Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Ads Playing in Backgroun


  • This topic is locked This topic is locked
16 replies to this topic

#1 crazimoose2112

crazimoose2112

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 17 July 2013 - 12:16 PM

Hi! I seem to have random ads playing in the background of my computer even when all my programs are shut off. I ran a MBAM scan and it said nothing malicious was found but these ads won't stop playing. I don't know what else to do. I am running a WIndows XP, 32-bit. Any help would be greatly appreciated! Thanks!

 

-Dave



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:44 AM

Posted 17 July 2013 - 02:44 PM



Hello crazimoose2112

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 crazimoose2112

crazimoose2112
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 18 July 2013 - 11:58 AM

Thanks!! Btw, i dont know if this is because of malware or anything malicious, but my internet router wont connect to my computer anymore and i cant access the internet. It was working fine before all of this started so I just thought I would let you know! Thanks again!!

 

 

"Attach Log":

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/1/2011 12:39:16 PM
System Uptime: 7/18/2013 11:44:40 AM (0 hours ago)
.
Motherboard: Dell Inc |  | 0HY175
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+ | Socket M2  | 2104/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 29.954 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless USB Card
Device ID: USB\VID_148F&PID_9021\5&2586298&0&4
Manufacturer: Netopia, Inc.
Name: Wireless USB Card
PNP Device ID: USB\VID_148F&PID_9021\5&2586298&0&4
Service: RT73
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01F41028&REV_02\4&DC268A3&0&3880
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01F41028&REV_02\4&DC268A3&0&3880
Service: bcm4sbxp
.
==== System Restore Points ===================
.
RP921: 4/19/2013 11:49:27 AM - System Checkpoint
RP922: 4/20/2013 12:30:18 PM - System Checkpoint
RP923: 4/21/2013 1:30:16 PM - System Checkpoint
RP924: 4/22/2013 2:47:58 PM - System Checkpoint
RP925: 4/23/2013 4:31:16 PM - System Checkpoint
RP926: 4/24/2013 5:29:53 PM - System Checkpoint
RP927: 4/25/2013 9:39:22 PM - System Checkpoint
RP928: 4/26/2013 9:41:53 PM - System Checkpoint
RP929: 4/27/2013 10:29:53 PM - System Checkpoint
RP930: 4/28/2013 10:45:45 PM - System Checkpoint
RP931: 4/29/2013 11:29:53 PM - System Checkpoint
RP932: 4/30/2013 11:41:53 PM - System Checkpoint
RP933: 5/2/2013 2:13:58 AM - System Checkpoint
RP934: 5/3/2013 2:41:40 AM - System Checkpoint
RP935: 5/4/2013 3:29:39 AM - System Checkpoint
RP936: 5/5/2013 3:53:20 AM - System Checkpoint
RP937: 5/6/2013 4:41:40 AM - System Checkpoint
RP938: 5/7/2013 5:29:40 AM - System Checkpoint
RP939: 5/8/2013 5:41:40 AM - System Checkpoint
RP940: 5/9/2013 6:55:27 AM - System Checkpoint
RP941: 5/10/2013 7:29:27 AM - System Checkpoint
RP942: 5/11/2013 8:29:35 AM - System Checkpoint
RP943: 5/12/2013 9:30:33 AM - System Checkpoint
RP944: 5/13/2013 9:41:27 AM - System Checkpoint
RP945: 5/14/2013 9:55:31 AM - System Checkpoint
RP946: 5/15/2013 3:00:18 AM - Software Distribution Service 3.0
RP947: 5/16/2013 3:02:16 AM - System Checkpoint
RP948: 5/17/2013 4:02:14 AM - System Checkpoint
RP949: 5/18/2013 4:50:17 AM - System Checkpoint
RP950: 5/19/2013 5:50:19 AM - System Checkpoint
RP951: 5/20/2013 6:02:18 AM - System Checkpoint
RP952: 5/21/2013 6:50:18 AM - System Checkpoint
RP953: 5/22/2013 7:02:17 AM - System Checkpoint
RP954: 5/23/2013 8:01:44 AM - System Checkpoint
RP955: 5/24/2013 8:49:43 AM - System Checkpoint
RP956: 5/25/2013 9:01:47 AM - System Checkpoint
RP957: 5/26/2013 10:01:43 AM - System Checkpoint
RP958: 5/27/2013 10:49:44 AM - System Checkpoint
RP959: 5/28/2013 11:01:43 AM - System Checkpoint
RP960: 5/29/2013 12:01:50 PM - System Checkpoint
RP961: 5/30/2013 1:01:35 PM - System Checkpoint
RP962: 5/31/2013 2:01:32 PM - System Checkpoint
RP963: 6/1/2013 3:01:32 PM - System Checkpoint
RP964: 6/2/2013 4:02:19 PM - System Checkpoint
RP965: 6/3/2013 5:01:35 PM - System Checkpoint
RP966: 6/4/2013 6:01:36 PM - System Checkpoint
RP967: 6/5/2013 6:05:31 PM - System Checkpoint
RP968: 6/6/2013 6:14:42 PM - System Checkpoint
RP969: 6/7/2013 10:11:07 PM - System Checkpoint
RP970: 6/8/2013 11:07:10 PM - System Checkpoint
RP971: 6/10/2013 12:01:17 AM - System Checkpoint
RP972: 6/11/2013 1:48:37 AM - System Checkpoint
RP973: 6/12/2013 1:35:54 PM - Restore Operation
RP974: 6/13/2013 1:53:40 PM - System Checkpoint
RP975: 6/14/2013 2:54:09 PM - System Checkpoint
RP976: 6/15/2013 3:53:40 PM - System Checkpoint
RP977: 6/16/2013 4:41:40 PM - System Checkpoint
RP978: 6/17/2013 5:45:50 PM - System Checkpoint
RP979: 6/18/2013 6:45:56 PM - System Checkpoint
RP980: 6/19/2013 7:33:49 PM - System Checkpoint
RP981: 6/20/2013 7:34:04 PM - System Checkpoint
RP982: 6/21/2013 9:05:30 PM - System Checkpoint
RP983: 6/22/2013 9:45:50 PM - System Checkpoint
RP984: 6/23/2013 10:34:04 PM - System Checkpoint
RP985: 6/24/2013 11:33:10 PM - System Checkpoint
RP986: 6/26/2013 12:33:13 AM - System Checkpoint
RP987: 6/27/2013 12:45:14 AM - System Checkpoint
RP988: 6/28/2013 1:33:14 AM - System Checkpoint
RP989: 6/29/2013 1:45:11 AM - System Checkpoint
RP990: 6/30/2013 2:45:11 AM - System Checkpoint
RP991: 7/1/2013 3:45:12 AM - System Checkpoint
RP992: 7/2/2013 4:32:26 AM - System Checkpoint
RP993: 7/3/2013 4:44:33 AM - System Checkpoint
RP994: 7/4/2013 5:44:26 AM - System Checkpoint
RP995: 7/5/2013 6:44:26 AM - System Checkpoint
RP996: 7/6/2013 7:32:26 AM - System Checkpoint
RP997: 7/7/2013 7:44:30 AM - System Checkpoint
RP998: 7/8/2013 8:44:29 AM - System Checkpoint
RP999: 7/9/2013 9:32:04 AM - System Checkpoint
RP1000: 7/10/2013 9:48:34 AM - System Checkpoint
RP1001: 7/10/2013 6:10:47 PM - Restore Operation
RP1002: 7/11/2013 6:13:46 PM - System Checkpoint
RP1003: 7/12/2013 7:13:41 PM - System Checkpoint
RP1004: 7/13/2013 7:25:47 PM - System Checkpoint
RP1005: 7/14/2013 1:25:21 PM - Installed Windows XP winusb0100.
RP1006: 7/14/2013 1:33:48 PM - Installed Windows XP winusb0100.
RP1007: 7/14/2013 1:34:06 PM - Installed Windows XP winusb0100.
RP1008: 7/14/2013 1:34:36 PM - Installed Windows XP winusb0100.
RP1009: 7/15/2013 2:25:45 PM - System Checkpoint
RP1010: 7/16/2013 2:00:17 PM - Restore Operation
RP1011: 7/16/2013 2:11:50 PM - Restore Operation
RP1012: 7/17/2013 12:58:35 AM - Restore Operation
RP1013: 7/17/2013 1:25:17 AM - Restore Operation
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.0.1)
Adobe Reader X (10.1.7)
AMD APP SDK Runtime
Any Video Converter 3.5.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.1
Bonjour
DivX Setup
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Image Resizer Powertoy for Windows XP
InstaCodecs
Internet Download Manager
iPod Video Converter Factory
iTunes
Java Auto Updater
Java™ 6 Update 30
Malwarebytes Anti-Malware version 1.75.0.1300
Media Player Codec Pack 4.2.3
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
MixPad
NVIDIA Drivers
Prism Video File Converter
QuickTime
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SigmaTel Audio
Skype Click to Call
Skype™ 5.10
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
WavePad Sound Editor
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
Wireless USB Card
Xvid Video Codec
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
7/17/2013 12:57:28 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/17/2013 12:56:24 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
7/17/2013 12:56:24 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:  A device attached to the system is not functioning.
7/17/2013 12:56:24 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/17/2013 12:56:24 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/17/2013 12:56:24 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
7/17/2013 12:56:24 AM, error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/17/2013 12:56:24 AM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/17/2013 12:55:58 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/17/2013 1:23:35 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/17/2013 1:22:04 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/17/2013 1:17:18 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/17/2013 1:17:02 AM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
7/17/2013 1:16:39 AM, error: Service Control Manager [7034]  - The Telephony service terminated unexpectedly.  It has done this 2 time(s).
7/17/2013 1:16:39 AM, error: Service Control Manager [7034]  - The System Event Notification service terminated unexpectedly.  It has done this 2 time(s).
7/17/2013 1:16:39 AM, error: Service Control Manager [7034]  - The Remote Access Connection Manager service terminated unexpectedly.  It has done this 2 time(s).
7/17/2013 1:16:39 AM, error: Service Control Manager [7034]  - The Network Location Awareness (NLA) service terminated unexpectedly.  It has done this 2 time(s).
7/17/2013 1:16:39 AM, error: Service Control Manager [7034]  - The COM+ Event System service terminated unexpectedly.  It has done this 2 time(s).
7/17/2013 1:16:39 AM, error: Service Control Manager [7031]  - The Windows Time service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/17/2013 1:16:39 AM, error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/17/2013 1:16:39 AM, error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/17/2013 1:16:39 AM, error: Service Control Manager [7031]  - The Help and Support service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
7/16/2013 4:46:13 PM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
.
==== End Of File ===========================

 

 

 

 

 

 

"dds log":

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by David at 11:53:07 on 2013-07-18
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.618 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301681298296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1365580129914
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{7ECAC82B-FB51-45BF-AC38-91D1B603E778} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C6640218-FAE2-4DCF-8514-7E85109B26D5} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CF970E40-7341-456C-8C7D-E5D093A2E99E} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-3-16 104456]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2012-12-21 627072]
.
=============== Created Last 30 ================
.
2013-07-17 06:27:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-07-17 06:27:04 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M  ====================
.
2013-06-12 19:18:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 19:18:37 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 11:54:21.07 ===============
 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:44 AM

Posted 18 July 2013 - 01:05 PM



Hello crazimoose2112

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 crazimoose2112

crazimoose2112
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 19 July 2013 - 12:14 AM

Okay, I ran the two programs as you described and the logs are below, but the ads are still running in the backgrouind. What should I do next?

 

-Thanks!

 

ADW:

 

# AdwCleaner v2.305 - Logfile created 07/18/2013 at 22:36:55
# Updated 11/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : David - DAVIDROOM
# Boot Mode : Normal
# Running from : C:\Documents and Settings\David\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\DOCUME~1\David\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\DOCUME~1\David\LOCALS~1\Temp\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\David\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ClickPotato
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Homepage Protection Service
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [3901 octets] - [18/07/2013 22:36:55]

########## EOF - C:\AdwCleaner[S1].txt - [3961 octets] ##########

 

 

 

 

 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Microsoft Windows XP x86
Ran by David on Thu 07/18/2013 at 22:40:37.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9E91EE99-B067-4F66-9218-270938B78CEC}

 

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/18/2013 at 22:53:59.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:44 AM

Posted 19 July 2013 - 01:00 AM


Hello crazimoose2112

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 crazimoose2112

crazimoose2112
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 20 July 2013 - 12:49 PM

Okay so i ran ComboFix from my flash drive accidentally, but I didnt want to rerun it so I let it finish. It ran and finished everything, but the ads are still playing. I dont know what to do. Here is the log:

 

CF Log:

 

ComboFix 13-07-18.04 - David 07/20/2013   2:51.3.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.176 [GMT -5:00]
Running from: E:\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\2qHe7cg3.exe.b
c:\documents and settings\All Users\Application Data\583245u2n608s086t778j7xav0k2
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\SET247.tmp
c:\windows\system32\SET24B.tmp
c:\windows\system32\SET253.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET6D.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-20 to 2013-07-20  )))))))))))))))))))))))))))))))
.
.
2013-07-19 03:40 . 2013-07-19 03:40 -------- d-----w- c:\windows\ERUNT
2013-07-17 06:28 . 2013-07-17 17:06 -------- d-----w- c:\documents and settings\Administrator.DAVIDROOM.005
2013-07-17 06:27 . 2013-07-17 06:27 -------- d-----w- c:\windows\system32\wbem\Repository
2013-07-17 06:20 . 2013-07-17 06:25 -------- d-s---w- c:\documents and settings\Administrator.DAVIDROOM.004
2013-07-17 05:55 . 2013-07-17 06:26 -------- d-s---w- c:\documents and settings\Administrator.DAVIDROOM.003
2013-07-16 18:59 . 2013-07-17 06:26 -------- d-s---w- c:\documents and settings\Administrator.DAVIDROOM.002
2013-07-10 23:09 . 2013-07-17 06:26 -------- d-s---w- c:\documents and settings\Administrator.DAVIDROOM.001
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 19:18 . 2012-10-16 18:39 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 19:18 . 2012-01-29 05:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-03-19 742264]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-03-16 3478936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
S1 IDMTDI;IDMTDI;c:\windows\system32\DRIVERS\idmtdi.sys [2012-02-08 104456]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsbSevice REG_MULTI_SZ    NecUsb
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 19:18]
.
2013-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-01 21:03]
.
2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-01 21:03]
.
2013-01-11 c:\windows\Tasks\MixPadReminder.job
- c:\program files\NCH Software\MixPad\mixpad.exe [2012-12-27 17:43]
.
2013-05-13 c:\windows\Tasks\PrismReminder.job
- c:\program files\NCH Software\Prism\prism.exe [2013-05-06 22:24]
.
2013-07-19 c:\windows\Tasks\User_Feed_Synchronization-{81A1D5B6-6057-4B71-B362-F925FD6E40FF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
2013-07-15 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-04-09 02:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-20 03:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,52,46,12,32,e0,f3,4e,9b,23,9e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,52,46,12,32,e0,f3,4e,9b,23,9e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57b43206-adb5-447a-a0f9-e2924a5f3483}]
@Denied: (Full) (Everyone)
"Model"=dword:00000110
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,88,79,0d,22,8e,33,17,75,e6,82,db,74,d6,1f,ea,8f,64,51,35,36,23,e5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0b,21,3c,e6,67,d9,d6,55,22,00,b8,9c,04,ca,06,1c,08,e9,19,ce,f1,
   43,e5,26,44,d7,29,ef,8a,e3,5a,cc,6d,d2,2a,c0,e8,39,65,84,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ee,89,f8,96,cd,64,2d,ce,12,64,89,36,49,9f,df,ca,db,60,6b,69,e8,
   4c,2b,f2,ef,3d,ce,ac,34,ac,c3,01,43,e7,ba,8b,0f,d8,cc,60,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c82fb50d-dd22-4b89-a4e9-4f54b5a5c49a}]
@Denied: (Full) (Everyone)
"Model"=dword:0000013b
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\WININET.dll
.
Completion time: 2013-07-20  03:50:03
ComboFix-quarantined-files.txt  2013-07-20 08:49
.
Pre-Run: 31,245,586,432 bytes free
Post-Run: 37,347,774,464 bytes free
.
- - End Of File - - 64D40B41124AFDA72743204948D6C51B
8F558EB6672622401DA993E1E865C861
 

 

Thanks!



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:44 AM

Posted 20 July 2013 - 10:45 PM


Hello crazimoose2112

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 crazimoose2112

crazimoose2112
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 21 July 2013 - 03:16 PM

Computer seems to be running normally again, THANK YOU!!!!

 

Here is the TDSS Report:

 

13:34:21.0640 2032  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:34:22.0109 2032  ============================================================
13:34:22.0109 2032  Current date / time: 2013/07/21 13:34:22.0109
13:34:22.0109 2032  SystemInfo:
13:34:22.0109 2032 
13:34:22.0109 2032  OS Version: 5.1.2600 ServicePack: 3.0
13:34:22.0109 2032  Product type: Workstation
13:34:22.0109 2032  ComputerName: DAVIDROOM
13:34:22.0109 2032  UserName: David
13:34:22.0109 2032  Windows directory: C:\WINDOWS
13:34:22.0109 2032  System windows directory: C:\WINDOWS
13:34:22.0109 2032  Processor architecture: Intel x86
13:34:22.0109 2032  Number of processors: 2
13:34:22.0109 2032  Page size: 0x1000
13:34:22.0109 2032  Boot type: Normal boot
13:34:22.0109 2032  ============================================================
13:34:51.0234 2032  BG loaded
13:34:52.0390 2032  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
13:34:52.0781 2032  ============================================================
13:34:52.0781 2032  \Device\Harddisk0\DR0:
13:34:52.0921 2032  MBR partitions:
13:34:52.0921 2032  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
13:34:52.0921 2032  ============================================================
13:34:54.0234 2032  C: <-> \Device\Harddisk0\DR0\Partition1
13:34:54.0234 2032  ============================================================
13:34:54.0234 2032  Initialize success
13:34:54.0234 2032  ============================================================
13:36:27.0562 3668  ============================================================
13:36:27.0562 3668  Scan started
13:36:27.0562 3668  Mode: Manual; SigCheck; TDLFS;
13:36:27.0562 3668  ============================================================
13:36:39.0468 3668  ================ Scan system memory ========================
13:36:39.0468 3668  System memory - ok
13:36:39.0500 3668  ================ Scan services =============================
13:36:54.0671 3668  Abiosdsk - ok
13:36:54.0671 3668  abp480n5 - ok
13:36:54.0921 3668  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:37:43.0625 3668  ACPI - ok
13:37:43.0812 3668  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
13:37:45.0281 3668  ACPIEC - ok
13:37:45.0781 3668  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:37:46.0265 3668  AdobeFlashPlayerUpdateSvc - ok
13:37:46.0281 3668  adpu160m - ok
13:37:46.0484 3668  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
13:37:50.0515 3668  aec - ok
13:37:50.0875 3668  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
13:37:52.0609 3668  AFD - ok
13:37:52.0656 3668  Aha154x - ok
13:37:52.0718 3668  aic78u2 - ok
13:37:52.0765 3668  aic78xx - ok
13:37:53.0015 3668  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
13:37:55.0140 3668  Alerter - ok
13:37:55.0281 3668  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
13:37:56.0125 3668  ALG - ok
13:37:56.0140 3668  AliIde - ok
13:37:56.0140 3668  amsint - ok
13:37:57.0984 3668  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:37:58.0843 3668  Apple Mobile Device - ok
13:37:58.0843 3668  AppMgmt - ok
13:37:58.0875 3668  asc - ok
13:37:58.0906 3668  asc3350p - ok
13:37:58.0968 3668  asc3550 - ok
13:38:01.0390 3668  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:38:02.0515 3668  aspnet_state - ok
13:38:02.0671 3668  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:38:04.0281 3668  AsyncMac - ok
13:38:04.0437 3668  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
13:38:05.0390 3668  atapi - ok
13:38:05.0390 3668  Atdisk - ok
13:38:05.0609 3668  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:38:07.0000 3668  Atmarpc - ok
13:38:07.0140 3668  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
13:38:08.0406 3668  AudioSrv - ok
13:38:08.0609 3668  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
13:38:09.0953 3668  audstub - ok
13:38:10.0125 3668  [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
13:38:11.0421 3668  bcm4sbxp - ok
13:38:11.0609 3668  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
13:38:12.0781 3668  Beep - ok
13:38:12.0859 3668  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
13:38:15.0000 3668  BITS - ok
13:38:15.0468 3668  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:38:16.0312 3668  Bonjour Service - ok
13:38:16.0437 3668  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
13:38:17.0750 3668  Browser - ok
13:38:18.0265 3668  catchme - ok
13:38:18.0421 3668  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
13:38:19.0765 3668  cbidf2k - ok
13:38:19.0781 3668  cd20xrnt - ok
13:38:20.0000 3668  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
13:38:20.0781 3668  Cdaudio - ok
13:38:20.0875 3668  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
13:38:21.0953 3668  Cdfs - ok
13:38:22.0078 3668  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:38:23.0015 3668  Cdrom - ok
13:38:23.0046 3668  Changer - ok
13:38:23.0156 3668  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
13:38:24.0375 3668  CiSvc - ok
13:38:24.0500 3668  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
13:38:25.0171 3668  ClipSrv - ok
13:38:25.0375 3668  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:38:25.0578 3668  clr_optimization_v2.0.50727_32 - ok
13:38:25.0593 3668  CmdIde - ok
13:38:25.0625 3668  COMSysApp - ok
13:38:25.0750 3668  Cpqarray - ok
13:38:25.0968 3668  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
13:38:26.0875 3668  CryptSvc - ok
13:38:26.0890 3668  dac2w2k - ok
13:38:26.0906 3668  dac960nt - ok
13:38:27.0218 3668  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
13:38:28.0468 3668  DcomLaunch - ok
13:38:28.0656 3668  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
13:38:29.0734 3668  Dhcp - ok
13:38:29.0937 3668  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
13:38:31.0093 3668  Disk - ok
13:38:31.0109 3668  dmadmin - ok
13:38:31.0453 3668  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
13:38:33.0781 3668  dmboot - ok
13:38:34.0015 3668  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
13:38:34.0828 3668  dmio - ok
13:38:34.0953 3668  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
13:38:35.0921 3668  dmload - ok
13:38:36.0000 3668  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
13:38:36.0921 3668  dmserver - ok
13:38:37.0046 3668  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
13:38:37.0703 3668  DMusic - ok
13:38:37.0828 3668  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
13:38:38.0250 3668  Dnscache - ok
13:38:38.0421 3668  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
13:38:40.0734 3668  Dot3svc - ok
13:38:40.0734 3668  dpti2o - ok
13:38:40.0906 3668  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
13:38:42.0140 3668  drmkaud - ok
13:38:42.0281 3668  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
13:38:43.0515 3668  EapHost - ok
13:38:43.0734 3668  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
13:38:45.0218 3668  ERSvc - ok
13:38:45.0437 3668  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
13:38:48.0593 3668  Eventlog - ok
13:38:49.0500 3668  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
13:38:51.0015 3668  EventSystem - ok
13:38:51.0562 3668  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
13:38:53.0531 3668  Fastfat - ok
13:38:53.0718 3668  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:38:55.0062 3668  FastUserSwitchingCompatibility - ok
13:38:55.0140 3668  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
13:38:56.0640 3668  Fdc - ok
13:38:56.0718 3668  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
13:38:57.0687 3668  Fips - ok
13:38:57.0843 3668  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
13:38:58.0609 3668  Flpydisk - ok
13:38:59.0078 3668  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
13:39:00.0187 3668  FltMgr - ok
13:39:00.0609 3668  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:39:01.0296 3668  FontCache3.0.0.0 - ok
13:39:01.0375 3668  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:39:02.0093 3668  Fs_Rec - ok
13:39:02.0265 3668  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:39:03.0421 3668  Ftdisk - ok
13:39:03.0796 3668  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:39:04.0375 3668  GEARAspiWDM - ok
13:39:04.0593 3668  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:39:05.0546 3668  Gpc - ok
13:39:06.0453 3668  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
13:39:08.0500 3668  gupdate - ok
13:39:08.0750 3668  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:39:08.0796 3668  gupdatem - ok
13:39:09.0078 3668  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:39:09.0593 3668  gusvc - ok
13:39:10.0234 3668  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:39:11.0046 3668  HDAudBus - ok
13:39:11.0687 3668  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:39:12.0390 3668  helpsvc - ok
13:39:12.0390 3668  HidServ - ok
13:39:12.0640 3668  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:39:12.0921 3668  hidusb - ok
13:39:13.0140 3668  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
13:39:13.0734 3668  hkmsvc - ok
13:39:13.0734 3668  hpn - ok
13:39:14.0140 3668  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
13:39:15.0625 3668  HTTP - ok
13:39:15.0875 3668  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
13:39:16.0734 3668  HTTPFilter - ok
13:39:16.0750 3668  i2omgmt - ok
13:39:16.0750 3668  i2omp - ok
13:39:16.0843 3668  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
13:39:17.0343 3668  i8042prt - ok
13:39:17.0562 3668  [ EB5A63ADBF35314465CFBC33558CDAF7 ] IDMTDI          C:\WINDOWS\system32\DRIVERS\idmtdi.sys
13:39:21.0609 3668  IDMTDI - ok
13:39:22.0765 3668  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:39:25.0859 3668  idsvc - ok
13:39:26.0000 3668  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
13:39:26.0546 3668  Imapi - ok
13:39:26.0843 3668  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
13:39:27.0625 3668  ImapiService - ok
13:39:27.0640 3668  ini910u - ok
13:39:27.0656 3668  IntelIde - ok
13:39:27.0796 3668  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
13:39:28.0296 3668  ip6fw - ok
13:39:28.0500 3668  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:39:29.0125 3668  IpFilterDriver - ok
13:39:29.0203 3668  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:39:29.0500 3668  IpInIp - ok
13:39:29.0781 3668  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:39:30.0500 3668  IpNat - ok
13:39:31.0187 3668  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:39:36.0046 3668  iPod Service - ok
13:39:36.0093 3668  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:39:36.0671 3668  IPSec - ok
13:39:36.0750 3668  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
13:39:37.0296 3668  IRENUM - ok
13:39:37.0421 3668  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:39:38.0031 3668  isapnp - ok
13:39:38.0312 3668  [ DE96BBF842059A67D876B692076D8875 ] ivusb           C:\WINDOWS\system32\DRIVERS\ivusb.sys
13:39:38.0515 3668  ivusb - ok
13:39:39.0484 3668  [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
13:39:40.0312 3668  JavaQuickStarterService - ok
13:39:40.0468 3668  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:39:40.0937 3668  Kbdclass - ok
13:39:41.0031 3668  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:39:41.0390 3668  kbdhid - ok
13:39:41.0562 3668  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
13:39:42.0265 3668  kmixer - ok
13:39:42.0421 3668  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
13:39:42.0875 3668  KSecDD - ok
13:39:42.0968 3668  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
13:39:43.0453 3668  lanmanserver - ok
13:39:43.0781 3668  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:39:44.0421 3668  lanmanworkstation - ok
13:39:44.0437 3668  lbrtfdc - ok
13:39:44.0796 3668  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
13:39:45.0687 3668  LmHosts - ok
13:39:45.0921 3668  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
13:39:46.0625 3668  Messenger - ok
13:39:46.0843 3668  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
13:39:47.0671 3668  mnmdd - ok
13:39:47.0812 3668  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
13:39:48.0296 3668  mnmsrvc - ok
13:39:48.0453 3668  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
13:39:49.0031 3668  Modem - ok
13:39:49.0218 3668  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:39:50.0265 3668  Mouclass - ok
13:39:50.0328 3668  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:39:50.0890 3668  mouhid - ok
13:39:51.0000 3668  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
13:39:51.0515 3668  MountMgr - ok
13:39:51.0515 3668  mraid35x - ok
13:39:51.0796 3668  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:39:52.0656 3668  MRxDAV - ok
13:39:53.0562 3668  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:39:55.0968 3668  MRxSmb - ok
13:39:56.0078 3668  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
13:39:56.0468 3668  MSDTC - ok
13:39:56.0562 3668  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
13:39:57.0078 3668  Msfs - ok
13:39:57.0078 3668  MSIServer - ok
13:39:57.0125 3668  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:39:57.0609 3668  MSKSSRV - ok
13:39:57.0687 3668  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:39:58.0046 3668  MSPCLOCK - ok
13:39:58.0156 3668  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
13:39:58.0812 3668  MSPQM - ok
13:39:58.0921 3668  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:39:59.0359 3668  mssmbios - ok
13:39:59.0609 3668  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
13:40:00.0156 3668  Mup - ok
13:40:00.0625 3668  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
13:40:06.0062 3668  napagent - ok
13:40:06.0500 3668  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
13:40:07.0265 3668  NDIS - ok
13:40:07.0375 3668  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:40:07.0750 3668  NdisTapi - ok
13:40:07.0828 3668  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:40:08.0500 3668  Ndisuio - ok
13:40:08.0593 3668  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:40:09.0125 3668  NdisWan - ok
13:40:09.0375 3668  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
13:40:09.0781 3668  NDProxy - ok
13:40:09.0890 3668  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
13:40:10.0281 3668  NetBIOS - ok
13:40:10.0531 3668  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
13:40:11.0453 3668  NetBT - ok
13:40:11.0765 3668  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
13:40:12.0437 3668  NetDDE - ok
13:40:12.0562 3668  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
13:40:12.0875 3668  NetDDEdsdm - ok
13:40:13.0093 3668  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
13:40:13.0500 3668  Netlogon - ok
13:40:13.0796 3668  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
13:40:14.0828 3668  Netman - ok
13:40:15.0062 3668  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:40:23.0484 3668  NetTcpPortSharing - ok
13:40:23.0812 3668  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
13:40:24.0593 3668  Nla - ok
13:40:24.0734 3668  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
13:40:25.0203 3668  Npfs - ok
13:40:25.0765 3668  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
13:40:27.0781 3668  Ntfs - ok
13:40:27.0875 3668  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
13:40:28.0218 3668  NtLmSsp - ok
13:40:28.0687 3668  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
13:40:30.0250 3668  NtmsSvc - ok
13:40:30.0390 3668  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
13:40:31.0031 3668  Null - ok
13:40:42.0531 3668  [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:41:17.0437 3668  nv - ok
13:41:17.0812 3668  [ 75E2E77C5497F34E60491D27BF03F1CB ] nvgts           C:\WINDOWS\system32\DRIVERS\nvgts.sys
13:41:18.0093 3668  nvgts - ok
13:41:18.0281 3668  [ 0FEBE37DB6650FAA5965C00545009D1D ] NVSvc           C:\WINDOWS\System32\nvsvc32.exe
13:41:18.0968 3668  NVSvc - ok
13:41:19.0109 3668  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:41:19.0703 3668  NwlnkFlt - ok
13:41:19.0812 3668  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:41:20.0312 3668  NwlnkFwd - ok
13:41:21.0093 3668  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:41:22.0562 3668  odserv - ok
13:41:23.0031 3668  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:41:23.0578 3668  ose - ok
13:41:23.0781 3668  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
13:41:24.0265 3668  Parport - ok
13:41:24.0359 3668  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
13:41:24.0718 3668  PartMgr - ok
13:41:24.0890 3668  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
13:41:25.0812 3668  ParVdm - ok
13:41:26.0078 3668  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
13:41:26.0796 3668  PCI - ok
13:41:26.0796 3668  PCIDump - ok
13:41:26.0953 3668  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
13:41:27.0375 3668  PCIIde - ok
13:41:27.0437 3668  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
13:41:28.0125 3668  Pcmcia - ok
13:41:28.0125 3668  PDCOMP - ok
13:41:28.0171 3668  PDFRAME - ok
13:41:28.0281 3668  PDRELI - ok
13:41:28.0343 3668  PDRFRAME - ok
13:41:28.0375 3668  perc2 - ok
13:41:28.0421 3668  perc2hib - ok
13:41:28.0640 3668  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
13:41:29.0046 3668  PlugPlay - ok
13:41:29.0140 3668  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
13:41:29.0312 3668  PolicyAgent - ok
13:41:29.0453 3668  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:41:30.0078 3668  PptpMiniport - ok
13:41:30.0171 3668  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
13:41:30.0734 3668  Processor - ok
13:41:30.0843 3668  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:41:31.0109 3668  ProtectedStorage - ok
13:41:31.0187 3668  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
13:41:31.0625 3668  PSched - ok
13:41:31.0671 3668  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:41:32.0046 3668  Ptilink - ok
13:41:32.0140 3668  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:41:32.0203 3668  PxHelp20 - ok
13:41:32.0203 3668  ql1080 - ok
13:41:32.0218 3668  Ql10wnt - ok
13:41:32.0234 3668  ql12160 - ok
13:41:32.0234 3668  ql1240 - ok
13:41:32.0250 3668  ql1280 - ok
13:41:32.0343 3668  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:41:32.0765 3668  RasAcd - ok
13:41:32.0984 3668  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
13:41:33.0890 3668  RasAuto - ok
13:41:33.0984 3668  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:41:34.0593 3668  Rasl2tp - ok
13:41:34.0984 3668  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
13:41:35.0593 3668  RasMan - ok
13:41:35.0687 3668  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:41:36.0078 3668  RasPppoe - ok
13:41:36.0171 3668  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
13:41:36.0781 3668  Raspti - ok
13:41:36.0890 3668  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:41:37.0453 3668  Rdbss - ok
13:41:37.0531 3668  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:41:37.0984 3668  RDPCDD - ok
13:41:38.0218 3668  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
13:41:39.0171 3668  RDPWD - ok
13:41:39.0390 3668  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
13:41:40.0343 3668  RDSessMgr - ok
13:41:40.0656 3668  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
13:41:41.0093 3668  redbook - ok
13:41:41.0343 3668  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
13:41:41.0875 3668  RemoteAccess - ok
13:41:42.0015 3668  [ 616EAC1B0E48B236A5A9B8AE07FDB81C ] RimUsb          C:\WINDOWS\system32\Drivers\RimUsb.sys
13:41:43.0000 3668  RimUsb - ok
13:41:43.0140 3668  [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort     C:\WINDOWS\system32\DRIVERS\RimSerial.sys
13:41:43.0531 3668  RimVSerPort - ok
13:41:43.0812 3668  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
13:41:44.0468 3668  ROOTMODEM - ok
13:41:44.0843 3668  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
13:41:45.0406 3668  RpcLocator - ok
13:41:45.0828 3668  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
13:41:47.0000 3668  RpcSs - ok
13:41:47.0234 3668  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
13:41:47.0593 3668  RSVP - ok
13:41:48.0046 3668  [ DA4980FAD2B7D86D6ED8E35E3874F65E ] RT73            C:\WINDOWS\system32\DRIVERS\rt73.sys
13:41:49.0937 3668  RT73 - ok
13:41:50.0015 3668  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
13:41:50.0375 3668  SamSs - ok
13:41:50.0515 3668  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
13:41:51.0234 3668  SCardSvr - ok
13:41:51.0421 3668  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
13:41:52.0046 3668  Schedule - ok
13:41:52.0218 3668  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:41:52.0781 3668  Secdrv - ok
13:41:52.0890 3668  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
13:41:53.0343 3668  seclogon - ok
13:41:53.0468 3668  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
13:41:53.0984 3668  SENS - ok
13:41:54.0156 3668  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
13:41:54.0625 3668  Serial - ok
13:41:54.0875 3668  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
13:41:55.0359 3668  Sfloppy - ok
13:41:55.0875 3668  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
13:41:57.0296 3668  SharedAccess - ok
13:41:57.0484 3668  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:41:58.0078 3668  ShellHWDetection - ok
13:41:58.0078 3668  Simbad - ok
13:42:01.0031 3668  [ 2A99850C2A6EDD6C6602E822C716EDAF ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:42:08.0359 3668  Skype C2C Service - ok
13:42:08.0656 3668  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
13:42:09.0093 3668  SkypeUpdate - ok
13:42:09.0140 3668  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
13:42:09.0687 3668  SONYPVU1 - ok
13:42:09.0703 3668  Sparrow - ok
13:42:09.0890 3668  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
13:42:10.0296 3668  splitter - ok
13:42:10.0453 3668  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
13:42:11.0046 3668  Spooler - ok
13:42:11.0171 3668  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
13:42:11.0593 3668  sr - ok
13:42:11.0828 3668  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
13:42:12.0437 3668  srservice - ok
13:42:12.0921 3668  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
13:42:14.0203 3668  Srv - ok
13:42:14.0375 3668  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
13:42:14.0937 3668  SSDPSRV - ok
13:42:16.0015 3668  [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
13:42:19.0234 3668  STHDA - ok
13:42:19.0625 3668  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
13:42:20.0937 3668  stisvc - ok
13:42:21.0109 3668  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
13:42:21.0593 3668  swenum - ok
13:42:21.0687 3668  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
13:42:22.0093 3668  swmidi - ok
13:42:22.0109 3668  SwPrv - ok
13:42:22.0109 3668  symc810 - ok
13:42:22.0125 3668  symc8xx - ok
13:42:22.0140 3668  sym_hi - ok
13:42:22.0156 3668  sym_u3 - ok
13:42:22.0390 3668  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
13:42:22.0734 3668  sysaudio - ok
13:42:22.0875 3668  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
13:42:23.0406 3668  SysmonLog - ok
13:42:23.0718 3668  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
13:42:24.0453 3668  TapiSrv - ok
13:42:24.0765 3668  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:42:26.0140 3668  Tcpip - ok
13:42:26.0281 3668  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
13:42:26.0781 3668  TDPIPE - ok
13:42:26.0984 3668  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
13:42:27.0609 3668  TDTCP - ok
13:42:27.0781 3668  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
13:42:28.0218 3668  TermDD - ok
13:42:28.0437 3668  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
13:42:29.0140 3668  TermService - ok
13:42:29.0234 3668  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
13:42:29.0312 3668  Themes - ok
13:42:29.0328 3668  TosIde - ok
13:42:29.0468 3668  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
13:42:29.0843 3668  TrkWks - ok
13:42:30.0093 3668  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
13:42:30.0781 3668  Udfs - ok
13:42:30.0796 3668  ultra - ok
13:42:31.0328 3668  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
13:42:32.0203 3668  Update - ok
13:42:32.0453 3668  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
13:42:33.0109 3668  upnphost - ok
13:42:33.0265 3668  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
13:42:33.0843 3668  UPS - ok
13:42:34.0015 3668  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
13:42:34.0453 3668  USBAAPL - ok
13:42:34.0515 3668  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:42:35.0015 3668  usbccgp - ok
13:42:35.0187 3668  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:42:35.0796 3668  usbehci - ok
13:42:35.0968 3668  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:42:36.0578 3668  usbhub - ok
13:42:36.0718 3668  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:42:37.0140 3668  usbohci - ok
13:42:37.0250 3668  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:42:37.0750 3668  usbscan - ok
13:42:37.0859 3668  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:42:38.0328 3668  USBSTOR - ok
13:42:38.0406 3668  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
13:42:38.0859 3668  VgaSave - ok
13:42:38.0859 3668  ViaIde - ok
13:42:38.0921 3668  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
13:42:39.0203 3668  VolSnap - ok
13:42:39.0390 3668  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
13:42:39.0843 3668  VSS - ok
13:42:40.0093 3668  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
13:42:40.0609 3668  W32Time - ok
13:42:40.0718 3668  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:42:41.0484 3668  Wanarp - ok
13:42:41.0890 3668  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
13:42:43.0218 3668  Wdf01000 - ok
13:42:43.0234 3668  WDICA - ok
13:42:43.0390 3668  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
13:42:44.0000 3668  wdmaud - ok
13:42:44.0078 3668  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
13:42:44.0406 3668  WebClient - ok
13:42:45.0015 3668  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
13:42:46.0109 3668  winmgmt - ok
13:42:46.0265 3668  [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
13:42:46.0406 3668  WinUSB - ok
13:42:46.0562 3668  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
13:42:47.0343 3668  WmdmPmSN - ok
13:42:47.0468 3668  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:42:47.0796 3668  WmiApSrv - ok
13:42:48.0125 3668  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
13:42:51.0046 3668  WMPNetworkSvc - ok
13:42:52.0781 3668  [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm      C:\Program Files\Zune\WMZuneComm.exe
13:42:54.0437 3668  WMZuneComm - ok
13:42:54.0609 3668  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:42:55.0031 3668  WS2IFSL - ok
13:42:55.0171 3668  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
13:42:55.0750 3668  wscsvc - ok
13:42:55.0906 3668  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
13:42:56.0468 3668  wuauserv - ok
13:42:56.0593 3668  [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:42:57.0390 3668  WudfPf - ok
13:42:57.0593 3668  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:42:57.0781 3668  WudfRd - ok
13:42:57.0843 3668  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
13:42:58.0031 3668  WudfSvc - ok
13:42:58.0687 3668  [ 326C012C7FE573829871FE9C9E41CF9B ] WUSB54GCv3      C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys
13:43:00.0859 3668  WUSB54GCv3 - ok
13:43:01.0359 3668  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
13:43:03.0015 3668  WZCSVC - ok
13:43:03.0250 3668  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
13:43:03.0703 3668  xmlprov - ok
13:43:04.0046 3668  [ 154FE6A5A608CD725266877901E883C2 ] ZD1211BU(ZyDAS) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
13:43:05.0468 3668  ZD1211BU(ZyDAS) - ok
13:43:05.0671 3668  [ AE279CD76B38FC079EEC3CA6D65A5926 ] zumbus          C:\WINDOWS\system32\DRIVERS\zumbus.sys
13:43:07.0296 3668  zumbus - ok
13:43:07.0500 3668  [ 37F339B64F19E2775284ED7161B96683 ] ZuneBusEnum     C:\Program Files\Zune\ZuneBusEnum.exe
13:43:07.0671 3668  ZuneBusEnum - ok
13:43:13.0187 3668  [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc  C:\Program Files\Zune\ZuneNss.exe
13:43:32.0875 3668  ZuneNetworkSvc - ok
13:43:33.0265 3668  [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc  C:\Program Files\Zune\ZuneWlanCfgSvc.exe
13:43:34.0921 3668  ZuneWlanCfgSvc - ok
13:43:35.0218 3668  ================ Scan global ===============================
13:43:35.0390 3668  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:43:35.0796 3668  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
13:43:36.0812 3668  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
13:43:36.0906 3668  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:43:37.0015 3668  [Global] - ok
13:43:37.0015 3668  ================ Scan MBR ==================================
13:43:37.0062 3668  [ B8219E126CCFCA2511CA3F82E8C3CEDF ] \Device\Harddisk0\DR0
13:43:37.0062 3668  Suspicious mbr (Forged): \Device\Harddisk0\DR0
13:43:37.0500 3668  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected
13:43:37.0687 3668  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)
13:43:51.0718 3668  ================ Scan VBR ==================================
13:43:51.0859 3668  [ 86B94B41B6C0B292FB338298DEC5E5BF ] \Device\Harddisk0\DR0\Partition1
13:43:52.0109 3668  \Device\Harddisk0\DR0\Partition1 - ok
13:43:52.0109 3668  ================ Scan active images ========================
13:43:52.0109 3668  [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
13:43:52.0109 3668  C:\WINDOWS\system32\drivers\processr.sys - ok
13:43:52.0125 3668  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
13:43:52.0125 3668  C:\WINDOWS\system32\drivers\videoprt.sys - ok
13:43:52.0125 3668  [ 7C56F3FD65B2BDB315CA3605A5392D7B ] C:\WINDOWS\system32\drivers\nv4_mini.sys
13:43:52.0125 3668  C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
13:43:52.0140 3668  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
13:43:52.0140 3668  C:\WINDOWS\system32\drivers\usbport.sys - ok
13:43:52.0140 3668  [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
13:43:52.0140 3668  C:\WINDOWS\system32\drivers\usbohci.sys - ok
13:43:52.0140 3668  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
13:43:52.0140 3668  C:\WINDOWS\system32\drivers\usbehci.sys - ok
13:43:52.0156 3668  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
13:43:52.0156 3668  C:\WINDOWS\system32\drivers\imapi.sys - ok
13:43:52.0156 3668  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] C:\WINDOWS\system32\drivers\cdrom.sys
13:43:52.0156 3668  C:\WINDOWS\system32\drivers\cdrom.sys - ok
13:43:52.0171 3668  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
13:43:52.0171 3668  C:\WINDOWS\system32\drivers\ks.sys - ok
13:43:52.0171 3668  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
13:43:52.0171 3668  C:\WINDOWS\system32\drivers\redbook.sys - ok
13:43:52.0187 3668  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
13:43:52.0187 3668  C:\WINDOWS\system32\drivers\audstub.sys - ok
13:43:52.0187 3668  [ 185ADA973B5020655CEE342059A86CBB ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
13:43:52.0187 3668  C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
13:43:52.0203 3668  [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
13:43:52.0203 3668  C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
13:43:52.0203 3668  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] C:\WINDOWS\system32\drivers\rootmdm.sys
13:43:52.0203 3668  C:\WINDOWS\system32\drivers\rootmdm.sys - ok
13:43:52.0218 3668  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
13:43:52.0218 3668  C:\WINDOWS\system32\drivers\modem.sys - ok
13:43:52.0218 3668  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
13:43:52.0218 3668  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
13:43:52.0218 3668  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
13:43:52.0218 3668  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
13:43:52.0234 3668  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
13:43:52.0234 3668  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
13:43:52.0234 3668  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
13:43:52.0234 3668  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
13:43:52.0250 3668  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
13:43:52.0250 3668  C:\WINDOWS\system32\drivers\tdi.sys - ok
13:43:52.0250 3668  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
13:43:52.0250 3668  C:\WINDOWS\system32\drivers\raspptp.sys - ok
13:43:52.0250 3668  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
13:43:52.0250 3668  C:\WINDOWS\system32\drivers\psched.sys - ok
13:43:52.0265 3668  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
13:43:52.0265 3668  C:\WINDOWS\system32\drivers\msgpc.sys - ok
13:43:52.0265 3668  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
13:43:52.0265 3668  C:\WINDOWS\system32\drivers\ptilink.sys - ok
13:43:52.0281 3668  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
13:43:52.0281 3668  C:\WINDOWS\system32\drivers\raspti.sys - ok
13:43:52.0281 3668  [ 2C4FB2E9F039287767C384E46EE91030 ] C:\WINDOWS\system32\drivers\RimSerial.sys
13:43:52.0281 3668  C:\WINDOWS\system32\drivers\RimSerial.sys - ok
13:43:52.0281 3668  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
13:43:52.0281 3668  C:\WINDOWS\system32\drivers\termdd.sys - ok
13:43:52.0296 3668  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
13:43:52.0296 3668  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
13:43:52.0296 3668  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
13:43:52.0296 3668  C:\WINDOWS\system32\drivers\mouclass.sys - ok
13:43:52.0312 3668  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
13:43:52.0312 3668  C:\WINDOWS\system32\drivers\swenum.sys - ok
13:43:52.0312 3668  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
13:43:52.0312 3668  C:\WINDOWS\system32\drivers\update.sys - ok
13:43:52.0312 3668  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
13:43:52.0312 3668  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
13:43:52.0328 3668  [ 399C974DDA25FD3E59F22BAB787F662B ] C:\WINDOWS\system32\drivers\wdfldr.sys
13:43:52.0328 3668  C:\WINDOWS\system32\drivers\wdfldr.sys - ok
13:43:52.0328 3668  [ AE279CD76B38FC079EEC3CA6D65A5926 ] C:\WINDOWS\system32\drivers\zumbus.sys
13:43:52.0328 3668  C:\WINDOWS\system32\drivers\zumbus.sys - ok
13:43:52.0343 3668  [ D918617B46457B9AC28027722E30F647 ] C:\WINDOWS\system32\drivers\wdf01000.sys
13:43:52.0343 3668  C:\WINDOWS\system32\drivers\wdf01000.sys - ok
13:43:52.0343 3668  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
13:43:52.0343 3668  C:\WINDOWS\system32\drivers\drmk.sys - ok
13:43:52.0343 3668  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
13:43:52.0343 3668  C:\WINDOWS\system32\drivers\portcls.sys - ok
13:43:52.0359 3668  [ 8990440E4B2A7CA5A56A1833B03741FD ] C:\WINDOWS\system32\drivers\sthda.sys
13:43:52.0359 3668  C:\WINDOWS\system32\drivers\sthda.sys - ok
13:43:52.0359 3668  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
13:43:52.0359 3668  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
13:43:52.0375 3668  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
13:43:52.0375 3668  C:\WINDOWS\system32\drivers\usbd.sys - ok
13:43:52.0375 3668  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
13:43:52.0375 3668  C:\WINDOWS\system32\drivers\usbhub.sys - ok
13:43:52.0390 3668  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
13:43:52.0390 3668  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
13:43:52.0390 3668  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
13:43:52.0390 3668  C:\WINDOWS\system32\drivers\fdc.sys - ok
13:43:52.0390 3668  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
13:43:52.0390 3668  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
13:43:52.0406 3668  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
13:43:52.0406 3668  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
13:43:52.0406 3668  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
13:43:52.0406 3668  C:\WINDOWS\system32\drivers\null.sys - ok
13:43:52.0421 3668  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
13:43:52.0421 3668  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
13:43:52.0421 3668  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
13:43:52.0421 3668  C:\WINDOWS\system32\drivers\beep.sys - ok
13:43:52.0437 3668  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
13:43:52.0437 3668  C:\WINDOWS\system32\drivers\hidparse.sys - ok
13:43:52.0437 3668  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
13:43:52.0437 3668  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
13:43:52.0453 3668  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
13:43:52.0453 3668  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
13:43:52.0468 3668  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
13:43:52.0468 3668  C:\WINDOWS\system32\drivers\vga.sys - ok
13:43:52.0468 3668  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
13:43:52.0468 3668  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
13:43:52.0468 3668  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
13:43:52.0468 3668  C:\WINDOWS\system32\drivers\msfs.sys - ok
13:43:52.0484 3668  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
13:43:52.0484 3668  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
13:43:52.0484 3668  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
13:43:52.0484 3668  C:\WINDOWS\system32\drivers\ipsec.sys - ok
13:43:52.0500 3668  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
13:43:52.0500 3668  C:\WINDOWS\system32\drivers\npfs.sys - ok
13:43:52.0687 3668  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
13:43:52.0687 3668  C:\WINDOWS\system32\drivers\rasacd.sys - ok
13:43:52.0703 3668  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
13:43:52.0703 3668  C:\WINDOWS\system32\drivers\netbt.sys - ok
13:43:52.0718 3668  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
13:43:52.0718 3668  C:\WINDOWS\system32\drivers\tcpip.sys - ok
13:43:52.0718 3668  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
13:43:52.0718 3668  C:\WINDOWS\system32\drivers\ipnat.sys - ok
13:43:52.0718 3668  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
13:43:52.0718 3668  C:\WINDOWS\system32\drivers\wanarp.sys - ok
13:43:52.0734 3668  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
13:43:52.0734 3668  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
13:43:52.0734 3668  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
13:43:52.0734 3668  C:\WINDOWS\system32\drivers\afd.sys - ok
13:43:52.0734 3668  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
13:43:52.0734 3668  C:\WINDOWS\system32\drivers\netbios.sys - ok
13:43:52.0750 3668  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
13:43:52.0750 3668  C:\WINDOWS\system32\drivers\rdbss.sys - ok
13:43:52.0750 3668  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
13:43:52.0750 3668  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
13:43:52.0765 3668  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
13:43:52.0765 3668  C:\WINDOWS\system32\drivers\fips.sys - ok
13:43:52.0765 3668  [ EB5A63ADBF35314465CFBC33558CDAF7 ] C:\WINDOWS\system32\drivers\idmtdi.sys
13:43:52.0765 3668  C:\WINDOWS\system32\drivers\idmtdi.sys - ok
13:43:52.0781 3668  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
13:43:52.0781 3668  C:\WINDOWS\system32\smss.exe - ok
13:43:52.0781 3668  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
13:43:52.0781 3668  C:\WINDOWS\system32\ntdll.dll - ok
13:43:52.0781 3668  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
13:43:52.0781 3668  C:\WINDOWS\system32\autochk.exe - ok
13:43:52.0812 3668  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
13:43:52.0812 3668  C:\WINDOWS\system32\sfcfiles.dll - ok
13:43:52.0843 3668  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
13:43:52.0843 3668  C:\WINDOWS\system32\drivers\cdfs.sys - ok
13:43:52.0859 3668  [ E65E2353A5D74EA89971CB918EEEB2F6 ] C:\WINDOWS\system32\drivers\diskdump.sys
13:43:52.0859 3668  C:\WINDOWS\system32\drivers\diskdump.sys - ok
13:43:52.0875 3668  [ 75E2E77C5497F34E60491D27BF03F1CB ] C:\WINDOWS\system32\drivers\nvgts.sys
13:43:52.0875 3668  C:\WINDOWS\system32\drivers\nvgts.sys - ok
13:43:52.0890 3668  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
13:43:52.0890 3668  C:\WINDOWS\system32\drivers\dxapi.sys - ok
13:43:52.0890 3668  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
13:43:52.0890 3668  C:\WINDOWS\system32\watchdog.sys - ok
13:43:52.0906 3668  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:43:52.0906 3668  C:\WINDOWS\system32\basesrv.dll - ok
13:43:52.0906 3668  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
13:43:52.0906 3668  C:\WINDOWS\system32\csrsrv.dll - ok
13:43:52.0921 3668  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
13:43:52.0921 3668  C:\WINDOWS\system32\csrss.exe - ok
13:43:52.0937 3668  [ FC8A1F72A8097910A11D5184BC3F887B ] C:\WINDOWS\system32\win32k.sys
13:43:52.0937 3668  C:\WINDOWS\system32\win32k.sys - ok
13:43:52.0937 3668  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
13:43:52.0937 3668  C:\WINDOWS\system32\winsrv.dll - ok
13:43:52.0953 3668  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
13:43:52.0953 3668  C:\WINDOWS\system32\gdi32.dll - ok
13:43:52.0953 3668  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
13:43:52.0953 3668  C:\WINDOWS\system32\kernel32.dll - ok
13:43:52.0953 3668  [ DA4980FAD2B7D86D6ED8E35E3874F65E ] C:\WINDOWS\system32\drivers\rt73.sys
13:43:52.0953 3668  C:\WINDOWS\system32\drivers\rt73.sys - ok
13:43:52.0968 3668  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
13:43:52.0968 3668  C:\WINDOWS\system32\user32.dll - ok
13:43:52.0984 3668  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
13:43:52.0984 3668  C:\WINDOWS\system32\drivers\dxg.sys - ok
13:43:52.0984 3668  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
13:43:52.0984 3668  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
13:43:53.0000 3668  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
13:43:53.0000 3668  C:\WINDOWS\system32\drivers\hidclass.sys - ok
13:43:53.0000 3668  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
13:43:53.0000 3668  C:\WINDOWS\system32\drivers\hidusb.sys - ok
13:43:53.0015 3668  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
13:43:53.0015 3668  C:\WINDOWS\system32\drivers\mouhid.sys - ok
13:43:53.0015 3668  [ 02EF59B043D03C5A75B66B75520CBEDF ] C:\WINDOWS\system32\nv4_disp.dll
13:43:53.0015 3668  C:\WINDOWS\system32\nv4_disp.dll - ok
13:43:53.0031 3668  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
13:43:53.0031 3668  C:\WINDOWS\system32\vga.dll - ok
13:43:53.0031 3668  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
13:43:53.0031 3668  C:\WINDOWS\system32\winlogon.exe - ok
13:43:53.0031 3668  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
13:43:53.0031 3668  C:\WINDOWS\system32\advapi32.dll - ok
13:43:53.0046 3668  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
13:43:53.0046 3668  C:\WINDOWS\system32\rpcrt4.dll - ok
13:43:53.0046 3668  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
13:43:53.0046 3668  C:\WINDOWS\system32\authz.dll - ok
13:43:53.0062 3668  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
13:43:53.0062 3668  C:\WINDOWS\system32\msvcrt.dll - ok
13:43:53.0062 3668  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
13:43:53.0062 3668  C:\WINDOWS\system32\secur32.dll - ok
13:43:53.0078 3668  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
13:43:53.0078 3668  C:\WINDOWS\system32\crypt32.dll - ok
13:43:53.0078 3668  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
13:43:53.0078 3668  C:\WINDOWS\system32\msasn1.dll - ok
13:43:53.0093 3668  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
13:43:53.0093 3668  C:\WINDOWS\system32\nddeapi.dll - ok
13:43:53.0093 3668  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
13:43:53.0140 3668  C:\WINDOWS\system32\netapi32.dll - ok
13:43:53.0140 3668  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
13:43:53.0140 3668  C:\WINDOWS\system32\profmap.dll - ok
13:43:53.0140 3668  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
13:43:53.0140 3668  C:\WINDOWS\system32\userenv.dll - ok
13:43:53.0156 3668  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
13:43:53.0156 3668  C:\WINDOWS\system32\psapi.dll - ok
13:43:53.0156 3668  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
13:43:53.0156 3668  C:\WINDOWS\system32\regapi.dll - ok
13:43:53.0171 3668  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
13:43:53.0171 3668  C:\WINDOWS\system32\setupapi.dll - ok
13:43:53.0171 3668  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
13:43:53.0171 3668  C:\WINDOWS\system32\version.dll - ok
13:43:53.0171 3668  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
13:43:53.0171 3668  C:\WINDOWS\system32\winsta.dll - ok
13:43:53.0187 3668  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
13:43:53.0187 3668  C:\WINDOWS\system32\wintrust.dll - ok
13:43:53.0187 3668  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
13:43:53.0187 3668  C:\WINDOWS\system32\imagehlp.dll - ok
13:43:53.0203 3668  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
13:43:53.0203 3668  C:\WINDOWS\system32\ws2_32.dll - ok
13:43:53.0203 3668  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
13:43:53.0203 3668  C:\WINDOWS\system32\imm32.dll - ok
13:43:53.0218 3668  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
13:43:53.0218 3668  C:\WINDOWS\system32\ws2help.dll - ok
13:43:53.0218 3668  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
13:43:53.0218 3668  C:\WINDOWS\system32\ole32.dll - ok
13:43:53.0218 3668  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
13:43:53.0218 3668  C:\WINDOWS\system32\oleaut32.dll - ok
13:43:53.0234 3668  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
13:43:53.0234 3668  C:\WINDOWS\system32\shlwapi.dll - ok
13:43:53.0234 3668  [ 674540915241F737300B604EE811A139 ] C:\WINDOWS\system32\urlmon.dll
13:43:53.0234 3668  C:\WINDOWS\system32\urlmon.dll - ok
13:43:53.0234 3668  [ DCA5BC4913C1DE2668625D7680DF6F18 ] C:\WINDOWS\system32\iertutil.dll
13:43:53.0234 3668  C:\WINDOWS\system32\iertutil.dll - ok
13:43:53.0250 3668  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
13:43:53.0250 3668  C:\WINDOWS\system32\sxs.dll - ok
13:43:53.0250 3668  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
13:43:53.0250 3668  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
13:43:53.0265 3668  [ 5C4AAC5A91422C95522ECC6C26FB93C8 ] C:\WINDOWS\system32\wininet.dll
13:43:53.0265 3668  C:\WINDOWS\system32\wininet.dll - ok
13:43:53.0265 3668  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
13:43:53.0265 3668  C:\WINDOWS\system32\normaliz.dll - ok
13:43:53.0281 3668  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
13:43:53.0281 3668  C:\WINDOWS\system32\kbdus.dll - ok
13:43:53.0281 3668  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
13:43:53.0281 3668  C:\WINDOWS\system32\msgina.dll - ok
13:43:53.0281 3668  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
13:43:53.0281 3668  C:\WINDOWS\system32\comctl32.dll - ok
13:43:53.0296 3668  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
13:43:53.0296 3668  C:\WINDOWS\system32\comdlg32.dll - ok
13:43:53.0296 3668  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
13:43:53.0296 3668  C:\WINDOWS\system32\odbc32.dll - ok
13:43:53.0312 3668  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
13:43:53.0312 3668  C:\WINDOWS\system32\shell32.dll - ok
13:43:53.0312 3668  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
13:43:53.0312 3668  C:\WINDOWS\system32\odbcint.dll - ok
13:43:53.0312 3668  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
13:43:53.0312 3668  C:\WINDOWS\system32\apphelp.dll - ok
13:43:53.0328 3668  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
13:43:53.0328 3668  C:\WINDOWS\system32\sfc.dll - ok
13:43:53.0328 3668  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
13:43:53.0328 3668  C:\WINDOWS\system32\sfc_os.dll - ok
13:43:53.0343 3668  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
13:43:53.0343 3668  C:\WINDOWS\system32\shsvcs.dll - ok
13:43:53.0343 3668  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
13:43:53.0343 3668  C:\WINDOWS\system32\lsass.exe - ok
13:43:53.0359 3668  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:43:53.0359 3668  C:\WINDOWS\system32\services.exe - ok
13:43:53.0359 3668  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
13:43:53.0359 3668  C:\WINDOWS\system32\lsasrv.dll - ok
13:43:53.0359 3668  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
13:43:53.0359 3668  C:\WINDOWS\system32\ncobjapi.dll - ok
13:43:53.0375 3668  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
13:43:53.0375 3668  C:\WINDOWS\system32\msvcp60.dll - ok
13:43:53.0375 3668  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
13:43:53.0375 3668  C:\WINDOWS\system32\mpr.dll - ok
13:43:53.0390 3668  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
13:43:53.0390 3668  C:\WINDOWS\system32\dnsapi.dll - ok
13:43:53.0390 3668  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
13:43:53.0390 3668  C:\WINDOWS\system32\ntdsapi.dll - ok
13:43:53.0406 3668  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
13:43:53.0406 3668  C:\WINDOWS\system32\samlib.dll - ok
13:43:53.0406 3668  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
13:43:53.0406 3668  C:\WINDOWS\system32\scesrv.dll - ok
13:43:53.0406 3668  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
13:43:53.0406 3668  C:\WINDOWS\system32\shimeng.dll - ok
13:43:53.0421 3668  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
13:43:53.0421 3668  C:\WINDOWS\system32\umpnpmgr.dll - ok
13:43:53.0421 3668  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
13:43:53.0421 3668  C:\WINDOWS\system32\wldap32.dll - ok
13:43:53.0437 3668  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
13:43:53.0437 3668  C:\WINDOWS\AppPatch\acadproc.dll - ok
13:43:53.0453 3668  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
13:43:53.0453 3668  C:\WINDOWS\AppPatch\acgenral.dll - ok
13:43:53.0468 3668  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
13:43:53.0468 3668  C:\WINDOWS\system32\cryptdll.dll - ok
13:43:53.0468 3668  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
13:43:53.0468 3668  C:\WINDOWS\system32\samsrv.dll - ok
13:43:53.0484 3668  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
13:43:53.0484 3668  C:\WINDOWS\system32\msacm32.dll - ok
13:43:53.0484 3668  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
13:43:53.0484 3668  C:\WINDOWS\system32\uxtheme.dll - ok
13:43:53.0484 3668  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
13:43:53.0484 3668  C:\WINDOWS\system32\winmm.dll - ok
13:43:53.0500 3668  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
13:43:53.0500 3668  C:\WINDOWS\system32\msapsspc.dll - ok
13:43:53.0515 3668  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
13:43:53.0515 3668  C:\WINDOWS\system32\msvcrt40.dll - ok
13:43:53.0515 3668  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
13:43:53.0515 3668  C:\WINDOWS\system32\schannel.dll - ok
13:43:53.0515 3668  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
13:43:53.0515 3668  C:\WINDOWS\system32\digest.dll - ok
13:43:53.0531 3668  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
13:43:53.0531 3668  C:\WINDOWS\system32\msnsspc.dll - ok
13:43:53.0531 3668  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
13:43:53.0531 3668  C:\WINDOWS\system32\kerberos.dll - ok
13:43:53.0562 3668  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
13:43:53.0562 3668  C:\WINDOWS\system32\msctfime.ime - ok
13:43:53.0578 3668  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
13:43:53.0578 3668  C:\WINDOWS\system32\msprivs.dll - ok
13:43:53.0593 3668  [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
13:43:53.0593 3668  C:\WINDOWS\system32\atmfd.dll - ok
13:43:53.0609 3668  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
13:43:53.0609 3668  C:\WINDOWS\system32\msv1_0.dll - ok
13:43:53.0640 3668  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
13:43:53.0640 3668  C:\WINDOWS\system32\iphlpapi.dll - ok
13:43:53.0671 3668  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
13:43:53.0671 3668  C:\WINDOWS\system32\netlogon.dll - ok
13:43:53.0687 3668  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
13:43:53.0687 3668  C:\WINDOWS\system32\rsaenh.dll - ok
13:43:53.0703 3668  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
13:43:53.0703 3668  C:\WINDOWS\system32\w32time.dll - ok
13:43:53.0718 3668  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
13:43:53.0718 3668  C:\WINDOWS\system32\wdigest.dll - ok
13:43:53.0718 3668  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
13:43:53.0718 3668  C:\WINDOWS\system32\winscard.dll - ok
13:43:53.0734 3668  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
13:43:53.0734 3668  C:\WINDOWS\system32\wtsapi32.dll - ok
13:43:53.0734 3668  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
13:43:53.0734 3668  C:\WINDOWS\system32\scecli.dll - ok
13:43:53.0750 3668  [ EAA6324F51214D2F6718977EC9CE0DEF ] C:\WINDOWS\system32\drivers\WudfPf.sys
13:43:53.0750 3668  C:\WINDOWS\system32\drivers\WudfPf.sys - ok
13:43:53.0781 3668  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
13:43:53.0781 3668  C:\WINDOWS\system32\svchost.exe - ok
13:43:53.0796 3668  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
13:43:53.0796 3668  C:\WINDOWS\system32\ntmarta.dll - ok
13:43:53.0812 3668  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
13:43:53.0812 3668  C:\WINDOWS\system32\rpcss.dll - ok
13:43:53.0812 3668  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
13:43:53.0812 3668  C:\WINDOWS\system32\xpsp2res.dll - ok
13:43:53.0828 3668  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
13:43:53.0828 3668  C:\WINDOWS\system32\eventlog.dll - ok
13:43:53.0828 3668  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
13:43:53.0828 3668  C:\WINDOWS\system32\mswsock.dll - ok
13:43:53.0828 3668  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
13:43:53.0828 3668  C:\WINDOWS\system32\hnetcfg.dll - ok
13:43:53.0843 3668  [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
13:43:53.0843 3668  C:\Program Files\Bonjour\mdnsNSP.dll - ok
13:43:53.0843 3668  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
13:43:53.0843 3668  C:\WINDOWS\system32\rasadhlp.dll - ok
13:43:53.0859 3668  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
13:43:53.0859 3668  C:\WINDOWS\system32\winrnr.dll - ok
13:43:53.0859 3668  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
13:43:53.0859 3668  C:\WINDOWS\system32\wshtcpip.dll - ok
13:43:53.0875 3668  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
13:43:53.0875 3668  C:\WINDOWS\system32\rasapi32.dll - ok
13:43:53.0875 3668  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] C:\WINDOWS\system32\WudfSvc.dll
13:43:53.0875 3668  C:\WINDOWS\system32\WudfSvc.dll - ok
13:43:53.0875 3668  [ 708E6997420592E033CF01B60E6E4223 ] C:\WINDOWS\system32\WudfPlatform.dll
13:43:53.0875 3668  C:\WINDOWS\system32\WudfPlatform.dll - ok
13:43:53.0890 3668  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
13:43:53.0890 3668  C:\WINDOWS\system32\rasman.dll - ok
13:43:53.0890 3668  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
13:43:53.0890 3668  C:\WINDOWS\system32\tapi32.dll - ok
13:43:53.0906 3668  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
13:43:53.0906 3668  C:\WINDOWS\system32\rtutils.dll - ok
13:43:53.0906 3668  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
13:43:53.0906 3668  C:\WINDOWS\system32\rasmans.dll - ok
13:43:53.0906 3668  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
13:43:53.0906 3668  C:\WINDOWS\system32\sens.dll - ok
13:43:53.0921 3668  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
13:43:53.0921 3668  C:\WINDOWS\system32\netcfgx.dll - ok
13:43:53.0921 3668  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
13:43:53.0921 3668  C:\WINDOWS\system32\winipsec.dll - ok
13:43:53.0968 3668  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
13:43:53.0968 3668  C:\WINDOWS\system32\clusapi.dll - ok
13:43:54.0031 3668  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
13:43:54.0031 3668  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
13:43:54.0031 3668  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
13:43:54.0031 3668  C:\WINDOWS\system32\dhcpcsvc.dll - ok
13:43:54.0031 3668  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
13:43:54.0031 3668  C:\WINDOWS\system32\dnsrslvr.dll - ok
13:43:54.0046 3668  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
13:43:54.0046 3668  C:\WINDOWS\system32\lmhsvc.dll - ok
13:43:54.0046 3668  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
13:43:54.0046 3668  C:\WINDOWS\system32\wzcsvc.dll - ok
13:43:54.0062 3668  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
13:43:54.0062 3668  C:\WINDOWS\system32\atl.dll - ok
13:43:54.0078 3668  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
13:43:54.0078 3668  C:\WINDOWS\system32\dot3api.dll - ok
13:43:54.0078 3668  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
13:43:54.0078 3668  C:\WINDOWS\system32\eapolqec.dll - ok
13:43:54.0093 3668  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
13:43:54.0093 3668  C:\WINDOWS\system32\qutil.dll - ok
13:43:54.0093 3668  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
13:43:54.0171 3668  C:\WINDOWS\system32\wmi.dll - ok
13:43:54.0171 3668  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
13:43:54.0171 3668  C:\WINDOWS\system32\esent.dll - ok
13:43:54.0187 3668  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
13:43:54.0187 3668  C:\WINDOWS\system32\clbcatq.dll - ok
13:43:54.0187 3668  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
13:43:54.0187 3668  C:\WINDOWS\system32\comres.dll - ok
13:43:54.0203 3668  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
13:43:54.0203 3668  C:\WINDOWS\system32\mlang.dll - ok
13:43:54.0203 3668  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
13:43:54.0203 3668  C:\WINDOWS\system32\cryptui.dll - ok
13:43:54.0218 3668  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
13:43:54.0218 3668  C:\WINDOWS\system32\rastls.dll - ok
13:43:54.0218 3668  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
13:43:54.0218 3668  C:\WINDOWS\system32\wzcsapi.dll - ok
13:43:54.0218 3668  [ 566382CA5F2C41FEAEEEFAC908F1EB92 ] C:\WINDOWS\system32\xmlprovi.dll
13:43:54.0218 3668  C:\WINDOWS\system32\xmlprovi.dll - ok
13:43:54.0234 3668  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
13:43:54.0234 3668  C:\WINDOWS\system32\cscdll.dll - ok
13:43:54.0234 3668  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
13:43:54.0234 3668  C:\WINDOWS\system32\logonui.exe - ok
13:43:54.0250 3668  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
13:43:54.0250 3668  C:\WINDOWS\system32\dimsntfy.dll - ok
13:43:54.0250 3668  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
13:43:54.0250 3668  C:\WINDOWS\system32\winspool.drv - ok
13:43:54.0250 3668  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
13:43:54.0250 3668  C:\WINDOWS\system32\wlnotify.dll - ok
13:43:54.0265 3668  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
13:43:54.0265 3668  C:\WINDOWS\system32\mprapi.dll - ok
13:43:54.0265 3668  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
13:43:54.0265 3668  C:\WINDOWS\system32\activeds.dll - ok
13:43:54.0281 3668  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
13:43:54.0281 3668  C:\WINDOWS\system32\adsldpc.dll - ok
13:43:54.0281 3668  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
13:43:54.0281 3668  C:\WINDOWS\system32\duser.dll - ok
13:43:54.0281 3668  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
13:43:54.0281 3668  C:\WINDOWS\system32\riched20.dll - ok
13:43:54.0296 3668  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
13:43:54.0296 3668  C:\WINDOWS\system32\msimg32.dll - ok
13:43:54.0296 3668  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
13:43:54.0296 3668  C:\WINDOWS\system32\oleacc.dll - ok
13:43:54.0312 3668  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
13:43:54.0312 3668  C:\WINDOWS\system32\raschap.dll - ok
13:43:54.0312 3668  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
13:43:54.0312 3668  C:\WINDOWS\system32\schedsvc.dll - ok
13:43:54.0312 3668  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
13:43:54.0312 3668  C:\WINDOWS\system32\msidle.dll - ok
13:43:54.0328 3668  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
13:43:54.0328 3668  C:\WINDOWS\system32\shgina.dll - ok
13:43:54.0328 3668  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
13:43:54.0328 3668  C:\WINDOWS\system32\spoolsv.exe - ok
13:43:54.0343 3668  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
13:43:54.0343 3668  C:\WINDOWS\system32\audiosrv.dll - ok
13:43:54.0343 3668  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
13:43:54.0343 3668  C:\WINDOWS\system32\wkssvc.dll - ok
13:43:54.0359 3668  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
13:43:54.0359 3668  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
13:43:54.0359 3668  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
13:43:54.0359 3668  C:\WINDOWS\system32\webclnt.dll - ok
13:43:54.0359 3668  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
13:43:54.0359 3668  C:\WINDOWS\system32\drivers\parport.sys - ok
13:43:54.0375 3668  [ 4FE5C6D40664AE07BE5105874357D2ED ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:43:54.0375 3668  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
13:43:54.0375 3668  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
13:43:54.0375 3668  C:\WINDOWS\system32\drivers\serial.sys - ok
13:43:54.0390 3668  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
13:43:54.0390 3668  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
13:43:54.0390 3668  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
13:43:54.0390 3668  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
13:43:54.0390 3668  [ 60C079CB2150760263D1FE5FF6218961 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
13:43:54.0390 3668  C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
13:43:54.0406 3668  [ EF8CD3C64EE9C08980D6D06CCCE46C68 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
13:43:54.0406 3668  C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
13:43:54.0406 3668  [ 64894527838C86454E2F378FF39FA336 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
13:43:54.0406 3668  C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
13:43:54.0421 3668  [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
13:43:54.0421 3668  C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
13:43:54.0437 3668  [ DF1C1CD0C7EE95CC00D71E9E415E7BCD ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
13:43:54.0437 3668  C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
13:43:54.0453 3668  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
13:43:54.0453 3668  C:\WINDOWS\system32\wsock32.dll - ok
13:43:54.0453 3668  [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
13:43:54.0453 3668  C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
13:43:54.0468 3668  [ FD86C605FD7AD4A41C01EC7A4A1E1C5D ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
13:43:54.0468 3668  C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
13:43:54.0468 3668  [ A3609397EF273B03295DBB10274BE12C ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
13:43:54.0468 3668  C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
13:43:54.0468 3668  [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
13:43:54.0468 3668  C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
13:43:54.0484 3668  [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
13:43:54.0484 3668  C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
13:43:54.0484 3668  [ 4327CF9A9D0864CA0FFC97FCDA97315A ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
13:43:54.0484 3668  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
13:43:54.0500 3668  [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\WINDOWS\system32\dnssd.dll
13:43:54.0500 3668  C:\WINDOWS\system32\dnssd.dll - ok
13:43:54.0500 3668  [ 24665B221424FFD7B71F0D2C398F2F4F ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
13:43:54.0500 3668  C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
13:43:54.0515 3668  [ A56CCBBFCCEDCE2FD9C69FED24E035E3 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
13:43:54.0515 3668  C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
13:43:54.0531 3668  [ E53B389AABC47A86A41884E94C9A3012 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
13:43:54.0531 3668  C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
13:43:54.0531 3668  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
13:43:54.0531 3668  C:\Program Files\Bonjour\mDNSResponder.exe - ok
13:43:54.0531 3668  [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
13:43:54.0531 3668  C:\WINDOWS\system32\qmgr.dll - ok
13:43:54.0546 3668  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
13:43:54.0546 3668  C:\WINDOWS\system32\shfolder.dll - ok
13:43:54.0546 3668  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
13:43:54.0546 3668  C:\WINDOWS\system32\winhttp.dll - ok
13:43:54.0562 3668  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
13:43:54.0562 3668  C:\WINDOWS\system32\netman.dll - ok
13:43:54.0562 3668  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
13:43:54.0562 3668  C:\WINDOWS\system32\netshell.dll - ok
13:43:54.0578 3668  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
13:43:54.0578 3668  C:\WINDOWS\system32\powrprof.dll - ok
13:43:54.0578 3668  [ C28FD3B37B6F18751C99E6022A2A9782 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
13:43:54.0578 3668  C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
13:43:54.0593 3668  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
13:43:54.0593 3668  C:\WINDOWS\system32\cryptsvc.dll - ok
13:43:54.0593 3668  [ 8F0DE4FEF8201E306F9938B0905AC96A ] C:\Program Files\Google\Update\GoogleUpdate.exe
13:43:54.0593 3668  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
13:43:54.0609 3668  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
13:43:54.0609 3668  C:\WINDOWS\system32\certcli.dll - ok
13:43:54.0609 3668  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
13:43:54.0609 3668  C:\WINDOWS\system32\es.dll - ok
13:43:54.0625 3668  [ 18301B40411B2108076AB685B4E4B6DC ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
13:43:54.0625 3668  C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
13:43:54.0625 3668  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
13:43:54.0625 3668  C:\WINDOWS\system32\ersvc.dll - ok
13:43:54.0640 3668  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
13:43:54.0640 3668  C:\WINDOWS\system32\credui.dll - ok
13:43:54.0640 3668  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
13:43:54.0640 3668  C:\WINDOWS\system32\dot3dlg.dll - ok
13:43:54.0656 3668  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
13:43:54.0656 3668  C:\WINDOWS\system32\onex.dll - ok
13:43:54.0671 3668  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
13:43:54.0671 3668  C:\WINDOWS\system32\eappcfg.dll - ok
13:43:54.0671 3668  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
13:43:54.0671 3668  C:\WINDOWS\system32\eappprxy.dll - ok
13:43:54.0687 3668  [ FF60B8C5BBE73B0790B3332783B6FD81 ] C:\Program Files\Google\Update\1.3.21.153\goopdate.dll
13:43:54.0687 3668  C:\Program Files\Google\Update\1.3.21.153\goopdate.dll - ok
13:43:54.0687 3668  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
13:43:54.0687 3668  C:\WINDOWS\system32\msi.dll - ok
13:43:54.0703 3668  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
13:43:54.0703 3668  C:\WINDOWS\system32\dbghelp.dll - ok
13:43:54.0703 3668  [ 9AA67569D5257462E230767510B0C815 ] C:\Program Files\Java\jre6\bin\jqs.exe
13:43:54.0703 3668  C:\Program Files\Java\jre6\bin\jqs.exe - ok
13:43:54.0718 3668  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:43:54.0718 3668  C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - ok
13:43:54.0718 3668  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll
13:43:54.0718 3668  C:\Program Files\Java\jre6\bin\msvcr71.dll - ok
13:43:54.0734 3668  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
13:43:54.0734 3668  C:\WINDOWS\system32\pdh.dll - ok
13:43:54.0734 3668  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
13:43:54.0734 3668  C:\WINDOWS\system32\odbcbcp.dll - ok
13:43:54.0750 3668  [ 0FEBE37DB6650FAA5965C00545009D1D ] C:\WINDOWS\system32\nvsvc32.exe
13:43:54.0750 3668  C:\WINDOWS\system32\nvsvc32.exe - ok
13:43:54.0750 3668  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
13:43:54.0750 3668  C:\WINDOWS\system32\srvsvc.dll - ok
13:43:54.0765 3668  [ 8726802EA4FBFFA3FD54FD2449BF51D4 ] C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
13:43:54.0765 3668  C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe - ok
13:43:54.0765 3668  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
13:43:54.0765 3668  C:\WINDOWS\system32\mstask.dll - ok
13:43:54.0781 3668  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
13:43:54.0781 3668  C:\WINDOWS\system32\netmsg.dll - ok
13:43:54.0781 3668  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
13:43:54.0781 3668  C:\WINDOWS\system32\perfos.dll - ok
13:43:54.0781 3668  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
13:43:54.0781 3668  C:\WINDOWS\system32\perfdisk.dll - ok
13:43:54.0796 3668  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
13:43:54.0796 3668  C:\WINDOWS\system32\drivers\srv.sys - ok
13:43:54.0796 3668  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
13:43:54.0796 3668  C:\WINDOWS\system32\ipsecsvc.dll - ok
13:43:54.0796 3668  [ C1EA489DD8B5E57B03E2FD5A1500621B ] C:\WINDOWS\system32\nvcpl.dll
13:43:54.0796 3668  C:\WINDOWS\system32\nvcpl.dll - ok
13:43:54.0812 3668  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
13:43:54.0812 3668  C:\WINDOWS\system32\oakley.dll - ok
13:43:54.0812 3668  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
13:43:54.0812 3668  C:\WINDOWS\system32\seclogon.dll - ok
13:43:54.0828 3668  [ 2A99850C2A6EDD6C6602E822C716EDAF ] C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:43:54.0828 3668  C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe - ok
13:43:54.0828 3668  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
13:43:54.0828 3668  C:\WINDOWS\system32\ipnathlp.dll - ok
13:43:54.0843 3668  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
13:43:54.0843 3668  C:\WINDOWS\system32\pstorsvc.dll - ok
13:43:54.0843 3668  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
13:43:54.0843 3668  C:\WINDOWS\system32\psbase.dll - ok
13:43:54.0859 3668  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
13:43:54.0859 3668  C:\WINDOWS\system32\dssenh.dll - ok
13:43:54.0859 3668  [ F1DAC7969C1337AF790BD1D981AA780C ] C:\WINDOWS\system32\qmgrprxy.dll
13:43:54.0859 3668  C:\WINDOWS\system32\qmgrprxy.dll - ok
13:43:54.0859 3668  [ F07AF60B152221472FBDB2FECEC4896D ] C:\Program Files\Skype\Updater\Updater.exe
13:43:54.0859 3668  C:\Program Files\Skype\Updater\Updater.exe - ok
13:43:54.0875 3668  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
13:43:54.0875 3668  C:\WINDOWS\system32\srsvc.dll - ok
13:43:54.0875 3668  [ 288FC8B1A73FB46AE02590157855E302 ] C:\WINDOWS\system32\nvapi.dll
13:43:54.0875 3668  C:\WINDOWS\system32\nvapi.dll - ok
13:43:54.0890 3668  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
13:43:54.0890 3668  C:\WINDOWS\system32\trkwks.dll - ok
13:43:54.0890 3668  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
13:43:54.0890 3668  C:\WINDOWS\system32\wiaservc.dll - ok
13:43:54.0906 3668  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
13:43:54.0906 3668  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
13:43:54.0906 3668  [ 37F339B64F19E2775284ED7161B96683 ] C:\Program Files\Zune\ZuneBusEnum.exe
13:43:54.0906 3668  C:\Program Files\Zune\ZuneBusEnum.exe - ok
13:43:54.0921 3668  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
13:43:54.0921 3668  C:\WINDOWS\system32\cfgmgr32.dll - ok
13:43:54.0921 3668  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
13:43:54.0921 3668  C:\WINDOWS\system32\mscms.dll - ok
13:43:54.0937 3668  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
13:43:54.0937 3668  C:\WINDOWS\system32\vssapi.dll - ok
13:43:54.0937 3668  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
13:43:54.0937 3668  C:\WINDOWS\system32\wuauserv.dll - ok
13:43:54.0953 3668  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
13:43:54.0953 3668  C:\WINDOWS\system32\wuaueng.dll - ok
13:43:54.0953 3668  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
13:43:54.0953 3668  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
13:43:54.0984 3668  [ BEA4AEE74FEF171EB61DE1BAD8FAF427 ] C:\WINDOWS\system32\xmllite.dll
13:43:54.0984 3668  C:\WINDOWS\system32\xmllite.dll - ok
13:43:55.0000 3668  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
13:43:55.0000 3668  C:\WINDOWS\system32\actxprxy.dll - ok
13:43:55.0000 3668  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
13:43:55.0000 3668  C:\WINDOWS\system32\cabinet.dll - ok
13:43:55.0015 3668  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
13:43:55.0015 3668  C:\WINDOWS\system32\mspatcha.dll - ok
13:43:55.0015 3668  [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
13:43:55.0015 3668  C:\WINDOWS\system32\browser.dll - ok
13:43:55.0031 3668  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
13:43:55.0031 3668  C:\WINDOWS\system32\wscsvc.dll - ok
13:43:55.0031 3668  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
13:43:55.0031 3668  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
13:43:55.0031 3668  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
13:43:55.0031 3668  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
13:43:55.0046 3668  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
13:43:55.0046 3668  C:\WINDOWS\system32\comsvcs.dll - ok
13:43:55.0046 3668  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
13:43:55.0046 3668  C:\WINDOWS\system32\wups.dll - ok
13:43:55.0046 3668  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
13:43:55.0046 3668  C:\WINDOWS\system32\wups2.dll - ok
13:43:55.0062 3668  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
13:43:55.0062 3668  C:\WINDOWS\system32\colbact.dll - ok
13:43:55.0062 3668  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
13:43:55.0062 3668  C:\WINDOWS\system32\mtxclu.dll - ok
13:43:55.0078 3668  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
13:43:55.0078 3668  C:\WINDOWS\system32\resutils.dll - ok
13:43:55.0078 3668  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
13:43:55.0078 3668  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
13:43:55.0093 3668  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
13:43:55.0125 3668  C:\WINDOWS\system32\wbem\esscli.dll - ok
13:43:55.0125 3668  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
13:43:55.0125 3668  C:\WINDOWS\system32\wbem\fastprox.dll - ok
13:43:55.0125 3668  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
13:43:55.0125 3668  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
13:43:55.0140 3668  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
13:43:55.0140 3668  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
13:43:55.0140 3668  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
13:43:55.0140 3668  C:\WINDOWS\system32\wuauclt.exe - ok
13:43:55.0156 3668  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
13:43:55.0156 3668  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
13:43:55.0156 3668  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
13:43:55.0156 3668  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
13:43:55.0171 3668  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
13:43:55.0171 3668  C:\WINDOWS\system32\wbem\wbemess.dll - ok
13:43:55.0171 3668  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
13:43:55.0171 3668  C:\WINDOWS\system32\wuapi.dll - ok
13:43:55.0171 3668  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
13:43:55.0171 3668  C:\WINDOWS\system32\wbem\ncprov.dll - ok
13:43:55.0187 3668  [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
13:43:55.0187 3668  C:\WINDOWS\system32\tapisrv.dll - ok
13:43:55.0187 3668  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
13:43:55.0187 3668  C:\WINDOWS\system32\rastapi.dll - ok
13:43:55.0203 3668  [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
13:43:55.0203 3668  C:\WINDOWS\system32\unimdm.tsp - ok
13:43:55.0203 3668  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
13:43:55.0203 3668  C:\WINDOWS\system32\uniplat.dll - ok
13:43:55.0218 3668  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
13:43:55.0218 3668  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
13:43:55.0218 3668  [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
13:43:55.0218 3668  C:\WINDOWS\system32\unimdmat.dll - ok
13:43:55.0234 3668  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
13:43:55.0234 3668  C:\WINDOWS\system32\kmddsp.tsp - ok
13:43:55.0234 3668  [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
13:43:55.0234 3668  C:\WINDOWS\system32\modemui.dll - ok
13:43:55.0234 3668  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
13:43:55.0234 3668  C:\WINDOWS\system32\ipconf.tsp - ok
13:43:55.0250 3668  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
13:43:55.0250 3668  C:\WINDOWS\system32\ndptsp.tsp - ok
13:43:55.0250 3668  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
13:43:55.0250 3668  C:\WINDOWS\system32\h323.tsp - ok
13:43:55.0265 3668  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
13:43:55.0265 3668  C:\WINDOWS\system32\hid.dll - ok
13:43:55.0265 3668  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
13:43:55.0265 3668  C:\WINDOWS\system32\hidphone.tsp - ok
13:43:55.0281 3668  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
13:43:55.0281 3668  C:\WINDOWS\system32\rasppp.dll - ok
13:43:55.0281 3668  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
13:43:55.0281 3668  C:\WINDOWS\system32\ntlsapi.dll - ok
13:43:55.0296 3668  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
13:43:55.0296 3668  C:\WINDOWS\system32\rasqec.dll - ok
13:43:55.0296 3668  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
13:43:55.0296 3668  C:\WINDOWS\system32\alg.exe - ok
13:43:55.0312 3668  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
13:43:55.0312 3668  C:\WINDOWS\system32\termsrv.dll - ok
13:43:55.0312 3668  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
13:43:55.0312 3668  C:\WINDOWS\system32\cscui.dll - ok
13:43:55.0328 3668  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
13:43:55.0328 3668  C:\WINDOWS\system32\icaapi.dll - ok
13:43:55.0328 3668  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
13:43:55.0328 3668  C:\WINDOWS\system32\mstlsapi.dll - ok
13:43:55.0343 3668  [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\system32\dpcdll.dll
13:43:55.0343 3668  C:\WINDOWS\system32\dpcdll.dll - ok
13:43:55.0343 3668  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
13:43:55.0343 3668  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
13:43:55.0343 3668  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
13:43:55.0343 3668  C:\WINDOWS\system32\wdmaud.drv - ok
13:43:55.0359 3668  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
13:43:55.0359 3668  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
13:43:55.0359 3668  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
13:43:55.0359 3668  C:\WINDOWS\system32\drivers\splitter.sys - ok
13:43:55.0375 3668  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
13:43:55.0375 3668  C:\WINDOWS\system32\drivers\aec.sys - ok
13:43:55.0390 3668  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
13:43:55.0390 3668  C:\WINDOWS\system32\userinit.exe - ok
13:43:55.0390 3668  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
13:43:55.0390 3668  C:\WINDOWS\system32\drivers\swmidi.sys - ok
13:43:55.0406 3668  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
13:43:55.0406 3668  C:\WINDOWS\system32\drivers\dmusic.sys - ok
13:43:55.0406 3668  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
13:43:55.0406 3668  C:\WINDOWS\system32\drivers\kmixer.sys - ok
13:43:55.0421 3668  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
13:43:55.0421 3668  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
13:43:55.0421 3668  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
13:43:55.0421 3668  C:\WINDOWS\explorer.exe - ok
13:43:55.0437 3668  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
13:43:55.0437 3668  C:\WINDOWS\system32\msacm32.drv - ok
13:43:55.0437 3668  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
13:43:55.0437 3668  C:\WINDOWS\system32\midimap.dll - ok
13:43:55.0453 3668  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
13:43:55.0453 3668  C:\WINDOWS\system32\browseui.dll - ok
13:43:55.0453 3668  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
13:43:55.0453 3668  C:\WINDOWS\system32\shdocvw.dll - ok
13:43:55.0468 3668  [ C8ADCB4BB15C556A3A15A09264DDFDAE ] C:\Program Files\Internet Download Manager\IDMNetMon.dll
13:43:55.0468 3668  C:\Program Files\Internet Download Manager\IDMNetMon.dll - ok
13:43:55.0468 3668  [ 1D3910B356BBDEBF096CAD12E4F04103 ] C:\Program Files\Internet Download Manager\IDMShellExt.dll
13:43:55.0468 3668  C:\Program Files\Internet Download Manager\IDMShellExt.dll - ok
13:43:55.0484 3668  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
13:43:55.0484 3668  C:\WINDOWS\system32\desk.cpl - ok
13:43:55.0484 3668  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
13:43:55.0484 3668  C:\WINDOWS\system32\themeui.dll - ok
13:43:55.0500 3668  [ F92E1076C42FCD6DB3D72D8CFE9816D5 ] C:\WINDOWS\system32\wscntfy.exe
13:43:55.0500 3668  C:\WINDOWS\system32\wscntfy.exe - ok
13:43:55.0500 3668  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
13:43:55.0500 3668  C:\WINDOWS\system32\cmd.exe - ok
13:43:55.0500 3668  [ 2223775FDCB2EF7D4EC159AF3C764941 ] C:\WINDOWS\system32\ieframe.dll
13:43:55.0500 3668  C:\WINDOWS\system32\ieframe.dll - ok
13:43:55.0531 3668  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\David\LOCALS~1\temp\E621A7A3-1EC7-486B-ABCC-8AFE6CA055BD.exe
13:43:55.0531 3668  C:\DOCUME~1\David\LOCALS~1\temp\E621A7A3-1EC7-486B-ABCC-8AFE6CA055BD.exe - ok
13:43:55.0531 3668  [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
13:43:55.0531 3668  C:\WINDOWS\system32\msutb.dll - ok
13:43:55.0546 3668  [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
13:43:55.0546 3668  C:\WINDOWS\system32\msctf.dll - ok
13:43:55.0546 3668  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
13:43:55.0546 3668  C:\WINDOWS\system32\verclsid.exe - ok
13:43:55.0546 3668  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
13:43:55.0546 3668  C:\WINDOWS\system32\linkinfo.dll - ok
13:43:55.0562 3668  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
13:43:55.0562 3668  C:\WINDOWS\system32\ntshrui.dll - ok
13:43:55.0562 3668  [ 52D28AE9E168BA60F2DFA00EDD101B14 ] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
13:43:55.0562 3668  C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe - ok
13:43:55.0562 3668  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:43:55.0562 3668  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
13:43:55.0578 3668  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
13:43:55.0578 3668  C:\WINDOWS\system32\upnp.dll - ok
13:43:55.0593 3668  [ 46DA8E7484AC7A52CE1D6E428398724B ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
13:43:55.0593 3668  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
13:43:55.0593 3668  [ 5BD2DA256A68E99622D6968330DCC461 ] C:\Program Files\Zune\ZuneLauncher.exe
13:43:55.0593 3668  C:\Program Files\Zune\ZuneLauncher.exe - ok
13:43:55.0593 3668  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
13:43:55.0593 3668  C:\WINDOWS\system32\drivers\http.sys - ok
13:43:55.0609 3668  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
13:43:55.0609 3668  C:\WINDOWS\system32\ssdpapi.dll - ok
13:43:55.0609 3668  [ 8DDA2B606279753601F9415DA503CA63 ] C:\Program Files\QuickTime\QTTask.exe
13:43:55.0609 3668  C:\Program Files\QuickTime\QTTask.exe - ok
13:43:55.0625 3668  [ 8E2A7F1F62467A7DCB8AB2C0642F47CA ] C:\Program Files\iTunes\iTunesHelper.exe
13:43:55.0625 3668  C:\Program Files\iTunes\iTunesHelper.exe - ok
13:43:55.0625 3668  [ CE84397598053D7A0F74D95D11F2ACCD ] C:\Program Files\uTorrent\uTorrent.exe
13:43:55.0625 3668  C:\Program Files\uTorrent\uTorrent.exe - ok
13:43:55.0640 3668  [ 6D9E1356A9C1B5F36698FAFF9205E34A ] C:\Program Files\Xvid\CheckUpdate.exe
13:43:55.0640 3668  C:\Program Files\Xvid\CheckUpdate.exe - ok
13:43:55.0640 3668  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
13:43:55.0640 3668  C:\WINDOWS\system32\ssdpsrv.dll - ok
13:43:55.0656 3668  [ 06F93DF48A42DF879A86693264BB7C75 ] C:\Program Files\Internet Download Manager\IDMan.exe
13:43:55.0656 3668  C:\Program Files\Internet Download Manager\IDMan.exe - ok
13:43:55.0671 3668  [ CBEC06E32D0AC9C3D0A9199EDC1FB959 ] C:\Program Files\Skype\Phone\Skype.exe
13:43:55.0671 3668  C:\Program Files\Skype\Phone\Skype.exe - ok
13:43:55.0671 3668  [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
13:43:55.0671 3668  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
13:43:55.0671 3668  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
13:43:55.0671 3668  C:\WINDOWS\system32\ctfmon.exe - ok
13:43:55.0687 3668  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
13:43:55.0687 3668  C:\WINDOWS\system32\sensapi.dll - ok
13:43:55.0703 3668  [ 24E8B83FA1AE7D406285B5E598A9E304 ] C:\Program Files\Zune\ZuneCfg.dll
13:43:55.0703 3668  C:\Program Files\Zune\ZuneCfg.dll - ok
13:43:55.0718 3668  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
13:43:55.0718 3668  C:\WINDOWS\system32\webcheck.dll - ok
13:43:55.0718 3668  [ 6DD9251C4D427DE5EB828E0BFFB95C5A ] C:\WINDOWS\system32\mshtml.dll
13:43:55.0718 3668  C:\WINDOWS\system32\mshtml.dll - ok
13:43:55.0718 3668  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
13:43:55.0718 3668  C:\WINDOWS\system32\stobject.dll - ok
13:43:55.0734 3668  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
13:43:55.0734 3668  C:\WINDOWS\system32\batmeter.dll - ok
13:43:55.0734 3668  [ D7D69F304A604387B86BE991CBF07663 ] C:\WINDOWS\system32\WPDShServiceObj.dll
13:43:55.0734 3668  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
13:43:55.0750 3668  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
13:43:55.0750 3668  C:\WINDOWS\system32\mydocs.dll - ok
13:43:55.0750 3668  [ A687C458B80C7D55CBE39649D952ED2A ] C:\WINDOWS\system32\PortableDeviceTypes.dll
13:43:55.0750 3668  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
13:43:55.0765 3668  [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] C:\WINDOWS\system32\msls31.dll
13:43:55.0765 3668  C:\WINDOWS\system32\msls31.dll - ok
13:43:55.0765 3668  [ E132AD94798E72ACB650E985984C7F58 ] C:\WINDOWS\system32\PortableDeviceApi.dll
13:43:55.0765 3668  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
13:43:55.0765 3668  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
13:43:55.0765 3668  C:\WINDOWS\system32\oledlg.dll - ok
13:43:55.0781 3668  [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
13:43:55.0781 3668  C:\WINDOWS\system32\olepro32.dll - ok
13:43:55.0781 3668  [ E11457C66FDD966EE415FBBC6D9BE643 ] C:\WINDOWS\system32\msimtf.dll
13:43:55.0781 3668  C:\WINDOWS\system32\msimtf.dll - ok
13:43:55.0796 3668  [ 0689622E6484934EB6E5F4D3A96311F9 ] C:\WINDOWS\system32\jscript.dll
13:43:55.0796 3668  C:\WINDOWS\system32\jscript.dll - ok
13:43:55.0796 3668  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
13:43:55.0796 3668  C:\WINDOWS\system32\imapi.exe - ok
13:43:55.0812 3668  [ 3F533D75631178A880AEFFDF117213BE ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
13:43:55.0812 3668  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
13:43:55.0812 3668  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
13:43:55.0812 3668  C:\WINDOWS\system32\spoolss.dll - ok
13:43:55.0828 3668  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\70038139.sys
13:43:55.0828 3668  C:\WINDOWS\system32\drivers\70038139.sys - ok
13:43:55.0828 3668  [ 5082BC510FAD849630D09DA626BB7CDA ] C:\Program Files\iTunes\iTunesHelper.dll
13:43:55.0828 3668  C:\Program Files\iTunes\iTunesHelper.dll - ok
13:43:55.0843 3668  [ 76E7410B3A308F6960D3CE06DC7874AD ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
13:43:55.0843 3668  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll - ok
13:43:55.0843 3668  [ 2BD3EDED27290E1DA434D056BAED8DF3 ] C:\Program Files\Zune\ZuneShellExt.dll
13:43:55.0843 3668  C:\Program Files\Zune\ZuneShellExt.dll - ok
13:43:55.0843 3668  [ BE643CD44DD06DA283634A3E51DC22BC ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
13:43:55.0843 3668  C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
13:43:55.0859 3668  [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
13:43:55.0859 3668  C:\WINDOWS\ime\sptip.dll - ok
13:43:55.0859 3668  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
13:43:55.0859 3668  C:\WINDOWS\system32\localspl.dll - ok
13:43:55.0875 3668  [ AFEEAFD7CF8ED6958A81ACC304C17B7D ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
13:43:55.0875 3668  C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
13:43:55.0875 3668  [ 917A728A12F25FCF4636858FAC9979FA ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
13:43:55.0875 3668  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll - ok
13:43:55.0890 3668  [ A33452A42BDF214E7FC40CB470515605 ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
13:43:55.0890 3668  C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
13:43:55.0890 3668  [ B9B5C142C75E7E2A95E7E958CF6EAB3A ] C:\Program Files\Xvid\autoupdate-windows.exe
13:43:55.0890 3668  C:\Program Files\Xvid\autoupdate-windows.exe - ok
13:43:55.0906 3668  [ D4931277DF5393E84A48B27DF40914E3 ] C:\WINDOWS\system32\riched32.dll
13:43:55.0906 3668  C:\WINDOWS\system32\riched32.dll - ok
13:43:55.0921 3668  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
13:43:55.0921 3668  C:\WINDOWS\system32\rasdlg.dll - ok
13:43:55.0921 3668  [ F8E3DF65BD5CFB44E6C971BF42FFCB00 ] C:\Program Files\Internet Download Manager\IDMGetAll.dll
13:43:55.0921 3668  C:\Program Files\Internet Download Manager\IDMGetAll.dll - ok
13:43:55.0921 3668  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
13:43:55.0921 3668  C:\WINDOWS\system32\cnbjmon.dll - ok
13:43:55.0937 3668  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
13:43:55.0937 3668  C:\WINDOWS\system32\pjlmon.dll - ok
13:43:55.0953 3668  [ 2F91206C8086D4417241965F55C38C3B ] C:\Program Files\Internet Download Manager\IDMIECC.dll
13:43:55.0953 3668  C:\Program Files\Internet Download Manager\IDMIECC.dll - ok
13:43:55.0953 3668  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
13:43:55.0953 3668  C:\WINDOWS\system32\tcpmon.dll - ok
13:43:55.0968 3668  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
13:43:55.0968 3668  C:\WINDOWS\system32\usbmon.dll - ok
13:43:55.0968 3668  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
13:43:55.0968 3668  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
13:43:55.0984 3668  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
13:43:55.0984 3668  C:\WINDOWS\system32\win32spl.dll - ok
13:43:55.0984 3668  [ 265791BA74CC74557957D45031DA8952 ] C:\Program Files\Internet Download Manager\downlWithIDM.dll
13:43:55.0984 3668  C:\Program Files\Internet Download Manager\downlWithIDM.dll - ok
13:43:56.0000 3668  [ 37CF3324F46CEB3A4F2686C617CBB35C ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
13:43:56.0000 3668  C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
13:43:56.0000 3668  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
13:43:56.0000 3668  C:\WINDOWS\system32\netrap.dll - ok
13:43:56.0000 3668  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
13:43:56.0015 3668  C:\WINDOWS\system32\inetpp.dll - ok
13:43:56.0015 3668  [ A148F3EB5E8B966BAB691DDA2494F6F2 ] C:\Program Files\Internet Download Manager\idmfsa.dll
13:43:56.0015 3668  C:\Program Files\Internet Download Manager\idmfsa.dll - ok
13:43:56.0015 3668  [ 8DB479E065F2B546BFBD7323E5EE5B02 ] C:\WINDOWS\system32\Macromed\Flash\Flash32_11_7_700_224.ocx
13:43:56.0015 3668  C:\WINDOWS\system32\Macromed\Flash\Flash32_11_7_700_224.ocx - ok
13:43:56.0031 3668  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
13:43:56.0031 3668  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
13:43:56.0031 3668  [ E46B17060D3962A384AE484094614788 ] C:\Program Files\iPod\bin\iPodService.exe
13:43:56.0031 3668  C:\Program Files\iPod\bin\iPodService.exe - ok
13:43:56.0046 3668  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
13:43:56.0046 3668  C:\WINDOWS\system32\dsound.dll - ok
13:43:56.0046 3668  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
13:43:56.0046 3668  C:\WINDOWS\system32\msxml3.dll - ok
13:43:56.0062 3668  [ FEE2BA1AD38F457F418E82EA30724053 ] C:\WINDOWS\system32\msfeedssync.exe
13:43:56.0062 3668  C:\WINDOWS\system32\msfeedssync.exe - ok
13:43:56.0062 3668  [ F6B0A2547719040254CB1FAC30551FE1 ] C:\WINDOWS\system32\iepeers.dll
13:43:56.0062 3668  C:\WINDOWS\system32\iepeers.dll - ok
13:43:56.0062 3668  [ 5E1A0476E009A1930A524DFF4CA13982 ] C:\WINDOWS\system32\dxtrans.dll
13:43:56.0062 3668  C:\WINDOWS\system32\dxtrans.dll - ok
13:43:56.0078 3668  [ A47F6A13202AA54541CA46D6CED79F5F ] C:\WINDOWS\system32\ddrawex.dll
13:43:56.0078 3668  C:\WINDOWS\system32\ddrawex.dll - ok
13:43:56.0078 3668  [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
13:43:56.0078 3668  C:\WINDOWS\system32\ddraw.dll - ok
13:43:56.0093 3668  [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
13:43:56.0093 3668  C:\WINDOWS\system32\dciman32.dll - ok
13:43:56.0093 3668  [ 057D53F1490598D41D9D4DEE9A92B0B1 ] C:\WINDOWS\system32\dxtmsft.dll
13:43:56.0203 3668  C:\WINDOWS\system32\dxtmsft.dll - ok
13:43:56.0203 3668  [ 42B928FC8518D793BF7A5EAFC57B1D8B ] C:\WINDOWS\system32\imgutil.dll
13:43:56.0203 3668  C:\WINDOWS\system32\imgutil.dll - ok
13:43:56.0203 3668  [ E5FA1B044DAC5F6F600A1742D73F6936 ] C:\WINDOWS\system32\pngfilt.dll
13:43:56.0203 3668  C:\WINDOWS\system32\pngfilt.dll - ok
13:43:56.0218 3668  [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
13:43:56.0218 3668  C:\WINDOWS\system32\usp10.dll - ok
13:43:56.0218 3668  [ 09EFB6439C76E94059C5E22409926B48 ] C:\Documents and Settings\David\Local Settings\temp\BRB.tmp
13:43:56.0218 3668  C:\Documents and Settings\David\Local Settings\temp\BRB.tmp - ok
13:43:56.0234 3668  [ D0049860B63DD87A73A5D165C829C65F ] C:\WINDOWS\system32\t2embed.dll
13:43:56.0234 3668  C:\WINDOWS\system32\t2embed.dll - ok
13:43:56.0234 3668  [ C3200506FB212A0F4FB736A80E646C40 ] C:\WINDOWS\system32\lz32.dll
13:43:56.0234 3668  C:\WINDOWS\system32\lz32.dll - ok
13:43:56.0250 3668  [ 08AD4CD2A940379F1DCDBDB9884A1375 ] C:\DOCUME~1\David\LOCALS~1\temp\BRC.tmp
13:43:56.0250 3668  C:\DOCUME~1\David\LOCALS~1\temp\BRC.tmp - ok
13:43:56.0250 3668  [ E35514FC402F6268333529384CFD7B20 ] C:\DOCUME~1\David\LOCALS~1\temp\BRD.tmp
13:43:56.0250 3668  C:\DOCUME~1\David\LOCALS~1\temp\BRD.tmp - ok
13:43:56.0250 3668  [ 027491B39A7B16B116E780F55ABC288E ] C:\DOCUME~1\David\LOCALS~1\temp\BRE.tmp
13:43:56.0250 3668  C:\DOCUME~1\David\LOCALS~1\temp\BRE.tmp - ok
13:43:56.0265 3668  [ A210F1AC135E5331C314CE5F394FB5A5 ] C:\DOCUME~1\David\LOCALS~1\temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
13:43:56.0265 3668  C:\DOCUME~1\David\LOCALS~1\temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll - ok
13:43:56.0265 3668  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:43:56.0265 3668  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - ok
13:43:56.0281 3668  [ D2CB96F7D1B96EBF6B153F05921B82E1 ] C:\WINDOWS\system32\msfeeds.dll
13:43:56.0281 3668  C:\WINDOWS\system32\msfeeds.dll - ok
13:43:56.0281 3668  [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
13:43:56.0281 3668  C:\WINDOWS\system32\drprov.dll - ok
13:43:56.0281 3668  [ 72FAB2C90296330ECA3787DC4093E208 ] C:\DOCUME~1\David\LOCALS~1\temp\BRF.tmp
13:43:56.0281 3668  C:\DOCUME~1\David\LOCALS~1\temp\BRF.tmp - ok
13:43:56.0296 3668  [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
13:43:56.0296 3668  C:\WINDOWS\system32\ntlanman.dll - ok
13:43:56.0296 3668  [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
13:43:56.0296 3668  C:\WINDOWS\system32\netui0.dll - ok
13:43:56.0312 3668  [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll
13:43:56.0312 3668  C:\WINDOWS\system32\d3d9.dll - ok
13:43:56.0312 3668  [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
13:43:56.0312 3668  C:\WINDOWS\system32\netui1.dll - ok
13:43:56.0312 3668  [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
13:43:56.0312 3668  C:\WINDOWS\system32\davclnt.dll - ok
13:43:56.0328 3668  [ 31B067C412FA1A9BAD3CA2A63D7DA440 ] C:\WINDOWS\system32\d3d8thk.dll
13:43:56.0328 3668  C:\WINDOWS\system32\d3d8thk.dll - ok
13:43:56.0328 3668  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
13:43:56.0328 3668  C:\WINDOWS\system32\cryptnet.dll - ok
13:43:56.0343 3668  [ 2424231BBD703A677D115C29983B4293 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
13:43:56.0343 3668  C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
13:43:56.0343 3668  [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
13:43:56.0343 3668  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
13:43:56.0359 3668  [ E81BBE78A8EF85ACD490B3E64EF63A7C ] C:\WINDOWS\system32\mapi32.dll
13:43:56.0359 3668  C:\WINDOWS\system32\mapi32.dll - ok
13:43:56.0359 3668  [ 3A62C3BEF58AA08DD27620ABEBFD796E ] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll
13:43:56.0359 3668  C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll - ok
13:43:56.0359 3668  [ 9EEFE69139FDBB4A3C327630F8EB993A ] C:\WINDOWS\system32\wlanapi.dll
13:43:56.0359 3668  C:\WINDOWS\system32\wlanapi.dll - ok
13:43:56.0375 3668  [ 2CD1C3506A85B38E2D17E61ADED175C4 ] C:\WINDOWS\system32\taskmgr.exe
13:43:56.0375 3668  C:\WINDOWS\system32\taskmgr.exe - ok
13:43:56.0375 3668  [ A5C14075B571AF1C9592595BE724D9D2 ] C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
13:43:56.0375 3668  C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - ok
13:43:56.0390 3668  [ 0DFA4D5E8205614EDA53394E637812E4 ] C:\WINDOWS\system32\vdmdbg.dll
13:43:56.0390 3668  C:\WINDOWS\system32\vdmdbg.dll - ok
13:43:56.0390 3668  [ 7C986D3EAD437EAB009303C69D5EB883 ] C:\Program Files\Microsoft Silverlight\5.1.20125.0\agcore.dll
13:43:56.0390 3668  C:\Program Files\Microsoft Silverlight\5.1.20125.0\agcore.dll - ok
13:43:56.0406 3668  [ 9D39D9E07C180127252E176EC2B41487 ] C:\WINDOWS\system32\utildll.dll
13:43:56.0406 3668  C:\WINDOWS\system32\utildll.dll - ok
13:43:56.0406 3668  [ CB31913D391AE179E5987F5AB685AC72 ] C:\WINDOWS\system32\msfeedsbs.dll
13:43:56.0406 3668  C:\WINDOWS\system32\msfeedsbs.dll - ok
13:43:56.0421 3668  [ B4EB1E7438DC099078CE8FE6E5A2C99D ] C:\DOCUME~1\David\LOCALS~1\temp\BR10.tmp
13:43:56.0421 3668  C:\DOCUME~1\David\LOCALS~1\temp\BR10.tmp - ok
13:43:56.0421 3668  [ B24BF80927D3D0A391CB8426F7CB290D ] C:\DOCUME~1\David\LOCALS~1\temp\BR11.tmp
13:43:56.0421 3668  C:\DOCUME~1\David\LOCALS~1\temp\BR11.tmp - ok
13:43:56.0437 3668  [ 08763C1AE79D88D122207D0471E834DB ] C:\WINDOWS\system32\bitsprx3.dll
13:43:56.0437 3668  C:\WINDOWS\system32\bitsprx3.dll - ok
13:43:56.0437 3668  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
13:43:56.0437 3668  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
13:43:56.0453 3668  [ 31CF51DCDA1424B813CC97B20F71B431 ] C:\WINDOWS\system32\vbscript.dll
13:43:56.0453 3668  C:\WINDOWS\system32\vbscript.dll - ok
13:43:56.0453 3668  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
13:43:56.0453 3668  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
13:43:56.0468 3668  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
13:43:56.0468 3668  C:\WINDOWS\system32\wbem\framedyn.dll - ok
13:43:56.0468 3668  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
13:43:56.0468 3668  C:\WINDOWS\system32\security.dll - ok
13:43:56.0468 3668  [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
13:43:56.0484 3668  C:\WINDOWS\system32\wbem\wmipcima.dll - ok
13:43:56.0484 3668  [ 77B4BE0C9AA0AC78884D8E7CFB315463 ] C:\WINDOWS\system32\wmp.dll
13:43:56.0484 3668  C:\WINDOWS\system32\wmp.dll - ok
13:43:56.0484 3668  [ 235B2311786AC007AD644B12A2DA8AC7 ] C:\WINDOWS\system32\msvfw32.dll
13:43:56.0484 3668  C:\WINDOWS\system32\msvfw32.dll - ok
13:43:56.0500 3668  [ 3F476505B239F65C5D67B6686AF097D4 ] C:\WINDOWS\system32\wmploc.dll
13:43:56.0500 3668  C:\WINDOWS\system32\wmploc.dll - ok
13:43:56.0500 3668  [ ADC5D27EB04A03368163C7C41F5CA1A8 ] C:\WINDOWS\system32\MFPLAT.dll
13:43:56.0500 3668  C:\WINDOWS\system32\MFPLAT.dll - ok
13:43:56.0515 3668  ============================================================
13:43:56.0515 3668  Scan finished
13:43:56.0515 3668  ============================================================
13:43:57.0234 3660  Detected object count: 1
13:43:57.0234 3660  Actual detected object count: 1
13:45:26.0656 3660  \Device\Harddisk0\DR0\# - copied to quarantine
13:45:26.0687 3660  \Device\Harddisk0\DR0 - copied to quarantine
13:45:28.0234 3660  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot
13:45:28.0265 3660  \Device\Harddisk0\DR0 - ok
13:45:28.0265 3660  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure
13:45:46.0593 1956  Deinitialize success
 

 

 

 

 

RK Report:

 

 

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Remove -- Date : 07/21/2013 14:59:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : C:\RECYCLER\S-1-5-18\$8f4587ed6f54edccaefb65869afbc6e6\@ [-] --> DELETED
[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-18\$8f4587ed6f54edccaefb65869afbc6e6\U [-] --> DELETED
[ZeroAccess][Folder] L : C:\RECYCLER\S-1-5-18\$8f4587ed6f54edccaefb65869afbc6e6\L [-] --> DELETED
[ZeroAccess][File] 00000004.@ : C:\RECYCLER\S-1-5-18\$8f4587ed6f54edccaefb65869afbc6e6\L\00000004.@ [-] --> DELETED
[ZeroAccess][File] 201d3dde : C:\RECYCLER\S-1-5-18\$8f4587ed6f54edccaefb65869afbc6e6\L\201d3dde [-] --> DELETED
[ZeroAccess][File] 76603ac3 : C:\RECYCLER\S-1-5-18\$8f4587ed6f54edccaefb65869afbc6e6\L\76603ac3 [-] --> DELETED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD80 0JD-75MSA3 SCSI Disk Device +++++
--- User ---
[MBR] 887f7668355e2643e1007c8b52e271ec
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_07212013_145946.txt >>
RKreport[0]_S_07212013_145719.txt


Edited by crazimoose2112, 21 July 2013 - 03:19 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:44 AM

Posted 21 July 2013 - 08:56 PM


Hello crazimoose2112,

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 crazimoose2112

crazimoose2112
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 22 July 2013 - 11:22 PM

It seems to be running normally again...here is the ComboFix report. during the run it said it found a rootkit activity but i dont know if it cleaned it or not.

 

Report:

 

ComboFix 13-07-20.03 - David 07/22/2013   0:09.4.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.718 [GMT -5:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-22 to 2013-07-22  )))))))))))))))))))))))))))))))
.
.
2013-07-21 18:44 . 2013-07-21 18:44 -------- d-----w- C:\TDSSKiller_Quarantine
2013-07-19 03:40 . 2013-07-19 03:40 -------- d-----w- c:\windows\ERUNT
2013-07-17 06:28 . 2013-07-17 17:06 -------- d-----w- c:\documents and settings\Administrator.DAVIDROOM.005
2013-07-17 06:27 . 2013-07-17 06:27 -------- d-----w- c:\windows\system32\wbem\Repository
2013-07-17 06:20 . 2013-07-17 06:25 -------- d-s---w- c:\documents and settings\Administrator.DAVIDROOM.004
2013-07-17 05:55 . 2013-07-17 06:26 -------- d-s---w- c:\documents and settings\Administrator.DAVIDROOM.003
2013-07-16 18:59 . 2013-07-17 06:26 -------- d-s---w- c:\documents and settings\Administrator.DAVIDROOM.002
2013-07-10 23:09 . 2013-07-17 06:26 -------- d-s---w- c:\documents and settings\Administrator.DAVIDROOM.001
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 19:18 . 2012-10-16 18:39 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 19:18 . 2012-01-29 05:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 04:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2006-06-23 17:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-03-19 742264]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-03-16 3478936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [3/16/2012 6:08 AM 104456]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [6/19/2012 5:32 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [12/21/2012 4:45 PM 627072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsbSevice REG_MULTI_SZ    NecUsb
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 19:18]
.
2013-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-01 21:03]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-01 21:03]
.
2013-01-11 c:\windows\Tasks\MixPadReminder.job
- c:\program files\NCH Software\MixPad\mixpad.exe [2012-12-27 17:43]
.
2013-05-13 c:\windows\Tasks\PrismReminder.job
- c:\program files\NCH Software\Prism\prism.exe [2013-05-06 22:24]
.
2013-07-21 c:\windows\Tasks\User_Feed_Synchronization-{81A1D5B6-6057-4B71-B362-F925FD6E40FF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
2013-07-15 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-04-09 02:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-37055004.sys
SafeBoot-75466573.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-22 00:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,52,46,12,32,e0,f3,4e,9b,23,9e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,52,46,12,32,e0,f3,4e,9b,23,9e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57b43206-adb5-447a-a0f9-e2924a5f3483}]
@Denied: (Full) (Everyone)
"Model"=dword:00000110
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,88,79,0d,22,8e,33,17,75,e6,82,db,74,d6,1f,ea,8f,64,51,35,36,23,e5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0b,21,3c,e6,67,d9,d6,55,22,00,b8,9c,04,ca,06,1c,08,e9,19,ce,f1,
   43,e5,26,44,d7,29,ef,8a,e3,5a,cc,6d,d2,2a,c0,e8,39,65,84,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ee,89,f8,96,cd,64,2d,ce,12,64,89,36,49,9f,df,ca,db,60,6b,69,e8,
   4c,2b,f2,ef,3d,ce,ac,34,ac,c3,01,43,e7,ba,8b,0f,d8,cc,60,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c82fb50d-dd22-4b89-a4e9-4f54b5a5c49a}]
@Denied: (Full) (Everyone)
"Model"=dword:0000013b
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-07-22  00:29:41
ComboFix-quarantined-files.txt  2013-07-22 05:29
ComboFix2.txt  2013-07-20 08:50
.
Pre-Run: 35,686,572,032 bytes free
Post-Run: 36,668,153,856 bytes free
.
- - End Of File - - 0890D6F0E445257E009DD3CD44A8F394
8F558EB6672622401DA993E1E865C861
 

Thanks!!!



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:44 AM

Posted 22 July 2013 - 11:32 PM



Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.These logs are looking allot better. But we still have some work to do.


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job
  • Programs to remove

    • µTorrent
      Adobe Reader X (10.0.1)
      Adobe Reader X (10.1.7)
      Java™ 6 Update 30



  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Update Adobe reader
  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
    • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Install Java:

Please go here to install Java
  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see you have MBAM installed - I think this is a great program and would like you to run a quick scan at this time
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 crazimoose2112

crazimoose2112
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 23 July 2013 - 08:49 PM

Computer seems to be running okay! I uninstalled the items you asked me to uninstall as well! Thanks!! Here are the reports...

 

MBAM:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.17.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
David :: DAVIDROOM [administrator]

7/23/2013 8:31:33 PM
mbam-log-2013-07-23 (20-31-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 409870
Time elapsed: 11 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

 

HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:47:46 PM, on 7/23/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\David\Desktop\Malware Killer\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301681298296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1365580129914
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7967 bytes


Edited by crazimoose2112, 23 July 2013 - 08:51 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:44 AM

Posted 23 July 2013 - 09:35 PM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
      O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 crazimoose2112

crazimoose2112
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 25 July 2013 - 02:56 PM

ESET SCAN:

 

C:\Documents and Settings\David\Application Data\IDM\DwnlData\David\g3YUWubz4d_226\g3YUWubz4d probably a variant of Win32/ExpressFiles application
C:\Documents and Settings\David\Application Data\IDM\DwnlData\David\g3YUWubz4d_227\g3YUWubz4d probably a variant of Win32/ExpressFiles application
C:\Documents and Settings\David\My Documents\Downloads\Documents\test.pdf JS/Exploit.Pdfka.QEF trojan
C:\System Volume Information\_restore{545A15E4-FF3B-4DF8-B3FD-D1C465ABF86E}\RP971\A0109989.exe Win32/TopMedia.B application
C:\System Volume Information\_restore{545A15E4-FF3B-4DF8-B3FD-D1C465ABF86E}\RP978\A0112134.exe Win32/TopMedia.B application
 

Thanks!!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users