Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Boot: Cidox-A [Rtk]


  • This topic is locked This topic is locked
23 replies to this topic

#1 jbandtbone

jbandtbone

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 17 September 2014 - 07:17 PM

My avast! Antivirus keeps showing that my PC is infected with this. It has me delete it and then ask me to run a "boot-time scan" which I have done and followed the recommendations of said scan. But it keeps telling me that the PC is still infected with the Boot:Cidox-A[Rtk]. So I'm turning to you for help to get rid of it. The pc is really slow ie: Internet explore is slow to open and navigating to web pages. Please Help!!

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Welcome at 20:00:53 on 2014-09-17
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.767.354 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uProxyServer = hxxp=127.0.0.1:6092
uProxyOverride = <local>
uURLSearchHooks: Updater For eGames Toolbar:  - LocalServer32 - <no file>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: FindWide Toolbar: {314C5311-F0D4-4F15-BD24-E245C0F0865B} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSystemDetect] c:\documents and settings\welcome\local settings\apps\2.0\a8ybztq3.20r\t6a8q6pe.cgj\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: dell.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256924897484
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{AABA9CDA-0D49-45F2-AF90-3A7AB7EACB61} : DHCPNameServer = 192.168.1.254
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.120\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-8-23 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-8-23 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-8-23 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-8-23 414520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2013-10-10 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-23 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-8-23 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-8-23 50344]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S1 doygnnwh;doygnnwh;\??\c:\windows\system32\drivers\doygnnwh.sys --> c:\windows\system32\drivers\doygnnwh.sys [?]
S1 ftvbfafi;ftvbfafi;\??\c:\windows\system32\drivers\ftvbfafi.sys --> c:\windows\system32\drivers\ftvbfafi.sys [?]
S1 jkplnzyp;jkplnzyp;\??\c:\windows\system32\drivers\jkplnzyp.sys --> c:\windows\system32\drivers\jkplnzyp.sys [?]
S1 kvnvzxbe;kvnvzxbe;\??\c:\windows\system32\drivers\kvnvzxbe.sys --> c:\windows\system32\drivers\kvnvzxbe.sys [?]
S1 qedfctlk;qedfctlk;\??\c:\windows\system32\drivers\qedfctlk.sys --> c:\windows\system32\drivers\qedfctlk.sys [?]
S1 rlsulccf;rlsulccf;\??\c:\windows\system32\drivers\rlsulccf.sys --> c:\windows\system32\drivers\rlsulccf.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S1 xxikjdlj;xxikjdlj;\??\c:\windows\system32\drivers\xxikjdlj.sys --> c:\windows\system32\drivers\xxikjdlj.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1cca302f48063fe;Google Update Service (gupdate1cca302f48063fe);c:\program files\google\update\GoogleUpdate.exe [2011-11-14 136176]
S2 HeadlineAlley_29Service;HeadlineAlleyService;c:\progra~1\headli~2\bar\1.bin\29barsvc.exe --> c:\progra~1\headli~2\bar\1.bin\29barsvc.exe [?]
S2 SecurityCenterServer2057567274;Security Center Server - 2057567274;"c:\windows\system32\ytkax.exe" -service "c:\documents and settings\welcome\application data\suuxyf\qoavy.exe" --> c:\windows\system32\ytkax.exe [?]
S2 SecurityCenterServer4102177669;Security Center Server - 4102177669;"c:\windows\system32\awfyrikyt.exe" -service "c:\documents and settings\welcome\application data\owbeygab\enekes.exe" --> c:\windows\system32\awfyrikyt.exe [?]
S2 SecurityCenterServer689684949;Security Center Server - 689684949;"c:\windows\system32\suluiregic.exe" -service "c:\documents and settings\welcome\application data\upwufosa\oqihuz.exe" --> c:\windows\system32\suluiregic.exe [?]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2014-6-19 43368]
.
=============== Created Last 30 ================
.
2014-09-17 22:41:14 -------- d-----w- c:\documents and settings\welcome\application data\Dell
2014-09-17 22:40:39 -------- d-----w- c:\documents and settings\all users\application data\PCDr
2014-09-17 22:40:33 -------- d-----w- c:\program files\Dell Support Center
2014-09-17 22:36:55 -------- d-----w- c:\program files\My Dell
2014-09-17 22:29:11 -------- d-----w- c:\documents and settings\welcome\local settings\application data\Deployment
2014-09-16 02:11:59 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2014-09-16 02:10:02 73728 ----a-r- c:\documents and settings\welcome\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-09-16 02:10:02 73728 ----a-r- c:\documents and settings\welcome\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-09-16 02:10:02 73728 ----a-r- c:\documents and settings\welcome\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2014-09-16 02:09:13 -------- d-----w- c:\program files\Sophos
2014-09-14 15:55:19 -------- d-----w- c:\documents and settings\welcome\local settings\application data\Adobe
2014-08-24 16:53:11 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-24 16:51:27 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-24 16:51:27 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-24 16:51:25 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-24 16:26:41 -------- d-----w- C:\SUPERDelete
2014-08-23 16:39:10 -------- d-----w- c:\documents and settings\welcome\application data\AVAST Software
2014-08-23 16:37:31 -------- d-----w- c:\windows\jumpshot.com
2014-08-23 16:26:52 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-23 16:26:52 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-23 16:26:51 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-23 16:26:50 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-23 16:26:50 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-23 16:26:26 43152 ----a-w- c:\windows\avastSS.scr
2014-08-23 16:22:16 -------- d-----w- c:\program files\AVAST Software
.
==================== Find3M  ====================
.
2014-09-13 10:57:56 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-13 10:57:54 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-16 16:48:47 196562 ----a-w- c:\documents and settings\all users\SPL46.tmp
2014-08-16 16:41:54 98272 ----a-w- c:\documents and settings\all users\SPL41.tmp
2014-08-05 16:24:44 196578 ----a-w- c:\documents and settings\all users\SPL13.tmp
2014-08-05 16:23:51 196552 ----a-w- c:\documents and settings\all users\SPLE.tmp
2014-08-02 21:18:58 196578 ----a-w- c:\documents and settings\all users\SPL1EF.tmp
2014-08-02 21:18:53 196578 ----a-w- c:\documents and settings\all users\SPL1EE.tmp
2014-08-01 18:37:00 196571 ----a-w- c:\documents and settings\all users\SPL1C7.tmp
2014-07-31 00:00:28 196576 ----a-w- c:\documents and settings\all users\SPL1A5.tmp
2014-07-30 23:57:05 196536 ----a-w- c:\documents and settings\all users\SPL1A0.tmp
2014-07-29 22:27:34 196555 ----a-w- c:\documents and settings\all users\SPL18D.tmp
2014-07-29 22:22:04 196552 ----a-w- c:\documents and settings\all users\SPL189.tmp
.
============= FINISH: 20:02:12.37 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 17 September 2014 - 07:44 PM

Hi there,

please run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 17 September 2014 - 08:29 PM

Good Evening. Here are the requested reports.

 

20:57:46.0421 0x0220  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:57:57.0546 0x0220  ============================================================
20:57:57.0546 0x0220  Current date / time: 2014/09/17 20:57:57.0546
20:57:57.0546 0x0220  SystemInfo:
20:57:57.0546 0x0220  
20:57:57.0546 0x0220  OS Version: 5.1.2600 ServicePack: 3.0
20:57:57.0546 0x0220  Product type: Workstation
20:57:57.0546 0x0220  ComputerName: HOME-7FF53ACCFC
20:57:57.0546 0x0220  UserName: Welcome
20:57:57.0546 0x0220  Windows directory: C:\WINDOWS
20:57:57.0546 0x0220  System windows directory: C:\WINDOWS
20:57:57.0546 0x0220  Processor architecture: Intel x86
20:57:57.0546 0x0220  Number of processors: 1
20:57:57.0546 0x0220  Page size: 0x1000
20:57:57.0546 0x0220  Boot type: Normal boot
20:57:57.0546 0x0220  ============================================================
20:57:59.0281 0x0220  KLMD registered as C:\WINDOWS\system32\drivers\30972798.sys
20:58:00.0828 0x0220  System UUID: {97308119-97E4-3CD9-41AF-F5E66C704372}
20:58:04.0500 0x0220  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:58:04.0515 0x0220  ============================================================
20:58:04.0515 0x0220  \Device\Harddisk0\DR0:
20:58:04.0515 0x0220  MBR partitions:
20:58:04.0515 0x0220  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
20:58:04.0515 0x0220  ============================================================
20:58:04.0546 0x0220  C: <-> \Device\Harddisk0\DR0\Partition1
20:58:04.0546 0x0220  ============================================================
20:58:04.0546 0x0220  Initialize success
20:58:04.0546 0x0220  ============================================================
20:59:06.0093 0x0d2c  ============================================================
20:59:06.0093 0x0d2c  Scan started
20:59:06.0093 0x0d2c  Mode: Manual; SigCheck; TDLFS; 
20:59:06.0093 0x0d2c  ============================================================
20:59:06.0093 0x0d2c  KSN ping started
20:59:19.0796 0x0d2c  KSN ping finished: true
20:59:20.0390 0x0d2c  ================ Scan system memory ========================
20:59:20.0390 0x0d2c  System memory - ok
20:59:20.0390 0x0d2c  ================ Scan services =============================
20:59:20.0593 0x0d2c  [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:59:20.0875 0x0d2c  !SASCORE - ok
20:59:21.0250 0x0d2c  Abiosdsk - ok
20:59:21.0281 0x0d2c  abp480n5 - ok
20:59:21.0421 0x0d2c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:59:24.0343 0x0d2c  ACPI - ok
20:59:24.0406 0x0d2c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:59:24.0609 0x0d2c  ACPIEC - ok
20:59:24.0828 0x0d2c  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:59:24.0906 0x0d2c  AdobeFlashPlayerUpdateSvc - ok
20:59:24.0921 0x0d2c  adpu160m - ok
20:59:25.0000 0x0d2c  [ 11C04B17ED2ABBB4833694BCD644AC90, 4F50E672B8C1CA951EF1E01E969C73968BDB656889849859881333ECD3751A24 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
20:59:25.0078 0x0d2c  aeaudio - ok
20:59:25.0187 0x0d2c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:59:25.0437 0x0d2c  aec - ok
20:59:25.0546 0x0d2c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:59:25.0656 0x0d2c  AFD - ok
20:59:25.0734 0x0d2c  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
20:59:25.0968 0x0d2c  agp440 - ok
20:59:25.0984 0x0d2c  Aha154x - ok
20:59:26.0015 0x0d2c  aic78u2 - ok
20:59:26.0046 0x0d2c  aic78xx - ok
20:59:26.0093 0x0d2c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:59:26.0328 0x0d2c  Alerter - ok
20:59:26.0390 0x0d2c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
20:59:26.0546 0x0d2c  ALG - ok
20:59:26.0562 0x0d2c  AliIde - ok
20:59:26.0593 0x0d2c  amsint - ok
20:59:26.0609 0x0d2c  AppMgmt - ok
20:59:26.0640 0x0d2c  asc - ok
20:59:26.0656 0x0d2c  asc3350p - ok
20:59:26.0687 0x0d2c  asc3550 - ok
20:59:26.0937 0x0d2c  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:59:26.0968 0x0d2c  aspnet_state - ok
20:59:27.0062 0x0d2c  [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
20:59:27.0140 0x0d2c  aswHwid - ok
20:59:27.0187 0x0d2c  [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
20:59:27.0234 0x0d2c  aswMonFlt - ok
20:59:27.0312 0x0d2c  [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
20:59:27.0343 0x0d2c  aswRdr - ok
20:59:27.0390 0x0d2c  [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
20:59:27.0437 0x0d2c  aswRvrt - ok
20:59:27.0828 0x0d2c  [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
20:59:28.0296 0x0d2c  aswSnx - ok
20:59:28.0500 0x0d2c  [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
20:59:28.0781 0x0d2c  aswSP - ok
20:59:28.0875 0x0d2c  [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
20:59:28.0921 0x0d2c  aswTdi - ok
20:59:29.0046 0x0d2c  [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
20:59:29.0125 0x0d2c  aswVmm - ok
20:59:29.0203 0x0d2c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:59:29.0390 0x0d2c  AsyncMac - ok
20:59:29.0468 0x0d2c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:59:29.0687 0x0d2c  atapi - ok
20:59:29.0703 0x0d2c  Atdisk - ok
20:59:29.0875 0x0d2c  [ 2D030C2F6B036CA0BC243E1B16D924D1, 202F717AC74CD28EF2B4979CA55A5ACD6564AD3F8B8372140A9C7FD990BA8989 ] ati2mtaa        C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
20:59:30.0203 0x0d2c  ati2mtaa - ok
20:59:30.0281 0x0d2c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:59:30.0531 0x0d2c  Atmarpc - ok
20:59:30.0609 0x0d2c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:59:30.0859 0x0d2c  AudioSrv - ok
20:59:30.0921 0x0d2c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:59:31.0140 0x0d2c  audstub - ok
20:59:31.0281 0x0d2c  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:59:31.0328 0x0d2c  avast! Antivirus - ok
20:59:31.0781 0x0d2c  [ 41347688046D49CDE0F6D138A534F73D, 3EF4157B47C103BC289E9C2BBDC2EFF3961EEAD0C40509076064FF7B9E75FF22 ] BCMModem        C:\WINDOWS\system32\DRIVERS\BCMSM.sys
20:59:32.0515 0x0d2c  BCMModem - ok
20:59:32.0578 0x0d2c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:59:32.0796 0x0d2c  Beep - ok
20:59:33.0000 0x0d2c  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:59:33.0468 0x0d2c  BITS - ok
20:59:33.0562 0x0d2c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
20:59:33.0703 0x0d2c  Browser - ok
20:59:33.0750 0x0d2c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:59:33.0968 0x0d2c  cbidf2k - ok
20:59:34.0000 0x0d2c  cd20xrnt - ok
20:59:34.0031 0x0d2c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:59:34.0250 0x0d2c  Cdaudio - ok
20:59:34.0343 0x0d2c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:59:34.0578 0x0d2c  Cdfs - ok
20:59:34.0640 0x0d2c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:59:34.0921 0x0d2c  Cdrom - ok
20:59:34.0937 0x0d2c  Changer - ok
20:59:34.0984 0x0d2c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:59:35.0203 0x0d2c  CiSvc - ok
20:59:35.0265 0x0d2c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:59:35.0500 0x0d2c  ClipSrv - ok
20:59:35.0656 0x0d2c  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:59:35.0703 0x0d2c  clr_optimization_v2.0.50727_32 - ok
20:59:35.0796 0x0d2c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:59:35.0843 0x0d2c  clr_optimization_v4.0.30319_32 - ok
20:59:35.0859 0x0d2c  CmdIde - ok
20:59:35.0890 0x0d2c  COMSysApp - ok
20:59:35.0921 0x0d2c  Cpqarray - ok
20:59:36.0015 0x0d2c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:59:36.0250 0x0d2c  CryptSvc - ok
20:59:36.0265 0x0d2c  dac2w2k - ok
20:59:36.0281 0x0d2c  dac960nt - ok
20:59:36.0468 0x0d2c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:59:36.0843 0x0d2c  DcomLaunch - ok
20:59:36.0953 0x0d2c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:59:37.0171 0x0d2c  Dhcp - ok
20:59:37.0250 0x0d2c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:59:37.0468 0x0d2c  Disk - ok
20:59:37.0484 0x0d2c  dmadmin - ok
20:59:37.0828 0x0d2c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:59:38.0484 0x0d2c  dmboot - ok
20:59:38.0593 0x0d2c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:59:38.0906 0x0d2c  dmio - ok
20:59:38.0953 0x0d2c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:59:39.0171 0x0d2c  dmload - ok
20:59:39.0218 0x0d2c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:59:39.0437 0x0d2c  dmserver - ok
20:59:39.0515 0x0d2c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:59:39.0734 0x0d2c  DMusic - ok
20:59:39.0812 0x0d2c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:59:39.0968 0x0d2c  Dnscache - ok
20:59:40.0078 0x0d2c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:59:40.0359 0x0d2c  Dot3svc - ok
20:59:40.0375 0x0d2c  doygnnwh - ok
20:59:40.0390 0x0d2c  dpti2o - ok
20:59:40.0453 0x0d2c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:59:40.0640 0x0d2c  drmkaud - ok
20:59:40.0765 0x0d2c  [ AC9CF17EE2AE003C98EB4F5336C38058, 40618641B6B2DD71A8C284EB25AF81CA219A82AE7AA91C4BB2B4A3D44A2B3BBF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:59:40.0843 0x0d2c  E100B - ok
20:59:40.0921 0x0d2c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:59:41.0156 0x0d2c  EapHost - ok
20:59:41.0218 0x0d2c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:59:41.0421 0x0d2c  ERSvc - ok
20:59:41.0531 0x0d2c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
20:59:41.0625 0x0d2c  Eventlog - ok
20:59:41.0781 0x0d2c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
20:59:41.0937 0x0d2c  EventSystem - ok
20:59:42.0046 0x0d2c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:59:42.0312 0x0d2c  Fastfat - ok
20:59:42.0406 0x0d2c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:59:42.0531 0x0d2c  FastUserSwitchingCompatibility - ok
20:59:42.0593 0x0d2c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
20:59:42.0828 0x0d2c  Fdc - ok
20:59:42.0890 0x0d2c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:59:43.0093 0x0d2c  Fips - ok
20:59:43.0156 0x0d2c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:59:43.0375 0x0d2c  Flpydisk - ok
20:59:43.0468 0x0d2c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:59:43.0703 0x0d2c  FltMgr - ok
20:59:43.0859 0x0d2c  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:59:43.0875 0x0d2c  FontCache3.0.0.0 - ok
20:59:43.0953 0x0d2c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:59:44.0140 0x0d2c  Fs_Rec - ok
20:59:44.0234 0x0d2c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:59:44.0468 0x0d2c  Ftdisk - ok
20:59:44.0500 0x0d2c  ftvbfafi - ok
20:59:44.0578 0x0d2c  [ FE4D369172AC1CC19C876BDB5BDC31A3, B02D58846C11D63DED9D211A271B1A01788FA162E8CD34645DBEFF136173FB92 ] gfiark          C:\WINDOWS\system32\drivers\gfiark.sys
20:59:44.0625 0x0d2c  gfiark - ok
20:59:44.0687 0x0d2c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:59:44.0890 0x0d2c  Gpc - ok
20:59:45.0046 0x0d2c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate1cca302f48063fe C:\Program Files\Google\Update\GoogleUpdate.exe
20:59:45.0109 0x0d2c  gupdate1cca302f48063fe - ok
20:59:45.0171 0x0d2c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:59:45.0203 0x0d2c  gupdatem - ok
20:59:45.0218 0x0d2c  HeadlineAlley_29Service - ok
20:59:45.0343 0x0d2c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:59:45.0578 0x0d2c  helpsvc - ok
20:59:45.0640 0x0d2c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
20:59:45.0859 0x0d2c  HidServ - ok
20:59:45.0906 0x0d2c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:59:46.0109 0x0d2c  HidUsb - ok
20:59:46.0171 0x0d2c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:59:46.0375 0x0d2c  hkmsvc - ok
20:59:46.0406 0x0d2c  hpn - ok
20:59:46.0546 0x0d2c  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:59:46.0718 0x0d2c  HTTP - ok
20:59:46.0781 0x0d2c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:59:46.0984 0x0d2c  HTTPFilter - ok
20:59:47.0015 0x0d2c  i2omgmt - ok
20:59:47.0031 0x0d2c  i2omp - ok
20:59:47.0093 0x0d2c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:59:47.0281 0x0d2c  i8042prt - ok
20:59:47.0656 0x0d2c  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:59:48.0265 0x0d2c  idsvc - ok
20:59:48.0343 0x0d2c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:59:48.0578 0x0d2c  Imapi - ok
20:59:48.0671 0x0d2c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:59:49.0031 0x0d2c  ImapiService - ok
20:59:49.0062 0x0d2c  ini910u - ok
20:59:49.0140 0x0d2c  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
20:59:49.0343 0x0d2c  IntelIde - ok
20:59:49.0421 0x0d2c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:59:49.0609 0x0d2c  intelppm - ok
20:59:49.0671 0x0d2c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:59:49.0968 0x0d2c  Ip6Fw - ok
20:59:50.0046 0x0d2c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:59:50.0343 0x0d2c  IpFilterDriver - ok
20:59:50.0421 0x0d2c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:59:51.0265 0x0d2c  IpInIp - ok
20:59:51.0375 0x0d2c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:59:52.0296 0x0d2c  IpNat - ok
20:59:52.0359 0x0d2c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:59:53.0171 0x0d2c  IPSec - ok
20:59:53.0281 0x0d2c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:59:53.0437 0x0d2c  IRENUM - ok
20:59:53.0484 0x0d2c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:59:53.0671 0x0d2c  isapnp - ok
20:59:53.0703 0x0d2c  jkplnzyp - ok
20:59:53.0984 0x0d2c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:59:54.0281 0x0d2c  Kbdclass - ok
20:59:54.0359 0x0d2c  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:59:54.0531 0x0d2c  kbdhid - ok
20:59:54.0656 0x0d2c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:59:55.0125 0x0d2c  kmixer - ok
20:59:55.0218 0x0d2c  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:59:55.0328 0x0d2c  KSecDD - ok
20:59:55.0343 0x0d2c  kvnvzxbe - ok
20:59:55.0437 0x0d2c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
20:59:55.0593 0x0d2c  LanmanServer - ok
20:59:55.0703 0x0d2c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:59:55.0968 0x0d2c  lanmanworkstation - ok
20:59:56.0000 0x0d2c  lbrtfdc - ok
20:59:56.0218 0x0d2c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:59:56.0421 0x0d2c  LmHosts - ok
20:59:56.0437 0x0d2c  lxdn_device - ok
20:59:56.0718 0x0d2c  [ F8B823414A22DBF3BEC10DCAA5F93CD8, 651C7521033439C0AA9006F1AC2CF376B1588CE781BEE4D10B7622FA3D055F6C ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
20:59:57.0000 0x0d2c  McciCMService - detected UnsignedFile.Multi.Generic ( 1 )
20:59:59.0890 0x0d2c  Detect skipped due to KSN trusted
20:59:59.0890 0x0d2c  McciCMService - ok
20:59:59.0937 0x0d2c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:00:00.0140 0x0d2c  Messenger - ok
21:00:00.0234 0x0d2c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:00:00.0421 0x0d2c  mnmdd - ok
21:00:00.0500 0x0d2c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
21:00:00.0671 0x0d2c  mnmsrvc - ok
21:00:00.0750 0x0d2c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:00:01.0031 0x0d2c  Modem - ok
21:00:01.0109 0x0d2c  [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:00:01.0296 0x0d2c  MODEMCSA - ok
21:00:01.0343 0x0d2c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:00:01.0531 0x0d2c  Mouclass - ok
21:00:01.0578 0x0d2c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:00:01.0812 0x0d2c  mouhid - ok
21:00:01.0890 0x0d2c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:00:02.0078 0x0d2c  MountMgr - ok
21:00:02.0093 0x0d2c  mraid35x - ok
21:00:02.0156 0x0d2c  [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:00:02.0187 0x0d2c  MREMP50 - detected UnsignedFile.Multi.Generic ( 1 )
21:00:04.0687 0x0d2c  Detect skipped due to KSN trusted
21:00:04.0703 0x0d2c  MREMP50 - ok
21:00:04.0734 0x0d2c  MREMPR5 - ok
21:00:04.0750 0x0d2c  MRENDIS5 - ok
21:00:04.0890 0x0d2c  [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:00:04.0937 0x0d2c  MRESP50 - detected UnsignedFile.Multi.Generic ( 1 )
21:00:07.0734 0x0d2c  Detect skipped due to KSN trusted
21:00:07.0734 0x0d2c  MRESP50 - ok
21:00:07.0906 0x0d2c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:00:08.0171 0x0d2c  MRxDAV - ok
21:00:08.0531 0x0d2c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:00:08.0937 0x0d2c  MRxSmb - ok
21:00:09.0000 0x0d2c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
21:00:09.0156 0x0d2c  MSDTC - ok
21:00:09.0265 0x0d2c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:00:09.0453 0x0d2c  Msfs - ok
21:00:09.0468 0x0d2c  MSIServer - ok
21:00:09.0546 0x0d2c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:00:09.0734 0x0d2c  MSKSSRV - ok
21:00:09.0765 0x0d2c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:00:10.0000 0x0d2c  MSPCLOCK - ok
21:00:10.0015 0x0d2c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:00:10.0203 0x0d2c  MSPQM - ok
21:00:10.0281 0x0d2c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:00:10.0468 0x0d2c  mssmbios - ok
21:00:10.0578 0x0d2c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:00:10.0687 0x0d2c  Mup - ok
21:00:10.0875 0x0d2c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:00:11.0203 0x0d2c  napagent - ok
21:00:11.0312 0x0d2c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:00:11.0562 0x0d2c  NDIS - ok
21:00:11.0625 0x0d2c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:00:11.0703 0x0d2c  NdisTapi - ok
21:00:11.0781 0x0d2c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:00:12.0000 0x0d2c  Ndisuio - ok
21:00:12.0062 0x0d2c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:00:12.0265 0x0d2c  NdisWan - ok
21:00:12.0359 0x0d2c  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:00:12.0468 0x0d2c  NDProxy - ok
21:00:12.0515 0x0d2c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:00:12.0718 0x0d2c  NetBIOS - ok
21:00:12.0812 0x0d2c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:00:13.0062 0x0d2c  NetBT - ok
21:00:13.0171 0x0d2c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:00:13.0390 0x0d2c  NetDDE - ok
21:00:13.0468 0x0d2c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:00:13.0640 0x0d2c  NetDDEdsdm - ok
21:00:13.0703 0x0d2c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:00:13.0906 0x0d2c  Netlogon - ok
21:00:14.0015 0x0d2c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
21:00:14.0265 0x0d2c  Netman - ok
21:00:14.0343 0x0d2c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:00:14.0406 0x0d2c  NetTcpPortSharing - ok
21:00:14.0531 0x0d2c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:00:14.0671 0x0d2c  Nla - ok
21:00:14.0750 0x0d2c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:00:14.0968 0x0d2c  Npfs - ok
21:00:15.0234 0x0d2c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:00:15.0703 0x0d2c  Ntfs - ok
21:00:15.0765 0x0d2c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
21:00:15.0921 0x0d2c  NtLmSsp - ok
21:00:16.0125 0x0d2c  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:00:16.0546 0x0d2c  NtmsSvc - ok
21:00:16.0609 0x0d2c  [ CF7E041663119E09D2E118521ADA9300, 0BDDEDA787CCBE34D515945717AF972143A3684F6D37F87B639D6A5371F381CC ] NuidFltr        C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
21:00:16.0656 0x0d2c  NuidFltr - ok
21:00:16.0703 0x0d2c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:00:16.0906 0x0d2c  Null - ok
21:00:16.0953 0x0d2c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:00:17.0125 0x0d2c  NwlnkFlt - ok
21:00:17.0187 0x0d2c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:00:17.0375 0x0d2c  NwlnkFwd - ok
21:00:17.0453 0x0d2c  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
21:00:17.0656 0x0d2c  Parport - ok
21:00:17.0703 0x0d2c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:00:17.0921 0x0d2c  PartMgr - ok
21:00:17.0968 0x0d2c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:00:18.0140 0x0d2c  ParVdm - ok
21:00:18.0203 0x0d2c  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:00:18.0390 0x0d2c  PCI - ok
21:00:18.0406 0x0d2c  PCIDump - ok
21:00:18.0453 0x0d2c  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\drivers\PCIIde.sys
21:00:18.0656 0x0d2c  PCIIde - ok
21:00:18.0734 0x0d2c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:00:19.0015 0x0d2c  Pcmcia - ok
21:00:19.0031 0x0d2c  PDCOMP - ok
21:00:19.0062 0x0d2c  PDFRAME - ok
21:00:19.0078 0x0d2c  PDRELI - ok
21:00:19.0109 0x0d2c  PDRFRAME - ok
21:00:19.0140 0x0d2c  perc2 - ok
21:00:19.0156 0x0d2c  perc2hib - ok
21:00:19.0281 0x0d2c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
21:00:19.0328 0x0d2c  PlugPlay - ok
21:00:19.0375 0x0d2c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:00:19.0546 0x0d2c  PolicyAgent - ok
21:00:19.0625 0x0d2c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:00:19.0843 0x0d2c  PptpMiniport - ok
21:00:19.0906 0x0d2c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:00:20.0062 0x0d2c  ProtectedStorage - ok
21:00:20.0156 0x0d2c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:00:20.0343 0x0d2c  PSched - ok
21:00:20.0421 0x0d2c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:00:20.0593 0x0d2c  Ptilink - ok
21:00:20.0656 0x0d2c  [ 7E1EACDECBA39E0B2A35306426F0DECC, AFBFDCA30F77846AC4B718DEE58B82DAC6743575CFA9A1D40FDBE22D38530F8A ] PxHelp20        C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
21:00:20.0687 0x0d2c  PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )
21:00:30.0796 0x0d2c  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:00:34.0265 0x0d2c  qedfctlk - ok
21:00:34.0296 0x0d2c  ql1080 - ok
21:00:34.0328 0x0d2c  Ql10wnt - ok
21:00:34.0343 0x0d2c  ql12160 - ok
21:00:34.0359 0x0d2c  ql1240 - ok
21:00:34.0390 0x0d2c  ql1280 - ok
21:00:34.0453 0x0d2c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:00:34.0625 0x0d2c  RasAcd - ok
21:00:34.0703 0x0d2c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:00:34.0937 0x0d2c  RasAuto - ok
21:00:35.0000 0x0d2c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:00:35.0187 0x0d2c  Rasl2tp - ok
21:00:35.0296 0x0d2c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:00:35.0531 0x0d2c  RasMan - ok
21:00:35.0578 0x0d2c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:00:35.0765 0x0d2c  RasPppoe - ok
21:00:35.0859 0x0d2c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:00:36.0046 0x0d2c  Raspti - ok
21:00:36.0171 0x0d2c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:00:36.0406 0x0d2c  Rdbss - ok
21:00:36.0468 0x0d2c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:00:36.0640 0x0d2c  RDPCDD - ok
21:00:36.0953 0x0d2c  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:00:37.0109 0x0d2c  RDPWD - ok
21:00:37.0218 0x0d2c  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:00:37.0437 0x0d2c  RDSessMgr - ok
21:00:37.0500 0x0d2c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:00:37.0687 0x0d2c  redbook - ok
21:00:37.0765 0x0d2c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:00:37.0984 0x0d2c  RemoteAccess - ok
21:00:38.0000 0x0d2c  rlsulccf - ok
21:00:38.0093 0x0d2c  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:00:38.0250 0x0d2c  RpcLocator - ok
21:00:38.0421 0x0d2c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
21:00:38.0593 0x0d2c  RpcSs - ok
21:00:38.0687 0x0d2c  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:00:38.0906 0x0d2c  RSVP - ok
21:00:38.0953 0x0d2c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:00:39.0109 0x0d2c  SamSs - ok
21:00:39.0171 0x0d2c  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:00:39.0203 0x0d2c  SASDIFSV - ok
21:00:39.0296 0x0d2c  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:00:39.0328 0x0d2c  SASKUTIL - ok
21:00:39.0343 0x0d2c  SBRE - ok
21:00:39.0453 0x0d2c  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:00:39.0640 0x0d2c  SCardSvr - ok
21:00:39.0781 0x0d2c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:00:40.0046 0x0d2c  Schedule - ok
21:00:40.0125 0x0d2c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:00:40.0203 0x0d2c  Secdrv - ok
21:00:40.0281 0x0d2c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:00:40.0468 0x0d2c  seclogon - ok
21:00:40.0500 0x0d2c  SecurityCenterServer2057567274 - ok
21:00:40.0515 0x0d2c  SecurityCenterServer4102177669 - ok
21:00:40.0546 0x0d2c  SecurityCenterServer689684949 - ok
21:00:40.0640 0x0d2c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
21:00:40.0875 0x0d2c  SENS - ok
21:00:40.0921 0x0d2c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
21:00:41.0125 0x0d2c  serenum - ok
21:00:41.0203 0x0d2c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
21:00:41.0390 0x0d2c  Serial - ok
21:00:41.0531 0x0d2c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:00:41.0703 0x0d2c  Sfloppy - ok
21:00:41.0859 0x0d2c  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:00:42.0250 0x0d2c  SharedAccess - ok
21:00:42.0328 0x0d2c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:00:42.0375 0x0d2c  ShellHWDetection - ok
21:00:42.0406 0x0d2c  Simbad - ok
21:00:42.0671 0x0d2c  [ 70B8DD8707DBF6142530C106365DF67D, 9865D66B811BE873E65B4B5E8BFC0DE14BBE5B622BABC036EC61BADE72DC52F3 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
21:00:43.0015 0x0d2c  smwdm - ok
21:00:43.0031 0x0d2c  Sparrow - ok
21:00:43.0093 0x0d2c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:00:43.0281 0x0d2c  splitter - ok
21:00:43.0359 0x0d2c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:00:43.0421 0x0d2c  Spooler - ok
21:00:43.0515 0x0d2c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:00:43.0609 0x0d2c  sr - ok
21:00:43.0703 0x0d2c  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:00:43.0906 0x0d2c  srservice - ok
21:00:44.0062 0x0d2c  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:00:44.0390 0x0d2c  Srv - ok
21:00:44.0484 0x0d2c  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:00:44.0625 0x0d2c  SSDPSRV - ok
21:00:44.0796 0x0d2c  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:00:45.0203 0x0d2c  stisvc - ok
21:00:45.0281 0x0d2c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:00:45.0453 0x0d2c  swenum - ok
21:00:45.0515 0x0d2c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:00:45.0703 0x0d2c  swmidi - ok
21:00:45.0718 0x0d2c  SwPrv - ok
21:00:45.0734 0x0d2c  symc810 - ok
21:00:45.0765 0x0d2c  symc8xx - ok
21:00:45.0781 0x0d2c  sym_hi - ok
21:00:45.0812 0x0d2c  sym_u3 - ok
21:00:45.0906 0x0d2c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:00:46.0140 0x0d2c  sysaudio - ok
21:00:46.0250 0x0d2c  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:00:46.0437 0x0d2c  SysmonLog - ok
21:00:46.0593 0x0d2c  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:00:46.0921 0x0d2c  TapiSrv - ok
21:00:47.0093 0x0d2c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:00:47.0375 0x0d2c  Tcpip - ok
21:00:47.0437 0x0d2c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:00:47.0609 0x0d2c  TDPIPE - ok
21:00:47.0640 0x0d2c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:00:47.0843 0x0d2c  TDTCP - ok
21:00:47.0906 0x0d2c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:00:48.0109 0x0d2c  TermDD - ok
21:00:48.0265 0x0d2c  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
21:00:48.0562 0x0d2c  TermService - ok
21:00:48.0687 0x0d2c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:00:48.0734 0x0d2c  Themes - ok
21:00:48.0750 0x0d2c  TosIde - ok
21:00:48.0859 0x0d2c  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:00:49.0140 0x0d2c  TrkWks - ok
21:00:49.0234 0x0d2c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:00:49.0421 0x0d2c  Udfs - ok
21:00:49.0453 0x0d2c  ultra - ok
21:00:49.0640 0x0d2c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:00:50.0031 0x0d2c  Update - ok
21:00:50.0156 0x0d2c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:00:50.0328 0x0d2c  upnphost - ok
21:00:50.0359 0x0d2c  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
21:00:50.0531 0x0d2c  UPS - ok
21:00:50.0609 0x0d2c  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:00:50.0687 0x0d2c  usbccgp - ok
21:00:50.0750 0x0d2c  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:00:50.0796 0x0d2c  usbehci - ok
21:00:50.0890 0x0d2c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:00:51.0093 0x0d2c  usbhub - ok
21:00:51.0171 0x0d2c  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:00:51.0359 0x0d2c  usbprint - ok
21:00:51.0421 0x0d2c  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:00:51.0515 0x0d2c  usbscan - ok
21:00:51.0562 0x0d2c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:00:51.0750 0x0d2c  usbstor - ok
21:00:51.0812 0x0d2c  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:00:52.0062 0x0d2c  usbuhci - ok
21:00:52.0125 0x0d2c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:00:52.0312 0x0d2c  VgaSave - ok
21:00:52.0343 0x0d2c  ViaIde - ok
21:00:52.0421 0x0d2c  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:00:52.0625 0x0d2c  VolSnap - ok
21:00:52.0765 0x0d2c  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
21:00:52.0937 0x0d2c  VSS - ok
21:00:53.0031 0x0d2c  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
21:00:53.0234 0x0d2c  W32Time - ok
21:00:53.0296 0x0d2c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:00:53.0484 0x0d2c  Wanarp - ok
21:00:53.0703 0x0d2c  [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:00:53.0968 0x0d2c  Wdf01000 - ok
21:00:54.0000 0x0d2c  WDICA - ok
21:00:54.0078 0x0d2c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:00:54.0265 0x0d2c  wdmaud - ok
21:00:54.0359 0x0d2c  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:00:54.0562 0x0d2c  WebClient - ok
21:00:54.0765 0x0d2c  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:00:55.0062 0x0d2c  winmgmt - ok
21:00:55.0171 0x0d2c  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
21:00:55.0250 0x0d2c  WmdmPmSN - ok
21:00:55.0343 0x0d2c  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:00:55.0546 0x0d2c  WmiApSrv - ok
21:00:56.0015 0x0d2c  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
21:00:56.0656 0x0d2c  WMPNetworkSvc - ok
21:00:57.0062 0x0d2c  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:00:57.0500 0x0d2c  WPFFontCache_v0400 - ok
21:00:57.0609 0x0d2c  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:00:57.0812 0x0d2c  wscsvc - ok
21:00:57.0937 0x0d2c  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:00:58.0156 0x0d2c  wuauserv - ok
21:00:58.0250 0x0d2c  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:00:58.0328 0x0d2c  WudfPf - ok
21:00:58.0406 0x0d2c  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:00:58.0484 0x0d2c  WudfRd - ok
21:00:58.0546 0x0d2c  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
21:00:58.0609 0x0d2c  WudfSvc - ok
21:00:58.0828 0x0d2c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:00:59.0296 0x0d2c  WZCSVC - ok
21:00:59.0406 0x0d2c  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:00:59.0640 0x0d2c  xmlprov - ok
21:00:59.0656 0x0d2c  xxikjdlj - ok
21:00:59.0671 0x0d2c  ================ Scan global ===============================
21:00:59.0750 0x0d2c  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
21:00:59.0953 0x0d2c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
21:01:00.0171 0x0d2c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
21:01:00.0250 0x0d2c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
21:01:00.0265 0x0d2c  [ Global ] - ok
21:01:00.0265 0x0d2c  ================ Scan MBR ==================================
21:01:00.0312 0x0d2c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:01:00.0734 0x0d2c  \Device\Harddisk0\DR0 - ok
21:01:00.0734 0x0d2c  ================ Scan VBR ==================================
21:01:00.0781 0x0d2c  [ 014E91DAD1F9E319EFD18733B2B06C90 ] \Device\Harddisk0\DR0\Partition1
21:01:00.0781 0x0d2c  \Device\Harddisk0\DR0\Partition1 - ok
21:01:00.0796 0x0d2c  ================ Scan generic autorun ======================
21:01:00.0953 0x0d2c  [ 5E4C9C25D603AE46DEDCBD9674F86E21, 276490CA810DA0BCDC32236D7E63FEAE62228DAFD4D65724D012BB068497B7E3 ] C:\Program Files\Java\jre6\bin\jusched.exe
21:01:01.0031 0x0d2c  SunJavaUpdateSched - ok
21:01:02.0484 0x0d2c  [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
21:01:05.0171 0x0d2c  AvastUI.exe - ok
21:01:05.0250 0x0d2c  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
21:01:05.0421 0x0d2c  ctfmon.exe - ok
21:01:05.0843 0x0d2c  [ EB5272718A9393048BDF445853FBA005, 31BCC8504B26440813D06E58E91F1C3C011E8403B692D4DE2D37D8055F599D74 ] C:\Documents and Settings\Welcome\Local Settings\Apps\2.0\A8YBZTQ3.20R\T6A8Q6PE.CGJ\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
21:01:05.0984 0x0d2c  DellSystemDetect - ok
21:01:05.0984 0x0d2c  Waiting for KSN requests completion. In queue: 79
21:01:06.0984 0x0d2c  Waiting for KSN requests completion. In queue: 79
21:01:07.0984 0x0d2c  Waiting for KSN requests completion. In queue: 3
21:01:09.0031 0x0d2c  AV detected via SS1: avast! Antivirus, 5.0.150996965, enabled, updated
21:01:09.0031 0x0d2c  AV detected via SS1: Microsoft Security Essentials, 2.1.6805.0, disabled, updated
21:01:09.0046 0x0d2c  Win FW state via NFM: enabled
21:01:11.0609 0x0d2c  ============================================================
21:01:11.0609 0x0d2c  Scan finished
21:01:11.0609 0x0d2c  ============================================================
21:01:11.0640 0x0eec  Detected object count: 1
21:01:11.0640 0x0eec  Actual detected object count: 1
21:08:49.0859 0x0eec  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:08:49.0859 0x0eec  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Welcome (administrator) on HOME-7FF53ACCFC on 17-09-2014 21:17:00
Running from C:\Documents and Settings\Welcome\My Documents\Downloads
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
( ) C:\WINDOWS\system32\lxdncoms.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Documents and Settings\Welcome\My Documents\Downloads\tdsskiller.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [149280 2009-10-30] (Sun Microsystems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-24] (AVAST Software)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-1606980848-1417001333-1644491937-1003\...\Run: [DellSystemDetect] => C:\Documents and Settings\Welcome\Local Settings\Apps\2.0\A8YBZTQ3.20R\T6A8Q6PE.CGJ\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-09-17] (Dell)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
AlternateShell: 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:6092
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10432
SearchScopes: HKCU - {9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55} URL = 
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - FindWide Toolbar - {314C5311-F0D4-4F15-BD24-E245C0F0865B} -  No File
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB
DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Welcome\Application Data\Mozilla\Firefox\Profiles\5rnub7n5.default
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.1: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @funwebproducts.com/Plugin -> C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tightropeinteractive.com/Plugin -> C:\Documents and Settings\Welcome\Local Settings\Application Data\TNT2\2.0.0.1599\npTNT2.dll No File
FF Plugin HKCU: @tnt2ghost.com/Plugin -> C:\Documents and Settings\Welcome\Local Settings\Application Data\TNT2\2.0.0.1599\npTNT2ghost.dll No File
FF user.js: detected! => C:\Documents and Settings\Welcome\Application Data\Mozilla\Firefox\Profiles\5rnub7n5.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Welcome\Application Data\Mozilla\Firefox\Profiles\5rnub7n5.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Documents and Settings\Welcome\Application Data\Mozilla\Firefox\Profiles\5rnub7n5.default\searchplugins\egames.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Yahooober1000699031.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Yahooober115030484.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Yahooober200403375.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Yahooober22716390.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Yahooober23104828.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Yahooober333156562.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Yahooober37721000.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Yahooober435661156.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Yahooober6771468.xml
FF Extension: Shockwave Game Bar - C:\Documents and Settings\Welcome\Application Data\Mozilla\Firefox\Profiles\5rnub7n5.default\Extensions\toolbar@ask.com [2012-03-27]
FF Extension: No Name - C:\Documents and Settings\Welcome\Application Data\Mozilla\Firefox\Profiles\5rnub7n5.default\Extensions\{b2b46577-0217-4ec5-a467-7a1e8d0d7b71} [2010-09-13]
FF HKLM\...\Firefox\Extensions: [{2FE403C5-4500-4AF8-9A5A-10EDCA7E7187}] - C:\Documents and Settings\Welcome\Local Settings\Application Data\{2FE403C5-4500-4AF8-9A5A-10EDCA7E7187}
FF Extension: XULRunner - C:\Documents and Settings\Welcome\Local Settings\Application Data\{2FE403C5-4500-4AF8-9A5A-10EDCA7E7187} [2010-09-12]
FF HKLM\...\Firefox\Extensions: [{98e34367-8df7-42b4-837b-20b892ff0849}] - C:\Program Files\iWin Games\firefox
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-23]
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> www.yahoo.com
CHR DefaultSearchProvider: Default -> Yahoo! (Avast)
CHR CustomProfile: C:\Documents and Settings\Welcome\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Welcome\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-24]
CHR Extension: (YouTube) - C:\Documents and Settings\Welcome\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-27]
CHR Extension: (Google Search) - C:\Documents and Settings\Welcome\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Welcome\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (Gmail) - C:\Documents and Settings\Welcome\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-23]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-24] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-23] (AVAST Software)
S2 gupdate1cca302f48063fe; C:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-11-14] (Google Inc.)
R2 lxdn_device; C:\WINDOWS\system32\lxdncoms.exe [589824 2007-11-28] ( )
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
S2 HeadlineAlley_29Service; C:\PROGRA~1\HEADLI~2\bar\1.bin\29barsvc.exe [X]
S2 SecurityCenterServer2057567274; "C:\WINDOWS\system32\ytkax.exe" -service "C:\Documents and Settings\Welcome\Application Data\Suuxyf\qoavy.exe"
S2 SecurityCenterServer4102177669; "C:\WINDOWS\system32\awfyrikyt.exe" -service "C:\Documents and Settings\Welcome\Application Data\Owbeygab\enekes.exe"
S2 SecurityCenterServer689684949; "C:\WINDOWS\system32\suluiregic.exe" -service "C:\Documents and Settings\Welcome\Application Data\Upwufosa\oqihuz.exe"
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-23] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-23] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-24] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-23] ()
R3 ati2mtaa; C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [327040 2008-04-13] (ATI Technologies Inc.)
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 doygnnwh; \??\C:\WINDOWS\system32\drivers\doygnnwh.sys [X]
S1 ftvbfafi; \??\C:\WINDOWS\system32\drivers\ftvbfafi.sys [X]
S1 jkplnzyp; \??\C:\WINDOWS\system32\drivers\jkplnzyp.sys [X]
S1 kvnvzxbe; \??\C:\WINDOWS\system32\drivers\kvnvzxbe.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S1 qedfctlk; \??\C:\WINDOWS\system32\drivers\qedfctlk.sys [X]
S1 rlsulccf; \??\C:\WINDOWS\system32\drivers\rlsulccf.sys [X]
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
U1 WS2IFSL; No ImagePath
S1 xxikjdlj; \??\C:\WINDOWS\system32\drivers\xxikjdlj.sys [X]
U3 mbr; \??\C:\DOCUME~1\Welcome\LOCALS~1\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-17 21:16 - 2014-09-17 21:17 - 00000000 ____D () C:\FRST
2014-09-17 20:02 - 2014-09-17 20:02 - 00022758 _____ () C:\Documents and Settings\Welcome\Desktop\attach.txt
2014-09-17 20:02 - 2014-09-17 20:02 - 00011465 _____ () C:\Documents and Settings\Welcome\Desktop\dds.txt
2014-09-17 18:41 - 2014-09-17 18:41 - 00000000 ____D () C:\Documents and Settings\Welcome\Application Data\Dell
2014-09-17 18:40 - 2014-09-17 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr
2014-09-17 18:40 - 2014-09-17 18:40 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-09-17 18:40 - 2014-09-17 18:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2014-09-17 18:36 - 2014-09-17 18:40 - 00000000 ____D () C:\Program Files\My Dell
2014-09-17 18:29 - 2014-09-17 18:30 - 00000000 ____D () C:\Documents and Settings\Welcome\Local Settings\Application Data\Deployment
2014-09-17 18:29 - 2014-09-17 18:29 - 00000000 ____D () C:\Documents and Settings\Welcome\Start Menu\Programs\Dell
2014-09-15 22:11 - 2014-09-15 22:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Sophos
2014-09-15 22:10 - 2014-09-15 22:10 - 00002078 _____ () C:\Documents and Settings\Welcome\Desktop\Sophos Virus Removal Tool.lnk
2014-09-15 22:09 - 2014-09-15 22:09 - 00000000 ____D () C:\Program Files\Sophos
2014-09-15 22:09 - 2014-09-15 22:09 - 00000000 ____D () C:\Documents and Settings\Welcome\Start Menu\Programs\Sophos
2014-09-14 11:55 - 2014-09-14 11:55 - 00000000 ____D () C:\Documents and Settings\Welcome\Local Settings\Application Data\Adobe
2014-08-24 12:53 - 2014-08-24 13:12 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 12:52 - 2014-08-24 12:52 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-24 12:52 - 2014-08-24 12:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 12:51 - 2014-08-24 12:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-24 12:51 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-24 12:51 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-24 12:26 - 2014-08-24 12:26 - 00000000 ____D () C:\SUPERDelete
2014-08-23 12:39 - 2014-08-23 12:39 - 00000000 ____D () C:\Documents and Settings\Welcome\Application Data\AVAST Software
2014-08-23 12:37 - 2014-08-23 12:37 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-08-23 12:36 - 2014-08-23 12:36 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-23 12:36 - 2014-08-23 12:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-08-23 12:27 - 2014-09-17 18:00 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-23 12:26 - 2014-08-24 11:58 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-23 12:26 - 2014-08-23 12:26 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-23 12:26 - 2014-08-23 12:26 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-23 12:26 - 2014-08-23 12:26 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-23 12:26 - 2014-08-23 12:26 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-23 12:26 - 2014-08-23 12:26 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-08-23 12:26 - 2014-08-23 12:26 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-08-23 12:26 - 2014-08-23 12:26 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-23 12:26 - 2014-08-23 12:26 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-23 12:26 - 2014-08-23 12:26 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-23 12:22 - 2014-08-23 12:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-23 11:54 - 2014-08-23 11:54 - 04862664 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_free_antivirus_setup_online[1].exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-17 21:17 - 2014-09-17 21:16 - 00000000 ____D () C:\FRST
2014-09-17 21:17 - 2009-10-30 13:45 - 00000000 ____D () C:\Documents and Settings\Welcome\Local Settings\Temp
2014-09-17 21:15 - 2012-03-27 17:45 - 00000238 _____ () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2014-09-17 21:15 - 2011-09-16 17:02 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 21:07 - 2013-09-11 23:07 - 00000354 _____ () C:\WINDOWS\Tasks\TidyNetwork Update.job
2014-09-17 21:00 - 2014-06-15 05:45 - 00000888 _____ () C:\WINDOWS\Tasks\Security Center Update - 3636199357.job
2014-09-17 21:00 - 2014-06-15 01:46 - 00000884 _____ () C:\WINDOWS\Tasks\Security Center Update - 3710057114.job
2014-09-17 20:55 - 2012-04-25 14:40 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-17 20:20 - 2009-10-30 13:44 - 00032254 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-17 20:02 - 2014-09-17 20:02 - 00022758 _____ () C:\Documents and Settings\Welcome\Desktop\attach.txt
2014-09-17 20:02 - 2014-09-17 20:02 - 00011465 _____ () C:\Documents and Settings\Welcome\Desktop\dds.txt
2014-09-17 19:42 - 2009-12-07 08:01 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-09-17 18:46 - 2011-07-28 18:50 - 00000000 ____D () C:\Temp
2014-09-17 18:43 - 2009-10-30 08:29 - 00934958 _____ () C:\WINDOWS\setupapi.log
2014-09-17 18:41 - 2014-09-17 18:41 - 00000000 ____D () C:\Documents and Settings\Welcome\Application Data\Dell
2014-09-17 18:41 - 2014-09-17 18:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr
2014-09-17 18:40 - 2014-09-17 18:40 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-09-17 18:40 - 2014-09-17 18:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2014-09-17 18:40 - 2014-09-17 18:36 - 00000000 ____D () C:\Program Files\My Dell
2014-09-17 18:31 - 2012-06-02 14:26 - 00000000 ____D () C:\Documents and Settings\Welcome\Application Data\PCDr
2014-09-17 18:30 - 2014-09-17 18:29 - 00000000 ____D () C:\Documents and Settings\Welcome\Local Settings\Application Data\Deployment
2014-09-17 18:29 - 2014-09-17 18:29 - 00000000 ____D () C:\Documents and Settings\Welcome\Start Menu\Programs\Dell
2014-09-17 18:19 - 2009-10-30 13:39 - 01626813 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-17 18:05 - 2013-01-05 14:58 - 00000426 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{F23CE044-2980-4812-BC98-A47AF51057D1}.job
2014-09-17 18:00 - 2014-08-23 12:27 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-17 18:00 - 2014-03-28 08:09 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-17 18:00 - 2011-09-16 17:02 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 18:00 - 2009-10-30 13:44 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-17 18:00 - 2009-10-30 08:32 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-09-17 18:00 - 2009-10-30 08:32 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-17 05:52 - 2009-10-30 13:45 - 00000178 ___SH () C:\Documents and Settings\Welcome\ntuser.ini
2014-09-15 22:12 - 2014-09-15 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Sophos
2014-09-15 22:10 - 2014-09-15 22:10 - 00002078 _____ () C:\Documents and Settings\Welcome\Desktop\Sophos Virus Removal Tool.lnk
2014-09-15 22:09 - 2014-09-15 22:09 - 00000000 ____D () C:\Program Files\Sophos
2014-09-15 22:09 - 2014-09-15 22:09 - 00000000 ____D () C:\Documents and Settings\Welcome\Start Menu\Programs\Sophos
2014-09-15 08:59 - 2009-10-31 18:25 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats
2014-09-14 11:55 - 2014-09-14 11:55 - 00000000 ____D () C:\Documents and Settings\Welcome\Local Settings\Application Data\Adobe
2014-09-13 07:05 - 2013-08-03 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-13 06:57 - 2012-04-25 14:40 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-13 06:57 - 2011-11-14 15:23 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-13 06:46 - 2009-10-30 14:06 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 19:07 - 2014-03-28 08:09 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-06 12:41 - 2008-04-14 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-24 13:12 - 2014-08-24 12:53 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 12:52 - 2014-08-24 12:52 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-24 12:52 - 2014-08-24 12:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 12:51 - 2014-08-24 12:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-24 12:51 - 2009-11-20 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-24 12:26 - 2014-08-24 12:26 - 00000000 ____D () C:\SUPERDelete
2014-08-24 12:24 - 2014-06-16 14:43 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-24 11:58 - 2014-08-23 12:26 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-23 12:39 - 2014-08-23 12:39 - 00000000 ____D () C:\Documents and Settings\Welcome\Application Data\AVAST Software
2014-08-23 12:37 - 2014-08-23 12:37 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-08-23 12:36 - 2014-08-23 12:36 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-23 12:36 - 2014-08-23 12:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-08-23 12:26 - 2014-08-23 12:26 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-23 12:26 - 2014-08-23 12:26 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-23 12:26 - 2014-08-23 12:26 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-23 12:26 - 2014-08-23 12:26 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-23 12:26 - 2014-08-23 12:26 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-08-23 12:26 - 2014-08-23 12:26 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-08-23 12:26 - 2014-08-23 12:26 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-23 12:26 - 2014-08-23 12:26 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-23 12:26 - 2014-08-23 12:26 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-23 12:22 - 2014-08-23 12:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-23 12:22 - 2014-06-07 15:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-23 11:54 - 2014-08-23 11:54 - 04862664 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_free_antivirus_setup_online[1].exe
2014-08-23 11:36 - 2011-09-16 17:02 - 00000000 ____D () C:\Program Files\Google
2014-08-23 11:28 - 2011-07-04 16:27 - 00000000 ____D () C:\Program Files\iWin.com Games
2014-08-23 11:27 - 2011-09-16 17:02 - 00000000 ____D () C:\Documents and Settings\Welcome\Local Settings\Application Data\Google
2014-08-23 11:27 - 2011-09-16 17:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
 
Some content of TEMP:
====================
C:\Documents and Settings\Welcome\Local Settings\Temp\6_Offer_15.exe
C:\Documents and Settings\Welcome\Local Settings\Temp\b4bc01ef-235f-4cfe-9cf4-0282978fa186.exe
C:\Documents and Settings\Welcome\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\Welcome\Local Settings\Temp\mpam-b0963ad9.exe
C:\Documents and Settings\Welcome\Local Settings\Temp\{6A0001F9-44EC-4035-A2AC-AB96933E41CD}-35.0.1916.153_chrome_installer.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Welcome at 2014-09-17 21:18:15
Running from C:\Documents and Settings\Welcome\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ATT-PRT22 (HKLM\...\ATT-PRT22) (Version:  - )
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version:  - )
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )
Bejeweled Deluxe 1.862 (HKLM\...\Bejeweled Deluxe 1.862) (Version:  - )
Casino Collection (HKLM\...\Casino Collection) (Version: 1.0 - On Hand Software)
Define Ext (HKCU\...\Define Ext) (Version: 8 - DefineExt.com) <==== ATTENTION
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Family Tree Maker 2012 (HKLM\...\Family Tree Maker 2012) (Version: 21.0.388 - Ancestry.com, Inc.)
Family Tree Maker 2012 (Version: 21.0.388 - Ancestry.com, Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Java™ 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Luxor (remove only) (HKLM\...\Luxor) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.5.3 - Sonic Solutions)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB975364) (HKLM\...\KB975364-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB976749) (Version: 1 - Microsoft Corporation) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
West Coast Swing Bundle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118922420}) (Version:  - Oberon Media)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1606980848-1417001333-1644491937-1003_Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}\InprocServer32 -> C:\Documents and Settings\Welcome\Local Settings\Application Data\TNT2\2.0.0.1599\TNT2UserPS.dll ()
CustomCLSID: HKU\S-1-5-21-1606980848-1417001333-1644491937-1003_Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}\localserver32 -> "C:\Documents and Settings\Welcome\Local Settings\Application Data\TNT2\2.0.0.1599\TNT2User.exe" No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1606980848-1417001333-1644491937-1003_Classes\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B}\InprocServer32 -> C:\Documents and Settings\Welcome\Local Settings\Application Data\TidyNetwork.com\tidy2ie.dll No Fil (the data entry has 1 more characters).
 
==================== Restore Points  =========================
 
18-06-2014 21:35:07 AA11
22-06-2014 01:57:50 System Checkpoint
24-06-2014 21:48:43 System Checkpoint
29-06-2014 17:27:56 System Checkpoint
30-06-2014 18:02:19 System Checkpoint
01-07-2014 18:40:27 System Checkpoint
02-07-2014 19:26:49 System Checkpoint
03-07-2014 19:42:36 System Checkpoint
12-07-2014 12:11:52 Software Distribution Service 3.0
25-07-2014 15:42:20 System Checkpoint
26-07-2014 16:27:16 System Checkpoint
27-07-2014 17:27:15 System Checkpoint
31-07-2014 21:51:37 System Checkpoint
01-08-2014 22:32:35 System Checkpoint
05-08-2014 17:45:54 System Checkpoint
15-08-2014 10:20:01 System Checkpoint
16-08-2014 16:21:15 Software Distribution Service 3.0
17-08-2014 16:41:37 System Checkpoint
18-08-2014 17:41:30 System Checkpoint
23-08-2014 15:57:12 avast! antivirus system restore point
23-08-2014 16:22:16 avast! antivirus system restore point
24-08-2014 17:40:14 System Checkpoint
28-08-2014 17:37:30 System Checkpoint
05-09-2014 16:14:42 System Checkpoint
13-09-2014 03:42:02 Software Distribution Service 3.0
14-09-2014 16:24:50 System Checkpoint
16-09-2014 02:09:06 Installed Sophos Virus Removal Tool.
17-09-2014 04:09:01 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 08:00 - 2008-04-14 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe
Task: C:\WINDOWS\Tasks\Security Center Update - 3636199357.job => C:\Documents and Settings\Welcome\Application Data\Uvsuqeir\nuqid.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Security Center Update - 3710057114.job => C:\Documents and Settings\Welcome\Application Data\Ryabob\hovouqi.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\TidyNetwork Update.job => C:\Documents and Settings\Welcome\Local Settings\Application Data\TidyNetwork.com\tidy2update.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F23CE044-2980-4812-BC98-A47AF51057D1}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-23 12:26 - 2014-08-23 12:26 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-17 18:13 - 2014-09-17 18:13 - 02865152 _____ () C:\Program Files\AVAST Software\Avast\defs\14091701\algo.dll
2009-08-13 13:02 - 2009-08-13 13:02 - 00147968 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxdndrpp.dll
2014-08-23 12:26 - 2014-08-23 12:26 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-05-27 09:58 - 2009-05-27 09:58 - 00811008 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnptpc.dll
2009-08-13 13:03 - 2009-08-13 13:03 - 00162304 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdndrui.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-09-14 11:51 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-14 11:51 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-14 11:51 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:029E021F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:093F44E8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0F0BD2EE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:13BC918C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2A8CD561
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:52FE3CCD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:550179F5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6622852D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6DCFAD3B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6F16D671
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7D6E8689
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:82CE4560
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8F7ECF6A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:940C4202
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:94188BC6
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AD7CAA15
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AE8D8202
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B310C233
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B7EE0B6B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B84EF836
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B85A9C0F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C44E62F1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C5509429
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C966DE9F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D8EA2847
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DB0CD29E
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F4BE8180
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:FAB275B8
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Ahigfaiq => "C:\Documents and Settings\Welcome\Application Data\Aqukiwi\ypqed.exe"
MSCONFIG\startupreg: Amhahega => "C:\Documents and Settings\Welcome\Application Data\Urvyel\ykolgoh.exe"
MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe
MSCONFIG\startupreg: Cykael => "C:\Documents and Settings\Welcome\Application Data\Uvsuqeir\nuqid.exe"
MSCONFIG\startupreg: Eckee => "C:\Documents and Settings\Welcome\Application Data\Ahaqquiz\waizb.exe"
MSCONFIG\startupreg: Exwyywmezyyf => "C:\Documents and Settings\Welcome\Application Data\Suuxyf\qoavy.exe"
MSCONFIG\startupreg: Hibot => "C:\Documents and Settings\Welcome\Application Data\Hoycok\ernihy.exe"
MSCONFIG\startupreg: Qiytazquhoa => "C:\Documents and Settings\Welcome\Application Data\Ovuretut\osildeu.exe"
MSCONFIG\startupreg: Qosyrat => "C:\Documents and Settings\Welcome\Application Data\Upwufosa\oqihuz.exe"
MSCONFIG\startupreg: Sonaaqiwovasp => "C:\Documents and Settings\Welcome\Application Data\Baineg\azcaoci.exe"
MSCONFIG\startupreg: Sonic RecordNow! => 
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: ubgvwmvv => "C:\Documents and Settings\Welcome\Local Settings\Application Data\aubvmjlk.exe"
MSCONFIG\startupreg: Uhdayquq => "C:\Documents and Settings\Welcome\Application Data\Owbeygab\enekes.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/17/2014 05:51:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/14/2014 11:57:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.7.79, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/14/2014 11:40:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/11/2014 07:09:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/24/2014 00:36:42 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1180947459.
 
Error: (08/24/2014 00:36:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/23/2014 00:14:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/21/2014 07:08:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/16/2014 00:46:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/16/2014 00:46:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (09/17/2014 06:00:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center Server - 689684949 service failed to start due to the following error: 
%%2
 
Error: (09/17/2014 06:00:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center Server - 4102177669 service failed to start due to the following error: 
%%2
 
Error: (09/17/2014 06:00:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center Server - 2057567274 service failed to start due to the following error: 
%%2
 
Error: (09/17/2014 06:00:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HeadlineAlleyService service failed to start due to the following error: 
%%3
 
Error: (09/16/2014 10:21:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center Server - 689684949 service failed to start due to the following error: 
%%2
 
Error: (09/16/2014 10:21:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center Server - 4102177669 service failed to start due to the following error: 
%%2
 
Error: (09/16/2014 10:21:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center Server - 2057567274 service failed to start due to the following error: 
%%2
 
Error: (09/16/2014 10:21:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HeadlineAlleyService service failed to start due to the following error: 
%%3
 
Error: (09/16/2014 05:16:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center Server - 689684949 service failed to start due to the following error: 
%%2
 
Error: (09/16/2014 05:16:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center Server - 4102177669 service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (09/17/2014 05:51:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (09/14/2014 11:57:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AcroRd32.exe11.0.7.79hungapp0.0.0.000000000
 
Error: (09/14/2014 11:40:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (09/11/2014 07:09:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/24/2014 00:36:42 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 1180947459
 
Error: (08/24/2014 00:36:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/23/2014 00:14:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/21/2014 07:08:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/16/2014 00:46:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/16/2014 00:46:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 2.53GHz
Percentage of memory in use: 57%
Total physical RAM: 767 MB
Available physical RAM: 322.62 MB
Total Pagefile: 1493.65 MB
Available Pagefile: 1002.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.26 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.52 GB) (Free:53.58 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 40EC4A47)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 18 September 2014 - 03:48 PM

Hello,

But it keeps telling me that the PC is still infected with the Boot:Cidox-A[Rtk].

Can you please post the exact message what has been found where.


In addition:


Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Double click on downloaded file. OK self extracting prompt.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"


#5 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 18 September 2014 - 06:39 PM

Here are the log from the MBAR scan

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.09.18.09
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Welcome :: HOME-7FF53ACCFC [administrator]
 
9/18/2014 6:25:54 PM
mbar-log-2014-09-18 (18-25-54).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 282528
Time elapsed: 51 minute(s), 39 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2057567274 (Trojan.Agent.SCS) -> Delete on reboot. [e03c8f60afcc181e65921e2356aecc34]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer4102177669 (Trojan.Agent.SCS) -> Delete on reboot. [9686d6191d5e11250fe8d170996b08f8]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer689684949 (Trojan.Agent.SCS) -> Delete on reboot. [49d3519e265548eeb4432e1372926b95]
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\WINDOWS\Tasks\Security Center Update - 3636199357.job (Trojan.Agent.RvGen) -> Delete on reboot. [948841ae0e6dd5612dd845f5c04418e8]
C:\WINDOWS\Tasks\Security Center Update - 3710057114.job (Trojan.Agent.RvGen) -> Delete on reboot. [56c6f9f6156665d1838299a1fe0607f9]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_16
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.524000 GHz
Memory total: 804261888, free: 326914048
 
Downloaded database version: v2014.09.18.09
Downloaded database version: v2014.09.18.01
=======================================
Initializing...
------------ Kernel report ------------
     09/18/2014 18:25:14
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
agp440.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtaa.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\BCMSM.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\aswTdi.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvaa.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82f8aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff82f8dd98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82f8aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82fe42a8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82f8aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82f8dd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 40EC4A47
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 156280257
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 80026361856 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
Infected: C:\WINDOWS\Tasks\Security Center Update - 3636199357.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 3710057114.job --> [Trojan.Agent.RvGen]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2057567274 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer4102177669 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer689684949 --> [Trojan.Agent.SCS]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 19 September 2014 - 04:12 PM

But it keeps telling me that the PC is still infected with the Boot:Cidox-A[Rtk].

Can you please post the exact message what has been found where.

#7 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 19 September 2014 - 07:44 PM

This is what appears almost every time I boot the PC up.

 

  avast! File System Shield has blocked a threat No further action is required.

Object C:\$Boot

 

Infection: Boot:Cidox-A [Rtk]

Process: C:\Program Files\...\AvastSvc.exe

 

After a few minutes it disappears and then this pops up

 avast! RootKit Found

Rootkit information

File Name MBR:\\PHYSICALDRIVE0\Partion 1    Rootkit Name Boot:Cidox-A [Rtk]  

 

Actions to take Delete now (recommended)

After clicking on the OK button. Avast! Information pops up and says ; To finish the cleanup process, we recommend running a boot-time scan,IE. restarting the computer and letting avast! scan all your data before Windows starts. Do you want to schedule the boot-time scan and restart the computer now?

 

I did this the first time that I saw it.  Avast found something ,but I don't remember what it was. I clicked on a fix all automatically and thought all was fine.But it came back telling me the same thing. That is when I posted to this site.  Should I click on the yes again after you tell me to. I'm not going to do it this time but wait to hear back from you. And I will write down what if any the scan finds this time. Sorry that I forgot to do this from your last post.  



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 20 September 2014 - 06:25 AM

Should I click on the yes again

Yes, please click yes again. And check if the information from avast are identical to the ones that you've posted. If they're not then please post them, too.

#9 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 20 September 2014 - 09:50 PM

This time the avast boot-time scan didn't pick up any thing. But when the pc finished booting up  Avast! continues to tell me I've got a suspicious hidden object ( rootkit) has been detected on your system. This may be a sign of a malware infection. It is recommended to remove the object immediately.  The file Name is MBR:\\PHYSICALDRIVE0\Partition 1. aAnd the Rootkit names is Boot:Cidox-A [Rtk].

 

It is like it going in a circle. Same everything when I restart the PC.



#10 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 23 September 2014 - 04:20 PM

Is everything OK I haven't heard from you in 3 day? i know you guys are busy just wondering.



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 23 September 2014 - 04:38 PM

I'm sorry I lost sight of your topic.


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#12 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 23 September 2014 - 08:00 PM

 No need to be sorry. Like I said I know you are busy and 6 hrs ahead of me in time. I appreciate more than you know the help.

 Here is the combofix log.

 

ComboFix 14-09-22.01 - Welcome 09/23/2014  20:08:28.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.767.326 [GMT -4:00]
Running from: c:\documents and settings\Welcome\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\B7EE0B6B.TMP
c:\documents and settings\All Users\SPL1.tmp
c:\documents and settings\All Users\SPL10.tmp
c:\documents and settings\All Users\SPL12.tmp
c:\documents and settings\All Users\SPL123.tmp
c:\documents and settings\All Users\SPL13.tmp
c:\documents and settings\All Users\SPL14.tmp
c:\documents and settings\All Users\SPL189.tmp
c:\documents and settings\All Users\SPL18D.tmp
c:\documents and settings\All Users\SPL1A0.tmp
c:\documents and settings\All Users\SPL1A5.tmp
c:\documents and settings\All Users\SPL1B.tmp
c:\documents and settings\All Users\SPL1C.tmp
c:\documents and settings\All Users\SPL1C7.tmp
c:\documents and settings\All Users\SPL1E.tmp
c:\documents and settings\All Users\SPL1EE.tmp
c:\documents and settings\All Users\SPL1EF.tmp
c:\documents and settings\All Users\SPL1F.tmp
c:\documents and settings\All Users\SPL2.tmp
c:\documents and settings\All Users\SPL21.tmp
c:\documents and settings\All Users\SPL2A.tmp
c:\documents and settings\All Users\SPL3.tmp
c:\documents and settings\All Users\SPL4.tmp
c:\documents and settings\All Users\SPL40.tmp
c:\documents and settings\All Users\SPL41.tmp
c:\documents and settings\All Users\SPL46.tmp
c:\documents and settings\All Users\SPL5.tmp
c:\documents and settings\All Users\SPL56.tmp
c:\documents and settings\All Users\SPL5C.tmp
c:\documents and settings\All Users\SPL6.tmp
c:\documents and settings\All Users\SPL66.tmp
c:\documents and settings\All Users\SPL7.tmp
c:\documents and settings\All Users\SPL8.tmp
c:\documents and settings\All Users\SPL9.tmp
c:\documents and settings\All Users\SPLA.tmp
c:\documents and settings\All Users\SPLB.tmp
c:\documents and settings\All Users\SPLB6.tmp
c:\documents and settings\All Users\SPLC.tmp
c:\documents and settings\All Users\SPLD.tmp
c:\documents and settings\All Users\SPLE.tmp
c:\documents and settings\Welcome\Application Data\Mozilla\Firefox\Profiles\5rnub7n5.default\searchplugins\bing-zugo.xml
c:\program files\Internet Explorer\SET2.tmp
c:\program files\Internet Explorer\SET3.tmp
c:\program files\Internet Explorer\SET4.tmp
c:\program files\Internet Explorer\SET72.tmp
c:\program files\Internet Explorer\SET73.tmp
c:\program files\Internet Explorer\SET74.tmp
c:\windows\system32\SET10.tmp
c:\windows\system32\SET11.tmp
c:\windows\system32\SET12.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET17.tmp
c:\windows\system32\SET18.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET7.tmp
c:\windows\system32\SET77.tmp
c:\windows\system32\SET78.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET7B.tmp
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SET7E.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\SET8.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET82.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET85.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET87.tmp
c:\windows\system32\SET88.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8C.tmp
c:\windows\system32\SET8D.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET8F.tmp
c:\windows\system32\SET9.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET95.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9A.tmp
c:\windows\system32\SET9B.tmp
c:\windows\system32\SET9C.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SET9E.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA2.tmp
c:\windows\system32\SETA3.tmp
c:\windows\system32\SETB.tmp
c:\windows\system32\SETC.tmp
c:\windows\system32\SETD.tmp
c:\windows\system32\SETE.tmp
c:\windows\system32\SETF.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-24 to 2014-09-24  )))))))))))))))))))))))))))))))
.
.
2014-09-18 22:25 . 2014-09-19 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-09-18 01:16 . 2014-09-18 01:18 -------- d-----w- C:\FRST
2014-09-17 22:41 . 2014-09-17 22:41 -------- d-----w- c:\documents and settings\Welcome\Application Data\Dell
2014-09-17 22:40 . 2014-09-17 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2014-09-17 22:40 . 2014-09-17 22:40 -------- d-----w- c:\program files\Dell Support Center
2014-09-17 22:36 . 2014-09-17 22:40 -------- d-----w- c:\program files\My Dell
2014-09-17 22:29 . 2014-09-17 22:30 -------- d-----w- c:\documents and settings\Welcome\Local Settings\Application Data\Deployment
2014-09-16 02:11 . 2014-09-16 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2014-09-16 02:10 . 2014-09-16 02:10 73728 ----a-r- c:\documents and settings\Welcome\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-09-16 02:10 . 2014-09-16 02:10 73728 ----a-r- c:\documents and settings\Welcome\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-09-16 02:10 . 2014-09-16 02:10 73728 ----a-r- c:\documents and settings\Welcome\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-09-16 02:09 . 2014-09-16 02:09 -------- d-----w- c:\program files\Sophos
2014-09-14 15:55 . 2014-09-14 15:55 -------- d-----w- c:\documents and settings\Welcome\Local Settings\Application Data\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-23 20:56 . 2012-04-25 18:40 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-23 20:56 . 2011-11-14 19:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-18 22:25 . 2014-08-24 16:53 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-18 22:23 . 2014-08-24 16:51 54232 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-24 15:58 . 2014-08-23 16:26 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-23 16:26 . 2014-08-23 16:26 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-08-23 16:26 . 2014-08-23 16:26 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-23 16:26 . 2014-08-23 16:26 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-23 16:26 . 2014-08-23 16:26 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-23 16:26 . 2014-08-23 16:26 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-23 16:26 . 2014-08-23 16:26 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-08-23 16:26 . 2014-08-23 16:26 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-23 16:26 . 2014-08-23 16:26 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-23 16:26 . 2014-08-23 16:26 43152 ----a-w- c:\windows\avastSS.scr
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-03-27 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-23 16:26 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSystemDetect"="c:\documents and settings\Welcome\Local Settings\Apps\2.0\A8YBZTQ3.20R\T6A8Q6PE.CGJ\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe" [2014-09-17 265280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-30 149280]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-24 4085896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-30 18:19 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-08-24 16:08 6688024 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [8/23/2014 12:26 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [8/23/2014 12:26 PM 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/23/2014 12:26 PM 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [8/23/2014 12:26 PM 414520]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [10/10/2013 6:54 PM 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [8/23/2014 12:26 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8/23/2014 12:26 PM 67824]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S1 doygnnwh;doygnnwh;\??\c:\windows\system32\drivers\doygnnwh.sys --> c:\windows\system32\drivers\doygnnwh.sys [?]
S1 ftvbfafi;ftvbfafi;\??\c:\windows\system32\drivers\ftvbfafi.sys --> c:\windows\system32\drivers\ftvbfafi.sys [?]
S1 jkplnzyp;jkplnzyp;\??\c:\windows\system32\drivers\jkplnzyp.sys --> c:\windows\system32\drivers\jkplnzyp.sys [?]
S1 kvnvzxbe;kvnvzxbe;\??\c:\windows\system32\drivers\kvnvzxbe.sys --> c:\windows\system32\drivers\kvnvzxbe.sys [?]
S1 qedfctlk;qedfctlk;\??\c:\windows\system32\drivers\qedfctlk.sys --> c:\windows\system32\drivers\qedfctlk.sys [?]
S1 rlsulccf;rlsulccf;\??\c:\windows\system32\drivers\rlsulccf.sys --> c:\windows\system32\drivers\rlsulccf.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S1 xxikjdlj;xxikjdlj;\??\c:\windows\system32\drivers\xxikjdlj.sys --> c:\windows\system32\drivers\xxikjdlj.sys [?]
S2 gupdate1cca302f48063fe;Google Update Service (gupdate1cca302f48063fe);c:\program files\Google\Update\GoogleUpdate.exe [11/14/2011 3:22 PM 136176]
S2 HeadlineAlley_29Service;HeadlineAlleyService;c:\progra~1\HEADLI~2\bar\1.bin\29barsvc.exe --> c:\progra~1\HEADLI~2\bar\1.bin\29barsvc.exe [?]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [6/19/2014 5:55 PM 43368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-13 11:16 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 20:56]
.
2014-09-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-23 16:26]
.
2014-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 19:22]
.
2014-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 19:22]
.
2014-09-23 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2014-09-11 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2014-09-23 c:\windows\Tasks\User_Feed_Synchronization-{F23CE044-2980-4812-BC98-A47AF51057D1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{314C5311-F0D4-4F15-BD24-E245C0F0865B} - (no file)
MSConfigStartUp-Ahigfaiq - c:\documents and settings\Welcome\Application Data\Aqukiwi\ypqed.exe
MSConfigStartUp-Amhahega - c:\documents and settings\Welcome\Application Data\Urvyel\ykolgoh.exe
MSConfigStartUp-Cykael - c:\documents and settings\Welcome\Application Data\Uvsuqeir\nuqid.exe
MSConfigStartUp-Eckee - c:\documents and settings\Welcome\Application Data\Ahaqquiz\waizb.exe
MSConfigStartUp-Exwyywmezyyf - c:\documents and settings\Welcome\Application Data\Suuxyf\qoavy.exe
MSConfigStartUp-Hibot - c:\documents and settings\Welcome\Application Data\Hoycok\ernihy.exe
MSConfigStartUp-Qiytazquhoa - c:\documents and settings\Welcome\Application Data\Ovuretut\osildeu.exe
MSConfigStartUp-Qosyrat - c:\documents and settings\Welcome\Application Data\Upwufosa\oqihuz.exe
MSConfigStartUp-Sonaaqiwovasp - c:\documents and settings\Welcome\Application Data\Baineg\azcaoci.exe
MSConfigStartUp-ubgvwmvv - c:\documents and settings\Welcome\Local Settings\Application Data\aubvmjlk.exe
MSConfigStartUp-Uhdayquq - c:\documents and settings\Welcome\Application Data\Owbeygab\enekes.exe
AddRemove-Bejeweled Deluxe 1.862 - c:\program files\PopCap Games\Bejeweled Deluxe\PopUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-23 20:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-09-23  20:43:20
ComboFix-quarantined-files.txt  2014-09-24 00:43
.
Pre-Run: 57,070,477,312 bytes free
Post-Run: 60,033,757,184 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 6AB1B761225BD766ADB3D0F5B9D2A0CD
8F558EB6672622401DA993E1E865C861


#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 24 September 2014 - 08:13 AM

Ok, now please boot your computer to the Recovery Console. Here are the instructions how to do this.
After you've completed the steps 1-5 from this guide you see the prompt where you can enter commands. Please write fixboot and confirm with Enter.
When this command is completed write exit (+ Enter) to restart the computer. Boot into normal mode of Windows again and check if avast is still detecting "File Name MBR:\\PHYSICALDRIVE0\Partion 1 Rootkit Name Boot:Cidox-A [Rtk]" now.

#14 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 24 September 2014 - 08:02 PM

I have rebooted the PC 4 times now waiting about 15 to 20 minutes between reboots. So far no Avast warnings. Both browsers still slow starting up, but otherwise seems OK.



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 25 September 2014 - 04:00 AM

Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users