-04 01:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-04 01:07 385024 ------w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2004-08-04 01:07 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-02 14:09 . 2013-04-02 14:09 4550656 -c--a-w- c:\windows\system32\GPhotos.scr
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"MakiwaraNotify"="c:\program files\AOL Computer Checkup\sdccont.exe" [2013-03-13 82296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-31 240288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2013-03-21 09:10 472992 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-07-02 17:29 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-14 04:04 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-02-13 23:21 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 04:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 17:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 22:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
2006-11-02 18:05 282624 ----a-w- c:\windows\system32\KADxMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-06-09 11:23 13537280 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2008-06-09 11:23 90112 ----a-w- c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-06-09 11:23 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-06-09 11:23 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 14:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wltrysvc"=2 (0x2)
"wlidsvc"=2 (0x2)
"sprtsvc_dellsupportcenter"=2 (0x2)
"SeaPort"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AOL Computer Checkup"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 255968]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 4:02 PM 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
S4 AOL Computer Checkup;AOL Computer Checkup;c:\program files\AOL Computer Checkup\sdcService.exe [3/13/2013 12:41 AM 584568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 17:49 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-10 c:\windows\Tasks\AdobeAAMUpdater-1.0-JODI-F05344198D-Jodi.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-03-21 09:10]
.
2013-06-10 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]
.
2013-06-11 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]
.
2013-06-10 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]
.
2013-06-10 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]
.
2013-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1637723038-682003330-1006Core.job
- c:\documents and settings\Jeremy\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-05-27 01:23]
.
2013-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1637723038-682003330-1006UA.job
- c:\documents and settings\Jeremy\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-05-27 01:23]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-19 01:44]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-19 01:44]
.
2013-06-10 c:\windows\Tasks\MainUIModule_AOL_Computer Checkup_{BDA49F87-1626-484F-AB5B-41EA29B28AD7}.job
- c:\program files\AOL Computer Checkup\sdcCont.exe [2013-03-13 04:41]
.
.
------- Supplementary Scan -------
.
uStart Page = www.aol.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxp://static-www3.cdn.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-10 21:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500BEVS-75UST0 rev.01.01A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e 
.
device: opened successfully
user: MBR read successfully
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89AB02E2
user & kernel MBR OK 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1637723038-682003330-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3DA848F-9380-4E93-A347-F45E38653C65}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Jodi\\Local Settings\\Application Data\\RobloxVersions\\version-76ed5b3c6cb0467f\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\WININET.dll
.
Completion time: 2013-06-10  21:29:56
ComboFix-quarantined-files.txt  2013-06-11 01:29
.
Pre-Run: 212,834,349,056 bytes free
Post-Run: 213,660,897,280 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1346E9E2E9B84CFB06B8BE6789ECDE28
8F558EB6672622401DA993E1E865C861


#7 jthorne76

jthorne76
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 10 June 2013 - 08:46 PM

Correction on the last, just did a restart and still having the same problem, wave slider was muted, and when I un-muted it, had pop up adds playing in the background, so problem not resolved.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 AM

Posted 11 June 2013 - 10:19 AM


Hello jthorne76

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jthorne76

jthorne76
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 11 June 2013 - 06:16 PM

Here is the log from tdskiller, when I restarted the computer wave slider was muted, but I have since un muted it and am playing music via WMP, and so far (about 5 minutes) it has not muted and no malicious sounds coming from speakers.

 

 

19:05:01.0375 2496  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:05:01.0890 2496  ============================================================
19:05:01.0906 2496  Current date / time: 2013/06/11 19:05:01.0890
19:05:01.0906 2496  SystemInfo:
19:05:01.0906 2496  
19:05:01.0906 2496  OS Version: 5.1.2600 ServicePack: 3.0
19:05:01.0906 2496  Product type: Workstation
19:05:01.0906 2496  ComputerName: JODI-F05344198D
19:05:01.0906 2496  UserName: Jodi
19:05:01.0906 2496  Windows directory: C:\WINDOWS
19:05:01.0906 2496  System windows directory: C:\WINDOWS
19:05:01.0906 2496  Processor architecture: Intel x86
19:05:01.0906 2496  Number of processors: 2
19:05:01.0906 2496  Page size: 0x1000
19:05:01.0906 2496  Boot type: Normal boot
19:05:01.0906 2496  ============================================================
19:05:04.0125 2496  BG loaded
19:05:04.0750 2496  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:05:04.0781 2496  ============================================================
19:05:04.0781 2496  \Device\Harddisk0\DR0:
19:05:04.0781 2496  MBR partitions:
19:05:04.0796 2496  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
19:05:04.0796 2496  ============================================================
19:05:04.0921 2496  C: <-> \Device\Harddisk0\DR0\Partition1
19:05:04.0921 2496  ============================================================
19:05:04.0921 2496  Initialize success
19:05:04.0921 2496  ============================================================
19:05:33.0484 1012  ============================================================
19:05:33.0484 1012  Scan started
19:05:33.0484 1012  Mode: Manual; SigCheck; TDLFS; 
19:05:33.0484 1012  ============================================================
19:05:34.0062 1012  ================ Scan system memory ========================
19:05:34.0078 1012  System memory - ok
19:05:34.0078 1012  ================ Scan services =============================
19:05:34.0265 1012  Abiosdsk - ok
19:05:34.0265 1012  abp480n5 - ok
19:05:34.0328 1012  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:05:35.0781 1012  ACPI - ok
19:05:35.0828 1012  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:05:35.0984 1012  ACPIEC - ok
19:05:35.0984 1012  adpu160m - ok
19:05:36.0125 1012  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:05:36.0343 1012  aec - ok
19:05:36.0390 1012  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:05:36.0468 1012  AFD - ok
19:05:36.0468 1012  Aha154x - ok
19:05:36.0484 1012  aic78u2 - ok
19:05:36.0484 1012  aic78xx - ok
19:05:36.0546 1012  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:05:36.0734 1012  Alerter - ok
19:05:36.0765 1012  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
19:05:36.0953 1012  ALG - ok
19:05:36.0968 1012  AliIde - ok
19:05:36.0968 1012  amsint - ok
19:05:37.0125 1012  [ A0534F04C19257A04762111C5CAA2342 ] AOL Computer Checkup C:\Program Files\AOL Computer Checkup\SDCService.exe
19:05:37.0218 1012  AOL Computer Checkup - ok
19:05:37.0359 1012  [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
19:05:37.0453 1012  ApfiltrService - ok
19:05:37.0500 1012  [ EC94E05B76D033B74394E7B2175103CF ] APPDRV          C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
19:05:37.0515 1012  APPDRV ( UnsignedFile.Multi.Generic ) - warning
19:05:37.0515 1012  APPDRV - detected UnsignedFile.Multi.Generic (1)
19:05:37.0546 1012  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:05:37.0687 1012  AppMgmt - ok
19:05:37.0718 1012  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:05:37.0890 1012  Arp1394 - ok
19:05:37.0890 1012  asc - ok
19:05:37.0890 1012  asc3350p - ok
19:05:37.0906 1012  asc3550 - ok
19:05:38.0109 1012  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:05:38.0156 1012  aspnet_state - ok
19:05:38.0218 1012  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:05:38.0406 1012  AsyncMac - ok
19:05:38.0484 1012  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:05:38.0625 1012  atapi - ok
19:05:38.0625 1012  Atdisk - ok
19:05:38.0671 1012  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:05:38.0906 1012  Atmarpc - ok
19:05:38.0984 1012  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:05:39.0140 1012  AudioSrv - ok
19:05:39.0171 1012  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:05:39.0328 1012  audstub - ok
19:05:39.0734 1012  [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent     C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
19:05:40.0375 1012  AVGIDSAgent - ok
19:05:40.0437 1012  [ 2D18221AAB3DB2D408D6C55C0F23090A ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:05:40.0500 1012  AVGIDSDriver - ok
19:05:40.0546 1012  [ 1AF676DB3F3D4CC709CFAB2571CF5FC3 ] AVGIDSEH        C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:05:40.0578 1012  AVGIDSEH - ok
19:05:40.0625 1012  [ 4C51E233C87F9EC7598551DE554BC99D ] AVGIDSFilter    C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:05:40.0640 1012  AVGIDSFilter - ok
19:05:40.0687 1012  [ C3FC426E54F55C1CC3219E415B88E10C ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:05:40.0703 1012  AVGIDSShim - ok
19:05:40.0812 1012  [ 901EB73F900D8DD1E8862C40427B83AE ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:05:40.0859 1012  Avgldx86 - ok
19:05:40.0875 1012  [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:05:40.0890 1012  Avgmfx86 - ok
19:05:40.0906 1012  [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:05:40.0937 1012  Avgrkx86 - ok
19:05:40.0968 1012  [ AAF0EBCAD95F2164CFFB544E00392498 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:05:41.0000 1012  Avgtdix - ok
19:05:41.0046 1012  [ FC2BC51120A945F7C70376495E4E7737 ] avgwd           C:\Program Files\AVG\AVG10\avgwdsvc.exe
19:05:41.0078 1012  avgwd - ok
19:05:41.0484 1012  [ 37F385A93C620CBE0F89C17E45F697A1 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:05:41.0640 1012  BCM43XX - ok
19:05:41.0640 1012  bcm4sbxp - ok
19:05:41.0718 1012  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:05:41.0875 1012  Beep - ok
19:05:42.0078 1012  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:05:42.0312 1012  BITS - ok
19:05:42.0359 1012  [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:05:42.0406 1012  Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
19:05:42.0406 1012  Bonjour Service - detected UnsignedFile.Multi.Generic (1)
19:05:42.0500 1012  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
19:05:42.0625 1012  Browser - ok
19:05:42.0906 1012  catchme - ok
19:05:42.0937 1012  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:05:43.0093 1012  cbidf2k - ok
19:05:43.0109 1012  cd20xrnt - ok
19:05:43.0140 1012  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:05:43.0296 1012  Cdaudio - ok
19:05:43.0343 1012  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:05:43.0531 1012  Cdfs - ok
19:05:43.0562 1012  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:05:43.0718 1012  Cdrom - ok
19:05:43.0734 1012  Changer - ok
19:05:43.0765 1012  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:05:43.0968 1012  CiSvc - ok
19:05:44.0000 1012  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:05:44.0171 1012  ClipSrv - ok
19:05:44.0296 1012  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:05:44.0484 1012  clr_optimization_v2.0.50727_32 - ok
19:05:44.0734 1012  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:05:44.0765 1012  clr_optimization_v4.0.30319_32 - ok
19:05:44.0828 1012  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:05:45.0343 1012  CmBatt - ok
19:05:45.0343 1012  CmdIde - ok
19:05:45.0375 1012  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:05:45.0546 1012  Compbatt - ok
19:05:45.0562 1012  COMSysApp - ok
19:05:45.0562 1012  Cpqarray - ok
19:05:45.0625 1012  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:05:45.0843 1012  CryptSvc - ok
19:05:45.0859 1012  dac2w2k - ok
19:05:45.0859 1012  dac960nt - ok
19:05:45.0937 1012  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:05:46.0078 1012  DcomLaunch - ok
19:05:46.0125 1012  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:05:46.0265 1012  Dhcp - ok
19:05:46.0343 1012  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:05:46.0484 1012  Disk - ok
19:05:46.0500 1012  dmadmin - ok
19:05:46.0625 1012  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:05:46.0859 1012  dmboot - ok
19:05:46.0890 1012  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:05:47.0078 1012  dmio - ok
19:05:47.0140 1012  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:05:47.0312 1012  dmload - ok
19:05:47.0359 1012  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:05:47.0500 1012  dmserver - ok
19:05:47.0578 1012  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:05:47.0718 1012  DMusic - ok
19:05:47.0765 1012  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:05:47.0906 1012  Dnscache - ok
19:05:47.0937 1012  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:05:48.0093 1012  Dot3svc - ok
19:05:48.0109 1012  dpti2o - ok
19:05:48.0109 1012  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:05:48.0265 1012  drmkaud - ok
19:05:48.0328 1012  [ 0C8762B91B967A91373E0E022B62ACFC ] DXEC02          C:\WINDOWS\system32\drivers\dxec02.sys
19:05:48.0406 1012  DXEC02 ( UnsignedFile.Multi.Generic ) - warning
19:05:48.0406 1012  DXEC02 - detected UnsignedFile.Multi.Generic (1)
19:05:48.0468 1012  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:05:48.0656 1012  EapHost - ok
19:05:48.0687 1012  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:05:48.0843 1012  ERSvc - ok
19:05:48.0906 1012  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
19:05:48.0953 1012  Eventlog - ok
19:05:48.0968 1012  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
19:05:49.0062 1012  EventSystem - ok
19:05:49.0171 1012  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:05:49.0343 1012  Fastfat - ok
19:05:49.0406 1012  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:05:49.0546 1012  FastUserSwitchingCompatibility - ok
19:05:49.0562 1012  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
19:05:49.0750 1012  Fdc - ok
19:05:49.0781 1012  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:05:49.0953 1012  Fips - ok
19:05:50.0125 1012  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:05:50.0328 1012  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:05:50.0328 1012  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:05:50.0375 1012  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
19:05:50.0531 1012  Flpydisk - ok
19:05:50.0640 1012  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:05:50.0843 1012  FltMgr - ok
19:05:50.0921 1012  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:05:50.0953 1012  FontCache3.0.0.0 - ok
19:05:50.0953 1012  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:05:51.0109 1012  Fs_Rec - ok
19:05:51.0140 1012  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:05:51.0296 1012  Ftdisk - ok
19:05:51.0343 1012  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:05:51.0500 1012  Gpc - ok
19:05:51.0609 1012  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:05:51.0625 1012  gupdate - ok
19:05:51.0671 1012  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:05:51.0703 1012  gupdatem - ok
19:05:51.0765 1012  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:05:51.0828 1012  gusvc - ok
19:05:51.0859 1012  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:05:52.0015 1012  HDAudBus - ok
19:05:52.0109 1012  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:05:52.0265 1012  helpsvc - ok
19:05:52.0281 1012  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
19:05:52.0437 1012  HidServ - ok
19:05:52.0468 1012  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:05:52.0640 1012  HidUsb - ok
19:05:52.0734 1012  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:05:52.0890 1012  hkmsvc - ok
19:05:52.0906 1012  hpn - ok
19:05:53.0046 1012  [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:05:53.0078 1012  hpqcxs08 - ok
19:05:53.0125 1012  [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:05:53.0156 1012  hpqddsvc - ok
19:05:53.0218 1012  [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
19:05:53.0265 1012  HPSLPSVC - ok
19:05:53.0359 1012  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:05:53.0906 1012  HPZid412 - ok
19:05:53.0984 1012  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:05:54.0062 1012  HPZipr12 - ok
19:05:54.0140 1012  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:05:54.0250 1012  HPZius12 - ok
19:05:54.0359 1012  [ 290CDBB05903742EA06B7203C5A662F5 ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
19:05:54.0468 1012  HSFHWAZL - ok
19:05:54.0750 1012  [ 7AB812355F98858B9ECDD46E6FCC221F ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:05:54.0937 1012  HSF_DPV - ok
19:05:55.0062 1012  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:05:55.0187 1012  HTTP - ok
19:05:55.0250 1012  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:05:55.0484 1012  HTTPFilter - ok
19:05:55.0484 1012  i2omgmt - ok
19:05:55.0484 1012  i2omp - ok
19:05:55.0531 1012  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:05:55.0703 1012  i8042prt - ok
19:05:56.0218 1012  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:05:56.0437 1012  idsvc - ok
19:05:56.0500 1012  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:05:56.0718 1012  Imapi - ok
19:05:56.0812 1012  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:05:57.0078 1012  ImapiService - ok
19:05:57.0093 1012  ini910u - ok
19:05:57.0109 1012  IntelIde - ok
19:05:57.0140 1012  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:05:57.0296 1012  intelppm - ok
19:05:57.0406 1012  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:05:57.0578 1012  Ip6Fw - ok
19:05:57.0671 1012  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:05:57.0843 1012  IpFilterDriver - ok
19:05:57.0875 1012  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:05:58.0046 1012  IpInIp - ok
19:05:58.0078 1012  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:05:58.0234 1012  IpNat - ok
19:05:58.0265 1012  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:05:58.0406 1012  IPSec - ok
19:05:58.0437 1012  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:05:58.0593 1012  IRENUM - ok
19:05:58.0640 1012  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:05:58.0828 1012  isapnp - ok
19:05:59.0062 1012  [ 11C3EFB4BAC41175D03B1595DB1A4A4F ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:05:59.0171 1012  JavaQuickStarterService - ok
19:05:59.0203 1012  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:05:59.0375 1012  Kbdclass - ok
19:05:59.0421 1012  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:05:59.0593 1012  kmixer - ok
19:05:59.0734 1012  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:06:00.0000 1012  KSecDD - ok
19:06:00.0046 1012  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:06:00.0171 1012  lanmanserver - ok
19:06:00.0250 1012  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:06:00.0359 1012  lanmanworkstation - ok
19:06:00.0359 1012  lbrtfdc - ok
19:06:00.0421 1012  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:06:00.0671 1012  LmHosts - ok
19:06:00.0718 1012  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:06:00.0781 1012  mdmxsdk - ok
19:06:00.0812 1012  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:06:00.0984 1012  Messenger - ok
19:06:01.0140 1012  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:06:01.0156 1012  Microsoft Office Groove Audit Service - ok
19:06:01.0203 1012  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:06:01.0343 1012  mnmdd - ok
19:06:01.0421 1012  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:06:01.0593 1012  mnmsrvc - ok
19:06:01.0640 1012  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:06:01.0765 1012  Modem - ok
19:06:01.0781 1012  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:06:01.0937 1012  Mouclass - ok
19:06:02.0015 1012  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:06:02.0187 1012  mouhid - ok
19:06:02.0234 1012  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:06:02.0359 1012  MountMgr - ok
19:06:02.0406 1012  [ A69630D039C38018689190234F866D77 ] MpKsl296f0928   C:\WINDOWS\system32\MpEngineStore\MpKsl296f0928.sys
19:06:02.0453 1012  MpKsl296f0928 - ok
19:06:02.0453 1012  mraid35x - ok
19:06:02.0531 1012  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:06:02.0687 1012  MRxDAV - ok
19:06:02.0765 1012  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:06:02.0968 1012  MRxSmb - ok
19:06:03.0046 1012  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:06:03.0187 1012  MSDTC - ok
19:06:03.0203 1012  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:06:03.0375 1012  Msfs - ok
19:06:03.0390 1012  MSIServer - ok
19:06:03.0406 1012  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:06:03.0625 1012  MSKSSRV - ok
19:06:03.0656 1012  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:06:03.0843 1012  MSPCLOCK - ok
19:06:03.0859 1012  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:06:04.0031 1012  MSPQM - ok
19:06:04.0078 1012  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:06:04.0218 1012  mssmbios - ok
19:06:04.0328 1012  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:06:04.0453 1012  Mup - ok
19:06:04.0562 1012  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:06:04.0781 1012  napagent - ok
19:06:04.0812 1012  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:06:05.0015 1012  NDIS - ok
19:06:05.0078 1012  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:06:05.0218 1012  NdisTapi - ok
19:06:05.0250 1012  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:06:05.0421 1012  Ndisuio - ok
19:06:05.0421 1012  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:06:05.0562 1012  NdisWan - ok
19:06:05.0625 1012  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:06:05.0765 1012  NDProxy - ok
19:06:05.0828 1012  [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
19:06:05.0859 1012  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:06:05.0859 1012  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:06:05.0906 1012  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:06:06.0062 1012  NetBIOS - ok
19:06:06.0125 1012  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:06:06.0312 1012  NetBT - ok
19:06:06.0500 1012  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:06:06.0671 1012  NetDDE - ok
19:06:06.0718 1012  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:06:06.0843 1012  NetDDEdsdm - ok
19:06:06.0890 1012  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:06:07.0015 1012  Netlogon - ok
19:06:07.0046 1012  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
19:06:07.0171 1012  Netman - ok
19:06:07.0203 1012  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:06:07.0234 1012  NetTcpPortSharing - ok
19:06:07.0250 1012  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:06:07.0390 1012  NIC1394 - ok
19:06:07.0453 1012  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:06:07.0484 1012  Nla - ok
19:06:07.0500 1012  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:06:07.0625 1012  Npfs - ok
19:06:07.0703 1012  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:06:07.0875 1012  Ntfs - ok
19:06:07.0890 1012  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:06:08.0046 1012  NtLmSsp - ok
19:06:08.0093 1012  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:06:08.0312 1012  NtmsSvc - ok
19:06:08.0343 1012  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:06:08.0500 1012  Null - ok
19:06:08.0765 1012  [ C116D2B008A1640C4484A1DCD1ABE12C ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:06:09.0109 1012  nv - ok
19:06:09.0140 1012  [ BC6F6D569A0848BA9D38158AE4734A9C ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
19:06:09.0203 1012  NVSvc - ok
19:06:09.0234 1012  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:06:09.0453 1012  NwlnkFlt - ok
19:06:09.0468 1012  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:06:09.0609 1012  NwlnkFwd - ok
19:06:09.0671 1012  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:06:09.0718 1012  odserv - ok
19:06:09.0765 1012  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:06:09.0890 1012  ohci1394 - ok
19:06:09.0906 1012  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:06:09.0937 1012  ose - ok
19:06:10.0000 1012  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
19:06:10.0125 1012  Parport - ok
19:06:10.0140 1012  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:06:10.0296 1012  PartMgr - ok
19:06:10.0343 1012  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:06:10.0468 1012  ParVdm - ok
19:06:10.0484 1012  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:06:10.0640 1012  PCI - ok
19:06:10.0640 1012  PCIDump - ok
19:06:10.0640 1012  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:06:10.0812 1012  PCIIde - ok
19:06:10.0843 1012  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:06:10.0984 1012  Pcmcia - ok
19:06:11.0000 1012  PDCOMP - ok
19:06:11.0000 1012  PDFRAME - ok
19:06:11.0000 1012  PDRELI - ok
19:06:11.0000 1012  PDRFRAME - ok
19:06:11.0015 1012  perc2 - ok
19:06:11.0015 1012  perc2hib - ok
19:06:11.0062 1012  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
19:06:11.0078 1012  PlugPlay - ok
19:06:11.0125 1012  [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
19:06:11.0140 1012  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:06:11.0140 1012  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:06:11.0140 1012  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:06:11.0265 1012  PolicyAgent - ok
19:06:11.0312 1012  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:06:11.0453 1012  PptpMiniport - ok
19:06:11.0453 1012  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:06:11.0812 1012  ProtectedStorage - ok
19:06:11.0812 1012  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:06:11.0953 1012  PSched - ok
19:06:11.0968 1012  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:06:12.0125 1012  Ptilink - ok
19:06:12.0125 1012  ql1080 - ok
19:06:12.0140 1012  Ql10wnt - ok
19:06:12.0140 1012  ql12160 - ok
19:06:12.0140 1012  ql1240 - ok
19:06:12.0156 1012  ql1280 - ok
19:06:12.0171 1012  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:06:12.0312 1012  RasAcd - ok
19:06:12.0359 1012  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:06:12.0531 1012  RasAuto - ok
19:06:12.0562 1012  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:06:12.0703 1012  Rasl2tp - ok
19:06:12.0718 1012  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:06:12.0843 1012  RasMan - ok
19:06:12.0843 1012  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:06:12.0984 1012  RasPppoe - ok
19:06:13.0000 1012  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:06:13.0125 1012  Raspti - ok
19:06:13.0156 1012  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:06:13.0281 1012  Rdbss - ok
19:06:13.0296 1012  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:06:13.0421 1012  RDPCDD - ok
19:06:13.0453 1012  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:06:13.0593 1012  rdpdr - ok
19:06:13.0625 1012  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:06:13.0734 1012  RDPWD - ok
19:06:13.0781 1012  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:06:13.0921 1012  RDSessMgr - ok
19:06:13.0968 1012  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:06:14.0109 1012  redbook - ok
19:06:14.0140 1012  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:06:14.0328 1012  RemoteAccess - ok
19:06:14.0375 1012  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:06:14.0500 1012  RemoteRegistry - ok
19:06:14.0546 1012  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
19:06:14.0625 1012  rimmptsk - ok
19:06:14.0625 1012  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
19:06:14.0718 1012  rimsptsk - ok
19:06:14.0734 1012  [ D231B577024AA324AF13A42F3A807D10 ] rismxdp         C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
19:06:14.0781 1012  rismxdp - ok
19:06:14.0781 1012  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:06:14.0921 1012  RpcLocator - ok
19:06:14.0953 1012  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
19:06:14.0984 1012  RpcSs - ok
19:06:15.0015 1012  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:06:15.0187 1012  RSVP - ok
19:06:15.0203 1012  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:06:15.0328 1012  SamSs - ok
19:06:15.0328 1012  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:06:15.0453 1012  SCardSvr - ok
19:06:15.0500 1012  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:06:15.0625 1012  Schedule - ok
19:06:15.0703 1012  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:06:15.0828 1012  sdbus - ok
19:06:15.0875 1012  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:06:16.0015 1012  Secdrv - ok
19:06:16.0031 1012  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:06:16.0187 1012  seclogon - ok
19:06:16.0218 1012  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
19:06:16.0375 1012  SENS - ok
19:06:16.0406 1012  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
19:06:16.0546 1012  Serial - ok
19:06:16.0578 1012  [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
19:06:16.0703 1012  sffdisk - ok
19:06:16.0734 1012  [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
19:06:17.0015 1012  sffp_sd - ok
19:06:17.0062 1012  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:06:17.0187 1012  Sfloppy - ok
19:06:17.0234 1012  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:06:17.0375 1012  SharedAccess - ok
19:06:17.0406 1012  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:06:17.0437 1012  ShellHWDetection - ok
19:06:17.0437 1012  Simbad - ok
19:06:17.0453 1012  Sparrow - ok
19:06:17.0500 1012  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:06:17.0625 1012  splitter - ok
19:06:17.0687 1012  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:06:17.0765 1012  Spooler - ok
19:06:17.0828 1012  sprtsvc_dellsupportcenter - ok
19:06:17.0843 1012  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:06:17.0968 1012  sr - ok
19:06:18.0000 1012  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:06:18.0140 1012  srservice - ok
19:06:18.0218 1012  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:06:18.0250 1012  Srv - ok
19:06:18.0312 1012  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:06:18.0437 1012  SSDPSRV - ok
19:06:18.0515 1012  [ 951801DFB54D86F611F0AF47825476F9 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
19:06:18.0656 1012  STHDA - ok
19:06:18.0718 1012  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
19:06:18.0843 1012  StillCam - ok
19:06:18.0890 1012  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:06:19.0031 1012  stisvc - ok
19:06:19.0062 1012  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:06:19.0234 1012  swenum - ok
19:06:19.0265 1012  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:06:19.0390 1012  swmidi - ok
19:06:19.0390 1012  SwPrv - ok
19:06:19.0406 1012  symc810 - ok
19:06:19.0406 1012  symc8xx - ok
19:06:19.0406 1012  sym_hi - ok
19:06:19.0406 1012  sym_u3 - ok
19:06:19.0437 1012  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:06:19.0562 1012  sysaudio - ok
19:06:19.0625 1012  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:06:19.0750 1012  SysmonLog - ok
19:06:19.0796 1012  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:06:19.0921 1012  TapiSrv - ok
19:06:19.0953 1012  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:06:19.0984 1012  Tcpip - ok
19:06:20.0031 1012  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:06:20.0171 1012  TDPIPE - ok
19:06:20.0187 1012  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:06:20.0312 1012  TDTCP - ok
19:06:20.0343 1012  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:06:20.0484 1012  TermDD - ok
19:06:20.0515 1012  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
19:06:20.0640 1012  TermService - ok
19:06:20.0687 1012  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:06:20.0703 1012  Themes - ok
19:06:20.0750 1012  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:06:20.0890 1012  TlntSvr - ok
19:06:20.0890 1012  TosIde - ok
19:06:20.0921 1012  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:06:21.0062 1012  TrkWks - ok
19:06:21.0078 1012  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:06:21.0203 1012  Udfs - ok
19:06:21.0218 1012  ultra - ok
19:06:21.0281 1012  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:06:21.0421 1012  Update - ok
19:06:21.0453 1012  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:06:21.0625 1012  upnphost - ok
19:06:21.0656 1012  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
19:06:21.0812 1012  UPS - ok
19:06:21.0890 1012  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:06:22.0046 1012  usbccgp - ok
19:06:22.0093 1012  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:06:22.0234 1012  usbehci - ok
19:06:22.0296 1012  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:06:22.0437 1012  usbhub - ok
19:06:22.0468 1012  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:06:22.0609 1012  usbprint - ok
19:06:22.0640 1012  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:06:22.0781 1012  usbscan - ok
19:06:22.0828 1012  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:06:22.0968 1012  USBSTOR - ok
19:06:22.0984 1012  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:06:23.0109 1012  usbuhci - ok
19:06:23.0140 1012  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:06:23.0281 1012  VgaSave - ok
19:06:23.0281 1012  ViaIde - ok
19:06:23.0343 1012  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:06:23.0468 1012  VolSnap - ok
19:06:23.0515 1012  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
19:06:23.0656 1012  VSS - ok
19:06:23.0687 1012  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
19:06:23.0843 1012  W32Time - ok
19:06:23.0859 1012  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:06:23.0984 1012  Wanarp - ok
19:06:24.0046 1012  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:06:24.0078 1012  Wdf01000 - ok
19:06:24.0093 1012  WDICA - ok
19:06:24.0109 1012  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:06:24.0234 1012  wdmaud - ok
19:06:24.0250 1012  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:06:24.0390 1012  WebClient - ok
19:06:24.0453 1012  [ A8596CF86D445269A42ECC08B7066A4C ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:06:24.0484 1012  winachsf - ok
19:06:24.0593 1012  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:06:24.0718 1012  winmgmt - ok
19:06:24.0781 1012  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
19:06:24.0953 1012  WinRM - ok
19:06:25.0093 1012  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:06:25.0250 1012  wlidsvc - ok
19:06:25.0250 1012  wltrysvc - ok
19:06:25.0296 1012  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:06:25.0406 1012  WmdmPmSN - ok
19:06:25.0468 1012  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:06:25.0562 1012  Wmi - ok
19:06:25.0609 1012  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:06:25.0812 1012  WmiAcpi - ok
19:06:25.0859 1012  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:06:25.0984 1012  WmiApSrv - ok
19:06:26.0093 1012  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
19:06:26.0296 1012  WMPNetworkSvc - ok
19:06:26.0375 1012  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:06:26.0484 1012  WPFFontCache_v0400 - ok
19:06:26.0562 1012  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:06:26.0796 1012  WS2IFSL - ok
19:06:26.0828 1012  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:06:26.0968 1012  wscsvc - ok
19:06:26.0968 1012  WSearch - ok
19:06:27.0015 1012  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:06:27.0156 1012  wuauserv - ok
19:06:27.0203 1012  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:06:27.0281 1012  WudfPf - ok
19:06:27.0281 1012  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:06:27.0312 1012  WudfRd - ok
19:06:27.0328 1012  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
19:06:27.0375 1012  WudfSvc - ok
19:06:27.0437 1012  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:06:27.0562 1012  WZCSVC - ok
19:06:27.0609 1012  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:06:27.0750 1012  xmlprov - ok
19:06:27.0750 1012  ================ Scan global ===============================
19:06:27.0796 1012  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:06:27.0921 1012  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
19:06:27.0953 1012  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
19:06:28.0015 1012  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:06:28.0015 1012  [Global] - ok
19:06:28.0015 1012  ================ Scan MBR ==================================
19:06:28.0031 1012  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:06:28.0031 1012  Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:06:28.0062 1012  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:06:28.0062 1012  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:06:28.0109 1012  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:06:28.0109 1012  \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:06:28.0109 1012  ================ Scan VBR ==================================
19:06:28.0109 1012  [ 74CE07ADD5B2CFBB1A2AF929C3D6CD57 ] \Device\Harddisk0\DR0\Partition1
19:06:28.0109 1012  \Device\Harddisk0\DR0\Partition1 - ok
19:06:28.0109 1012  ================ Scan active images ========================
19:06:28.0109 1012  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
19:06:28.0109 1012  C:\WINDOWS\system32\drivers\intelppm.sys - ok
19:06:28.0125 1012  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
19:06:28.0125 1012  C:\WINDOWS\system32\drivers\videoprt.sys - ok
19:06:28.0125 1012  [ C116D2B008A1640C4484A1DCD1ABE12C ] C:\WINDOWS\system32\drivers\nv4_mini.sys
19:06:28.0125 1012  C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
19:06:28.0125 1012  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
19:06:28.0125 1012  C:\WINDOWS\system32\drivers\usbport.sys - ok
19:06:28.0140 1012  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
19:06:28.0140 1012  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
19:06:28.0140 1012  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
19:06:28.0140 1012  C:\WINDOWS\system32\drivers\usbehci.sys - ok
19:06:28.0140 1012  [ 37F385A93C620CBE0F89C17E45F697A1 ] C:\WINDOWS\system32\drivers\BCMWL5.SYS
19:06:28.0140 1012  C:\WINDOWS\system32\drivers\BCMWL5.SYS - ok
19:06:28.0156 1012  [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
19:06:28.0156 1012  C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
19:06:28.0156 1012  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
19:06:28.0156 1012  C:\WINDOWS\system32\drivers\nic1394.sys - ok
19:06:28.0156 1012  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] C:\WINDOWS\system32\drivers\sdbus.sys
19:06:28.0156 1012  C:\WINDOWS\system32\drivers\sdbus.sys - ok
19:06:28.0171 1012  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
19:06:28.0171 1012  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
19:06:28.0171 1012  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] C:\WINDOWS\system32\drivers\rimmptsk.sys
19:06:28.0171 1012  C:\WINDOWS\system32\drivers\rimmptsk.sys - ok
19:06:28.0171 1012  [ A4216C71DD4F60B26418CCFD99CD0815 ] C:\WINDOWS\system32\drivers\rimsptsk.sys
19:06:28.0171 1012  C:\WINDOWS\system32\drivers\rimsptsk.sys - ok
19:06:28.0187 1012  [ D231B577024AA324AF13A42F3A807D10 ] C:\WINDOWS\system32\drivers\rixdptsk.sys
19:06:28.0187 1012  C:\WINDOWS\system32\drivers\rixdptsk.sys - ok
19:06:28.0187 1012  [ DED98A3E466251CCAB93D579144B048C ] C:\WINDOWS\system32\drivers\wdfldr.sys
19:06:28.0187 1012  C:\WINDOWS\system32\drivers\wdfldr.sys - ok
19:06:28.0187 1012  [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] C:\WINDOWS\system32\drivers\Apfiltr.sys
19:06:28.0187 1012  C:\WINDOWS\system32\drivers\Apfiltr.sys - ok
19:06:28.0187 1012  [ FD47474BD21794508AF449D9D91AF6E6 ] C:\WINDOWS\system32\drivers\wdf01000.sys
19:06:28.0187 1012  C:\WINDOWS\system32\drivers\wdf01000.sys - ok
19:06:28.0203 1012  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
19:06:28.0203 1012  C:\WINDOWS\system32\drivers\mouclass.sys - ok
19:06:28.0203 1012  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
19:06:28.0203 1012  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
19:06:28.0203 1012  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
19:06:28.0203 1012  C:\WINDOWS\system32\drivers\imapi.sys - ok
19:06:28.0218 1012  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
19:06:28.0218 1012  C:\WINDOWS\system32\drivers\cdrom.sys - ok
19:06:28.0218 1012  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
19:06:28.0218 1012  C:\WINDOWS\system32\drivers\ks.sys - ok
19:06:28.0218 1012  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
19:06:28.0218 1012  C:\WINDOWS\system32\drivers\redbook.sys - ok
19:06:28.0234 1012  [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\system32\drivers\cmbatt.sys
19:06:28.0234 1012  C:\WINDOWS\system32\drivers\cmbatt.sys - ok
19:06:28.0234 1012  [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
19:06:28.0234 1012  C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
19:06:28.0234 1012  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
19:06:28.0234 1012  C:\WINDOWS\system32\drivers\audstub.sys - ok
19:06:28.0250 1012  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
19:06:28.0250 1012  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
19:06:28.0250 1012  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
19:06:28.0250 1012  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
19:06:28.0265 1012  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
19:06:28.0265 1012  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
19:06:28.0265 1012  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
19:06:28.0265 1012  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
19:06:28.0265 1012  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
19:06:28.0265 1012  C:\WINDOWS\system32\drivers\tdi.sys - ok
19:06:28.0281 1012  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
19:06:28.0281 1012  C:\WINDOWS\system32\drivers\psched.sys - ok
19:06:28.0281 1012  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
19:06:28.0281 1012  C:\WINDOWS\system32\drivers\raspptp.sys - ok
19:06:28.0281 1012  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
19:06:28.0281 1012  C:\WINDOWS\system32\drivers\msgpc.sys - ok
19:06:28.0296 1012  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
19:06:28.0296 1012  C:\WINDOWS\system32\drivers\ptilink.sys - ok
19:06:28.0296 1012  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
19:06:28.0296 1012  C:\WINDOWS\system32\drivers\raspti.sys - ok
19:06:28.0296 1012  [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
19:06:28.0296 1012  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
19:06:28.0312 1012  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
19:06:28.0312 1012  C:\WINDOWS\system32\drivers\termdd.sys - ok
19:06:28.0312 1012  [ A9573045BAA16EAB9B1085205B82F1ED ] C:\WINDOWS\system32\drivers\serscan.sys
19:06:28.0312 1012  C:\WINDOWS\system32\drivers\serscan.sys - ok
19:06:28.0312 1012  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
19:06:28.0312 1012  C:\WINDOWS\system32\drivers\swenum.sys - ok
19:06:28.0328 1012  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
19:06:28.0328 1012  C:\WINDOWS\system32\drivers\update.sys - ok
19:06:28.0343 1012  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
19:06:28.0343 1012  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
19:06:28.0343 1012  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
19:06:28.0343 1012  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
19:06:28.0343 1012  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
19:06:28.0343 1012  C:\WINDOWS\system32\drivers\usbd.sys - ok
19:06:28.0359 1012  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
19:06:28.0359 1012  C:\WINDOWS\system32\drivers\usbhub.sys - ok
19:06:28.0359 1012  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
19:06:28.0359 1012  C:\WINDOWS\system32\drivers\drmk.sys - ok
19:06:28.0359 1012  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
19:06:28.0359 1012  C:\WINDOWS\system32\drivers\portcls.sys - ok
19:06:28.0359 1012  [ 951801DFB54D86F611F0AF47825476F9 ] C:\WINDOWS\system32\drivers\sthda.sys
19:06:28.0359 1012  C:\WINDOWS\system32\drivers\sthda.sys - ok
19:06:28.0375 1012  [ 0C8762B91B967A91373E0E022B62ACFC ] C:\WINDOWS\system32\drivers\dxec02.sys
19:06:28.0375 1012  C:\WINDOWS\system32\drivers\dxec02.sys - ok
19:06:28.0375 1012  [ 290CDBB05903742EA06B7203C5A662F5 ] C:\WINDOWS\system32\drivers\HSFHWAZL.sys
19:06:28.0375 1012  C:\WINDOWS\system32\drivers\HSFHWAZL.sys - ok
19:06:28.0375 1012  [ 7AB812355F98858B9ECDD46E6FCC221F ] C:\WINDOWS\system32\drivers\HSF_DPV.sys
19:06:28.0375 1012  C:\WINDOWS\system32\drivers\HSF_DPV.sys - ok
19:06:28.0390 1012  [ A8596CF86D445269A42ECC08B7066A4C ] C:\WINDOWS\system32\drivers\HSF_CNXT.sys
19:06:28.0390 1012  C:\WINDOWS\system32\drivers\HSF_CNXT.sys - ok
19:06:28.0390 1012  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
19:06:28.0390 1012  C:\WINDOWS\system32\drivers\modem.sys - ok
19:06:28.0390 1012  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
19:06:28.0390 1012  C:\WINDOWS\system32\drivers\fdc.sys - ok
19:06:28.0406 1012  [ 5639DE66B37D02BD22DF4CF3155FBA60 ] C:\WINDOWS\system32\drivers\avgmfx86.sys
19:06:28.0406 1012  C:\WINDOWS\system32\drivers\avgmfx86.sys - ok
19:06:28.0406 1012  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
19:06:28.0406 1012  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
19:06:28.0406 1012  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
19:06:28.0406 1012  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
19:06:28.0421 1012  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
19:06:28.0421 1012  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
19:06:28.0421 1012  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
19:06:28.0421 1012  C:\WINDOWS\system32\drivers\beep.sys - ok
19:06:28.0421 1012  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
19:06:28.0421 1012  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
19:06:28.0437 1012  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
19:06:28.0437 1012  C:\WINDOWS\system32\drivers\null.sys - ok
19:06:28.0437 1012  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
19:06:28.0437 1012  C:\WINDOWS\system32\drivers\vga.sys - ok
19:06:28.0437 1012  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
19:06:28.0437 1012  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
19:06:28.0453 1012  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
19:06:28.0453 1012  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
19:06:28.0453 1012  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
19:06:28.0453 1012  C:\WINDOWS\system32\drivers\msfs.sys - ok
19:06:28.0453 1012  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
19:06:28.0453 1012  C:\WINDOWS\system32\drivers\npfs.sys - ok
19:06:28.0468 1012  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
19:06:28.0468 1012  C:\WINDOWS\system32\drivers\rasacd.sys - ok
19:06:28.0468 1012  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
19:06:28.0468 1012  C:\WINDOWS\system32\drivers\ipsec.sys - ok
19:06:28.0468 1012  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
19:06:28.0468 1012  C:\WINDOWS\system32\drivers\tcpip.sys - ok
19:06:28.0484 1012  [ AAF0EBCAD95F2164CFFB544E00392498 ] C:\WINDOWS\system32\drivers\avgtdix.sys
19:06:28.0484 1012  C:\WINDOWS\system32\drivers\avgtdix.sys - ok
19:06:28.0484 1012  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
19:06:28.0484 1012  C:\WINDOWS\system32\drivers\ipnat.sys - ok
19:06:28.0484 1012  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
19:06:28.0484 1012  C:\WINDOWS\system32\drivers\netbt.sys - ok
19:06:28.0500 1012  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
19:06:28.0500 1012  C:\WINDOWS\system32\drivers\wanarp.sys - ok
19:06:28.0500 1012  [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
19:06:28.0500 1012  C:\WINDOWS\system32\drivers\arp1394.sys - ok
19:06:28.0500 1012  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
19:06:28.0500 1012  C:\WINDOWS\system32\drivers\afd.sys - ok
19:06:28.0515 1012  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
19:06:28.0515 1012  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
19:06:28.0515 1012  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
19:06:28.0515 1012  C:\WINDOWS\system32\drivers\netbios.sys - ok
19:06:28.0515 1012  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
19:06:28.0515 1012  C:\WINDOWS\system32\drivers\rdbss.sys - ok
19:06:28.0531 1012  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
19:06:28.0531 1012  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
19:06:28.0531 1012  [ 901EB73F900D8DD1E8862C40427B83AE ] C:\WINDOWS\system32\drivers\avgldx86.sys
19:06:28.0531 1012  C:\WINDOWS\system32\drivers\avgldx86.sys - ok
19:06:28.0531 1012  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
19:06:28.0531 1012  C:\WINDOWS\system32\drivers\fips.sys - ok
19:06:28.0546 1012  [ A69630D039C38018689190234F866D77 ] C:\WINDOWS\system32\MpEngineStore\MpKsl296f0928.sys
19:06:28.0546 1012  C:\WINDOWS\system32\MpEngineStore\MpKsl296f0928.sys - ok
19:06:28.0546 1012  [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
19:06:28.0546 1012  C:\WINDOWS\system32\drivers\usbccgp.sys - ok
19:06:28.0546 1012  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
19:06:28.0546 1012  C:\WINDOWS\system32\drivers\hidparse.sys - ok
19:06:28.0562 1012  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
19:06:28.0562 1012  C:\WINDOWS\system32\drivers\hidclass.sys - ok
19:06:28.0562 1012  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
19:06:28.0562 1012  C:\WINDOWS\system32\drivers\hidusb.sys - ok
19:06:28.0562 1012  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
19:06:28.0562 1012  C:\WINDOWS\system32\drivers\mouhid.sys - ok
19:06:28.0578 1012  [ EC94E05B76D033B74394E7B2175103CF ] C:\WINDOWS\system32\drivers\APPDRV.SYS
19:06:28.0578 1012  C:\WINDOWS\system32\drivers\APPDRV.SYS - ok
19:06:28.0578 1012  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
19:06:28.0578 1012  C:\WINDOWS\system32\smss.exe - ok
19:06:28.0578 1012  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
19:06:28.0578 1012  C:\WINDOWS\system32\ntdll.dll - ok
19:06:28.0593 1012  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
19:06:28.0593 1012  C:\WINDOWS\system32\autochk.exe - ok
19:06:28.0593 1012  [ 853AB2F2A2267FE90D1D4E9B0C8CF314 ] C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
19:06:28.0593 1012  C:\PROGRA~1\AVG\AVG10\avgchsvx.exe - ok
19:06:28.0593 1012  [ 3FA61EF87E49FFACE4ED58C4F1A98EB1 ] C:\Program Files\AVG\AVG10\avglogx.dll
19:06:28.0593 1012  C:\Program Files\AVG\AVG10\avglogx.dll - ok
19:06:28.0609 1012  [ 1A3579ECEE56C4D4D32204D8C667CA6C ] C:\PROGRA~1\AVG\AVG10\avgchjwx.dll
19:06:28.0609 1012  C:\PROGRA~1\AVG\AVG10\avgchjwx.dll - ok
19:06:28.0609 1012  [ 39D78C0A52A365FB0221BB37A754C9E1 ] C:\PROGRA~1\AVG\AVG10\avgclitx.dll
19:06:28.0609 1012  C:\PROGRA~1\AVG\AVG10\avgclitx.dll - ok
19:06:28.0625 1012  [ E0E0B180CFA3B1A1322AC4AEA5FFBEBF ] C:\PROGRA~1\AVG\AVG10\avgrsx.exe
19:06:28.0625 1012  C:\PROGRA~1\AVG\AVG10\avgrsx.exe - ok
19:06:28.0625 1012  [ A06B2DAF08AFDAAEAE4DE6C074E11C2B ] C:\PROGRA~1\AVG\AVG10\avgcorex.dll
19:06:28.0625 1012  C:\PROGRA~1\AVG\AVG10\avgcorex.dll - ok
19:06:28.0625 1012  [ 1E9839FD8F51E4836A219ABCBDCBEA6B ] C:\Program Files\AVG\AVG10\avgcertx.dll
19:06:28.0625 1012  C:\Program Files\AVG\AVG10\avgcertx.dll - ok
19:06:28.0640 1012  [ DB359D68D8B5D7E1C0A1961916BBA905 ] C:\Program Files\AVG\AVG10\avgchclx.dll
19:06:28.0640 1012  C:\Program Files\AVG\AVG10\avgchclx.dll - ok
19:06:28.0640 1012  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
19:06:28.0640 1012  C:\WINDOWS\system32\drivers\cdfs.sys - ok
19:06:28.0640 1012  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
19:06:28.0640 1012  C:\WINDOWS\system32\drivers\wmilib.sys - ok
19:06:28.0656 1012  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
19:06:28.0656 1012  C:\WINDOWS\system32\drivers\atapi.sys - ok
19:06:28.0656 1012  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
19:06:28.0656 1012  C:\WINDOWS\system32\drivers\dxapi.sys - ok
19:06:28.0656 1012  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
19:06:28.0656 1012  C:\WINDOWS\system32\watchdog.sys - ok
19:06:28.0671 1012  [ FC8A1F72A8097910A11D5184BC3F887B ] C:\WINDOWS\system32\win32k.sys
19:06:28.0671 1012  C:\WINDOWS\system32\win32k.sys - ok
19:06:28.0671 1012  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
19:06:28.0671 1012  C:\WINDOWS\system32\csrss.exe - ok
19:06:28.0671 1012  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
19:06:28.0671 1012  C:\WINDOWS\system32\csrsrv.dll - ok
19:06:28.0687 1012  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:06:28.0687 1012  C:\WINDOWS\system32\basesrv.dll - ok
19:06:28.0687 1012  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
19:06:28.0687 1012  C:\WINDOWS\system32\gdi32.dll - ok
19:06:28.0687 1012  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
19:06:28.0687 1012  C:\WINDOWS\system32\winsrv.dll - ok
19:06:28.0703 1012  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
19:06:28.0703 1012  C:\WINDOWS\system32\kernel32.dll - ok
19:06:28.0703 1012  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
19:06:28.0703 1012  C:\WINDOWS\system32\user32.dll - ok
19:06:28.0703 1012  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
19:06:28.0703 1012  C:\WINDOWS\system32\drivers\dxg.sys - ok
19:06:28.0718 1012  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
19:06:28.0718 1012  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
19:06:28.0718 1012  [ E2D0D639522824189E49101BBBFD3FFF ] C:\WINDOWS\system32\nv4_disp.dll
19:06:28.0718 1012  C:\WINDOWS\system32\nv4_disp.dll - ok
19:06:28.0718 1012  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
19:06:28.0718 1012  C:\WINDOWS\system32\vga.dll - ok
19:06:28.0734 1012  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
19:06:28.0734 1012  C:\WINDOWS\system32\winlogon.exe - ok
19:06:28.0734 1012  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
19:06:28.0734 1012  C:\WINDOWS\system32\advapi32.dll - ok
19:06:28.0734 1012  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
19:06:28.0734 1012  C:\WINDOWS\system32\rpcrt4.dll - ok
19:06:28.0750 1012  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
19:06:28.0750 1012  C:\WINDOWS\system32\secur32.dll - ok
19:06:28.0750 1012  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
19:06:28.0750 1012  C:\WINDOWS\system32\authz.dll - ok
19:06:28.0750 1012  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
19:06:28.0750 1012  C:\WINDOWS\system32\msvcrt.dll - ok
19:06:28.0765 1012  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
19:06:28.0765 1012  C:\WINDOWS\system32\crypt32.dll - ok
19:06:28.0765 1012  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
19:06:28.0765 1012  C:\WINDOWS\system32\msasn1.dll - ok
19:06:28.0765 1012  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
19:06:28.0765 1012  C:\WINDOWS\system32\nddeapi.dll - ok
19:06:28.0781 1012  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
19:06:28.0781 1012  C:\WINDOWS\system32\profmap.dll - ok
19:06:28.0781 1012  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
19:06:28.0781 1012  C:\WINDOWS\system32\netapi32.dll - ok
19:06:28.0781 1012  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
19:06:28.0781 1012  C:\WINDOWS\system32\userenv.dll - ok
19:06:28.0796 1012  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
19:06:28.0796 1012  C:\WINDOWS\system32\psapi.dll - ok
19:06:28.0796 1012  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
19:06:28.0796 1012  C:\WINDOWS\system32\regapi.dll - ok
19:06:28.0796 1012  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
19:06:28.0796 1012  C:\WINDOWS\system32\setupapi.dll - ok
19:06:28.0812 1012  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
19:06:28.0812 1012  C:\WINDOWS\system32\version.dll - ok
19:06:28.0812 1012  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
19:06:28.0812 1012  C:\WINDOWS\system32\winsta.dll - ok
19:06:28.0812 1012  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
19:06:28.0812 1012  C:\WINDOWS\system32\wintrust.dll - ok
19:06:28.0828 1012  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
19:06:28.0828 1012  C:\WINDOWS\system32\imagehlp.dll - ok
19:06:28.0828 1012  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
19:06:28.0828 1012  C:\WINDOWS\system32\ws2_32.dll - ok
19:06:28.0828 1012  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
19:06:28.0828 1012  C:\WINDOWS\system32\imm32.dll - ok
19:06:28.0843 1012  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
19:06:28.0843 1012  C:\WINDOWS\system32\ws2help.dll - ok
19:06:28.0843 1012  [ F2ED64D23C94ACF512A81142F3431F4C ] C:\WINDOWS\system32\urlmon.dll
19:06:28.0843 1012  C:\WINDOWS\system32\urlmon.dll - ok
19:06:28.0843 1012  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
19:06:28.0843 1012  C:\WINDOWS\system32\ole32.dll - ok
19:06:28.0859 1012  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
19:06:28.0859 1012  C:\WINDOWS\system32\oleaut32.dll - ok
19:06:28.0859 1012  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
19:06:28.0859 1012  C:\WINDOWS\system32\shlwapi.dll - ok
19:06:28.0859 1012  [ F81E2C10BD6C4BE3B9A242018CEF7A98 ] C:\WINDOWS\system32\iertutil.dll
19:06:28.0859 1012  C:\WINDOWS\system32\iertutil.dll - ok
19:06:28.0875 1012  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
19:06:28.0875 1012  C:\WINDOWS\system32\sxs.dll - ok
19:06:28.0875 1012  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
19:06:28.0875 1012  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
19:06:28.0875 1012  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
19:06:28.0875 1012  C:\WINDOWS\system32\atl.dll - ok
19:06:28.0890 1012  [ CE5BA470204A3176E60721C4B63B8DF3 ] C:\WINDOWS\system32\wininet.dll
19:06:28.0890 1012  C:\WINDOWS\system32\wininet.dll - ok
19:06:28.0890 1012  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
19:06:28.0890 1012  C:\WINDOWS\system32\normaliz.dll - ok
19:06:28.0890 1012  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
19:06:28.0890 1012  C:\WINDOWS\system32\shell32.dll - ok
19:06:28.0906 1012  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
19:06:28.0906 1012  C:\WINDOWS\system32\winmm.dll - ok
19:06:28.0906 1012  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
19:06:28.0906 1012  C:\WINDOWS\system32\comctl32.dll - ok
19:06:28.0921 1012  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
19:06:28.0921 1012  C:\WINDOWS\system32\kbdus.dll - ok
19:06:28.0921 1012  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
19:06:28.0921 1012  C:\WINDOWS\system32\msgina.dll - ok
19:06:28.0921 1012  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
19:06:28.0921 1012  C:\WINDOWS\system32\odbc32.dll - ok
19:06:28.0937 1012  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
19:06:28.0937 1012  C:\WINDOWS\system32\comdlg32.dll - ok
19:06:28.0937 1012  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
19:06:28.0937 1012  C:\WINDOWS\system32\odbcint.dll - ok
19:06:28.0937 1012  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
19:06:28.0937 1012  C:\WINDOWS\system32\sfc.dll - ok
19:06:28.0953 1012  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
19:06:28.0953 1012  C:\WINDOWS\system32\shsvcs.dll - ok
19:06:28.0953 1012  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
19:06:28.0953 1012  C:\WINDOWS\system32\sfc_os.dll - ok
19:06:28.0953 1012  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
19:06:28.0953 1012  C:\WINDOWS\system32\apphelp.dll - ok
19:06:28.0953 1012  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:06:28.0953 1012  C:\WINDOWS\system32\services.exe - ok
19:06:28.0968 1012  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
19:06:28.0968 1012  C:\WINDOWS\system32\lsass.exe - ok
19:06:28.0968 1012  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
19:06:28.0968 1012  C:\WINDOWS\system32\ncobjapi.dll - ok
19:06:28.0968 1012  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
19:06:28.0968 1012  C:\WINDOWS\system32\msvcp60.dll - ok
19:06:28.0984 1012  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
19:06:28.0984 1012  C:\WINDOWS\system32\scesrv.dll - ok
19:06:28.0984 1012  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
19:06:28.0984 1012  C:\WINDOWS\system32\lsasrv.dll - ok
19:06:28.0984 1012  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
19:06:28.0984 1012  C:\WINDOWS\system32\mpr.dll - ok
19:06:29.0000 1012  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
19:06:29.0000 1012  C:\WINDOWS\system32\umpnpmgr.dll - ok
19:06:29.0000 1012  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
19:06:29.0000 1012  C:\WINDOWS\system32\ntdsapi.dll - ok
19:06:29.0000 1012  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
19:06:29.0000 1012  C:\WINDOWS\system32\shimeng.dll - ok
19:06:29.0015 1012  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
19:06:29.0015 1012  C:\WINDOWS\AppPatch\acadproc.dll - ok
19:06:29.0015 1012  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
19:06:29.0015 1012  C:\WINDOWS\system32\dnsapi.dll - ok
19:06:29.0015 1012  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
19:06:29.0015 1012  C:\WINDOWS\system32\samlib.dll - ok
19:06:29.0031 1012  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
19:06:29.0031 1012  C:\WINDOWS\system32\wldap32.dll - ok
19:06:29.0031 1012  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
19:06:29.0031 1012  C:\WINDOWS\system32\samsrv.dll - ok
19:06:29.0031 1012  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
19:06:29.0031 1012  C:\WINDOWS\system32\cryptdll.dll - ok
19:06:29.0046 1012  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
19:06:29.0046 1012  C:\WINDOWS\AppPatch\acgenral.dll - ok
19:06:29.0046 1012  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
19:06:29.0046 1012  C:\WINDOWS\system32\msacm32.dll - ok
19:06:29.0046 1012  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
19:06:29.0046 1012  C:\WINDOWS\system32\uxtheme.dll - ok
19:06:29.0062 1012  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
19:06:29.0062 1012  C:\WINDOWS\system32\msapsspc.dll - ok
19:06:29.0062 1012  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
19:06:29.0062 1012  C:\WINDOWS\system32\msvcrt40.dll - ok
19:06:29.0078 1012  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
19:06:29.0078 1012  C:\WINDOWS\system32\schannel.dll - ok
19:06:29.0078 1012  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
19:06:29.0078 1012  C:\WINDOWS\system32\digest.dll - ok
19:06:29.0078 1012  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
19:06:29.0078 1012  C:\WINDOWS\system32\msnsspc.dll - ok
19:06:29.0093 1012  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
19:06:29.0093 1012  C:\WINDOWS\system32\msctfime.ime - ok
19:06:29.0093 1012  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
19:06:29.0093 1012  C:\WINDOWS\system32\msprivs.dll - ok
19:06:29.0093 1012  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
19:06:29.0093 1012  C:\WINDOWS\system32\kerberos.dll - ok
19:06:29.0109 1012  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
19:06:29.0109 1012  C:\WINDOWS\system32\msv1_0.dll - ok
19:06:29.0109 1012  [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
19:06:29.0109 1012  C:\WINDOWS\system32\atmfd.dll - ok
19:06:29.0109 1012  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
19:06:29.0109 1012  C:\WINDOWS\system32\iphlpapi.dll - ok
19:06:29.0125 1012  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
19:06:29.0125 1012  C:\WINDOWS\system32\sfcfiles.dll - ok
19:06:29.0125 1012  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
19:06:29.0125 1012  C:\WINDOWS\system32\netlogon.dll - ok
19:06:29.0125 1012  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
19:06:29.0125 1012  C:\WINDOWS\system32\w32time.dll - ok
19:06:29.0140 1012  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
19:06:29.0140 1012  C:\WINDOWS\system32\rsaenh.dll - ok
19:06:29.0140 1012  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
19:06:29.0140 1012  C:\WINDOWS\system32\wdigest.dll - ok
19:06:29.0140 1012  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
19:06:29.0140 1012  C:\WINDOWS\system32\winscard.dll - ok
19:06:29.0156 1012  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
19:06:29.0156 1012  C:\WINDOWS\system32\wtsapi32.dll - ok
19:06:29.0156 1012  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
19:06:29.0156 1012  C:\WINDOWS\system32\scecli.dll - ok
19:06:29.0156 1012  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
19:06:29.0156 1012  C:\WINDOWS\system32\svchost.exe - ok
19:06:29.0171 1012  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
19:06:29.0171 1012  C:\WINDOWS\system32\ntmarta.dll - ok
19:06:29.0171 1012  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
19:06:29.0171 1012  C:\WINDOWS\system32\rpcss.dll - ok
19:06:29.0171 1012  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
19:06:29.0171 1012  C:\WINDOWS\system32\xpsp2res.dll - ok
19:06:29.0187 1012  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
19:06:29.0187 1012  C:\WINDOWS\system32\eventlog.dll - ok
19:06:29.0187 1012  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
19:06:29.0187 1012  C:\WINDOWS\system32\mswsock.dll - ok
19:06:29.0187 1012  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
19:06:29.0187 1012  C:\WINDOWS\system32\logonui.exe - ok
19:06:29.0203 1012  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
19:06:29.0203 1012  C:\WINDOWS\system32\hnetcfg.dll - ok
19:06:29.0203 1012  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
19:06:29.0203 1012  C:\WINDOWS\system32\wshtcpip.dll - ok
19:06:29.0203 1012  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
19:06:29.0203 1012  C:\WINDOWS\system32\winrnr.dll - ok
19:06:29.0218 1012  [ 1F5A570AD942DFCFE4500326ABDD72B2 ] C:\Program Files\Bonjour\mdnsNSP.dll
19:06:29.0218 1012  C:\Program Files\Bonjour\mdnsNSP.dll - ok
19:06:29.0218 1012  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
19:06:29.0218 1012  C:\WINDOWS\system32\rasadhlp.dll - ok
19:06:29.0218 1012  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
19:06:29.0218 1012  C:\WINDOWS\system32\duser.dll - ok
19:06:29.0234 1012  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
19:06:29.0234 1012  C:\WINDOWS\system32\msimg32.dll - ok
19:06:29.0234 1012  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
19:06:29.0234 1012  C:\WINDOWS\system32\oleacc.dll - ok
19:06:29.0234 1012  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
19:06:29.0234 1012  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
19:06:29.0250 1012  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
19:06:29.0250 1012  C:\WINDOWS\system32\dhcpcsvc.dll - ok
19:06:29.0250 1012  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
19:06:29.0250 1012  C:\WINDOWS\system32\clbcatq.dll - ok
19:06:29.0250 1012  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
19:06:29.0250 1012  C:\WINDOWS\system32\comres.dll - ok
19:06:29.0265 1012  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
19:06:29.0265 1012  C:\WINDOWS\system32\shgina.dll - ok
19:06:29.0265 1012  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
19:06:29.0265 1012  C:\WINDOWS\system32\cscdll.dll - ok
19:06:29.0265 1012  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
19:06:29.0265 1012  C:\WINDOWS\system32\dimsntfy.dll - ok
19:06:29.0281 1012  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
19:06:29.0281 1012  C:\WINDOWS\system32\wlnotify.dll - ok
19:06:29.0281 1012  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
19:06:29.0281 1012  C:\WINDOWS\system32\winspool.drv - ok
19:06:29.0281 1012  [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
19:06:29.0281 1012  C:\WINDOWS\system32\WgaLogon.dll - ok
19:06:29.0296 1012  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
19:06:29.0296 1012  C:\WINDOWS\system32\dnsrslvr.dll - ok
19:06:29.0296 1012  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
19:06:29.0296 1012  C:\WINDOWS\system32\dsound.dll - ok
19:06:29.0296 1012  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
19:06:29.0296 1012  C:\WINDOWS\system32\msxml3.dll - ok
19:06:29.0312 1012  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
19:06:29.0312 1012  C:\WINDOWS\system32\lmhsvc.dll - ok
19:06:29.0312 1012  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
19:06:29.0312 1012  C:\WINDOWS\system32\wzcsvc.dll - ok
19:06:29.0312 1012  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
19:06:29.0312 1012  C:\WINDOWS\system32\rtutils.dll - ok
19:06:29.0328 1012  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
19:06:29.0328 1012  C:\WINDOWS\system32\wmi.dll - ok
19:06:29.0328 1012  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
19:06:29.0328 1012  C:\WINDOWS\system32\eapolqec.dll - ok
19:06:29.0328 1012  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
19:06:29.0328 1012  C:\WINDOWS\system32\qutil.dll - ok
19:06:29.0343 1012  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
19:06:29.0343 1012  C:\WINDOWS\system32\dot3api.dll - ok
19:06:29.0343 1012  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
19:06:29.0343 1012  C:\WINDOWS\system32\esent.dll - ok
19:06:29.0343 1012  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
19:06:29.0343 1012  C:\WINDOWS\system32\rastls.dll - ok
19:06:29.0359 1012  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
19:06:29.0359 1012  C:\WINDOWS\system32\cryptui.dll - ok
19:06:29.0359 1012  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
19:06:29.0359 1012  C:\WINDOWS\system32\mprapi.dll - ok
19:06:29.0359 1012  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
19:06:29.0375 1012  C:\WINDOWS\system32\activeds.dll - ok
19:06:29.0375 1012  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
19:06:29.0375 1012  C:\WINDOWS\system32\adsldpc.dll - ok
19:06:29.0375 1012  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
19:06:29.0375 1012  C:\WINDOWS\system32\rasapi32.dll - ok
19:06:29.0390 1012  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
19:06:29.0390 1012  C:\WINDOWS\system32\rasman.dll - ok
19:06:29.0406 1012  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
19:06:29.0406 1012  C:\WINDOWS\system32\tapi32.dll - ok
19:06:29.0421 1012  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
19:06:29.0421 1012  C:\WINDOWS\system32\riched20.dll - ok
19:06:29.0421 1012  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
19:06:29.0421 1012  C:\WINDOWS\system32\raschap.dll - ok
19:06:29.0421 1012  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
19:06:29.0421 1012  C:\WINDOWS\system32\schedsvc.dll - ok
19:06:29.0421 1012  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
19:06:29.0421 1012  C:\WINDOWS\system32\msidle.dll - ok
19:06:29.0437 1012  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
19:06:29.0437 1012  C:\WINDOWS\system32\spoolsv.exe - ok
19:06:29.0437 1012  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
19:06:29.0437 1012  C:\WINDOWS\system32\audiosrv.dll - ok
19:06:29.0437 1012  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
19:06:29.0437 1012  C:\WINDOWS\system32\wkssvc.dll - ok
19:06:29.0437 1012  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
19:06:29.0437 1012  C:\WINDOWS\system32\mlang.dll - ok
19:06:29.0437 1012  [ 566382CA5F2C41FEAEEEFAC908F1EB92 ] C:\WINDOWS\system32\xmlprovi.dll
19:06:29.0437 1012  C:\WINDOWS\system32\xmlprovi.dll - ok
19:06:29.0453 1012  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
19:06:29.0453 1012  C:\WINDOWS\system32\wzcsapi.dll - ok
19:06:29.0453 1012  [ 4E98097C6DAF780D145FB702C6EA625F ] C:\WINDOWS\system32\ieframe.dll
19:06:29.0453 1012  C:\WINDOWS\system32\ieframe.dll - ok
19:06:29.0453 1012  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
19:06:29.0453 1012  C:\WINDOWS\system32\rasmans.dll - ok
19:06:29.0453 1012  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
19:06:29.0453 1012  C:\WINDOWS\system32\sens.dll - ok
19:06:29.0468 1012  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
19:06:29.0468 1012  C:\WINDOWS\system32\winipsec.dll - ok
19:06:29.0468 1012  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
19:06:29.0468 1012  C:\WINDOWS\system32\netcfgx.dll - ok
19:06:29.0468 1012  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
19:06:29.0468 1012  C:\WINDOWS\system32\clusapi.dll - ok
19:06:29.0468 1012  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
19:06:29.0468 1012  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
19:06:29.0468 1012  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
19:06:29.0468 1012  C:\WINDOWS\system32\webclnt.dll - ok
19:06:29.0484 1012  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
19:06:29.0484 1012  C:\WINDOWS\system32\drivers\parport.sys - ok
19:06:29.0484 1012  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
19:06:29.0484 1012  C:\WINDOWS\system32\drivers\serial.sys - ok
19:06:29.0484 1012  [ C3FC426E54F55C1CC3219E415B88E10C ] C:\WINDOWS\system32\drivers\AVGIDSShim.sys
19:06:29.0484 1012  C:\WINDOWS\system32\drivers\AVGIDSShim.sys - ok
19:06:29.0484 1012  [ FC2BC51120A945F7C70376495E4E7737 ] C:\Program Files\AVG\AVG10\avgwdsvc.exe
19:06:29.0484 1012  C:\Program Files\AVG\AVG10\avgwdsvc.exe - ok
19:06:29.0500 1012  [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
19:06:29.0500 1012  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll - ok
19:06:29.0500 1012  [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
19:06:29.0500 1012  C:\WINDOWS\system32\qmgr.dll - ok
19:06:29.0500 1012  [ CE62652689462E14ED8C5D87FA34A28B ] C:\Program Files\AVG\AVG10\avgwd.dll
19:06:29.0500 1012  C:\Program Files\AVG\AVG10\avgwd.dll - ok
19:06:29.0500 1012  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:06:29.0500 1012  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
19:06:29.0515 1012  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
19:06:29.0515 1012  C:\WINDOWS\system32\shfolder.dll - ok
19:06:29.0515 1012  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
19:06:29.0515 1012  C:\WINDOWS\system32\winhttp.dll - ok
19:06:29.0515 1012  [ C6E6F5ED8CAAEACB04A8E43F539DF300 ] C:\Program Files\AVG\AVG10\avgcfgx.dll
19:06:29.0515 1012  C:\Program Files\AVG\AVG10\avgcfgx.dll - ok
19:06:29.0515 1012  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
19:06:29.0515 1012  C:\WINDOWS\system32\netman.dll - ok
19:06:29.0531 1012  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
19:06:29.0531 1012  C:\WINDOWS\system32\msi.dll - ok
19:06:29.0531 1012  [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
19:06:29.0531 1012  C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
19:06:29.0531 1012  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
19:06:29.0531 1012  C:\WINDOWS\system32\netshell.dll - ok
19:06:29.0531 1012  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
19:06:29.0531 1012  C:\WINDOWS\system32\credui.dll - ok
19:06:29.0531 1012  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
19:06:29.0531 1012  C:\WINDOWS\system32\dot3dlg.dll - ok
19:06:29.0546 1012  [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
19:06:29.0546 1012  C:\WINDOWS\system32\mscoree.dll - ok
19:06:29.0546 1012  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
19:06:29.0546 1012  C:\WINDOWS\system32\onex.dll - ok
19:06:29.0546 1012  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
19:06:29.0546 1012  C:\WINDOWS\system32\eappcfg.dll - ok
19:06:29.0546 1012  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
19:06:29.0546 1012  C:\WINDOWS\system32\eappprxy.dll - ok
19:06:29.0546 1012  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
19:06:29.0546 1012  C:\WINDOWS\system32\cryptsvc.dll - ok
19:06:29.0562 1012  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
19:06:29.0562 1012  C:\WINDOWS\system32\certcli.dll - ok
19:06:29.0562 1012  [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
19:06:29.0562 1012  C:\WINDOWS\system32\dmserver.dll - ok
19:06:29.0562 1012  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
19:06:29.0562 1012  C:\WINDOWS\system32\ersvc.dll - ok
19:06:29.0562 1012  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
19:06:29.0562 1012  C:\WINDOWS\system32\es.dll - ok
19:06:29.0578 1012  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
19:06:29.0578 1012  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
19:06:29.0578 1012  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
19:06:29.0578 1012  C:\WINDOWS\system32\hidserv.dll - ok
19:06:29.0578 1012  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
19:06:29.0578 1012  C:\WINDOWS\system32\hid.dll - ok
19:06:29.0578 1012  [ 19A4FB67B1C97EA18EDFF44340973CD9 ] C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:06:29.0578 1012  C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll - ok
19:06:29.0593 1012  [ DC7E73583CEC3F95BFA0F0C7B318E286 ] C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
19:06:29.0593 1012  C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll - ok
19:06:29.0593 1012  [ B2EEE3DEE31F50E082E9C720A6D7757D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
19:06:29.0593 1012  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll - ok
19:06:29.0593 1012  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] C:\WINDOWS\system32\drivers\mdmxsdk.sys
19:06:29.0593 1012  C:\WINDOWS\system32\drivers\mdmxsdk.sys - ok
19:06:29.0593 1012  [ 6D7FEA5353AE646167E91152F1D9BE89 ] C:\Program Files\AVG\AVG10\avgcslx.dll
19:06:29.0593 1012  C:\Program Files\AVG\AVG10\avgcslx.dll - ok
19:06:29.0609 1012  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
19:06:29.0609 1012  C:\WINDOWS\system32\srvsvc.dll - ok
19:06:29.0609 1012  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
19:06:29.0609 1012  C:\WINDOWS\system32\netmsg.dll - ok
19:06:29.0609 1012  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
19:06:29.0609 1012  C:\WINDOWS\system32\drivers\srv.sys - ok
19:06:29.0609 1012  [ 56FC98F1014EA8DC51B92839C32759EC ] C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
19:06:29.0609 1012  C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL - ok
19:06:29.0609 1012  [ 69C503C004F49AEE8B8E3067CC047BA7 ] C:\WINDOWS\system32\HPZinw12.dll
19:06:29.0609 1012  C:\WINDOWS\system32\HPZinw12.dll - ok
19:06:29.0625 1012  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
19:06:29.0625 1012  C:\WINDOWS\system32\wsock32.dll - ok
19:06:29.0625 1012  [ DE81240BD5476BB8AA2261349AB32FF8 ] C:\Program Files\AVG\AVG10\avgamnot.dll
19:06:29.0625 1012  C:\Program Files\AVG\AVG10\avgamnot.dll - ok
19:06:29.0625 1012  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
19:06:29.0625 1012  C:\WINDOWS\system32\ipsecsvc.dll - ok
19:06:29.0625 1012  [ 12B4549D515CB26BB8D375038017CA65 ] C:\WINDOWS\system32\HPZipm12.dll
19:06:29.0625 1012  C:\WINDOWS\system32\HPZipm12.dll - ok
19:06:29.0640 1012  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
19:06:29.0640 1012  C:\WINDOWS\system32\oakley.dll - ok
19:06:29.0640 1012  [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
19:06:29.0640 1012  C:\WINDOWS\system32\regsvc.dll - ok
19:06:29.0640 1012  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
19:06:29.0640 1012  C:\WINDOWS\system32\seclogon.dll - ok
19:06:29.0640 1012  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
19:06:29.0640 1012  C:\WINDOWS\system32\srsvc.dll - ok
19:06:29.0640 1012  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
19:06:29.0640 1012  C:\WINDOWS\system32\powrprof.dll - ok
19:06:29.0656 1012  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
19:06:29.0656 1012  C:\WINDOWS\system32\pstorsvc.dll - ok
19:06:29.0656 1012  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
19:06:29.0656 1012  C:\WINDOWS\system32\dssenh.dll - ok
19:06:29.0656 1012  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
19:06:29.0656 1012  C:\WINDOWS\system32\psbase.dll - ok
19:06:29.0656 1012  [ 8F2E5F841DF279C41FA011E8F2E945BC ] C:\Program Files\AVG\AVG10\avgidpsdkx.dll
19:06:29.0656 1012  C:\Program Files\AVG\AVG10\avgidpsdkx.dll - ok
19:06:29.0656 1012  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
19:06:29.0671 1012  C:\WINDOWS\system32\trkwks.dll - ok
19:06:29.0671 1012  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
19:06:29.0671 1012  C:\WINDOWS\system32\termsrv.dll - ok
19:06:29.0671 1012  [ 4C51E233C87F9EC7598551DE554BC99D ] C:\WINDOWS\system32\drivers\AVGIDSFilter.sys
19:06:29.0671 1012  C:\WINDOWS\system32\drivers\AVGIDSFilter.sys - ok
19:06:29.0671 1012  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
19:06:29.0671 1012  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
19:06:29.0671 1012  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
19:06:29.0671 1012  C:\WINDOWS\system32\icaapi.dll - ok
19:06:29.0687 1012  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
19:06:29.0687 1012  C:\WINDOWS\system32\wiaservc.dll - ok
19:06:29.0687 1012  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
19:06:29.0687 1012  C:\WINDOWS\system32\cfgmgr32.dll - ok
19:06:29.0687 1012  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
19:06:29.0687 1012  C:\WINDOWS\system32\mstlsapi.dll - ok
19:06:29.0687 1012  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
19:06:29.0687 1012  C:\WINDOWS\system32\vssapi.dll - ok
19:06:29.0703 1012  [ 2D18221AAB3DB2D408D6C55C0F23090A ] C:\WINDOWS\system32\drivers\AVGIDSDriver.sys
19:06:29.0703 1012  C:\WINDOWS\system32\drivers\AVGIDSDriver.sys - ok
19:06:29.0703 1012  [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
19:06:29.0703 1012  C:\WINDOWS\system32\browser.dll - ok
19:06:29.0703 1012  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
19:06:29.0703 1012  C:\WINDOWS\system32\mscms.dll - ok
19:06:29.0703 1012  [ E8A6413CE73FD6C7586F27443A3171C8 ] C:\Program Files\AVG\AVG10\avgnsx.exe
19:06:29.0703 1012  C:\Program Files\AVG\AVG10\avgnsx.exe - ok
19:06:29.0703 1012  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
19:06:29.0703 1012  C:\WINDOWS\system32\wuauserv.dll - ok
19:06:29.0718 1012  [ 7778BDFA3F6F6FBA0E75B9594098F737 ] C:\WINDOWS\system32\searchindexer.exe
19:06:29.0718 1012  C:\WINDOWS\system32\searchindexer.exe - ok
19:06:29.0718 1012  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
19:06:29.0718 1012  C:\WINDOWS\system32\ipnathlp.dll - ok
19:06:29.0718 1012  [ 96EC140D8EC76556A3651987B7102F92 ] C:\Program Files\AVG\AVG10\avgsched.dll
19:06:29.0718 1012  C:\Program Files\AVG\AVG10\avgsched.dll - ok
19:06:29.0718 1012  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
19:06:29.0718 1012  C:\WINDOWS\system32\sensapi.dll - ok
19:06:29.0734 1012  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
19:06:29.0734 1012  C:\WINDOWS\system32\wuaueng.dll - ok
19:06:29.0734 1012  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
19:06:29.0734 1012  C:\WINDOWS\system32\cabinet.dll - ok
19:06:29.0734 1012  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
19:06:29.0734 1012  C:\WINDOWS\system32\mspatcha.dll - ok
19:06:29.0734 1012  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
19:06:29.0734 1012  C:\WINDOWS\system32\wscsvc.dll - ok
19:06:29.0750 1012  [ 0CBD1906F74BEB539FCEF6493095B933 ] C:\WINDOWS\system32\tquery.dll
19:06:29.0750 1012  C:\WINDOWS\system32\tquery.dll - ok
19:06:29.0750 1012  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
19:06:29.0750 1012  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
19:06:29.0750 1012  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
19:06:29.0750 1012  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
19:06:29.0750 1012  [ 89D74683C859B7982056D15938BACA3E ] C:\WINDOWS\system32\propsys.dll
19:06:29.0750 1012  C:\WINDOWS\system32\propsys.dll - ok
19:06:29.0765 1012  [ 64F1E57508A0387C4D8C8CB553E53CE1 ] C:\WINDOWS\system32\HPScanMiniDrv_PSB210.dll
19:06:29.0765 1012  C:\WINDOWS\system32\HPScanMiniDrv_PSB210.dll - ok
19:06:29.0765 1012  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
19:06:29.0765 1012  C:\WINDOWS\system32\comsvcs.dll - ok
19:06:29.0765 1012  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
19:06:29.0765 1012  C:\WINDOWS\system32\colbact.dll - ok
19:06:29.0765 1012  [ A28A7F1D4B985B77BDAB7AF42760763F ] C:\WINDOWS\system32\BCMLogon.dll
19:06:29.0765 1012  C:\WINDOWS\system32\BCMLogon.dll - ok
19:06:29.0781 1012  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
19:06:29.0781 1012  C:\WINDOWS\system32\mtxclu.dll - ok
19:06:29.0781 1012  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
19:06:29.0781 1012  C:\WINDOWS\system32\resutils.dll - ok
19:06:29.0781 1012  [ E65C5F612400B39D7AA83E7057D798C2 ] C:\WINDOWS\system32\mssrch.dll
19:06:29.0781 1012  C:\WINDOWS\system32\mssrch.dll - ok
19:06:29.0781 1012  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
19:06:29.0781 1012  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
19:06:29.0796 1012  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
19:06:29.0796 1012  C:\WINDOWS\system32\wbem\esscli.dll - ok
19:06:29.0796 1012  [ 80AEC7987F4F315DC8B65FA1A42FF554 ] C:\Program Files\AVG\AVG10\avgwdwsc.dll
19:06:29.0796 1012  C:\Program Files\AVG\AVG10\avgwdwsc.dll - ok
19:06:29.0796 1012  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
19:06:29.0796 1012  C:\WINDOWS\system32\wbem\fastprox.dll - ok
19:06:29.0796 1012  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
19:06:29.0796 1012  C:\WINDOWS\system32\actxprxy.dll - ok
19:06:29.0796 1012  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
19:06:29.0796 1012  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
19:06:29.0812 1012  [ 1B7524806D0270B81360C63A2FA047CB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
19:06:29.0812 1012  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll - ok
19:06:29.0812 1012  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
19:06:29.0812 1012  C:\WINDOWS\system32\spoolss.dll - ok
19:06:29.0812 1012  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
19:06:29.0812 1012  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
19:06:29.0812 1012  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
19:06:29.0812 1012  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
19:06:29.0828 1012  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
19:06:29.0828 1012  C:\WINDOWS\system32\localspl.dll - ok
19:06:29.0828 1012  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
19:06:29.0828 1012  C:\WINDOWS\system32\dbghelp.dll - ok
19:06:29.0828 1012  [ 1C4D0F52B4238B9388F2A28DD0903588 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
19:06:29.0828 1012  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll - ok
19:06:29.0828 1012  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
19:06:29.0828 1012  C:\WINDOWS\system32\wups.dll - ok
19:06:29.0843 1012  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
19:06:29.0843 1012  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
19:06:29.0843 1012  [ A7A23A4BF59ECB5B9BCC3965DB57FFB3 ] C:\WINDOWS\system32\mvtcpmon.dll
19:06:29.0843 1012  C:\WINDOWS\system32\mvtcpmon.dll - ok
19:06:29.0843 1012  [ 9090454E6772F7CFBCE240BF4DC5F7E8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
19:06:29.0843 1012  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll - ok
19:06:29.0843 1012  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
19:06:29.0843 1012  C:\WINDOWS\system32\wups2.dll - ok
19:06:29.0859 1012  [ 43E4758953F454090CAD65C303796ED5 ] C:\WINDOWS\system32\query.dll
19:06:29.0859 1012  C:\WINDOWS\system32\query.dll - ok
19:06:29.0859 1012  [ 7A0F6A3E0E41425B9BA54616B482668A ] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
19:06:29.0859 1012  C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe - ok
19:06:29.0859 1012  [ B55817188DCCEB6002FECEB7F09066C3 ] C:\WINDOWS\system32\slp32.dll
19:06:29.0859 1012  C:\WINDOWS\system32\slp32.dll - ok
19:06:29.0859 1012  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
19:06:29.0859 1012  C:\WINDOWS\system32\wbem\wbemess.dll - ok
19:06:29.0875 1012  [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll
19:06:29.0875 1012  C:\WINDOWS\system32\wsnmp32.dll - ok
19:06:29.0875 1012  [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe
19:06:29.0875 1012  C:\WINDOWS\system32\mpnotify.exe - ok
19:06:29.0875 1012  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
19:06:29.0875 1012  C:\WINDOWS\system32\cnbjmon.dll - ok
19:06:29.0875 1012  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
19:06:29.0875 1012  C:\WINDOWS\system32\wuauclt.exe - ok
19:06:29.0875 1012  [ D1E18F4AE94FFEC7270BE0A10C0B295E ] C:\WINDOWS\system32\xmllite.dll
19:06:29.0875 1012  C:\WINDOWS\system32\xmllite.dll - ok
19:06:29.0890 1012  [ C6916DC14194159AA3EC328F9B200852 ] C:\WINDOWS\system32\hpinksts8e11LM.dll
19:06:29.0890 1012  C:\WINDOWS\system32\hpinksts8e11LM.dll - ok
19:06:29.0890 1012  [ AABEB61E8F9111EF6CF2DDC1C5590D90 ] C:\WINDOWS\system32\HPDiscoPM8e11.dll
19:06:29.0890 1012  C:\WINDOWS\system32\HPDiscoPM8e11.dll - ok
19:06:29.0890 1012  [ FFB3115AA757ABEFBA7FBA90BAD5DD0A ] C:\WINDOWS\system32\en-us\tquery.dll.mui
19:06:29.0890 1012  C:\WINDOWS\system32\en-us\tquery.dll.mui - ok
19:06:29.0890 1012  [ 373D43BBE9E87F23AF81CBE97E42852E ] C:\WINDOWS\system32\hpz3l5oe.dll
19:06:29.0890 1012  C:\WINDOWS\system32\hpz3l5oe.dll - ok
19:06:29.0906 1012  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
19:06:29.0906 1012  C:\WINDOWS\system32\pjlmon.dll - ok
19:06:29.0906 1012  [ B9B3F6D8B8F1E0029C58B304632A729B ] C:\WINDOWS\system32\msonpmon.dll
19:06:29.0906 1012  C:\WINDOWS\system32\msonpmon.dll - ok
19:06:29.0906 1012  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
19:06:29.0906 1012  C:\WINDOWS\system32\tcpmon.dll - ok
19:06:29.0906 1012  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
19:06:29.0906 1012  C:\WINDOWS\system32\usbmon.dll - ok
19:06:29.0921 1012  [ 8F580BCC5296ECC9DC8A649D75BE6BA5 ] C:\WINDOWS\system32\msscb.dll
19:06:29.0921 1012  C:\WINDOWS\system32\msscb.dll - ok
19:06:29.0921 1012  [ E1585F622815BA1F04819A2F32842C6A ] C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
19:06:29.0921 1012  C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll - ok
19:06:29.0921 1012  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
19:06:29.0921 1012  C:\WINDOWS\system32\wuapi.dll - ok
19:06:29.0921 1012  [ 3CBC29297A34D64AD733732226420B56 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5oe.dll
19:06:29.0921 1012  C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5oe.dll - ok
19:06:29.0921 1012  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
19:06:29.0937 1012  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
19:06:29.0937 1012  [ F348280907B38FDBDB3CEF55D456E149 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
19:06:29.0937 1012  C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll - ok
19:06:29.0937 1012  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
19:06:29.0937 1012  C:\WINDOWS\system32\win32spl.dll - ok
19:06:29.0937 1012  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
19:06:29.0937 1012  C:\WINDOWS\system32\netrap.dll - ok
19:06:29.0937 1012  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
19:06:29.0937 1012  C:\WINDOWS\system32\inetpp.dll - ok
19:06:29.0953 1012  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
19:06:29.0953 1012  C:\WINDOWS\system32\wbem\ncprov.dll - ok
19:06:29.0953 1012  [ 277695435224405590121EE84A4F98E2 ] C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPDiscoPMSxS.dll
19:06:29.0953 1012  C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPDiscoPMSxS.dll - ok
19:06:29.0953 1012  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
19:06:29.0953 1012  C:\WINDOWS\system32\cscui.dll - ok
19:06:29.0968 1012  [ CFF3F66119D13EC1065CACDBCE6D6F2D ] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\avgcslex.dll
19:06:29.0968 1012  C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\avgcslex.dll - ok
19:06:29.0968 1012  [ 5DA2EB188EED8991D3BA8160B10B5D10 ] C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
19:06:29.0968 1012  C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe - ok
19:06:29.0968 1012  [ 2BC7128348265CABA9BBC058729A8B7B ] C:\WINDOWS\system32\dpcdll.dll
19:06:29.0968 1012  C:\WINDOWS\system32\dpcdll.dll - ok
19:06:29.0968 1012  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
19:06:29.0968 1012  C:\WINDOWS\system32\wdmaud.drv - ok
19:06:29.0968 1012  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
19:06:29.0968 1012  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
19:06:29.0984 1012  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
19:06:29.0984 1012  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
19:06:29.0984 1012  [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe
19:06:29.0984 1012  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
19:06:29.0984 1012  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
19:06:29.0984 1012  C:\WINDOWS\system32\drivers\splitter.sys - ok
19:06:29.0984 1012  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
19:06:29.0984 1012  C:\WINDOWS\system32\userinit.exe - ok
19:06:30.0000 1012  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
19:06:30.0000 1012  C:\WINDOWS\system32\drivers\aec.sys - ok
19:06:30.0000 1012  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
19:06:30.0000 1012  C:\WINDOWS\system32\drivers\swmidi.sys - ok
19:06:30.0000 1012  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys
19:06:30.0000 1012  C:\WINDOWS\system32\drivers\DMusic.sys - ok
19:06:30.0000 1012  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
19:06:30.0000 1012  C:\WINDOWS\system32\drivers\kmixer.sys - ok
19:06:30.0015 1012  [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
19:06:30.0015 1012  C:\WINDOWS\system32\msxml6.dll - ok
19:06:30.0015 1012  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
19:06:30.0015 1012  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
19:06:30.0015 1012  [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
19:06:30.0015 1012  C:\WINDOWS\system32\WgaTray.exe - ok
19:06:30.0015 1012  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
19:06:30.0015 1012  C:\WINDOWS\system32\msacm32.drv - ok
19:06:30.0031 1012  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
19:06:30.0031 1012  C:\WINDOWS\system32\midimap.dll - ok
19:06:30.0031 1012  [ 1793CC660605F63B14FB96C7707F75BA ] C:\WINDOWS\system32\perfproc.dll
19:06:30.0031 1012  C:\WINDOWS\system32\perfproc.dll - ok
19:06:30.0031 1012  [ 758D99511FD82B6C55E70494039E9F1A ] C:\Program Files\Google\Update\1.3.21.145\goopdate.dll
19:06:30.0031 1012  C:\Program Files\Google\Update\1.3.21.145\goopdate.dll - ok
19:06:30.0031 1012  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
19:06:30.0031 1012  C:\WINDOWS\explorer.exe - ok
19:06:30.0046 1012  [ 76B35CB0F3A4E69D6DFF27F542B9F856 ] C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
19:06:30.0046 1012  C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe - ok
19:06:30.0046 1012  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
19:06:30.0046 1012  C:\WINDOWS\system32\mstask.dll - ok
19:06:30.0046 1012  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
19:06:30.0046 1012  C:\WINDOWS\system32\browseui.dll - ok
19:06:30.0046 1012  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
19:06:30.0046 1012  C:\WINDOWS\system32\cryptnet.dll - ok
19:06:30.0046 1012  [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
19:06:30.0046 1012  C:\WINDOWS\system32\LegitCheckControl.dll - ok
19:06:30.0062 1012  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
19:06:30.0062 1012  C:\WINDOWS\system32\shdocvw.dll - ok
19:06:30.0062 1012  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
19:06:30.0062 1012  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
19:06:30.0062 1012  [ 786DD1892B553EFE5A004AC39775C851 ] C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
19:06:30.0062 1012  C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - ok
19:06:30.0062 1012  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
19:06:30.0062 1012  C:\WINDOWS\system32\linkinfo.dll - ok
19:06:30.0078 1012  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
19:06:30.0078 1012  C:\WINDOWS\system32\ntshrui.dll - ok
19:06:30.0078 1012  [ 6814B25C2B339B9F509063FECA36601A ] C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
19:06:30.0078 1012  C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll - ok
19:06:30.0078 1012  [ EBFC4D631D9DA54CAA2DEB6808E196AD ] C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
19:06:30.0078 1012  C:\Program Files\Microsoft Office\Office12\GrooveNew.dll - ok
19:06:30.0078 1012  [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
19:06:30.0078 1012  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll - ok
19:06:30.0093 1012  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
19:06:30.0093 1012  C:\WINDOWS\system32\desk.cpl - ok
19:06:30.0093 1012  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
19:06:30.0093 1012  C:\WINDOWS\system32\themeui.dll - ok
19:06:30.0093 1012  [ BD25E3537B54C1BFF40335992B3686FD ] C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
19:06:30.0093 1012  C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll - ok
19:06:30.0093 1012  [ 994AD0D8550B8B26990A6E3AA0791502 ] C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
19:06:30.0093 1012  C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll - ok
19:06:30.0109 1012  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
19:06:30.0109 1012  C:\WINDOWS\system32\cmd.exe - ok
19:06:30.0109 1012  [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
19:06:30.0109 1012  C:\WINDOWS\system32\licwmi.dll - ok
19:06:30.0109 1012  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
19:06:30.0109 1012  C:\WINDOWS\system32\wbem\framedyn.dll - ok
19:06:30.0109 1012  [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
19:06:30.0109 1012  C:\WINDOWS\system32\tapisrv.dll - ok
19:06:30.0109 1012  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
19:06:30.0109 1012  C:\WINDOWS\system32\rastapi.dll - ok
19:06:30.0125 1012  [ 97AAC45A375168C6A2297BEEB9692E31 ] C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:06:30.0125 1012  C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll - ok
19:06:30.0125 1012  [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
19:06:30.0125 1012  C:\WINDOWS\system32\licdll.dll - ok
19:06:30.0125 1012  [ 8BEAF2B4BCDE405AF7EC46A9E03B2D65 ] C:\WINDOWS\system32\mssprxy.dll
19:06:30.0125 1012  C:\WINDOWS\system32\mssprxy.dll - ok
19:06:30.0125 1012  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
19:06:30.0125 1012  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
19:06:30.0140 1012  [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
19:06:30.0140 1012  C:\WINDOWS\system32\unimdm.tsp - ok
19:06:30.0140 1012  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
19:06:30.0140 1012  C:\WINDOWS\system32\uniplat.dll - ok
19:06:30.0140 1012  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
19:06:30.0140 1012  C:\WINDOWS\system32\alg.exe - ok
19:06:30.0140 1012  [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
19:06:30.0140 1012  C:\WINDOWS\system32\unimdmat.dll - ok
19:06:30.0156 1012  [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
19:06:30.0156 1012  C:\WINDOWS\system32\modemui.dll - ok
19:06:30.0156 1012  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
19:06:30.0156 1012  C:\WINDOWS\system32\kmddsp.tsp - ok
19:06:30.0156 1012  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
19:06:30.0156 1012  C:\WINDOWS\system32\ndptsp.tsp - ok
19:06:30.0156 1012  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
19:06:30.0156 1012  C:\WINDOWS\system32\h323.tsp - ok
19:06:30.0156 1012  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
19:06:30.0156 1012  C:\WINDOWS\system32\ipconf.tsp - ok
19:06:30.0171 1012  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
19:06:30.0171 1012  C:\WINDOWS\system32\hidphone.tsp - ok
19:06:30.0171 1012  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
19:06:30.0171 1012  C:\WINDOWS\system32\rasppp.dll - ok
19:06:30.0171 1012  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
19:06:30.0171 1012  C:\WINDOWS\system32\ntlsapi.dll - ok
19:06:30.0171 1012  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
19:06:30.0171 1012  C:\WINDOWS\system32\rasqec.dll - ok
19:06:30.0187 1012  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
19:06:30.0187 1012  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
19:06:30.0187 1012  [ 27115A53347FD0E36229C4DB532DD43E ] C:\Program Files\AVG\AVG10\avgxpl.dll
19:06:30.0187 1012  C:\Program Files\AVG\AVG10\avgxpl.dll - ok
19:06:30.0187 1012  [ 05CF1926E4E7B6D91D66BD5CD54FC1F0 ] C:\WINDOWS\system32\mshtml.dll
19:06:30.0187 1012  C:\WINDOWS\system32\mshtml.dll - ok
19:06:30.0187 1012  [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] C:\WINDOWS\system32\msls31.dll
19:06:30.0187 1012  C:\WINDOWS\system32\msls31.dll - ok
19:06:30.0203 1012  [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
19:06:30.0203 1012  C:\WINDOWS\system32\msctf.dll - ok
19:06:30.0203 1012  [ E11457C66FDD966EE415FBBC6D9BE643 ] C:\WINDOWS\system32\msimtf.dll
19:06:30.0203 1012  C:\WINDOWS\system32\msimtf.dll - ok
19:06:30.0203 1012  [ 0689622E6484934EB6E5F4D3A96311F9 ] C:\WINDOWS\system32\jscript.dll
19:06:30.0203 1012  C:\WINDOWS\system32\jscript.dll - ok
19:06:30.0203 1012  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\Jodi\LOCALS~1\temp\CAA2633C-5783-499D-969A-F175C94AE892.exe
19:06:30.0203 1012  C:\DOCUME~1\Jodi\LOCALS~1\temp\CAA2633C-5783-499D-969A-F175C94AE892.exe - ok
19:06:30.0203 1012  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
19:06:30.0203 1012  C:\WINDOWS\system32\verclsid.exe - ok
19:06:30.0218 1012  [ 63368D3E65AACE7D26F69D8B29384243 ] C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
19:06:30.0218 1012  C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL - ok
19:06:30.0218 1012  [ 1818A2CD223603911970E667A5EACC9C ] C:\WINDOWS\system32\WLTRAY.EXE
19:06:30.0218 1012  C:\WINDOWS\system32\WLTRAY.EXE - ok
19:06:30.0218 1012  [ 06105D08927E3498B3D380CBF0688E78 ] C:\Program Files\AVG\AVG10\avgtray.exe
19:06:30.0218 1012  C:\Program Files\AVG\AVG10\avgtray.exe - ok
19:06:30.0218 1012  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
19:06:30.0218 1012  C:\WINDOWS\system32\upnp.dll - ok
19:06:30.0234 1012  [ B7116FDA0FEEBB52C6C9647E81EAEF26 ] C:\Program Files\AOL Computer Checkup\sdcCont.exe
19:06:30.0234 1012  C:\Program Files\AOL Computer Checkup\sdcCont.exe - ok
19:06:30.0234 1012  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
19:06:30.0234 1012  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
19:06:30.0234 1012  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
19:06:30.0234 1012  C:\WINDOWS\system32\ctfmon.exe - ok
19:06:30.0234 1012  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
19:06:30.0234 1012  C:\WINDOWS\system32\ssdpapi.dll - ok
19:06:30.0234 1012  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
19:06:30.0250 1012  C:\WINDOWS\system32\drivers\http.sys - ok
19:06:30.0250 1012  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
19:06:30.0250 1012  C:\WINDOWS\system32\ssdpsrv.dll - ok
19:06:30.0250 1012  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\AOL Computer Checkup\msvcr100.dll
19:06:30.0250 1012  C:\Program Files\AOL Computer Checkup\msvcr100.dll - ok
19:06:30.0250 1012  [ 423069307FB726E51E2A66F1C3F738FE ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
19:06:30.0250 1012  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll - ok
19:06:30.0250 1012  [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
19:06:30.0250 1012  C:\WINDOWS\system32\msutb.dll - ok
19:06:30.0265 1012  [ 145229828A29F5B90C9DE2F2B58CCB19 ] C:\WINDOWS\system32\preflib.dll
19:06:30.0265 1012  C:\WINDOWS\system32\preflib.dll - ok
19:06:30.0265 1012  [ A17A2E0E7FC1F3C236D6D9B469538005 ] C:\Program Files\AOL Computer Checkup\atl.dll
19:06:30.0265 1012  C:\Program Files\AOL Computer Checkup\atl.dll - ok
19:06:30.0265 1012  [ E1F3AB2CC3521E68F242FB4D60C52AE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
19:06:30.0265 1012  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll - ok
19:06:30.0265 1012  [ 0CA0893BC9E30627F185A17DC58D4A4A ] C:\Program Files\AOL Computer Checkup\customDisp.dll
19:06:30.0265 1012  C:\Program Files\AOL Computer Checkup\customDisp.dll - ok
19:06:30.0281 1012  [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
19:06:30.0281 1012  C:\WINDOWS\ime\sptip.dll - ok
19:06:30.0281 1012  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\16190509.sys
19:06:30.0281 1012  C:\WINDOWS\system32\drivers\16190509.sys - ok
19:06:30.0281 1012  [ 36D7D05505951F542922DF4C725CC57D ] C:\Program Files\AOL Computer Checkup\atl100.dll
19:06:30.0281 1012  C:\Program Files\AOL Computer Checkup\atl100.dll - ok
19:06:30.0281 1012  [ 03E9314004F504A14A61C3D364B62F66 ] C:\Program Files\AOL Computer Checkup\msvcp100.dll
19:06:30.0281 1012  C:\Program Files\AOL Computer Checkup\msvcp100.dll - ok
19:06:30.0296 1012  [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
19:06:30.0296 1012  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
19:06:30.0296 1012  [ D4931277DF5393E84A48B27DF40914E3 ] C:\WINDOWS\system32\riched32.dll
19:06:30.0296 1012  C:\WINDOWS\system32\riched32.dll - ok
19:06:30.0296 1012  [ 235B2311786AC007AD644B12A2DA8AC7 ] C:\WINDOWS\system32\msvfw32.dll
19:06:30.0296 1012  C:\WINDOWS\system32\msvfw32.dll - ok
19:06:30.0296 1012  [ 1E90645178509E1FD7055C04685D83AC ] C:\Program Files\AOL Computer Checkup\contDll.dll
19:06:30.0296 1012  C:\Program Files\AOL Computer Checkup\contDll.dll - ok
19:06:30.0296 1012  [ 5F63E2B2A72E1E6448123E0920D31530 ] C:\WINDOWS\system32\windowscodecs.dll
19:06:30.0296 1012  C:\WINDOWS\system32\windowscodecs.dll - ok
19:06:30.0312 1012  [ 2A632A95433E9719F37AE06BA00543AC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
19:06:30.0312 1012  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll - ok
19:06:30.0312 1012  [ F7E99DDF740BEE8DCDDA44F47B14A13C ] C:\Program Files\AOL Computer Checkup\Formatter.dll
19:06:30.0312 1012  C:\Program Files\AOL Computer Checkup\Formatter.dll - ok
19:06:30.0312 1012  [ B4EC1C87FF6EFDD878C0137EF42913EB ] C:\Program Files\AOL Computer Checkup\LicenseMngrDisp.dll
19:06:30.0312 1012  C:\Program Files\AOL Computer Checkup\LicenseMngrDisp.dll - ok
19:06:30.0312 1012  [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
19:06:30.0312 1012  C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
19:06:30.0328 1012  [ 9F878D377BCD7AD92DEBC8D2755607E0 ] C:\Program Files\AOL Computer Checkup\IO.dll
19:06:30.0328 1012  C:\Program Files\AOL Computer Checkup\IO.dll - ok
19:06:30.0328 1012  [ 870944DA968F90EA2EC6C29BFB7FBC6F ] C:\Program Files\AOL Computer Checkup\browserContainer.dll
19:06:30.0328 1012  C:\Program Files\AOL Computer Checkup\browserContainer.dll - ok
19:06:30.0328 1012  [ 5EFD27B3046864717763DE5245BFC048 ] C:\Program Files\AOL Computer Checkup\common.dll
19:06:30.0328 1012  C:\Program Files\AOL Computer Checkup\common.dll - ok
19:06:30.0328 1012  [ 26A8D372B108964A8FAB80234719D32D ] C:\Program Files\AOL Computer Checkup\configMngr.dll
19:06:30.0328 1012  C:\Program Files\AOL Computer Checkup\configMngr.dll - ok
19:06:30.0343 1012  [ 1264F787E46DC572FA274CA09B446E01 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
19:06:30.0343 1012  C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL - ok
19:06:30.0343 1012  [ 199F9ADDB1C1E633169B9F6CB40D7724 ] C:\Program Files\AVG\AVG10\avglngx.dll
19:06:30.0343 1012  C:\Program Files\AVG\AVG10\avglngx.dll - ok
19:06:30.0343 1012  [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll
19:06:30.0343 1012  C:\WINDOWS\system32\msvcp100.dll - ok
19:06:30.0343 1012  [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll
19:06:30.0343 1012  C:\WINDOWS\system32\msvcr100.dll - ok
19:06:30.0343 1012  [ AF4DC6348884A5636F439FC6CE93A8DC ] C:\Program Files\AVG\AVG10\avgabout.dll
19:06:30.0343 1012  C:\Program Files\AVG\AVG10\avgabout.dll - ok
19:06:30.0359 1012  [ EB853A46CAE3BEC11EE5FF93688F6DC2 ] C:\Program Files\AOL Computer Checkup\campaignMngr.dll
19:06:30.0359 1012  C:\Program Files\AOL Computer Checkup\campaignMngr.dll - ok
19:06:30.0359 1012  [ 61B12427CCBF5512E3439664C00D5FCD ] C:\Program Files\AVG\AVG10\avguires.dll
19:06:30.0359 1012  C:\Program Files\AVG\AVG10\avguires.dll - ok
19:06:30.0359 1012  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
19:06:30.0359 1012  C:\WINDOWS\system32\webcheck.dll - ok
19:06:30.0359 1012  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
19:06:30.0359 1012  C:\WINDOWS\system32\batmeter.dll - ok
19:06:30.0375 1012  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
19:06:30.0375 1012  C:\WINDOWS\system32\stobject.dll - ok
19:06:30.0375 1012  [ D7D69F304A604387B86BE991CBF07663 ] C:\WINDOWS\system32\WPDShServiceObj.dll
19:06:30.0375 1012  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
19:06:30.0375 1012  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
19:06:30.0375 1012  C:\WINDOWS\system32\mydocs.dll - ok
19:06:30.0375 1012  [ A687C458B80C7D55CBE39649D952ED2A ] C:\WINDOWS\system32\PortableDeviceTypes.dll
19:06:30.0375 1012  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
19:06:30.0390 1012  [ E132AD94798E72ACB650E985984C7F58 ] C:\WINDOWS\system32\PortableDeviceApi.dll
19:06:30.0390 1012  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
19:06:30.0390 1012  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
19:06:30.0390 1012  C:\WINDOWS\system32\imapi.exe - ok
19:06:30.0390 1012  [ 350A0C2CC411A6B0982604C8893C3E93 ] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
19:06:30.0390 1012  C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe - ok
19:06:30.0390 1012  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
19:06:30.0390 1012  C:\WINDOWS\system32\rasdlg.dll - ok
19:06:30.0390 1012  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
19:06:30.0390 1012  C:\WINDOWS\system32\security.dll - ok
19:06:30.0406 1012  [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
19:06:30.0406 1012  C:\WINDOWS\system32\wbem\wmipcima.dll - ok
19:06:30.0406 1012  [ C4894B3B448B647BEDC9E916D181BDBE ] C:\WINDOWS\system32\searchprotocolhost.exe
19:06:30.0406 1012  C:\WINDOWS\system32\searchprotocolhost.exe - ok
19:06:30.0406 1012  [ 4774D83BE60B7F47C612E25D6FE0F010 ] C:\WINDOWS\system32\msshooks.dll
19:06:30.0406 1012  C:\WINDOWS\system32\msshooks.dll - ok
19:06:30.0406 1012  [ 6E914EEDD145C5ACCE56F4D5F3D606FC ] C:\WINDOWS\system32\mssph.dll
19:06:30.0406 1012  C:\WINDOWS\system32\mssph.dll - ok
19:06:30.0421 1012  [ E81BBE78A8EF85ACD490B3E64EF63A7C ] C:\WINDOWS\system32\mapi32.dll
19:06:30.0421 1012  C:\WINDOWS\system32\mapi32.dll - ok
19:06:30.0421 1012  [ 7B952E19FE5FCB2F2A8737544564631D ] C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
19:06:30.0421 1012  C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL - ok
19:06:30.0421 1012  [ 6DE4F652CB5F86CDC824B4C594CE2D22 ] C:\WINDOWS\system32\msfeeds.dll
19:06:30.0421 1012  C:\WINDOWS\system32\msfeeds.dll - ok
19:06:30.0421 1012  [ D59A7119054D70FC745A1BF9C06DCC65 ] C:\WINDOWS\system32\oeph.dll
19:06:30.0421 1012  C:\WINDOWS\system32\oeph.dll - ok
19:06:30.0421 1012  [ 79ED352549EB6D5B1A454916C37D2E85 ] C:\WINDOWS\system32\UncPH.dll
19:06:30.0421 1012  C:\WINDOWS\system32\UncPH.dll - ok
19:06:30.0437 1012  [ 87889A983C015080FA813D7E32910D1E ] C:\WINDOWS\system32\searchfilterhost.exe
19:06:30.0437 1012  C:\WINDOWS\system32\searchfilterhost.exe - ok
19:06:30.0437 1012  ============================================================
19:06:30.0437 1012  Scan finished
19:06:30.0437 1012  ============================================================
19:06:30.0546 0980  Detected object count: 8
19:06:30.0546 0980  Actual detected object count: 8
19:07:15.0484 0980  APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:15.0484 0980  APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:07:15.0484 0980  Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:15.0484 0980  Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:07:15.0484 0980  DXEC02 ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:15.0484 0980  DXEC02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:07:15.0484 0980  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:15.0484 0980  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:07:15.0484 0980  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:15.0484 0980  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:07:15.0484 0980  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:15.0484 0980  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:07:16.0390 0980  \Device\Harddisk0\DR0\# - copied to quarantine
19:07:16.0406 0980  \Device\Harddisk0\DR0 - copied to quarantine
19:07:16.0453 0980  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:07:16.0468 0980  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:07:16.0468 0980  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:07:16.0484 0980  \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:07:16.0484 0980  \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:07:16.0515 0980  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:07:16.0593 0980  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:07:16.0593 0980  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:07:16.0593 0980  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:07:16.0593 0980  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:07:16.0609 0980  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:07:16.0609 0980  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:07:16.0609 0980  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:07:16.0625 0980  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:07:16.0640 0980  \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
19:07:16.0687 0980  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:07:16.0687 0980  \Device\Harddisk0\DR0 - ok
19:07:16.0703 0980  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 
19:07:16.0703 0980  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:07:16.0703 0980  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
19:07:20.0921 1784  Deinitialize success


#10 jthorne76

jthorne76
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 11 June 2013 - 06:27 PM

Here is the report from roguekiller. Again, WMP still running, no issues so far, the only thing is while running roguekiller a webpage popped up that looked like a rogue killer website, it had a video on how to delete "zero access" and while the program was running it kept flahong "zero access" with an exclamation point up in the top left corner of the program window. I did not do anything other than close the browser window and continue following your instructions.

 

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jodi [Admin rights]
Mode : Remove -- Date : 06/11/2013 19:21:58
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{96b2932f-3221-6013-2685-f9c7d30d96af}\@ [-] --> REMOVED
[ZeroAccess][FILE] @ : C:\Documents and Settings\Jodi\Local Settings\Application Data\{96b2932f-3221-6013-2685-f9c7d30d96af}\@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{96b2932f-3221-6013-2685-f9c7d30d96af}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\Jodi\Local Settings\Application Data\{96b2932f-3221-6013-2685-f9c7d30d96af}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS\Installer\{96b2932f-3221-6013-2685-f9c7d30d96af}\L\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\WINDOWS\Installer\{96b2932f-3221-6013-2685-f9c7d30d96af}\L\201d3dde [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{96b2932f-3221-6013-2685-f9c7d30d96af}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\Jodi\Local Settings\Application Data\{96b2932f-3221-6013-2685-f9c7d30d96af}\L --> REMOVED
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD2500BEVS-75UST0 +++++
--- User ---
[MBR] 0834bfeaad13a9247721d50f9363d452
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[2]_D_06112013_02d1921.txt >>
RKreport[1]_S_06112013_02d1919.txt ; RKreport[2]_D_06112013_02d1921.txt


#11 jthorne76

jthorne76
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 11 June 2013 - 07:27 PM

Keeping my fingers crossed, been listening to music on WMP for over an hour now, and no crazy adds, and no wave muting! I think you may have fixed it!!!!!!



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 AM

Posted 11 June 2013 - 08:55 PM


Hello jthorne76



I would like you to rerun TDSSKiller and this time when it gets to this part
  • \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I want you to select Delete this time instead of skip.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jthorne76

jthorne76
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 12 June 2013 - 04:04 PM

OK, previous action completed. Do I need to post the log from that?



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 AM

Posted 12 June 2013 - 08:47 PM


Hello jthorne76

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jthorne76

jthorne76
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 12 June 2013 - 09:24 PM

Here is the combofix log, no problems were encountered, computer still running great, no wave muting, and no malicious sounds
 
 
 
 
ComboFix 13-06-08.02 - Jodi 06/12/2013  22:09:39.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1321 [GMT -4:00]
Running from: c:\documents and settings\Jodi\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Jodi\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-13 to 2013-06-13  )))))))))))))))))))))))))))))))
.
.
2013-06-12 19:46 . 2012-06-02 19:18 214256 ----a-w- c:\windows\system32\muweb.dll
2013-06-12 19:46 . 2012-06-02 19:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-06-11 23:07 . 2013-06-12 20:59 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-11 23:00 . 2013-06-11 23:07 -------- d-----w- c:\windows\system32\MpEngineStore
2013-06-11 22:57 . 2013-06-11 23:01 -------- d-----w- C:\e460f9fb6ee41fbbf175ed0bb1
2013-06-11 13:32 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-06-11 13:32 . 2008-04-14 09:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2013-06-10 21:33 . 2013-06-10 21:33 -------- d-----w- c:\windows\ERUNT
2013-06-10 21:33 . 2013-06-10 22:31 -------- d-----w- C:\JRT
2013-06-07 23:41 . 2013-06-07 23:41 -------- d-----w- c:\documents and settings\Jodi\Application Data\ElevatedDiagnostics
2013-06-04 22:57 . 2013-06-04 22:59 -------- d-----w- c:\documents and settings\Jodi\Application Data\DVDVideoSoft
2013-06-04 22:57 . 2013-06-04 22:58 -------- d-----w- c:\program files\DVDVideoSoft
2013-06-04 22:57 . 2013-06-04 22:58 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2013-06-04 00:20 . 2013-06-04 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2013-06-03 23:11 . 2013-06-04 00:21 -------- d-----w- c:\documents and settings\Jodi\Application Data\HP
2013-06-03 23:09 . 2013-06-03 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2013-06-03 23:09 . 2008-12-01 14:05 118272 ----a-w- c:\windows\system32\hpz3l5oe.dll
2013-06-03 23:09 . 2008-12-01 14:02 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5oe.dll
2013-06-03 23:05 . 2013-06-03 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2013-06-03 23:03 . 2013-06-03 23:03 -------- d-----w- c:\program files\Common Files\HP
2013-06-03 23:03 . 2013-06-03 23:03 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2013-06-03 23:02 . 2010-02-01 06:54 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2013-06-03 23:02 . 2010-02-01 06:54 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2013-06-03 23:02 . 2010-02-01 06:54 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2013-06-03 23:02 . 2010-05-31 04:36 267608 ----a-w- c:\windows\system32\hpzids01.dll
2013-06-03 23:02 . 2010-02-01 06:54 729088 ----a-w- c:\windows\system32\hpwwiax4.dll
2013-06-03 23:02 . 2010-02-01 06:54 593920 ----a-w- c:\windows\system32\hpwtscl3.dll
2013-06-03 23:02 . 2010-02-01 06:54 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2013-06-03 23:02 . 2010-02-01 06:54 294912 ----a-w- c:\windows\system32\hpovst11.dll
2013-06-03 02:12 . 2013-06-03 22:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2013-05-28 02:34 . 2013-05-28 02:34 -------- d-----w- c:\documents and settings\Jodi\Application Data\Malwarebytes
2013-05-28 02:33 . 2013-05-28 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-05-28 02:33 . 2013-05-28 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-28 02:33 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-25 16:02 . 2013-05-25 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2013-05-21 17:54 . 2013-06-07 17:15 -------- d-----w- c:\program files\Microsoft
2013-05-21 17:53 . 2013-06-12 19:43 -------- d-----w- c:\program files\Microsoft Silverlight
2013-05-21 17:52 . 2013-05-21 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2013-05-21 17:52 . 2013-05-21 17:52 -------- d-----w- c:\program files\HP Photo Creations
2013-05-21 17:51 . 2013-05-21 17:51 -------- d-----w- c:\documents and settings\Jodi\Application Data\HpUpdate
2013-05-21 17:50 . 2010-06-14 20:04 273256 ------w- c:\windows\system32\HPDiscoPM8e11.dll
2013-05-21 17:50 . 2010-06-14 20:48 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_PSB210.dll
2013-05-21 17:50 . 2010-06-14 20:48 232296 ----a-w- c:\windows\system32\hpinksts8e11.dll
2013-05-21 17:50 . 2010-06-14 20:48 264552 ----a-w- c:\windows\system32\hpinksts8e11LM.dll
2013-05-21 17:50 . 2010-06-14 20:48 213352 ----a-w- c:\windows\system32\hpinkcoi8e11.dll
2013-05-21 17:48 . 2013-06-03 23:05 -------- d-----w- c:\program files\HP
2013-05-21 17:12 . 2013-05-30 11:40 -------- d-----w- c:\documents and settings\Jeremy
2013-05-20 02:52 . 2013-05-20 02:52 -------- d-----w- C:\found.000
2013-05-19 18:20 . 2008-04-14 09:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-05-19 18:20 . 2008-04-14 09:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-05-19 18:20 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-05-19 18:20 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-05-19 17:54 . 2013-05-19 17:54 -------- d-----w- c:\documents and settings\Default User\Application Data\TuneUp Software
2013-05-19 02:27 . 2013-05-19 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CraftEdge
2013-05-19 02:06 . 2013-05-20 17:24 -------- d-----w- c:\windows\SystemRepair
2013-05-19 02:06 . 2013-05-19 02:06 -------- d-----w- c:\documents and settings\Jodi\Application Data\AOL
2013-05-19 02:04 . 2013-05-19 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Computer Checkup
2013-05-19 02:03 . 2013-05-20 17:24 -------- d-----w- c:\program files\AOL Computer Checkup
2013-05-19 02:02 . 2013-05-19 02:04 -------- d-----w- c:\documents and settings\Jodi\Downloads
2013-05-19 01:36 . 2013-05-19 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-07 22:30 . 2004-08-04 01:07 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2004-08-04 01:07 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2004-08-04 01:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-04 01:07 385024 ------w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2004-08-04 01:07 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-02 14:09 . 2013-04-02 14:09 4550656 -c--a-w- c:\windows\system32\GPhotos.scr
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"MakiwaraNotify"="c:\program files\AOL Computer Checkup\sdccont.exe" [2013-03-13 82296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-31 240288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2013-03-21 09:10 472992 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-07-02 17:29 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-14 04:04 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-02-13 23:21 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 04:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 17:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 22:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
2006-11-02 18:05 282624 ----a-w- c:\windows\system32\KADxMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-06-09 11:23 13537280 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2008-06-09 11:23 90112 ----a-w- c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-06-09 11:23 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-06-09 11:23 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 14:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wltrysvc"=2 (0x2)
"wlidsvc"=2 (0x2)
"sprtsvc_dellsupportcenter"=2 (0x2)
"SeaPort"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AOL Computer Checkup"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 255968]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 4:02 PM 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
S4 AOL Computer Checkup;AOL Computer Checkup;c:\program files\AOL Computer Checkup\sdcService.exe [3/13/2013 12:41 AM 584568]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 45793527
*NewlyCreated* - 68907108
*Deregistered* - 45793527
*Deregistered* - 68907108
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 17:49 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-JODI-F05344198D-Jodi.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-03-21 09:10]
.
2013-06-11 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]
.
2013-06-13 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]
.
2013-06-11 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]
.
2013-06-11 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]
.
2013-06-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1637723038-682003330-1006Core.job
- c:\documents and settings\Jeremy\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-05-27 01:23]
.
2013-06-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1637723038-682003330-1006UA.job
- c:\documents and settings\Jeremy\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-05-27 01:23]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-19 01:44]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-19 01:44]
.
2013-06-10 c:\windows\Tasks\MainUIModule_AOL_Computer Checkup_{BDA49F87-1626-484F-AB5B-41EA29B28AD7}.job
- c:\program files\AOL Computer Checkup\sdcCont.exe [2013-03-13 04:41]
.
.
------- Supplementary Scan -------
.
uStart Page = www.aol.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxp://static-www3.cdn.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-04886720.sys
SafeBoot-45793527.sys
SafeBoot-50131567.sys
SafeBoot-96388130.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-12 22:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1637723038-682003330-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3DA848F-9380-4E93-A347-F45E38653C65}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Jodi\\Local Settings\\Application Data\\RobloxVersions\\version-76ed5b3c6cb0467f\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3404)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-06-12  22:20:56
ComboFix-quarantined-files.txt  2013-06-13 02:20
ComboFix2.txt  2013-06-11 01:30
.
Pre-Run: 212,269,666,304 bytes free
Post-Run: 213,548,068,864 bytes free
.
- - End Of File - - 65C402C14A31FE431286472DA998AE19
8F558EB6672622401DA993E1E865C861





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users