Jump to content


Photo
- - - - -

Looks like a Somoto-F infection....Help!


  • This topic is locked This topic is locked
27 replies to this topic

#1 jc_vaughn1981

jc_vaughn1981

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 July 2013 - 08:22 AM

Hi all, I think I may have picked up an infection today, IE and FF both bring up pop up ads, and weird pop-over ads on particular links on websites, somethings up for sure. I've run a boot scan with Avast and it picked up:

 

WIN32: Somoto-F [PUP]

WIN32: Somoto-J [PUP]

WIN32: Solimba-C [PUP]

 

I stupidly chose to delete[all] rather than quarantine, sorry!

 

After the restart the problem was still happening so I used Anti Malware Bytes which detected 1 infected file and removed it:

 

C:\Documents and Settings\Owner\Local Settings\Temp\pricepeep_130001_0101.exe (Adware.Agent)

 

But the problem has persisted, I've also run Sophos Virus Removal Tool which didn't spot anything. I've had a look through the forums but couldn't see anything that quite matched, apart from one which was a very specific solution track for a particular machine.

 

I've backed up important stuff, and would really appreciate a hand on this one!!



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 03 July 2013 - 08:29 AM

Hello jc_vaughn1981 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.
http://forums.malwar...?showtopic=9573
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 jc_vaughn1981

jc_vaughn1981

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 July 2013 - 08:38 AM

Thanks Maniac, working through that now.



#4 jc_vaughn1981

jc_vaughn1981

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 July 2013 - 08:42 AM

DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.4.1
Run by Owner at 14:38:48 on 2013-07-03
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.606.186 [GMT 1:00]
.
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.

uWindow Title = Internet Explorer, optimized for Bing and MSN

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Lyrics-Pal: {C8FBE488-BAF5-4019-A7F7-C888045987D3} - c:\program files\lyricspal\116.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe





TCP: NameServer = 192.168.0.1
TCP: Interfaces\{340DF53E-640C-464A-9AA5-2F733148BB23} : DHCPNameServer = 192.168.0.1
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\4a4tzi6o.default\

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-07-03 09:38; {9309FA47-1B48-4768-AFA4-9E0556F5DC81}; c:\program files\lyricspal\116.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-3 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-3 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-17 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-17 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-17 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-3 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-17 46808]
S3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-30 21520]
.
=============== Created Last 30 ================
.
2013-07-03 11:34:01 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2013-07-03 11:33:49 73728 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-03 11:33:49 73728 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-03 11:33:49 73728 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2013-07-03 11:33:21 -------- d-----w- c:\program files\Sophos
2013-07-03 10:57:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-07-03 10:57:10 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-03 10:57:08 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-07-03 08:42:34 -------- d-----w- c:\documents and settings\owner\local settings\application data\Bundled software uninstaller
2013-07-03 08:42:27 -------- d-----w- c:\program files\DVD Shrink
2013-07-03 08:38:35 -------- d-----w- c:\program files\LyricsPal
.
==================== Find3M  ====================
.
2013-07-03 10:57:52 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-24 08:22:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-24 08:22:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:26:26 2193536 ------w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18 2070144 ------w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31:19 1876352 ------w- c:\windows\system32\win32k.sys
2013-04-04 13:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:39:42.35 ===============
 

Attach Log:

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 08/07/2010 12:44:57
System Uptime: 03/07/2013 12:17:40 (2 hours ago)
.
Motherboard: WinFast |  | 760GXK8MC
Processor: AMD Sempron™ Processor 2800+ | Socket 940 | 1599/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 78 GiB total, 56.308 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0000
Manufacturer: AVG Technologies
Name: WAN Miniport (IP) - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0000
Service: Avgfwdx
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0001
Manufacturer: AVG Technologies
Name: SiS 900-Based PCI Fast Ethernet Adapter - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0001
Service: Avgfwdx
.
==== System Restore Points ===================
.
RP694: 09/05/2013 16:01:49 - System Checkpoint
RP695: 13/05/2013 10:40:32 - System Checkpoint
RP696: 14/05/2013 13:06:40 - System Checkpoint
RP697: 16/05/2013 09:45:26 - Software Distribution Service 3.0
RP698: 21/05/2013 15:42:17 - System Checkpoint
RP699: 23/05/2013 09:47:54 - System Checkpoint
RP700: 25/05/2013 09:31:29 - System Checkpoint
RP701: 01/06/2013 14:48:42 - System Checkpoint
RP702: 03/06/2013 16:41:26 - System Checkpoint
RP703: 05/06/2013 10:35:49 - System Checkpoint
RP704: 06/06/2013 11:20:45 - System Checkpoint
RP705: 07/06/2013 17:49:54 - System Checkpoint
RP706: 10/06/2013 10:33:41 - System Checkpoint
RP707: 11/06/2013 10:42:32 - System Checkpoint
RP708: 12/06/2013 11:39:03 - System Checkpoint
RP709: 14/06/2013 09:48:02 - System Checkpoint
RP710: 17/06/2013 12:15:49 - System Checkpoint
RP711: 18/06/2013 12:26:51 - System Checkpoint
RP712: 19/06/2013 13:15:08 - System Checkpoint
RP713: 20/06/2013 13:58:55 - System Checkpoint
RP714: 24/06/2013 11:16:27 - System Checkpoint
RP715: 24/06/2013 18:04:33 - Software Distribution Service 3.0
RP716: 27/06/2013 11:03:40 - System Checkpoint
RP717: 28/06/2013 16:24:11 - System Checkpoint
RP718: 01/07/2013 16:33:12 - System Checkpoint
RP719: 03/07/2013 10:34:28 - Software Distribution Service 3.0
RP720: 03/07/2013 12:33:15 - Installed Sophos Virus Removal Tool.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.3
Adobe Reader XI (11.0.02)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
Brother HL-2040
Bundled software uninstaller
CCleaner
DVD Shrink 3.2
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
iTunes
Java™ 6 Update 29
Java™ 6 Update 4
Java™ 7 Update 4
JavaFX 2.1.0
Kruptos 2 Professional
Lyrics-Pal
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 21.0 (x86 en-GB)
Mozilla Maintenance Service
OpenOffice.org 2.4
PCI Audio Driver
QuickTime
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sophos Virus Removal Tool
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.0
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
.
==== End Of File ===========================
 



#5 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 03 July 2013 - 08:53 AM

Step 1

Please uninstall this application: Lyrics-Pal


Step 2

You have some remnants from AVG. Please use their uninstaller tool to cleanup. What version is your AVG? For 2012 use this one:
http://download.avg....6_2012_2125.exe

For 2013 use this one:
http://download.avg....6_2013_3341.exe


Step 3

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Then reboot your PC.


Step 5
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 6
  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
  • RogueKiller log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#6 jc_vaughn1981

jc_vaughn1981

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 July 2013 - 09:58 AM

OK Maniac, all done. A few things of note:

 

  • I used the 2012 AVG cleaner, I think it may be older than that but it seems to have worked.
  • Although I turned off all of Avast's processes it did run an update after one of the reboots, hope this is OK.
  • The Anti Malware Bytes Scan didn't pick up any threats but the quarantined file from the earlier scan (from my first post) was still there, so I just removed that one.
  • Rouge Killer is still open as its waiting for stuff to be deleted.

Many thanks for your help so far.

 

Log Files are here------------

 

Junkware Removal Tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on 03/07/2013 at 15:07:35.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4270A19E-D562-487C-8935-CCBDFB966FAD}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

 

~~~ Files

 

~~~ Folders

 

~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\4a4tzi6o.default\user.js
Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\4a4tzi6o.default\prefs.js

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/07/2013 at 15:11:43.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner log:

 

# AdwCleaner v2.303 - Logfile created 07/03/2013 at 15:16:36
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Bundled software uninstaller

***** [Registry] *****

Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-GB)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4a4tzi6o.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2878 octets] - [03/07/2013 15:16:36]

########## EOF - C:\AdwCleaner[S1].txt - [2938 octets] ##########

 

Anti-Malware Bytes Log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.03.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: PC [administrator]

03/07/2013 15:26:25
mbam-log-2013-07-03 (15-26-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226614
Time elapsed: 12 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

RougeKiller Log

 

RogueKiller V8.6.2 [Jul  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com


Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 07/03/2013 15:46:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJB-00J3A0 +++++
--- User ---
[MBR] 1078e01333d2e635c6698906ab628c72
[BSP] 2866d2bbe194d2ca6ecd1dd349983871 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 80003 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163846935 | Size: 72614 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07032013_154621.txt >>

 

 



#7 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 03 July 2013 - 10:26 AM

Please close RogueKiller.

Step 1

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 2

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


In your next reply, post the following log files:
  • TDSSKiller log
  • ComboFix log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#8 jc_vaughn1981

jc_vaughn1981

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 July 2013 - 11:38 AM

Hi Maniac, I'll have to post in several replys, as the text was too long for a single post, so 1st part of TDSS:

 

16:36:29.0250 2320  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:36:29.0562 2320  ============================================================
16:36:29.0562 2320  Current date / time: 2013/07/03 16:36:29.0562
16:36:29.0562 2320  SystemInfo:
16:36:29.0562 2320 
16:36:29.0562 2320  OS Version: 5.1.2600 ServicePack: 3.0
16:36:29.0562 2320  Product type: Workstation
16:36:29.0562 2320  ComputerName: PC
16:36:29.0562 2320  UserName: Owner
16:36:29.0562 2320  Windows directory: C:\WINDOWS
16:36:29.0562 2320  System windows directory: C:\WINDOWS
16:36:29.0562 2320  Processor architecture: Intel x86
16:36:29.0562 2320  Number of processors: 1
16:36:29.0562 2320  Page size: 0x1000
16:36:29.0562 2320  Boot type: Normal boot
16:36:29.0562 2320  ============================================================
16:36:30.0609 2320  BG loaded
16:36:30.0984 2320  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:36:31.0000 2320  ============================================================
16:36:31.0000 2320  \Device\Harddisk0\DR0:
16:36:31.0015 2320  MBR partitions:
16:36:31.0015 2320  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
16:36:31.0031 2320  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xE, StartLBA 0x9C41B56, BlocksNum 0x8DD30AA
16:36:31.0031 2320  ============================================================
16:36:31.0093 2320  C: <-> \Device\Harddisk0\DR0\Partition1
16:36:31.0171 2320  ============================================================
16:36:31.0171 2320  Initialize success
16:36:31.0171 2320  ============================================================
16:37:06.0234 2956  ============================================================
16:37:06.0234 2956  Scan started
16:37:06.0234 2956  Mode: Manual; SigCheck; TDLFS;
16:37:06.0234 2956  ============================================================
16:37:06.0515 2956  ================ Scan system memory ========================
16:37:06.0515 2956  System memory - ok
16:37:06.0515 2956  ================ Scan services =============================
16:37:06.0609 2956  Abiosdsk - ok
16:37:06.0640 2956  abp480n5 - ok
16:37:06.0703 2956  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:37:08.0234 2956  ACPI - ok
16:37:08.0296 2956  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
16:37:08.0468 2956  ACPIEC - ok
16:37:08.0546 2956  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:37:08.0578 2956  AdobeFlashPlayerUpdateSvc - ok
16:37:08.0593 2956  adpu160m - ok
16:37:08.0625 2956  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
16:37:08.0812 2956  aec - ok
16:37:08.0859 2956  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
16:37:08.0906 2956  AFD - ok
16:37:08.0921 2956  Aha154x - ok
16:37:08.0937 2956  aic78u2 - ok
16:37:08.0953 2956  aic78xx - ok
16:37:09.0093 2956  [ B786825902BD49232BA3B7DF485AD9A4 ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:37:09.0468 2956  ALCXWDM - ok
16:37:09.0515 2956  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
16:37:09.0656 2956  Alerter - ok
16:37:09.0671 2956  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
16:37:09.0750 2956  ALG - ok
16:37:09.0781 2956  AliIde - ok
16:37:09.0796 2956  amsint - ok
16:37:09.0937 2956  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:37:09.0953 2956  Apple Mobile Device - ok
16:37:09.0968 2956  AppMgmt - ok
16:37:09.0984 2956  asc - ok
16:37:10.0000 2956  asc3350p - ok
16:37:10.0015 2956  asc3550 - ok
16:37:10.0062 2956  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
16:37:10.0140 2956  aswFsBlk - ok
16:37:10.0171 2956  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
16:37:10.0203 2956  aswMonFlt - ok
16:37:10.0250 2956  [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
16:37:10.0265 2956  AswRdr - ok
16:37:10.0296 2956  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
16:37:10.0312 2956  aswRvrt - ok
16:37:10.0375 2956  [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
16:37:10.0453 2956  aswSnx - ok
16:37:10.0484 2956  [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
16:37:10.0531 2956  aswSP - ok
16:37:10.0562 2956  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
16:37:10.0578 2956  aswTdi - ok
16:37:10.0609 2956  [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
16:37:10.0625 2956  aswVmm - ok
16:37:10.0671 2956  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:37:10.0843 2956  AsyncMac - ok
16:37:10.0875 2956  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
16:37:11.0046 2956  atapi - ok
16:37:11.0062 2956  Atdisk - ok
16:37:11.0125 2956  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:37:11.0312 2956  Atmarpc - ok
16:37:11.0359 2956  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
16:37:11.0531 2956  AudioSrv - ok
16:37:11.0578 2956  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
16:37:11.0750 2956  audstub - ok
16:37:11.0812 2956  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:37:11.0843 2956  avast! Antivirus - ok
16:37:11.0890 2956  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
16:37:12.0093 2956  Beep - ok
16:37:12.0140 2956  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
16:37:12.0359 2956  BITS - ok
16:37:12.0390 2956  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:37:12.0421 2956  Bonjour Service - ok
16:37:12.0468 2956  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
16:37:12.0531 2956  Browser - ok
16:37:12.0578 2956  [ 2FE6D5BE0629F706197B30C0AA05DE30 ] BrPar           C:\WINDOWS\System32\drivers\BrPar.sys
16:37:12.0578 2956  BrPar ( UnsignedFile.Multi.Generic ) - warning
16:37:12.0578 2956  BrPar - detected UnsignedFile.Multi.Generic (1)
16:37:12.0640 2956  [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb        C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
16:37:12.0687 2956  BrScnUsb - ok
16:37:12.0734 2956  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
16:37:12.0937 2956  cbidf2k - ok
16:37:12.0968 2956  cd20xrnt - ok
16:37:13.0000 2956  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
16:37:13.0187 2956  Cdaudio - ok
16:37:13.0218 2956  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
16:37:13.0406 2956  Cdfs - ok
16:37:13.0453 2956  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:37:13.0671 2956  Cdrom - ok
16:37:13.0718 2956  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
16:37:13.0734 2956  cercsr6 ( UnsignedFile.Multi.Generic ) - warning
16:37:13.0734 2956  cercsr6 - detected UnsignedFile.Multi.Generic (1)
16:37:13.0750 2956  Changer - ok
16:37:13.0796 2956  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
16:37:13.0968 2956  CiSvc - ok
16:37:14.0000 2956  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
16:37:14.0187 2956  ClipSrv - ok
16:37:14.0203 2956  CmdIde - ok
16:37:14.0250 2956  [ FD40439BB258B9AA9AD314BF5948EF46 ] cmpci           C:\WINDOWS\system32\drivers\cmaudio.sys
16:37:14.0359 2956  cmpci - ok
16:37:14.0375 2956  COMSysApp - ok
16:37:14.0406 2956  Cpqarray - ok
16:37:14.0437 2956  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
16:37:14.0625 2956  CryptSvc - ok
16:37:14.0656 2956  dac2w2k - ok
16:37:14.0671 2956  dac960nt - ok
16:37:14.0750 2956  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
16:37:14.0812 2956  DcomLaunch - ok
16:37:14.0875 2956  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
16:37:15.0046 2956  Dhcp - ok
16:37:15.0109 2956  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
16:37:15.0281 2956  Disk - ok
16:37:15.0312 2956  dmadmin - ok
16:37:15.0375 2956  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
16:37:15.0609 2956  dmboot - ok
16:37:15.0656 2956  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
16:37:15.0859 2956  dmio - ok
16:37:15.0890 2956  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
16:37:16.0078 2956  dmload - ok
16:37:16.0109 2956  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
16:37:16.0296 2956  dmserver - ok
16:37:16.0328 2956  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
16:37:16.0500 2956  DMusic - ok
16:37:16.0546 2956  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
16:37:16.0640 2956  Dnscache - ok
16:37:16.0671 2956  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
16:37:16.0843 2956  Dot3svc - ok
16:37:16.0875 2956  dpti2o - ok
16:37:16.0921 2956  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
16:37:17.0093 2956  drmkaud - ok
16:37:17.0140 2956  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
16:37:17.0343 2956  EapHost - ok
16:37:17.0390 2956  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
16:37:17.0578 2956  ERSvc - ok
16:37:17.0609 2956  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
16:37:17.0640 2956  Eventlog - ok
16:37:17.0703 2956  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
16:37:17.0765 2956  EventSystem - ok
16:37:17.0796 2956  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
16:37:18.0015 2956  Fastfat - ok
16:37:18.0062 2956  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:37:18.0156 2956  FastUserSwitchingCompatibility - ok
16:37:18.0203 2956  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
16:37:18.0390 2956  Fdc - ok
16:37:18.0406 2956  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
16:37:18.0593 2956  Fips - ok
16:37:18.0640 2956  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
16:37:18.0796 2956  Flpydisk - ok
16:37:18.0859 2956  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
16:37:19.0046 2956  FltMgr - ok
16:37:19.0062 2956  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:37:19.0250 2956  Fs_Rec - ok
16:37:19.0281 2956  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:37:19.0453 2956  Ftdisk - ok
16:37:19.0468 2956  [ 3A74C423CF6BCCA6982715878F450A3B ] gagp30kx        C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
16:37:19.0671 2956  gagp30kx - ok
16:37:19.0687 2956  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:37:19.0875 2956  gameenum - ok
16:37:19.0921 2956  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:37:19.0937 2956  GEARAspiWDM - ok
16:37:19.0984 2956  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:37:20.0171 2956  Gpc - ok
16:37:20.0250 2956  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:37:20.0281 2956  gupdate - ok
16:37:20.0296 2956  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:37:20.0312 2956  gupdatem - ok
16:37:20.0406 2956  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:37:20.0609 2956  helpsvc - ok
16:37:20.0625 2956  HidServ - ok
16:37:20.0687 2956  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
16:37:20.0843 2956  hkmsvc - ok
16:37:20.0875 2956  hpn - ok
16:37:20.0921 2956  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
16:37:20.0953 2956  HTTP - ok
16:37:20.0984 2956  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
16:37:21.0187 2956  HTTPFilter - ok
16:37:21.0203 2956  i2omgmt - ok
16:37:21.0218 2956  i2omp - ok
16:37:21.0250 2956  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:37:21.0453 2956  i8042prt - ok
16:37:21.0500 2956  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
16:37:21.0687 2956  Imapi - ok
16:37:21.0750 2956  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
16:37:21.0937 2956  ImapiService - ok
16:37:21.0953 2956  ini910u - ok
16:37:21.0984 2956  IntelIde - ok
16:37:22.0031 2956  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
16:37:22.0250 2956  Ip6Fw - ok
16:37:22.0281 2956  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:37:22.0437 2956  IpFilterDriver - ok
16:37:22.0468 2956  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:37:22.0656 2956  IpInIp - ok
16:37:22.0687 2956  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:37:22.0859 2956  IpNat - ok
16:37:22.0921 2956  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:37:22.0953 2956  iPod Service - ok
16:37:22.0984 2956  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:37:23.0187 2956  IPSec - ok
16:37:23.0218 2956  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
16:37:23.0281 2956  IRENUM - ok
16:37:23.0328 2956  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:37:23.0500 2956  isapnp - ok
16:37:23.0578 2956  [ 5472D771C0197355C1D347F20392B982 ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
16:37:23.0609 2956  JavaQuickStarterService - ok
16:37:23.0640 2956  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:37:23.0828 2956  Kbdclass - ok
16:37:23.0859 2956  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
16:37:24.0031 2956  kmixer - ok
16:37:24.0078 2956  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
16:37:24.0140 2956  KSecDD - ok
16:37:24.0171 2956  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
16:37:24.0234 2956  lanmanserver - ok
16:37:24.0250 2956  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:37:24.0296 2956  lanmanworkstation - ok
16:37:24.0312 2956  lbrtfdc - ok
16:37:24.0390 2956  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
16:37:24.0578 2956  LmHosts - ok
16:37:24.0609 2956  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
16:37:24.0812 2956  Messenger - ok
16:37:24.0859 2956  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
16:37:25.0062 2956  mnmdd - ok
16:37:25.0093 2956  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
16:37:25.0312 2956  mnmsrvc - ok
16:37:25.0359 2956  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
16:37:25.0546 2956  Modem - ok
16:37:25.0562 2956  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:37:25.0750 2956  Mouclass - ok
16:37:25.0796 2956  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
16:37:25.0984 2956  MountMgr - ok
16:37:26.0015 2956  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:37:26.0046 2956  MozillaMaintenance - ok
16:37:26.0062 2956  mraid35x - ok
16:37:26.0093 2956  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:37:26.0296 2956  MRxDAV - ok
16:37:26.0343 2956  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:37:26.0453 2956  MRxSmb - ok
16:37:26.0484 2956  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
16:37:26.0687 2956  MSDTC - ok
16:37:26.0703 2956  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
16:37:26.0906 2956  Msfs - ok
16:37:26.0921 2956  MSIServer - ok
16:37:26.0953 2956  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:37:27.0125 2956  MSKSSRV - ok
16:37:27.0156 2956  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:37:27.0328 2956  MSPCLOCK - ok
16:37:27.0343 2956  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
16:37:27.0531 2956  MSPQM - ok
16:37:27.0578 2956  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:37:27.0765 2956  mssmbios - ok
16:37:27.0828 2956  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
16:37:27.0875 2956  Mup - ok
16:37:27.0906 2956  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
16:37:28.0109 2956  napagent - ok
16:37:28.0140 2956  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
16:37:28.0328 2956  NDIS - ok
16:37:28.0375 2956  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:37:28.0437 2956  NdisTapi - ok
16:37:28.0453 2956  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:37:28.0687 2956  Ndisuio - ok
16:37:28.0765 2956  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:37:28.0953 2956  NdisWan - ok
16:37:29.0000 2956  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
16:37:29.0062 2956  NDProxy - ok
16:37:29.0093 2956  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
16:37:29.0281 2956  NetBIOS - ok
16:37:29.0296 2956  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
16:37:29.0484 2956  NetBT - ok
16:37:29.0515 2956  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
16:37:29.0718 2956  NetDDE - ok
16:37:29.0718 2956  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
16:37:29.0906 2956  NetDDEdsdm - ok
16:37:29.0953 2956  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
16:37:30.0125 2956  Netlogon - ok
16:37:30.0187 2956  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
16:37:30.0359 2956  Netman - ok
16:37:30.0406 2956  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
16:37:30.0453 2956  Nla - ok
16:37:30.0500 2956  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
16:37:30.0687 2956  Npfs - ok
16:37:30.0718 2956  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
16:37:30.0906 2956  Ntfs - ok
16:37:30.0921 2956  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
16:37:31.0125 2956  NtLmSsp - ok
16:37:31.0171 2956  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
16:37:31.0375 2956  NtmsSvc - ok
16:37:31.0406 2956  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
16:37:31.0578 2956  Null - ok
16:37:31.0625 2956  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:37:31.0796 2956  NwlnkFlt - ok
16:37:31.0843 2956  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:37:32.0031 2956  NwlnkFwd - ok
16:37:32.0109 2956  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:37:32.0125 2956  ose - ok
16:37:32.0171 2956  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
16:37:32.0359 2956  Parport - ok
16:37:32.0390 2956  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
16:37:32.0578 2956  PartMgr - ok
16:37:32.0609 2956  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
16:37:32.0781 2956  ParVdm - ok
16:37:32.0828 2956  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
16:37:33.0046 2956  PCI - ok
16:37:33.0062 2956  PCIDump - ok
16:37:33.0078 2956  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
16:37:33.0265 2956  PCIIde - ok
16:37:33.0296 2956  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
16:37:33.0484 2956  Pcmcia - ok
16:37:33.0500 2956  PDCOMP - ok
16:37:33.0515 2956  PDFRAME - ok
16:37:33.0531 2956  PDRELI - ok
16:37:33.0546 2956  PDRFRAME - ok
16:37:33.0562 2956  perc2 - ok
16:37:33.0593 2956  perc2hib - ok
16:37:33.0656 2956  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
16:37:33.0687 2956  PlugPlay - ok
16:37:33.0718 2956  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
16:37:33.0890 2956  PolicyAgent - ok
16:37:33.0937 2956  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:37:34.0140 2956  PptpMiniport - ok
16:37:34.0156 2956  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
16:37:34.0343 2956  Processor - ok
16:37:34.0375 2956  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:37:34.0562 2956  ProtectedStorage - ok
16:37:34.0578 2956  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
16:37:34.0750 2956  PSched - ok
16:37:34.0781 2956  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:37:34.0968 2956  Ptilink - ok
16:37:34.0984 2956  ql1080 - ok
16:37:35.0015 2956  Ql10wnt - ok
16:37:35.0031 2956  ql12160 - ok
16:37:35.0062 2956  ql1240 - ok
16:37:35.0078 2956  ql1280 - ok
16:37:35.0171 2956  [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso     c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
16:37:35.0187 2956  RapportIaso - ok
16:37:35.0218 2956  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:37:35.0406 2956  RasAcd - ok
16:37:35.0453 2956  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
16:37:35.0640 2956  RasAuto - ok
16:37:35.0656 2956  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:37:35.0859 2956  Rasl2tp - ok
16:37:35.0906 2956  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
16:37:36.0078 2956  RasMan - ok
16:37:36.0109 2956  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:37:36.0328 2956  RasPppoe - ok
16:37:36.0359 2956  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
16:37:36.0515 2956  Raspti - ok
16:37:36.0546 2956  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:37:36.0734 2956  Rdbss - ok
16:37:36.0765 2956  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:37:36.0937 2956  RDPCDD - ok
16:37:37.0015 2956  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
16:37:37.0109 2956  RDPWD - ok
16:37:37.0156 2956  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
16:37:37.0359 2956  RDSessMgr - ok
16:37:37.0390 2956  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
16:37:37.0593 2956  redbook - ok
16:37:37.0640 2956  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
16:37:37.0828 2956  RemoteAccess - ok
16:37:37.0875 2956  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
16:37:38.0062 2956  RpcLocator - ok
16:37:38.0093 2956  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
16:37:38.0171 2956  RpcSs - ok
16:37:38.0234 2956  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
16:37:38.0437 2956  RSVP - ok
16:37:38.0468 2956  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
16:37:38.0656 2956  SamSs - ok
16:37:38.0718 2956  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
16:37:38.0921 2956  SCardSvr - ok
16:37:38.0953 2956  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
16:37:39.0156 2956  Schedule - ok
16:37:39.0187 2956  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:37:39.0265 2956  Secdrv - ok
16:37:39.0312 2956  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
16:37:39.0515 2956  seclogon - ok
16:37:39.0546 2956  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
16:37:39.0734 2956  SENS - ok
16:37:39.0765 2956  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
16:37:39.0968 2956  serenum - ok
16:37:40.0015 2956  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
16:37:40.0234 2956  Serial - ok
16:37:40.0250 2956  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
16:37:40.0453 2956  Sfloppy - ok
16:37:40.0562 2956  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
16:37:40.0812 2956  SharedAccess - ok
16:37:40.0859 2956  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:37:40.0906 2956  ShellHWDetection - ok
16:37:40.0921 2956  Simbad - ok
16:37:41.0031 2956  [ 7BA8FEBF9ECB36C029410E7957E7FF9C ] SiS315          C:\WINDOWS\system32\DRIVERS\sisgrp.sys
16:37:41.0078 2956  SiS315 ( UnsignedFile.Multi.Generic ) - warning
16:37:41.0078 2956  SiS315 - detected UnsignedFile.Multi.Generic (1)
16:37:41.0109 2956  [ 94A0E9F4A7B42899B793F5DE6C362662 ] SiSkp           C:\WINDOWS\system32\DRIVERS\srvkp.sys
16:37:41.0125 2956  SiSkp ( UnsignedFile.Multi.Generic ) - warning
16:37:41.0125 2956  SiSkp - detected UnsignedFile.Multi.Generic (1)
16:37:41.0171 2956  [ 3FBB6EF8B5A71A2FA11F5F461BB73219 ] SISNIC          C:\WINDOWS\system32\DRIVERS\sisnic.sys
16:37:41.0359 2956  SISNIC - ok
16:37:41.0390 2956  Sparrow - ok
16:37:41.0437 2956  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
16:37:41.0625 2956  splitter - ok
16:37:41.0671 2956  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
16:37:41.0718 2956  Spooler - ok
16:37:41.0734 2956  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
16:37:41.0812 2956  sr - ok
16:37:41.0859 2956  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
16:37:41.0937 2956  srservice - ok
16:37:42.0000 2956  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
16:37:42.0078 2956  Srv - ok
16:37:42.0109 2956  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
16:37:42.0187 2956  SSDPSRV - ok
16:37:42.0218 2956  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
16:37:42.0390 2956  stisvc - ok
16:37:42.0421 2956  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
16:37:42.0609 2956  swenum - ok
16:37:42.0640 2956  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
16:37:42.0843 2956  swmidi - ok
16:37:42.0859 2956  SwPrv - ok
16:37:42.0906 2956  symc810 - ok
16:37:42.0921 2956  symc8xx - ok
16:37:42.0953 2956  sym_hi - ok
16:37:42.0968 2956  sym_u3 - ok
16:37:43.0015 2956  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
16:37:43.0218 2956  sysaudio - ok
16:37:43.0234 2956  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
16:37:43.0421 2956  SysmonLog - ok
16:37:43.0453 2956  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
16:37:43.0640 2956  TapiSrv - ok
16:37:43.0687 2956  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:37:43.0765 2956  Tcpip - ok
16:37:43.0812 2956  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
16:37:44.0015 2956  TDPIPE - ok
16:37:44.0046 2956  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
16:37:44.0218 2956  TDTCP - ok
16:37:44.0250 2956  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
16:37:44.0453 2956  TermDD - ok
16:37:44.0515 2956  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
16:37:44.0687 2956  TermService - ok
16:37:44.0703 2956  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
16:37:44.0750 2956  Themes - ok
16:37:44.0765 2956  TosIde - ok
16:37:44.0812 2956  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
16:37:45.0031 2956  TrkWks - ok
16:37:45.0093 2956  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
16:37:45.0265 2956  Udfs - ok
16:37:45.0281 2956  ultra - ok
16:37:45.0343 2956  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
16:37:45.0593 2956  Update - ok
16:37:45.0609 2956  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
16:37:45.0718 2956  upnphost - ok
16:37:45.0750 2956  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
16:37:45.0953 2956  UPS - ok
16:37:46.0000 2956  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:37:46.0171 2956  usbccgp - ok
16:37:46.0203 2956  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:37:46.0375 2956  usbehci - ok
16:37:46.0406 2956  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:37:46.0593 2956  usbhub - ok
16:37:46.0625 2956  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:37:46.0812 2956  usbohci - ok
16:37:46.0859 2956  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:37:47.0046 2956  usbprint - ok
16:37:47.0093 2956  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:37:47.0265 2956  USBSTOR - ok
16:37:47.0296 2956  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
16:37:47.0484 2956  VgaSave - ok
16:37:47.0500 2956  ViaIde - ok
16:37:47.0531 2956  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
16:37:47.0734 2956  VolSnap - ok
16:37:47.0796 2956  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
16:37:47.0906 2956  VSS - ok
16:37:47.0937 2956  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
16:37:48.0109 2956  W32Time - ok
16:37:48.0156 2956  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:37:48.0343 2956  Wanarp - ok
16:37:48.0375 2956  WDICA - ok
16:37:48.0421 2956  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
16:37:48.0578 2956  wdmaud - ok
16:37:48.0625 2956  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
16:37:48.0796 2956  WebClient - ok
16:37:48.0890 2956  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
16:37:49.0062 2956  winmgmt - ok
16:37:49.0125 2956  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
16:37:49.0203 2956  WmdmPmSN - ok
16:37:49.0250 2956  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:37:49.0453 2956  WmiApSrv - ok
16:37:49.0515 2956  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
16:37:49.0609 2956  WMPNetworkSvc - ok
16:37:49.0656 2956  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
16:37:49.0843 2956  wscsvc - ok
16:37:49.0890 2956  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
16:37:50.0078 2956  wuauserv - ok
16:37:50.0125 2956  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:37:50.0171 2956  WudfPf - ok
16:37:50.0218 2956  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:37:50.0234 2956  WudfRd - ok
16:37:50.0265 2956  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
16:37:50.0312 2956  WudfSvc - ok
16:37:50.0359 2956  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
16:37:50.0562 2956  WZCSVC - ok
16:37:50.0593 2956  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
16:37:50.0812 2956  xmlprov - ok
16:37:50.0812 2956  ================ Scan global ===============================
16:37:50.0859 2956  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:37:50.0906 2956  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
16:37:50.0937 2956  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
16:37:50.0984 2956  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:37:51.0000 2956  [Global] - ok
16:37:51.0000 2956  ================ Scan MBR ==================================
16:37:51.0031 2956  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:37:51.0328 2956  \Device\Harddisk0\DR0 - ok
16:37:51.0328 2956  ================ Scan VBR ==================================
16:37:51.0343 2956  [ 2C0EE9D80D6DEDE6471AA7F78863AC39 ] \Device\Harddisk0\DR0\Partition1
16:37:51.0343 2956  \Device\Harddisk0\DR0\Partition1 - ok
16:37:51.0343 2956  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
16:37:51.0343 2956  \Device\Harddisk0\DR0\Partition2 - ok
16:37:51.0359 2956  ================ Scan active images ========================
16:37:51.0375 2956  [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
16:37:51.0375 2956  C:\WINDOWS\system32\drivers\processr.sys - ok
16:37:51.0390 2956  [ 7BA8FEBF9ECB36C029410E7957E7FF9C ] C:\WINDOWS\system32\drivers\sisgrp.sys
16:37:51.0390 2956  C:\WINDOWS\system32\drivers\sisgrp.sys - ok
16:37:51.0406 2956  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
16:37:51.0406 2956  C:\WINDOWS\system32\drivers\videoprt.sys - ok
16:37:51.0437 2956  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
16:37:51.0437 2956  C:\WINDOWS\system32\drivers\cdrom.sys - ok
16:37:51.0437 2956  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
16:37:51.0437 2956  C:\WINDOWS\system32\drivers\imapi.sys - ok
16:37:51.0453 2956  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
16:37:51.0453 2956  C:\WINDOWS\system32\drivers\ks.sys - ok
16:37:51.0468 2956  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
16:37:51.0468 2956  C:\WINDOWS\system32\drivers\redbook.sys - ok
16:37:51.0484 2956  [ 185ADA973B5020655CEE342059A86CBB ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
16:37:51.0484 2956  C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
16:37:51.0500 2956  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
16:37:51.0500 2956  C:\WINDOWS\system32\drivers\usbport.sys - ok
16:37:51.0515 2956  [ 3FBB6EF8B5A71A2FA11F5F461BB73219 ] C:\WINDOWS\system32\drivers\sisnic.sys
16:37:51.0515 2956  C:\WINDOWS\system32\drivers\sisnic.sys - ok
16:37:51.0546 2956  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
16:37:51.0546 2956  C:\WINDOWS\system32\drivers\usbehci.sys - ok
16:37:51.0562 2956  [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
16:37:51.0562 2956  C:\WINDOWS\system32\drivers\usbohci.sys - ok
16:37:51.0578 2956  [ FD40439BB258B9AA9AD314BF5948EF46 ] C:\WINDOWS\system32\drivers\cmaudio.sys
16:37:51.0578 2956  C:\WINDOWS\system32\drivers\cmaudio.sys - ok
16:37:51.0593 2956  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
16:37:51.0593 2956  C:\WINDOWS\system32\drivers\drmk.sys - ok
16:37:51.0609 2956  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
16:37:51.0609 2956  C:\WINDOWS\system32\drivers\portcls.sys - ok
16:37:51.0625 2956  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
16:37:51.0625 2956  C:\WINDOWS\system32\drivers\fdc.sys - ok
16:37:51.0640 2956  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
16:37:51.0640 2956  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
16:37:51.0671 2956  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
16:37:51.0671 2956  C:\WINDOWS\system32\drivers\parport.sys - ok
16:37:51.0687 2956  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
16:37:51.0687 2956  C:\WINDOWS\system32\drivers\serenum.sys - ok
16:37:51.0703 2956  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
16:37:51.0703 2956  C:\WINDOWS\system32\drivers\serial.sys - ok
16:37:51.0718 2956  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
16:37:51.0718 2956  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
16:37:51.0734 2956  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
16:37:51.0734 2956  C:\WINDOWS\system32\drivers\mouclass.sys - ok
16:37:51.0750 2956  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
16:37:51.0750 2956  C:\WINDOWS\system32\drivers\audstub.sys - ok
16:37:51.0765 2956  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
16:37:51.0765 2956  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
16:37:51.0781 2956  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
16:37:51.0781 2956  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
16:37:51.0796 2956  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
16:37:51.0796 2956  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
16:37:51.0812 2956  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
16:37:51.0812 2956  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
16:37:51.0843 2956  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
16:37:51.0843 2956  C:\WINDOWS\system32\drivers\msgpc.sys - ok
16:37:51.0859 2956  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
16:37:51.0859 2956  C:\WINDOWS\system32\drivers\psched.sys - ok
16:37:51.0875 2956  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
16:37:51.0875 2956  C:\WINDOWS\system32\drivers\raspptp.sys - ok
16:37:51.0890 2956  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
16:37:51.0890 2956  C:\WINDOWS\system32\drivers\tdi.sys - ok
16:37:51.0906 2956  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
16:37:51.0906 2956  C:\WINDOWS\system32\drivers\ptilink.sys - ok
16:37:51.0921 2956  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
16:37:51.0921 2956  C:\WINDOWS\system32\drivers\raspti.sys - ok
16:37:51.0953 2956  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
16:37:51.0953 2956  C:\WINDOWS\system32\drivers\swenum.sys - ok
16:37:51.0968 2956  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
16:37:51.0968 2956  C:\WINDOWS\system32\drivers\termdd.sys - ok
16:37:51.0968 2956  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
16:37:51.0968 2956  C:\WINDOWS\system32\drivers\update.sys - ok
16:37:51.0984 2956  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
16:37:51.0984 2956  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
16:37:52.0015 2956  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
16:37:52.0015 2956  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
16:37:52.0031 2956  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
16:37:52.0031 2956  C:\WINDOWS\system32\drivers\usbd.sys - ok
16:37:52.0046 2956  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
16:37:52.0046 2956  C:\WINDOWS\system32\drivers\usbhub.sys - ok
16:37:52.0062 2956  [ 065639773D8B03F33577F6CDAEA21063 ] C:\WINDOWS\system32\drivers\gameenum.sys
16:37:52.0062 2956  C:\WINDOWS\system32\drivers\gameenum.sys - ok
16:37:52.0078 2956  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
16:37:52.0078 2956  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
16:37:52.0093 2956  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
16:37:52.0093 2956  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
16:37:52.0125 2956  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
16:37:52.0125 2956  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
16:37:52.0140 2956  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
16:37:52.0140 2956  C:\WINDOWS\system32\drivers\beep.sys - ok
16:37:52.0156 2956  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
16:37:52.0156 2956  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
16:37:52.0171 2956  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
16:37:52.0171 2956  C:\WINDOWS\system32\drivers\null.sys - ok
16:37:52.0187 2956  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
16:37:52.0187 2956  C:\WINDOWS\system32\drivers\vga.sys - ok
16:37:52.0203 2956  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
16:37:52.0203 2956  C:\WINDOWS\system32\drivers\msfs.sys - ok
16:37:52.0218 2956  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
16:37:52.0218 2956  C:\WINDOWS\system32\drivers\npfs.sys - ok
16:37:52.0234 2956  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
16:37:52.0234 2956  C:\WINDOWS\system32\drivers\rasacd.sys - ok
16:37:52.0250 2956  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
16:37:52.0250 2956  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
16:37:52.0265 2956  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
16:37:52.0265 2956  C:\WINDOWS\system32\drivers\ipsec.sys - ok
16:37:52.0296 2956  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
16:37:52.0296 2956  C:\WINDOWS\system32\drivers\tcpip.sys - ok
16:37:52.0312 2956  [ 1F71F170D90E42EFDE9633D81D5E12DC ] C:\WINDOWS\system32\drivers\aswTdi.sys
16:37:52.0312 2956  C:\WINDOWS\system32\drivers\aswTdi.sys - ok
16:37:52.0328 2956  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
16:37:52.0328 2956  C:\WINDOWS\system32\drivers\ipnat.sys - ok
16:37:52.0343 2956  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
16:37:52.0343 2956  C:\WINDOWS\system32\drivers\netbt.sys - ok
16:37:52.0359 2956  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
16:37:52.0359 2956  C:\WINDOWS\system32\drivers\wanarp.sys - ok
16:37:52.0375 2956  [ 7B43265F92257A21CBFD88E7A651044C ] C:\WINDOWS\system32\drivers\aswRdr.sys
16:37:52.0375 2956  C:\WINDOWS\system32\drivers\aswRdr.sys - ok
16:37:52.0390 2956  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
16:37:52.0390 2956  C:\WINDOWS\system32\drivers\afd.sys - ok
16:37:52.0421 2956  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
16:37:52.0421 2956  C:\WINDOWS\system32\drivers\netbios.sys - ok
16:37:52.0437 2956  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
16:37:52.0437 2956  C:\WINDOWS\system32\drivers\rdbss.sys - ok
16:37:52.0453 2956  [ 94A0E9F4A7B42899B793F5DE6C362662 ] C:\WINDOWS\system32\drivers\srvkp.sys
16:37:52.0453 2956  C:\WINDOWS\system32\drivers\srvkp.sys - ok
16:37:52.0468 2956  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
16:37:52.0468 2956  C:\WINDOWS\system32\drivers\fips.sys - ok
16:37:52.0484 2956  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
16:37:52.0484 2956  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
16:37:52.0500 2956  [ 937300BC7C4CDF7576BCCE44E19BBB9D ] C:\WINDOWS\system32\drivers\aswSP.sys
16:37:52.0500 2956  C:\WINDOWS\system32\drivers\aswSP.sys - ok
16:37:52.0515 2956  [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys
16:37:52.0515 2956  C:\WINDOWS\system32\drivers\usbprint.sys - ok
16:37:52.0531 2956  [ CCD565A8A72AF7D45F9A242013870926 ] C:\WINDOWS\system32\drivers\aswSnx.sys
16:37:52.0531 2956  C:\WINDOWS\system32\drivers\aswSnx.sys - ok
16:37:52.0546 2956  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
16:37:52.0546 2956  C:\WINDOWS\system32\smss.exe - ok
16:37:52.0562 2956  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
16:37:52.0562 2956  C:\WINDOWS\system32\ntdll.dll - ok
16:37:52.0593 2956  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
16:37:52.0593 2956  C:\WINDOWS\system32\autochk.exe - ok
16:37:52.0609 2956  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
16:37:52.0609 2956  C:\WINDOWS\system32\sfcfiles.dll - ok
16:37:52.0625 2956  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
16:37:52.0625 2956  C:\WINDOWS\system32\drivers\cdfs.sys - ok
16:37:52.0640 2956  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
16:37:52.0640 2956  C:\WINDOWS\system32\drivers\atapi.sys - ok
16:37:52.0656 2956  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
16:37:52.0656 2956  C:\WINDOWS\system32\drivers\wmilib.sys - ok
16:37:52.0671 2956  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
16:37:52.0671 2956  C:\WINDOWS\system32\drivers\dxapi.sys - ok
16:37:52.0687 2956  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
16:37:52.0687 2956  C:\WINDOWS\system32\watchdog.sys - ok
16:37:52.0718 2956  [ FC8A1F72A8097910A11D5184BC3F887B ] C:\WINDOWS\system32\win32k.sys
16:37:52.0718 2956  C:\WINDOWS\system32\win32k.sys - ok
16:37:52.0718 2956  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
16:37:52.0718 2956  C:\WINDOWS\system32\csrss.exe - ok
16:37:52.0734 2956  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:37:52.0734 2956  C:\WINDOWS\system32\basesrv.dll - ok
16:37:52.0750 2956  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
16:37:52.0750 2956  C:\WINDOWS\system32\csrsrv.dll - ok
16:37:52.0781 2956  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
16:37:52.0781 2956  C:\WINDOWS\system32\winsrv.dll - ok
16:37:52.0796 2956  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
16:37:52.0796 2956  C:\WINDOWS\system32\gdi32.dll - ok
16:37:52.0812 2956  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
16:37:52.0812 2956  C:\WINDOWS\system32\kernel32.dll - ok
16:37:52.0828 2956  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
16:37:52.0828 2956  C:\WINDOWS\system32\user32.dll - ok
16:37:52.0843 2956  [ 012DF358CEBAA23ACB26D82077820817 ] C:\WINDOWS\system32\lpk.dll
16:37:52.0843 2956  C:\WINDOWS\system32\lpk.dll - ok
16:37:52.0859 2956  [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
16:37:52.0859 2956  C:\WINDOWS\system32\usp10.dll - ok
16:37:52.0875 2956  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
16:37:52.0875 2956  C:\WINDOWS\system32\advapi32.dll - ok
16:37:52.0906 2956  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
16:37:52.0906 2956  C:\WINDOWS\system32\rpcrt4.dll - ok
16:37:52.0921 2956  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
16:37:52.0921 2956  C:\WINDOWS\system32\secur32.dll - ok
16:37:52.0937 2956  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
16:37:52.0937 2956  C:\WINDOWS\system32\drivers\dxg.sys - ok
16:37:52.0953 2956  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
16:37:52.0953 2956  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
16:37:52.0968 2956  [ B8CF71FB9A0D1698DFA833D76D1AE879 ] C:\WINDOWS\system32\sisgrv.dll
16:37:52.0968 2956  C:\WINDOWS\system32\sisgrv.dll - ok
16:37:52.0984 2956  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
16:37:52.0984 2956  C:\WINDOWS\system32\vga.dll - ok
16:37:53.0000 2956  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
16:37:53.0000 2956  C:\WINDOWS\system32\winlogon.exe - ok
16:37:53.0015 2956  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
16:37:53.0015 2956  C:\WINDOWS\system32\authz.dll - ok
16:37:53.0031 2956  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
16:37:53.0031 2956  C:\WINDOWS\system32\msvcrt.dll - ok
16:37:53.0046 2956  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
16:37:53.0046 2956  C:\WINDOWS\system32\crypt32.dll - ok
16:37:53.0062 2956  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
16:37:53.0062 2956  C:\WINDOWS\system32\msasn1.dll - ok
16:37:53.0093 2956  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
16:37:53.0093 2956  C:\WINDOWS\system32\nddeapi.dll - ok



#9 jc_vaughn1981

jc_vaughn1981

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 July 2013 - 11:40 AM

TDSS Part 2:

 

16:37:53.0109 2956  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
16:37:53.0109 2956  C:\WINDOWS\system32\profmap.dll - ok
16:37:53.0125 2956  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
16:37:53.0125 2956  C:\WINDOWS\system32\netapi32.dll - ok
16:37:53.0140 2956  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
16:37:53.0140 2956  C:\WINDOWS\system32\userenv.dll - ok
16:37:53.0156 2956  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
16:37:53.0156 2956  C:\WINDOWS\system32\psapi.dll - ok
16:37:53.0171 2956  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
16:37:53.0171 2956  C:\WINDOWS\system32\regapi.dll - ok
16:37:53.0187 2956  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
16:37:53.0187 2956  C:\WINDOWS\system32\setupapi.dll - ok
16:37:53.0218 2956  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
16:37:53.0218 2956  C:\WINDOWS\system32\version.dll - ok
16:37:53.0218 2956  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
16:37:53.0218 2956  C:\WINDOWS\system32\winsta.dll - ok
16:37:53.0234 2956  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
16:37:53.0234 2956  C:\WINDOWS\system32\imagehlp.dll - ok
16:37:53.0250 2956  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
16:37:53.0250 2956  C:\WINDOWS\system32\wintrust.dll - ok
16:37:53.0281 2956  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
16:37:53.0281 2956  C:\WINDOWS\system32\ws2_32.dll - ok
16:37:53.0296 2956  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
16:37:53.0296 2956  C:\WINDOWS\system32\ws2help.dll - ok
16:37:53.0312 2956  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
16:37:53.0312 2956  C:\WINDOWS\system32\imm32.dll - ok
16:37:53.0328 2956  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
16:37:53.0328 2956  C:\WINDOWS\system32\kbdus.dll - ok
16:37:53.0343 2956  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
16:37:53.0343 2956  C:\WINDOWS\system32\msgina.dll - ok
16:37:53.0359 2956  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
16:37:53.0359 2956  C:\WINDOWS\system32\comctl32.dll - ok
16:37:53.0375 2956  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
16:37:53.0375 2956  C:\WINDOWS\system32\odbc32.dll - ok
16:37:53.0406 2956  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
16:37:53.0406 2956  C:\WINDOWS\system32\comdlg32.dll - ok
16:37:53.0421 2956  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
16:37:53.0421 2956  C:\WINDOWS\system32\shell32.dll - ok
16:37:53.0437 2956  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
16:37:53.0437 2956  C:\WINDOWS\system32\shlwapi.dll - ok
16:37:53.0453 2956  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
16:37:53.0453 2956  C:\WINDOWS\system32\sxs.dll - ok
16:37:53.0468 2956  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
16:37:53.0468 2956  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
16:37:53.0484 2956  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
16:37:53.0484 2956  C:\WINDOWS\system32\odbcint.dll - ok
16:37:53.0500 2956  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
16:37:53.0500 2956  C:\WINDOWS\system32\shsvcs.dll - ok
16:37:53.0515 2956  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
16:37:53.0515 2956  C:\WINDOWS\system32\ole32.dll - ok
16:37:53.0531 2956  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
16:37:53.0531 2956  C:\WINDOWS\system32\sfc.dll - ok
16:37:53.0546 2956  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
16:37:53.0546 2956  C:\WINDOWS\system32\sfc_os.dll - ok
16:37:53.0578 2956  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
16:37:53.0578 2956  C:\WINDOWS\system32\apphelp.dll - ok
16:37:53.0593 2956  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:37:53.0593 2956  C:\WINDOWS\system32\services.exe - ok
16:37:53.0609 2956  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
16:37:53.0609 2956  C:\WINDOWS\system32\lsass.exe - ok
16:37:53.0625 2956  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
16:37:53.0625 2956  C:\WINDOWS\system32\lsasrv.dll - ok
16:37:53.0640 2956  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
16:37:53.0640 2956  C:\WINDOWS\system32\ncobjapi.dll - ok
16:37:53.0656 2956  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
16:37:53.0656 2956  C:\WINDOWS\system32\msvcp60.dll - ok
16:37:53.0671 2956  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
16:37:53.0671 2956  C:\WINDOWS\system32\scesrv.dll - ok
16:37:53.0703 2956  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
16:37:53.0703 2956  C:\WINDOWS\system32\mpr.dll - ok
16:37:53.0718 2956  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
16:37:53.0718 2956  C:\WINDOWS\system32\ntdsapi.dll - ok
16:37:53.0718 2956  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
16:37:53.0718 2956  C:\WINDOWS\system32\dnsapi.dll - ok
16:37:53.0734 2956  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
16:37:53.0734 2956  C:\WINDOWS\system32\umpnpmgr.dll - ok
16:37:53.0765 2956  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
16:37:53.0765 2956  C:\WINDOWS\system32\shimeng.dll - ok
16:37:53.0781 2956  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
16:37:53.0781 2956  C:\WINDOWS\system32\wldap32.dll - ok
16:37:53.0796 2956  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
16:37:53.0796 2956  C:\WINDOWS\system32\samlib.dll - ok
16:37:53.0812 2956  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
16:37:53.0812 2956  C:\WINDOWS\AppPatch\acadproc.dll - ok
16:37:53.0828 2956  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
16:37:53.0828 2956  C:\WINDOWS\system32\samsrv.dll - ok
16:37:53.0843 2956  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
16:37:53.0843 2956  C:\WINDOWS\system32\cryptdll.dll - ok
16:37:53.0859 2956  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
16:37:53.0859 2956  C:\WINDOWS\AppPatch\acgenral.dll - ok
16:37:53.0890 2956  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
16:37:53.0890 2956  C:\WINDOWS\system32\winmm.dll - ok
16:37:53.0906 2956  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
16:37:53.0906 2956  C:\WINDOWS\system32\oleaut32.dll - ok
16:37:53.0921 2956  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
16:37:53.0921 2956  C:\WINDOWS\system32\msacm32.dll - ok
16:37:53.0937 2956  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
16:37:53.0937 2956  C:\WINDOWS\system32\uxtheme.dll - ok
16:37:53.0953 2956  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
16:37:53.0953 2956  C:\WINDOWS\system32\msapsspc.dll - ok
16:37:53.0968 2956  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
16:37:53.0968 2956  C:\WINDOWS\system32\msvcrt40.dll - ok
16:37:53.0984 2956  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
16:37:53.0984 2956  C:\WINDOWS\system32\schannel.dll - ok
16:37:54.0000 2956  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
16:37:54.0000 2956  C:\WINDOWS\system32\digest.dll - ok
16:37:54.0015 2956  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
16:37:54.0015 2956  C:\WINDOWS\system32\msnsspc.dll - ok
16:37:54.0031 2956  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
16:37:54.0031 2956  C:\WINDOWS\system32\msctfime.ime - ok
16:37:54.0046 2956  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
16:37:54.0046 2956  C:\WINDOWS\system32\msprivs.dll - ok
16:37:54.0078 2956  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
16:37:54.0078 2956  C:\WINDOWS\system32\kerberos.dll - ok
16:37:54.0093 2956  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
16:37:54.0093 2956  C:\WINDOWS\system32\iphlpapi.dll - ok
16:37:54.0109 2956  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
16:37:54.0109 2956  C:\WINDOWS\system32\msv1_0.dll - ok
16:37:54.0125 2956  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
16:37:54.0125 2956  C:\WINDOWS\system32\netlogon.dll - ok
16:37:54.0140 2956  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
16:37:54.0140 2956  C:\WINDOWS\system32\w32time.dll - ok
16:37:54.0156 2956  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
16:37:54.0156 2956  C:\WINDOWS\system32\wdigest.dll - ok
16:37:54.0171 2956  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
16:37:54.0171 2956  C:\WINDOWS\system32\rsaenh.dll - ok
16:37:54.0203 2956  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
16:37:54.0203 2956  C:\WINDOWS\system32\winscard.dll - ok
16:37:54.0218 2956  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
16:37:54.0218 2956  C:\WINDOWS\system32\wtsapi32.dll - ok
16:37:54.0218 2956  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
16:37:54.0218 2956  C:\WINDOWS\system32\scecli.dll - ok
16:37:54.0250 2956  [ 1F7094D4268D46F718C51286DC189791 ] C:\WINDOWS\system32\drivers\aswMonFlt.sys
16:37:54.0250 2956  C:\WINDOWS\system32\drivers\aswMonFlt.sys - ok
16:37:54.0265 2956  [ 4AF5F360BA1E8794D32B366E45A64A0A ] C:\WINDOWS\system32\drivers\aswFsBlk.sys
16:37:54.0265 2956  C:\WINDOWS\system32\drivers\aswFsBlk.sys - ok
16:37:54.0281 2956  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
16:37:54.0281 2956  C:\WINDOWS\system32\svchost.exe - ok
16:37:54.0296 2956  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
16:37:54.0296 2956  C:\WINDOWS\system32\ntmarta.dll - ok
16:37:54.0312 2956  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
16:37:54.0312 2956  C:\WINDOWS\system32\rpcss.dll - ok
16:37:54.0328 2956  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
16:37:54.0328 2956  C:\WINDOWS\system32\xpsp2res.dll - ok
16:37:54.0343 2956  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
16:37:54.0343 2956  C:\WINDOWS\system32\eventlog.dll - ok
16:37:54.0375 2956  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
16:37:54.0375 2956  C:\WINDOWS\system32\mswsock.dll - ok
16:37:54.0390 2956  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
16:37:54.0390 2956  C:\WINDOWS\system32\hnetcfg.dll - ok
16:37:54.0406 2956  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
16:37:54.0406 2956  C:\WINDOWS\system32\wshtcpip.dll - ok
16:37:54.0421 2956  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
16:37:54.0421 2956  C:\WINDOWS\system32\winrnr.dll - ok
16:37:54.0437 2956  [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
16:37:54.0437 2956  C:\Program Files\Bonjour\mdnsNSP.dll - ok
16:37:54.0453 2956  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
16:37:54.0453 2956  C:\WINDOWS\system32\rasadhlp.dll - ok
16:37:54.0484 2956  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
16:37:54.0484 2956  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
16:37:54.0484 2956  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
16:37:54.0484 2956  C:\WINDOWS\system32\dhcpcsvc.dll - ok
16:37:54.0500 2956  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
16:37:54.0500 2956  C:\WINDOWS\system32\dnsrslvr.dll - ok
16:37:54.0515 2956  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
16:37:54.0515 2956  C:\WINDOWS\system32\lmhsvc.dll - ok
16:37:54.0531 2956  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
16:37:54.0546 2956  C:\WINDOWS\system32\wzcsvc.dll - ok
16:37:54.0562 2956  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
16:37:54.0562 2956  C:\WINDOWS\system32\rtutils.dll - ok
16:37:54.0578 2956  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
16:37:54.0578 2956  C:\WINDOWS\system32\wmi.dll - ok
16:37:54.0593 2956  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
16:37:54.0593 2956  C:\WINDOWS\system32\eapolqec.dll - ok
16:37:54.0609 2956  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
16:37:54.0609 2956  C:\WINDOWS\system32\atl.dll - ok
16:37:54.0625 2956  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
16:37:54.0625 2956  C:\WINDOWS\system32\qutil.dll - ok
16:37:54.0640 2956  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
16:37:54.0640 2956  C:\WINDOWS\system32\dot3api.dll - ok
16:37:54.0656 2956  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
16:37:54.0671 2956  C:\WINDOWS\system32\esent.dll - ok
16:37:54.0687 2956  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
16:37:54.0687 2956  C:\WINDOWS\system32\logonui.exe - ok
16:37:54.0703 2956  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
16:37:54.0703 2956  C:\WINDOWS\system32\cscdll.dll - ok
16:37:54.0718 2956  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
16:37:54.0718 2956  C:\WINDOWS\system32\clbcatq.dll - ok
16:37:54.0734 2956  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
16:37:54.0734 2956  C:\WINDOWS\system32\dimsntfy.dll - ok
16:37:54.0750 2956  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
16:37:54.0750 2956  C:\WINDOWS\system32\duser.dll - ok
16:37:54.0765 2956  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
16:37:54.0765 2956  C:\WINDOWS\system32\wlnotify.dll - ok
16:37:54.0781 2956  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
16:37:54.0781 2956  C:\WINDOWS\system32\comres.dll - ok
16:37:54.0796 2956  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
16:37:54.0796 2956  C:\WINDOWS\system32\winspool.drv - ok
16:37:54.0812 2956  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
16:37:54.0812 2956  C:\WINDOWS\system32\msimg32.dll - ok
16:37:54.0828 2956  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
16:37:54.0828 2956  C:\WINDOWS\system32\oleacc.dll - ok
16:37:54.0843 2956  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
16:37:54.0859 2956  C:\WINDOWS\system32\rastls.dll - ok
16:37:54.0875 2956  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
16:37:54.0875 2956  C:\WINDOWS\system32\cryptui.dll - ok
16:37:54.0890 2956  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:37:54.0890 2956  C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok
16:37:54.0906 2956  [ 54AE15322C30814FC23FC26907A563B3 ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
16:37:54.0906 2956  C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
16:37:54.0921 2956  [ 40F2889475EDC401F98FD7938F0BBF66 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
16:37:54.0921 2956  C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
16:37:54.0937 2956  [ 1F9319EA6D87522C70271A55AC3BE365 ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
16:37:54.0937 2956  C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
16:37:54.0953 2956  [ CE5BA470204A3176E60721C4B63B8DF3 ] C:\WINDOWS\system32\wininet.dll
16:37:54.0953 2956  C:\WINDOWS\system32\wininet.dll - ok
16:37:54.0984 2956  [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
16:37:54.0984 2956  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll - ok
16:37:54.0984 2956  [ B2EEE3DEE31F50E082E9C720A6D7757D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
16:37:54.0984 2956  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll - ok
16:37:55.0015 2956  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
16:37:55.0015 2956  C:\WINDOWS\system32\normaliz.dll - ok
16:37:55.0031 2956  [ F2ED64D23C94ACF512A81142F3431F4C ] C:\WINDOWS\system32\urlmon.dll
16:37:55.0031 2956  C:\WINDOWS\system32\urlmon.dll - ok
16:37:55.0046 2956  [ 0C70F8F5CC8359AC633724BECF6ABAF3 ] C:\Program Files\AVAST Software\Avast\ashBase.dll
16:37:55.0046 2956  C:\Program Files\AVAST Software\Avast\ashBase.dll - ok
16:37:55.0062 2956  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
16:37:55.0062 2956  C:\WINDOWS\system32\wsock32.dll - ok
16:37:55.0078 2956  [ F79B2469046122E24450FB66AE580C83 ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
16:37:55.0078 2956  C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
16:37:55.0093 2956  [ F81E2C10BD6C4BE3B9A242018CEF7A98 ] C:\WINDOWS\system32\iertutil.dll
16:37:55.0093 2956  C:\WINDOWS\system32\iertutil.dll - ok
16:37:55.0109 2956  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
16:37:55.0109 2956  C:\WINDOWS\system32\mprapi.dll - ok
16:37:55.0140 2956  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
16:37:55.0140 2956  C:\WINDOWS\system32\activeds.dll - ok
16:37:55.0156 2956  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
16:37:55.0156 2956  C:\WINDOWS\system32\adsldpc.dll - ok
16:37:55.0171 2956  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
16:37:55.0171 2956  C:\WINDOWS\system32\rasapi32.dll - ok
16:37:55.0187 2956  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
16:37:55.0187 2956  C:\WINDOWS\system32\rasman.dll - ok
16:37:55.0203 2956  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
16:37:55.0203 2956  C:\WINDOWS\system32\tapi32.dll - ok
16:37:55.0218 2956  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
16:37:55.0218 2956  C:\WINDOWS\system32\riched20.dll - ok
16:37:55.0234 2956  [ C86121BF74BB07FC99DB9DB0ED1B49FF ] C:\Program Files\AVAST Software\Avast\avBugReport.exe
16:37:55.0234 2956  C:\Program Files\AVAST Software\Avast\avBugReport.exe - ok
16:37:55.0250 2956  [ 5C5E3AFD499E5146FEF1DA5EF8A23205 ] C:\Program Files\AVAST Software\Avast\dbghelp.dll
16:37:55.0250 2956  C:\Program Files\AVAST Software\Avast\dbghelp.dll - ok
16:37:55.0265 2956  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
16:37:55.0265 2956  C:\WINDOWS\system32\winhttp.dll - ok
16:37:55.0281 2956  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
16:37:55.0281 2956  C:\WINDOWS\system32\raschap.dll - ok
16:37:55.0296 2956  [ 920B4D089E02FB4A3F8ADA8B4BEF9B26 ] C:\Program Files\AVAST Software\Avast\1033\Base.dll
16:37:55.0312 2956  C:\Program Files\AVAST Software\Avast\1033\Base.dll - ok
16:37:55.0328 2956  [ DA8B8A95780F406EBB213C1C5D4C0D90 ] C:\Program Files\AVAST Software\Avast\ashServ.dll
16:37:55.0328 2956  C:\Program Files\AVAST Software\Avast\ashServ.dll - ok
16:37:55.0343 2956  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
16:37:55.0343 2956  C:\WINDOWS\system32\shgina.dll - ok
16:37:55.0359 2956  [ D873AF6112E377CDBCBF3055B86C30A9 ] C:\Program Files\AVAST Software\Avast\aswAux.dll
16:37:55.0359 2956  C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
16:37:55.0375 2956  [ 69B9DD83535C421F229227B0B303082A ] C:\Program Files\AVAST Software\Avast\ashTask.dll
16:37:55.0375 2956  C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
16:37:55.0390 2956  [ 91F1D56F6DC6B2AEC45369765787B64D ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
16:37:55.0390 2956  C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok
16:37:55.0406 2956  [ D068312FEC645A9D7C1398808734B142 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
16:37:55.0406 2956  C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
16:37:55.0437 2956  [ 1919B2A6BB69BD206A4F0C20FBA5E4B6 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
16:37:55.0437 2956  C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
16:37:55.0453 2956  [ 64BF5CD9B9D7BD391CBC9EDE847A2902 ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
16:37:55.0453 2956  C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
16:37:55.0468 2956  [ B3B4DDCD7263993FA3C42573066A16BE ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
16:37:55.0468 2956  C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
16:37:55.0484 2956  [ 7D289D7E6253BC998F51CAADB54C5192 ] C:\Program Files\AVAST Software\Avast\Aavm4h.dll
16:37:55.0484 2956  C:\Program Files\AVAST Software\Avast\Aavm4h.dll - ok
16:37:55.0500 2956  [ E43B269964099D96DDDAAED0E57F109E ] C:\Program Files\AVAST Software\Avast\avastIP.dll
16:37:55.0500 2956  C:\Program Files\AVAST Software\Avast\avastIP.dll - ok
16:37:55.0515 2956  [ 79B5BAEC23456D3F7EC10FC8374DA2CC ] C:\Program Files\AVAST Software\Avast\aswIdle.dll
16:37:55.0515 2956  C:\Program Files\AVAST Software\Avast\aswIdle.dll - ok
16:37:55.0531 2956  [ DAB9952E3626D84E74CBF4958B1B1F52 ] C:\WINDOWS\system32\kbduk.dll
16:37:55.0531 2956  C:\WINDOWS\system32\kbduk.dll - ok
16:37:55.0546 2956  [ BB2BE07A396B5B22AC56787FACF8D86F ] C:\Program Files\AVAST Software\Avast\aswDld.dll
16:37:55.0546 2956  C:\Program Files\AVAST Software\Avast\aswDld.dll - ok
16:37:55.0562 2956  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
16:37:55.0562 2956  C:\WINDOWS\system32\cscui.dll - ok
16:37:55.0578 2956  [ 52D0FE133CBE687ED4E83FBDA70EBC9C ] C:\Program Files\AVAST Software\Avast\aswStrm.dll
16:37:55.0578 2956  C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok
16:37:55.0593 2956  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
16:37:55.0593 2956  C:\WINDOWS\system32\powrprof.dll - ok
16:37:55.0625 2956  [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\system32\dpcdll.dll
16:37:55.0625 2956  C:\WINDOWS\system32\dpcdll.dll - ok
16:37:55.0640 2956  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
16:37:55.0640 2956  C:\WINDOWS\system32\schedsvc.dll - ok
16:37:55.0656 2956  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
16:37:55.0656 2956  C:\WINDOWS\system32\userinit.exe - ok
16:37:55.0671 2956  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
16:37:55.0671 2956  C:\WINDOWS\system32\msidle.dll - ok
16:37:55.0687 2956  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
16:37:55.0687 2956  C:\WINDOWS\explorer.exe - ok
16:37:55.0703 2956  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
16:37:55.0703 2956  C:\WINDOWS\system32\spoolsv.exe - ok
16:37:55.0718 2956  [ 2400A2B7020CEEE84B0E2CB75A0E0C2E ] C:\Program Files\AVAST Software\Avast\defs\13070300\aswEngin.dll
16:37:55.0718 2956  C:\Program Files\AVAST Software\Avast\defs\13070300\aswEngin.dll - ok
16:37:55.0734 2956  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
16:37:55.0734 2956  C:\WINDOWS\system32\browseui.dll - ok
16:37:55.0750 2956  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
16:37:55.0750 2956  C:\WINDOWS\system32\audiosrv.dll - ok
16:37:55.0765 2956  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
16:37:55.0765 2956  C:\WINDOWS\system32\shdocvw.dll - ok
16:37:55.0796 2956  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
16:37:55.0796 2956  C:\WINDOWS\system32\wkssvc.dll - ok
16:37:55.0812 2956  [ C4689286E13EB33929B219C010BB44C1 ] C:\Program Files\AVAST Software\Avast\defs\13070300\aswCmnIS.dll
16:37:55.0812 2956  C:\Program Files\AVAST Software\Avast\defs\13070300\aswCmnIS.dll - ok
16:37:55.0828 2956  [ 701BFC8672B9AA1BC9190157BF764C8D ] C:\Program Files\AVAST Software\Avast\defs\13070300\aswCmnOS.dll
16:37:55.0828 2956  C:\Program Files\AVAST Software\Avast\defs\13070300\aswCmnOS.dll - ok
16:37:55.0843 2956  [ 603103B004A4335713C962A2442C01C5 ] C:\Program Files\AVAST Software\Avast\defs\13070300\aswCmnBS.dll
16:37:55.0843 2956  C:\Program Files\AVAST Software\Avast\defs\13070300\aswCmnBS.dll - ok
16:37:55.0859 2956  [ F0A7639DE0A66BBB92E8912CDEB1A567 ] C:\Program Files\AVAST Software\Avast\defs\13070300\aswScan.dll
16:37:55.0859 2956  C:\Program Files\AVAST Software\Avast\defs\13070300\aswScan.dll - ok
16:37:55.0875 2956  [ 32ED62D8C410117E09B0B7CA44FC4456 ] C:\Program Files\AVAST Software\Avast\defs\13070300\aswRep.dll
16:37:55.0875 2956  C:\Program Files\AVAST Software\Avast\defs\13070300\aswRep.dll - ok
16:37:55.0906 2956  [ CD89FA96371429B0BEE893B156DB8932 ] C:\Program Files\AVAST Software\Avast\ashShell.dll
16:37:55.0906 2956  C:\Program Files\AVAST Software\Avast\ashShell.dll - ok
16:37:55.0921 2956  [ 2399F8068E969D9C25A05B6F779A790A ] C:\Program Files\AVAST Software\Avast\defs\13070300\aswFiDb.dll
16:37:55.0921 2956  C:\Program Files\AVAST Software\Avast\defs\13070300\aswFiDb.dll - ok
16:37:55.0937 2956  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
16:37:55.0937 2956  C:\WINDOWS\system32\msi.dll - ok
16:37:55.0953 2956  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
16:37:55.0953 2956  C:\WINDOWS\system32\wdmaud.drv - ok
16:37:55.0968 2956  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
16:37:55.0968 2956  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
16:37:55.0984 2956  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
16:37:55.0984 2956  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
16:37:56.0000 2956  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
16:37:56.0000 2956  C:\WINDOWS\system32\drivers\splitter.sys - ok
16:37:56.0015 2956  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
16:37:56.0015 2956  C:\WINDOWS\system32\drivers\aec.sys - ok
16:37:56.0031 2956  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
16:37:56.0031 2956  C:\WINDOWS\system32\desk.cpl - ok
16:37:56.0046 2956  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
16:37:56.0046 2956  C:\WINDOWS\system32\drivers\swmidi.sys - ok
16:37:56.0078 2956  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
16:37:56.0078 2956  C:\WINDOWS\system32\drivers\dmusic.sys - ok
16:37:56.0093 2956  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
16:37:56.0093 2956  C:\WINDOWS\system32\themeui.dll - ok
16:37:56.0109 2956  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
16:37:56.0109 2956  C:\WINDOWS\system32\drivers\kmixer.sys - ok
16:37:56.0125 2956  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
16:37:56.0125 2956  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
16:37:56.0140 2956  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
16:37:56.0140 2956  C:\WINDOWS\system32\msacm32.drv - ok
16:37:56.0156 2956  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
16:37:56.0156 2956  C:\WINDOWS\system32\midimap.dll - ok
16:37:56.0171 2956  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
16:37:56.0171 2956  C:\WINDOWS\system32\actxprxy.dll - ok
16:37:56.0203 2956  [ 0549F9F191DC6F0AF23407E8C851494F ] C:\Program Files\AVAST Software\Avast\defs\13070300\algo.dll
16:37:56.0203 2956  C:\Program Files\AVAST Software\Avast\defs\13070300\algo.dll - ok
16:37:56.0218 2956  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
16:37:56.0218 2956  C:\WINDOWS\system32\cmd.exe - ok
16:37:56.0234 2956  [ C1DD6288ABA16EECBA39C3299C4040FE ] C:\Program Files\AVAST Software\Avast\Setup\setiface.dll
16:37:56.0234 2956  C:\Program Files\AVAST Software\Avast\Setup\setiface.dll - ok
16:37:56.0250 2956  [ 4E98097C6DAF780D145FB702C6EA625F ] C:\WINDOWS\system32\ieframe.dll
16:37:56.0250 2956  C:\WINDOWS\system32\ieframe.dll - ok
16:37:56.0265 2956  [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
16:37:56.0265 2956  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
16:37:56.0281 2956  [ 5CE2C1433B9B634591F0A1C4C1203A0B ] C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
16:37:56.0281 2956  C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe - ok
16:37:56.0296 2956  [ 758D99511FD82B6C55E70494039E9F1A ] C:\Program Files\Google\Update\1.3.21.145\goopdate.dll
16:37:56.0296 2956  C:\Program Files\Google\Update\1.3.21.145\goopdate.dll - ok
16:37:56.0312 2956  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
16:37:56.0312 2956  C:\WINDOWS\system32\dbghelp.dll - ok
16:37:56.0328 2956  [ 76B35CB0F3A4E69D6DFF27F542B9F856 ] C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
16:37:56.0328 2956  C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe - ok
16:37:56.0359 2956  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
16:37:56.0359 2956  C:\WINDOWS\system32\mstask.dll - ok
16:37:56.0375 2956  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
16:37:56.0375 2956  C:\WINDOWS\system32\cryptnet.dll - ok
16:37:56.0390 2956  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
16:37:56.0390 2956  C:\WINDOWS\system32\sensapi.dll - ok
16:37:56.0406 2956  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
16:37:56.0406 2956  C:\WINDOWS\system32\cabinet.dll - ok
16:37:56.0421 2956  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
16:37:56.0421 2956  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
16:37:56.0437 2956  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
16:37:56.0437 2956  C:\WINDOWS\system32\webclnt.dll - ok
16:37:56.0453 2956  [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
16:37:56.0453 2956  C:\WINDOWS\system32\fltlib.dll - ok
16:37:56.0484 2956  [ 2FE6D5BE0629F706197B30C0AA05DE30 ] C:\WINDOWS\system32\drivers\BRPAR.SYS
16:37:56.0484 2956  C:\WINDOWS\system32\drivers\BRPAR.SYS - ok
16:37:56.0484 2956  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
16:37:56.0484 2956  C:\WINDOWS\system32\drivers\parvdm.sys - ok
16:37:56.0500 2956  [ E385B9E07B08C3F686B45D52C9F5A9B9 ] C:\Program Files\AVAST Software\Avast\AhResBhv.dll
16:37:56.0500 2956  C:\Program Files\AVAST Software\Avast\AhResBhv.dll - ok
16:37:56.0515 2956  [ 4FE5C6D40664AE07BE5105874357D2ED ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:37:56.0515 2956  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
16:37:56.0546 2956  [ E28034BDEDD48E44C889FF40C462005D ] C:\Program Files\AVAST Software\Avast\AhResJs.dll
16:37:56.0546 2956  C:\Program Files\AVAST Software\Avast\AhResJs.dll - ok
16:37:56.0562 2956  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
16:37:56.0562 2956  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
16:37:56.0578 2956  [ B20C06BDE50900C33CEE861E5B288ABF ] C:\Program Files\AVAST Software\Avast\AhResMai.dll
16:37:56.0578 2956  C:\Program Files\AVAST Software\Avast\AhResMai.dll - ok
16:37:56.0593 2956  [ DAC5B3F300E08EFA9782F6DD0E4A9FDA ] C:\Program Files\AVAST Software\Avast\AhResMes.dll
16:37:56.0593 2956  C:\Program Files\AVAST Software\Avast\AhResMes.dll - ok
16:37:56.0609 2956  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
16:37:56.0609 2956  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
16:37:56.0640 2956  [ 5B07E1B2414CE6A7F8942493F194B697 ] C:\Program Files\AVAST Software\Avast\AhResNS.dll
16:37:56.0640 2956  C:\Program Files\AVAST Software\Avast\AhResNS.dll - ok
16:37:56.0656 2956  [ F9AA8285BE0CCB3BDD77549DFC817423 ] C:\Program Files\AVAST Software\Avast\AhResP2P.dll
16:37:56.0656 2956  C:\Program Files\AVAST Software\Avast\AhResP2P.dll - ok
16:37:56.0671 2956  [ 90622E62EABD12FFEACEF083E765707C ] C:\Program Files\AVAST Software\Avast\AhResStd.dll
16:37:56.0671 2956  C:\Program Files\AVAST Software\Avast\AhResStd.dll - ok
16:37:56.0687 2956  [ B7F721185071CF20CAB25CC2869BE0C2 ] C:\Program Files\AVAST Software\Avast\AhResWS.dll
16:37:56.0687 2956  C:\Program Files\AVAST Software\Avast\AhResWS.dll - ok
16:37:56.0703 2956  [ 92DA9EDE07390B4352B29DD82079E398 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
16:37:56.0703 2956  C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
16:37:56.0718 2956  [ 9EEFE69139FDBB4A3C327630F8EB993A ] C:\WINDOWS\system32\wlanapi.dll
16:37:56.0718 2956  C:\WINDOWS\system32\wlanapi.dll - ok
16:37:56.0734 2956  [ 64894527838C86454E2F378FF39FA336 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
16:37:56.0734 2956  C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
16:37:56.0750 2956  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
16:37:56.0750 2956  C:\WINDOWS\system32\wzcsapi.dll - ok
16:37:56.0765 2956  [ EF8CD3C64EE9C08980D6D06CCCE46C68 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
16:37:56.0765 2956  C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
16:37:56.0796 2956  [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
16:37:56.0796 2956  C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
16:37:56.0812 2956  [ 638C7596B493F5F77DB9EF6BAD8FE46C ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
16:37:56.0812 2956  C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
16:37:56.0828 2956  [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
16:37:56.0828 2956  C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
16:37:56.0843 2956  [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
16:37:56.0843 2956  C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
16:37:56.0859 2956  [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
16:37:56.0859 2956  C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
16:37:56.0875 2956  [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
16:37:56.0875 2956  C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
16:37:56.0906 2956  [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
16:37:56.0906 2956  C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
16:37:56.0921 2956  [ 4327CF9A9D0864CA0FFC97FCDA97315A ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
16:37:56.0921 2956  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
16:37:56.0937 2956  [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\WINDOWS\system32\dnssd.dll
16:37:56.0937 2956  C:\WINDOWS\system32\dnssd.dll - ok
16:37:56.0953 2956  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
16:37:56.0953 2956  C:\Program Files\Bonjour\mDNSResponder.exe - ok
16:37:56.0968 2956  [ 24665B221424FFD7B71F0D2C398F2F4F ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
16:37:56.0968 2956  C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
16:37:56.0984 2956  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
16:37:56.0984 2956  C:\WINDOWS\system32\cryptsvc.dll - ok
16:37:57.0000 2956  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
16:37:57.0000 2956  C:\WINDOWS\system32\certcli.dll - ok
16:37:57.0015 2956  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
16:37:57.0015 2956  C:\WINDOWS\system32\es.dll - ok
16:37:57.0031 2956  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
16:37:57.0031 2956  C:\WINDOWS\system32\ersvc.dll - ok
16:37:57.0046 2956  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
16:37:57.0046 2956  C:\WINDOWS\system32\ipsecsvc.dll - ok
16:37:57.0078 2956  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
16:37:57.0078 2956  C:\WINDOWS\system32\oakley.dll - ok
16:37:57.0093 2956  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
16:37:57.0093 2956  C:\WINDOWS\system32\srsvc.dll - ok
16:37:57.0109 2956  [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
16:37:57.0109 2956  C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
16:37:57.0125 2956  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
16:37:57.0125 2956  C:\WINDOWS\system32\winipsec.dll - ok
16:37:57.0140 2956  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
16:37:57.0140 2956  C:\WINDOWS\system32\pstorsvc.dll - ok
16:37:57.0156 2956  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
16:37:57.0156 2956  C:\WINDOWS\system32\wiaservc.dll - ok
16:37:57.0187 2956  [ CF3126A2FF45AA224FC541BC543C2D9C ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
16:37:57.0187 2956  C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
16:37:57.0203 2956  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
16:37:57.0203 2956  C:\WINDOWS\system32\seclogon.dll - ok
16:37:57.0218 2956  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
16:37:57.0218 2956  C:\WINDOWS\system32\psbase.dll - ok
16:37:57.0234 2956  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
16:37:57.0234 2956  C:\WINDOWS\system32\cfgmgr32.dll - ok
16:37:57.0250 2956  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
16:37:57.0250 2956  C:\WINDOWS\system32\netman.dll - ok
16:37:57.0265 2956  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
16:37:57.0265 2956  C:\WINDOWS\system32\mscms.dll - ok
16:37:57.0281 2956  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
16:37:57.0281 2956  C:\WINDOWS\system32\netshell.dll - ok
16:37:57.0296 2956  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
16:37:57.0296 2956  C:\WINDOWS\system32\dssenh.dll - ok
16:37:57.0312 2956  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
16:37:57.0312 2956  C:\WINDOWS\system32\credui.dll - ok
16:37:57.0328 2956  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
16:37:57.0328 2956  C:\WINDOWS\system32\dot3dlg.dll - ok
16:37:57.0343 2956  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
16:37:57.0343 2956  C:\WINDOWS\system32\onex.dll - ok
16:37:57.0375 2956  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
16:37:57.0375 2956  C:\WINDOWS\system32\eappcfg.dll - ok
16:37:57.0390 2956  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
16:37:57.0390 2956  C:\WINDOWS\system32\eappprxy.dll - ok
16:37:57.0406 2956  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
16:37:57.0406 2956  C:\WINDOWS\system32\srvsvc.dll - ok
16:37:57.0421 2956  [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
16:37:57.0421 2956  C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
16:37:57.0437 2956  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
16:37:57.0437 2956  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
16:37:57.0453 2956  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
16:37:57.0453 2956  C:\WINDOWS\system32\sens.dll - ok
16:37:57.0468 2956  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
16:37:57.0468 2956  C:\WINDOWS\system32\netmsg.dll - ok
16:37:57.0500 2956  [ 73862FF693168369A90F046E7F227B83 ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
16:37:57.0500 2956  C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
16:37:57.0500 2956  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
16:37:57.0500 2956  C:\WINDOWS\system32\wuauserv.dll - ok
16:37:57.0515 2956  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
16:37:57.0515 2956  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
16:37:57.0546 2956  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
16:37:57.0546 2956  C:\WINDOWS\system32\vssapi.dll - ok
16:37:57.0562 2956  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
16:37:57.0562 2956  C:\WINDOWS\system32\wuaueng.dll - ok
16:37:57.0578 2956  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
16:37:57.0578 2956  C:\WINDOWS\system32\mspatcha.dll - ok
16:37:57.0593 2956  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
16:37:57.0593 2956  C:\WINDOWS\system32\trkwks.dll - ok
16:37:57.0609 2956  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
16:37:57.0609 2956  C:\WINDOWS\system32\drivers\srv.sys - ok
16:37:57.0625 2956  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
16:37:57.0625 2956  C:\WINDOWS\system32\wscsvc.dll - ok
16:37:57.0640 2956  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
16:37:57.0640 2956  C:\WINDOWS\system32\ipnathlp.dll - ok
16:37:57.0671 2956  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
16:37:57.0671 2956  C:\WINDOWS\system32\comsvcs.dll - ok
16:37:57.0687 2956  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
16:37:57.0687 2956  C:\WINDOWS\system32\colbact.dll - ok
16:37:57.0703 2956  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
16:37:57.0703 2956  C:\WINDOWS\system32\mtxclu.dll - ok
16:37:57.0718 2956  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
16:37:57.0718 2956  C:\WINDOWS\system32\clusapi.dll - ok
16:37:57.0734 2956  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
16:37:57.0734 2956  C:\WINDOWS\system32\resutils.dll - ok
16:37:57.0750 2956  [ 2B8B64AA14F817BDF3E3204FB041A61D ] C:\WINDOWS\system32\mtxoci.dll
16:37:57.0750 2956  C:\WINDOWS\system32\mtxoci.dll - ok
16:37:57.0765 2956  [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
16:37:57.0765 2956  C:\WINDOWS\system32\browser.dll - ok
16:37:57.0781 2956  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
16:37:57.0781 2956  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
16:37:57.0796 2956  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
16:37:57.0796 2956  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
16:37:57.0812 2956  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
16:37:57.0812 2956  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
16:37:57.0828 2956  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
16:37:57.0828 2956  C:\WINDOWS\system32\wbem\esscli.dll - ok
16:37:57.0859 2956  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
16:37:57.0859 2956  C:\WINDOWS\system32\wbem\fastprox.dll - ok
16:37:57.0875 2956  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
16:37:57.0875 2956  C:\WINDOWS\system32\wups.dll - ok
16:37:57.0890 2956  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
16:37:57.0890 2956  C:\WINDOWS\system32\wups2.dll - ok
16:37:57.0906 2956  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
16:37:57.0906 2956  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
16:37:57.0921 2956  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
16:37:57.0921 2956  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
16:37:57.0937 2956  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
16:37:57.0937 2956  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
16:37:57.0953 2956  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
16:37:57.0953 2956  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
16:37:57.0984 2956  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
16:37:57.0984 2956  C:\WINDOWS\system32\wuauclt.exe - ok
16:37:58.0000 2956  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
16:37:58.0000 2956  C:\WINDOWS\system32\wbem\wbemess.dll - ok
16:37:58.0000 2956  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
16:37:58.0000 2956  C:\WINDOWS\system32\wuapi.dll - ok
16:37:58.0015 2956  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
16:37:58.0031 2956  C:\WINDOWS\system32\spoolss.dll - ok
16:37:58.0046 2956  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
16:37:58.0046 2956  C:\WINDOWS\system32\localspl.dll - ok
16:37:58.0062 2956  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
16:37:58.0062 2956  C:\WINDOWS\system32\cnbjmon.dll - ok
16:37:58.0078 2956  [ CF0376023360AADD55C89BA50564AFDC ] C:\WINDOWS\system32\mdimon.dll
16:37:58.0078 2956  C:\WINDOWS\system32\mdimon.dll - ok
16:37:58.0093 2956  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
16:37:58.0093 2956  C:\WINDOWS\system32\pjlmon.dll - ok
16:37:58.0109 2956  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
16:37:58.0109 2956  C:\WINDOWS\system32\tcpmon.dll - ok
16:37:58.0125 2956  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
16:37:58.0125 2956  C:\WINDOWS\system32\wbem\ncprov.dll - ok
16:37:58.0140 2956  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
16:37:58.0140 2956  C:\WINDOWS\system32\usbmon.dll - ok
16:37:58.0171 2956  [ 58E13A2292839321D3CDC918D5A4F5AE ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
16:37:58.0171 2956  C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
16:37:58.0187 2956  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
16:37:58.0187 2956  C:\WINDOWS\system32\netrap.dll - ok
16:37:58.0203 2956  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
16:37:58.0203 2956  C:\WINDOWS\system32\win32spl.dll - ok
16:37:58.0218 2956  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
16:37:58.0218 2956  C:\WINDOWS\system32\inetpp.dll - ok
16:37:58.0234 2956  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
16:37:58.0234 2956  C:\WINDOWS\system32\termsrv.dll - ok
16:37:58.0250 2956  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
16:37:58.0250 2956  C:\WINDOWS\system32\icaapi.dll - ok
16:37:58.0265 2956  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
16:37:58.0265 2956  C:\WINDOWS\system32\mstlsapi.dll - ok
16:37:58.0281 2956  [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
16:37:58.0281 2956  C:\WINDOWS\system32\tapisrv.dll - ok
16:37:58.0296 2956  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
16:37:58.0296 2956  C:\WINDOWS\system32\netcfgx.dll - ok
16:37:58.0312 2956  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
16:37:58.0312 2956  C:\WINDOWS\system32\rasmans.dll - ok
16:37:58.0343 2956  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
16:37:58.0343 2956  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
16:37:58.0359 2956  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
16:37:58.0359 2956  C:\WINDOWS\system32\rasdlg.dll - ok
16:37:58.0375 2956  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
16:37:58.0375 2956  C:\WINDOWS\system32\rastapi.dll - ok
16:37:58.0390 2956  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
16:37:58.0390 2956  C:\WINDOWS\system32\alg.exe - ok
16:37:58.0406 2956  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
16:37:58.0406 2956  C:\WINDOWS\system32\upnp.dll - ok
16:37:58.0421 2956  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
16:37:58.0421 2956  C:\WINDOWS\system32\ssdpapi.dll - ok
16:37:58.0437 2956  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
16:37:58.0437 2956  C:\WINDOWS\system32\drivers\http.sys - ok
16:37:58.0468 2956  [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
16:37:58.0468 2956  C:\WINDOWS\system32\unimdm.tsp - ok
16:37:58.0484 2956  [ 10AA3E99691C9782308A4768F0485D8D ] C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll
16:37:58.0484 2956  C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll - ok
16:37:58.0500 2956  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
16:37:58.0500 2956  C:\WINDOWS\system32\ssdpsrv.dll - ok
16:37:58.0500 2956  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
16:37:58.0500 2956  C:\WINDOWS\system32\uniplat.dll - ok
16:37:58.0531 2956  [ 21986BB855E40C1FAF8943B4A6EC775F ] C:\Program Files\AVAST Software\Avast\defs\13070300\swhealthex.dll
16:37:58.0531 2956  C:\Program Files\AVAST Software\Avast\defs\13070300\swhealthex.dll - ok
16:37:58.0546 2956  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
16:37:58.0546 2956  C:\WINDOWS\system32\kmddsp.tsp - ok
16:37:58.0562 2956  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
16:37:58.0562 2956  C:\WINDOWS\system32\ndptsp.tsp - ok
16:37:58.0578 2956  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
16:37:58.0578 2956  C:\WINDOWS\system32\ipconf.tsp - ok
16:37:58.0593 2956  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
16:37:58.0593 2956  C:\WINDOWS\system32\h323.tsp - ok
16:37:58.0609 2956  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
16:37:58.0609 2956  C:\WINDOWS\system32\hidphone.tsp - ok
16:37:58.0640 2956  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
16:37:58.0640 2956  C:\WINDOWS\system32\hid.dll - ok
16:37:58.0656 2956  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
16:37:58.0656 2956  C:\WINDOWS\system32\rasppp.dll - ok
16:37:58.0671 2956  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
16:37:58.0671 2956  C:\WINDOWS\system32\ntlsapi.dll - ok
16:37:58.0687 2956  [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
16:37:58.0687 2956  C:\WINDOWS\system32\qmgr.dll - ok
16:37:58.0703 2956  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
16:37:58.0703 2956  C:\WINDOWS\system32\shfolder.dll - ok
16:37:58.0718 2956  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
16:37:58.0718 2956  C:\WINDOWS\system32\rasqec.dll - ok
16:37:58.0734 2956  [ F1DAC7969C1337AF790BD1D981AA780C ] C:\WINDOWS\system32\qmgrprxy.dll
16:37:58.0734 2956  C:\WINDOWS\system32\qmgrprxy.dll - ok
16:37:58.0750 2956  [ 8598C2AE3A7C7281B1290297C7CCFD57 ] C:\Program Files\AVAST Software\Avast\Setup\avast.setup
16:37:58.0750 2956  C:\Program Files\AVAST Software\Avast\Setup\avast.setup - ok
16:37:58.0765 2956  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
16:37:58.0765 2956  C:\WINDOWS\system32\oledlg.dll - ok
16:37:58.0781 2956  [ 5D95FBFFCADED2660663EA3FAF3C00DA ] C:\Program Files\AVAST Software\Avast\defs\13070300\aswAR.dll
16:37:58.0781 2956  C:\Program Files\AVAST Software\Avast\defs\13070300\aswAR.dll - ok
16:37:58.0796 2956  [ 1EC4FB3EE4185A22E2869C66A6E6E8ED ] C:\Program Files\AVAST Software\Avast\defs\13070300\aswRawFS.dll
16:37:58.0796 2956  C:\Program Files\AVAST Software\Avast\defs\13070300\aswRawFS.dll - ok
16:37:58.0828 2956  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
16:37:58.0828 2956  C:\WINDOWS\system32\msxml3.dll - ok
16:37:58.0843 2956  [ B7C7FA3BEDE83AC5F1DE03B30D494CC1 ] C:\WINDOWS\system32\httpapi.dll
16:37:58.0843 2956  C:\WINDOWS\system32\httpapi.dll - ok
16:37:58.0859 2956  [ 4A93B65CFB514F2EA76B59568D5F39CE ] C:\WINDOWS\system32\strmfilt.dll
16:37:58.0859 2956  C:\WINDOWS\system32\strmfilt.dll - ok
16:37:58.0875 2956  [ 6100A808600F44D999CEBDEF8841C7A3 ] C:\WINDOWS\system32\w3ssl.dll
16:37:58.0875 2956  C:\WINDOWS\system32\w3ssl.dll - ok
16:37:58.0890 2956  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\Owner\LOCALS~1\Temp\5F44F111-E69A-4E02-8FE9-AF452FD8FBCD.exe
16:37:58.0890 2956  C:\DOCUME~1\Owner\LOCALS~1\Temp\5F44F111-E69A-4E02-8FE9-AF452FD8FBCD.exe - ok
16:37:58.0906 2956  [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
16:37:58.0906 2956  C:\WINDOWS\system32\msutb.dll - ok
16:37:58.0937 2956  [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
16:37:58.0937 2956  C:\WINDOWS\system32\msctf.dll - ok
16:37:58.0953 2956  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
16:37:58.0953 2956  C:\WINDOWS\system32\linkinfo.dll - ok
16:37:58.0968 2956  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
16:37:58.0968 2956  C:\WINDOWS\system32\ntshrui.dll - ok
16:37:58.0984 2956  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
16:37:58.0984 2956  C:\WINDOWS\system32\verclsid.exe - ok
16:37:59.0000 2956  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\54352344.sys
16:37:59.0000 2956  C:\WINDOWS\system32\drivers\54352344.sys - ok
16:37:59.0015 2956  [ 165AE7A443F2139DD2C078AD87699F91 ] C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL
16:37:59.0015 2956  C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL - ok
16:37:59.0031 2956  [ 3F11B20D12D89365D7721BDC860CE5F0 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
16:37:59.0031 2956  C:\Program Files\AVAST Software\Avast\AvastUI.exe - ok
16:37:59.0046 2956  [ E66532FD491AD5604C36916715FBA092 ] C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
16:37:59.0046 2956  C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe - ok
16:37:59.0062 2956  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
16:37:59.0062 2956  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
16:37:59.0078 2956  [ F92B3868E3801653AF196C76078829FA ] C:\Program Files\AVAST Software\Avast\aswUtil.dll
16:37:59.0078 2956  C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok
16:37:59.0109 2956  [ 46DA8E7484AC7A52CE1D6E428398724B ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
16:37:59.0109 2956  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
16:37:59.0125 2956  [ 8DDA2B606279753601F9415DA503CA63 ] C:\Program Files\QuickTime\QTTask.exe
16:37:59.0125 2956  C:\Program Files\QuickTime\QTTask.exe - ok
16:37:59.0140 2956  [ 423069307FB726E51E2A66F1C3F738FE ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
16:37:59.0140 2956  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll - ok
16:37:59.0156 2956  [ 8E2A7F1F62467A7DCB8AB2C0642F47CA ] C:\Program Files\iTunes\iTunesHelper.exe
16:37:59.0156 2956  C:\Program Files\iTunes\iTunesHelper.exe - ok
16:37:59.0171 2956  [ 3F533D75631178A880AEFFDF117213BE ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
16:37:59.0171 2956  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
16:37:59.0203 2956  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
16:37:59.0203 2956  C:\WINDOWS\system32\ctfmon.exe - ok
16:37:59.0218 2956  [ 5082BC510FAD849630D09DA626BB7CDA ] C:\Program Files\iTunes\iTunesHelper.dll
16:37:59.0218 2956  C:\Program Files\iTunes\iTunesHelper.dll - ok
16:37:59.0234 2956  [ BE643CD44DD06DA283634A3E51DC22BC ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
16:37:59.0234 2956  C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
16:37:59.0250 2956  [ AFEEAFD7CF8ED6958A81ACC304C17B7D ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
16:37:59.0250 2956  C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
16:37:59.0265 2956  [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
16:37:59.0265 2956  C:\WINDOWS\ime\sptip.dll - ok
16:37:59.0281 2956  [ 2A632A95433E9719F37AE06BA00543AC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
16:37:59.0281 2956  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll - ok
16:37:59.0296 2956  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
16:37:59.0296 2956  C:\WINDOWS\system32\webcheck.dll - ok
16:37:59.0312 2956  [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
16:37:59.0312 2956  C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
16:37:59.0328 2956  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
16:37:59.0328 2956  C:\WINDOWS\system32\imapi.exe - ok
16:37:59.0359 2956  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
16:37:59.0359 2956  C:\WINDOWS\system32\mlang.dll - ok
16:37:59.0375 2956  [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll
16:37:59.0375 2956  C:\WINDOWS\system32\msvcp100.dll - ok
16:37:59.0390 2956  [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll
16:37:59.0390 2956  C:\WINDOWS\system32\msvcr100.dll - ok
16:37:59.0406 2956  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
16:37:59.0406 2956  C:\WINDOWS\system32\stobject.dll - ok
16:37:59.0421 2956  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
16:37:59.0421 2956  C:\WINDOWS\system32\batmeter.dll - ok
16:37:59.0437 2956  [ 56DB34F4DC39CECBC871A895C6FCF1C3 ] C:\Program Files\AVAST Software\Avast\aswAra.dll
16:37:59.0437 2956  C:\Program Files\AVAST Software\Avast\aswAra.dll - ok
16:37:59.0453 2956  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
16:37:59.0453 2956  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
16:37:59.0484 2956  [ 44BD658E0E4D21C42023AD9EBEFFDB90 ] C:\Program Files\AVAST Software\Avast\ssleay32.dll
16:37:59.0484 2956  C:\Program Files\AVAST Software\Avast\ssleay32.dll - ok
16:37:59.0500 2956  [ 8ED6DA45BAB5CFC809229F26D4D4A2CE ] C:\Program Files\AVAST Software\Avast\libeay32.dll
16:37:59.0500 2956  C:\Program Files\AVAST Software\Avast\libeay32.dll - ok
16:37:59.0500 2956  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
16:37:59.0500 2956  C:\WINDOWS\system32\mydocs.dll - ok
16:37:59.0531 2956  [ 37CF3324F46CEB3A4F2686C617CBB35C ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
16:37:59.0531 2956  C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
16:37:59.0546 2956  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
16:37:59.0546 2956  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
16:37:59.0562 2956  [ 3851909899A5E6210C58DB9CC02068D3 ] C:\Program Files\AVAST Software\Avast\aswData.dll
16:37:59.0562 2956  C:\Program Files\AVAST Software\Avast\aswData.dll - ok
16:37:59.0578 2956  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
16:37:59.0578 2956  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
16:37:59.0593 2956  [ A3BB91467FBDDA34039686C95A31C8C2 ] C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll
16:37:59.0593 2956  C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll - ok
16:37:59.0625 2956  [ 5684CD3B207C1668DEE6BD2802C25B19 ] C:\Program Files\AVAST Software\Avast\CommonRes.dll
16:37:59.0625 2956  C:\Program Files\AVAST Software\Avast\CommonRes.dll - ok
16:37:59.0640 2956  [ E46B17060D3962A384AE484094614788 ] C:\Program Files\iPod\bin\iPodService.exe
16:37:59.0640 2956  C:\Program Files\iPod\bin\iPodService.exe - ok
16:37:59.0656 2956  [ 691BAF41144EBDE972A66C5EB5210FC8 ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
16:37:59.0656 2956  C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
16:37:59.0671 2956  [ 665FBA44C65BAC9EE8AF9A5E37036640 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
16:37:59.0671 2956  C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
16:37:59.0687 2956  [ 8DB479E065F2B546BFBD7323E5EE5B02 ] C:\WINDOWS\system32\Macromed\Flash\Flash32_11_7_700_224.ocx
16:37:59.0687 2956  C:\WINDOWS\system32\Macromed\Flash\Flash32_11_7_700_224.ocx - ok
16:37:59.0703 2956  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
16:37:59.0703 2956  C:\WINDOWS\system32\dsound.dll - ok
16:37:59.0734 2956  [ F19EF79481B83549A8BF3042CBC803BD ] C:\Program Files\AVAST Software\Avast\defs\13070300\uiext.dll
16:37:59.0734 2956  C:\Program Files\AVAST Software\Avast\defs\13070300\uiext.dll - ok
16:37:59.0750 2956  [ A7F361875622AA5829AA39BA248F68E9 ] C:\WINDOWS\system32\adsldp.dll
16:37:59.0750 2956  C:\WINDOWS\system32\adsldp.dll - ok
16:37:59.0750 2956  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
16:37:59.0750 2956  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
16:37:59.0765 2956  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
16:37:59.0781 2956  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
16:37:59.0796 2956  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
16:37:59.0796 2956  C:\WINDOWS\system32\wbem\framedyn.dll - ok
16:37:59.0812 2956  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
16:37:59.0812 2956  C:\WINDOWS\system32\security.dll - ok
16:37:59.0828 2956  [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
16:37:59.0828 2956  C:\WINDOWS\system32\wbem\wmipcima.dll - ok
16:37:59.0843 2956  [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
16:37:59.0843 2956  C:\WINDOWS\system32\msisip.dll - ok
16:37:59.0859 2956  ============================================================
16:37:59.0859 2956  Scan finished
16:37:59.0859 2956  ============================================================
16:37:59.0984 2948  Detected object count: 4
16:37:59.0984 2948  Actual detected object count: 4
16:38:56.0125 2948  BrPar ( UnsignedFile.Multi.Generic ) - skipped by user
16:38:56.0125 2948  BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:38:56.0125 2948  cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
16:38:56.0125 2948  cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:38:56.0125 2948  SiS315 ( UnsignedFile.Multi.Generic ) - skipped by user
16:38:56.0125 2948  SiS315 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:38:56.0125 2948  SiSkp ( UnsignedFile.Multi.Generic ) - skipped by user
16:38:56.0125 2948  SiSkp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:39:06.0921 2284  Deinitialize success
 



#10 jc_vaughn1981

jc_vaughn1981

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 July 2013 - 11:43 AM

And finally the Combofix log (I'm going to have to leave now and will be away from my house for about 24 hours, so I may not be able to work any more on this machine till Friday AM, but I will be able to check the thread and answer any questions if I can):

 

 

 

ComboFix 13-07-03.01 - Owner 03/07/2013  17:03:54.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.606.321 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\5375e3773960750d.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5c2f5ccdbc49c551.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-03 to 2013-07-03  )))))))))))))))))))))))))))))))
.
.
2013-07-03 14:07 . 2013-07-03 14:07 -------- d-----w- c:\windows\ERUNT
2013-07-03 14:07 . 2013-07-03 14:07 -------- d-----w- C:\JRT
2013-07-03 11:34 . 2013-07-03 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2013-07-03 11:33 . 2013-07-03 11:33 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-03 11:33 . 2013-07-03 11:33 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-03 11:33 . 2013-07-03 11:33 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-07-03 11:33 . 2013-07-03 11:33 -------- d-----w- c:\program files\Sophos
2013-07-03 10:57 . 2013-07-03 10:57 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-03 10:57 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-07-03 10:57 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-07-03 08:42 . 2013-07-03 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2013-07-03 08:42 . 2013-07-03 08:42 -------- d-----w- c:\program files\DVD Shrink
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-03 10:57 . 2012-04-17 09:44 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-03 10:57 . 2012-04-17 09:44 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-24 08:22 . 2012-04-03 08:09 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-24 08:22 . 2011-05-17 08:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2012-04-17 09:44 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-04-17 09:44 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2012-04-17 09:44 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2012-04-17 09:43 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-04-17 09:43 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-07 22:30 . 2006-03-04 03:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:26 . 2005-03-30 01:23 2193536 ------w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2005-03-30 01:01 2070144 ------w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31 . 2004-08-04 10:00 1876352 ------w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 12:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2006-10-29 18:16 1581056 ----a-r- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 03:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2007-10-03 09:58 53248 ------w- c:\windows\system32\SiSPower.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [03/07/2013 11:57 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [03/07/2013 11:57 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17/04/2012 10:44 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/04/2012 10:44 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/04/2012 10:44 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [03/07/2013 11:57 66336]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [30/05/2012 10:23 21520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24153560
*NewlyCreated* - 59927790
*Deregistered* - 24153560
*Deregistered* - 59927790
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-19 09:16 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:22]
.
2013-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2013-07-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-18 08:58]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 14:46]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 14:46]
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4a4tzi6o.default\
FF - ExtSQL: 2013-07-03 09:38; {9309FA47-1B48-4768-AFA4-9E0556F5DC81}; c:\program files\LyricsPal\116.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-59927790.sys
MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-03 17:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-07-03  17:17:07
ComboFix-quarantined-files.txt  2013-07-03 16:17
.
Pre-Run: 60,296,458,240 bytes free
Post-Run: 61,322,436,608 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 762CF209B65805A5CF1F29F6DF29FA0E
8F558EB6672622401DA993E1E865C861
 



#11 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 03 July 2013 - 03:26 PM

Thanks for letting me know!

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

FireFox::
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4a4tzi6o.default\
FF - ExtSQL: 2013-07-03 09:38; {9309FA47-1B48-4768-AFA4-9E0556F5DC81}; c:\program files\LyricsPal\116.xpi

JavaClearCache::


Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#12 jc_vaughn1981

jc_vaughn1981

    New Member

  • Members
  • Pip
  • 16 posts

Posted 05 July 2013 - 04:17 AM

Hi Maniac, I'm back online with this machine. I've followed the instruction above, there were a couple of warnings from Combofix saying that there was still an instance of AVG running (troublesome program) but I clicked to proceed anyway. Also there was a dialog box saying there was a new version of Combofix available, do I want to install it. I said no to this, hope these were the right moves :( . Log file follows:

 

 

 

ComboFix 13-07-03.01 - Owner 05/07/2013  10:02:03.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.606.316 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-05 to 2013-07-05  )))))))))))))))))))))))))))))))
.
.
2013-07-03 14:07 . 2013-07-03 14:07 -------- d-----w- c:\windows\ERUNT
2013-07-03 14:07 . 2013-07-03 14:07 -------- d-----w- C:\JRT
2013-07-03 11:34 . 2013-07-03 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2013-07-03 11:33 . 2013-07-03 11:33 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-03 11:33 . 2013-07-03 11:33 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-03 11:33 . 2013-07-03 11:33 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-07-03 11:33 . 2013-07-03 11:33 -------- d-----w- c:\program files\Sophos
2013-07-03 10:57 . 2013-07-03 10:57 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-03 10:57 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-07-03 10:57 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-07-03 08:42 . 2013-07-03 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2013-07-03 08:42 . 2013-07-03 08:42 -------- d-----w- c:\program files\DVD Shrink
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-03 10:57 . 2012-04-17 09:44 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-03 10:57 . 2012-04-17 09:44 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-24 08:22 . 2012-04-03 08:09 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-24 08:22 . 2011-05-17 08:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2012-04-17 09:44 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-04-17 09:44 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2012-04-17 09:44 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2012-04-17 09:43 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-04-17 09:43 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-07 22:30 . 2006-03-04 03:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:26 . 2005-03-30 01:23 2193536 ------w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2005-03-30 01:01 2070144 ------w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31 . 2004-08-04 10:00 1876352 ------w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 12:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2006-10-29 18:16 1581056 ----a-r- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 03:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2007-10-03 09:58 53248 ------w- c:\windows\system32\SiSPower.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [03/07/2013 11:57 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [03/07/2013 11:57 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17/04/2012 10:44 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/04/2012 10:44 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/04/2012 10:44 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [03/07/2013 11:57 66336]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [30/05/2012 10:23 21520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-19 09:16 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:22]
.
2013-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2013-07-05 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-18 08:58]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 14:46]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 14:46]
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4a4tzi6o.default\
FF - ExtSQL: 2013-07-03 09:38; {9309FA47-1B48-4768-AFA4-9E0556F5DC81}; c:\program files\LyricsPal\116.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-05 10:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3144)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-07-05  10:11:05
ComboFix-quarantined-files.txt  2013-07-05 09:11
ComboFix2.txt  2013-07-03 16:17
.
Pre-Run: 60,890,517,504 bytes free
Post-Run: 61,053,054,976 bytes free
.
- - End Of File - - A695E4473983A22250066BDEC14E238B
8F558EB6672622401DA993E1E865C861
 



#13 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 July 2013 - 04:20 AM

Take a look at your file:

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt.txt


Should be CFScript.txt .

Please manually delete your ComboFix, download a new fresh copy and try again. Ignore AVG for now.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#14 jc_vaughn1981

jc_vaughn1981

    New Member

  • Members
  • Pip
  • 16 posts

Posted 05 July 2013 - 04:52 AM

Agggh! Stupid mistake, sorry!

Here it is again using the right script this time!

 

ComboFix 13-07-04.01 - Owner 05/07/2013  10:40:53.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.606.339 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-05 to 2013-07-05  )))))))))))))))))))))))))))))))
.
.
2013-07-03 14:07 . 2013-07-03 14:07 -------- d-----w- c:\windows\ERUNT
2013-07-03 14:07 . 2013-07-03 14:07 -------- d-----w- C:\JRT
2013-07-03 11:34 . 2013-07-03 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2013-07-03 11:33 . 2013-07-03 11:33 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-03 11:33 . 2013-07-03 11:33 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-03 11:33 . 2013-07-03 11:33 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-07-03 11:33 . 2013-07-03 11:33 -------- d-----w- c:\program files\Sophos
2013-07-03 10:57 . 2013-07-03 10:57 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-03 10:57 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-07-03 10:57 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-07-03 08:42 . 2013-07-03 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2013-07-03 08:42 . 2013-07-03 08:42 -------- d-----w- c:\program files\DVD Shrink
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-03 10:57 . 2012-04-17 09:44 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-03 10:57 . 2012-04-17 09:44 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-24 08:22 . 2012-04-03 08:09 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-24 08:22 . 2011-05-17 08:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2012-04-17 09:44 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-04-17 09:44 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2012-04-17 09:44 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2012-04-17 09:43 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-04-17 09:43 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-07 22:30 . 2006-03-04 03:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:26 . 2005-03-30 01:23 2193536 ------w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2005-03-30 01:01 2070144 ------w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31 . 2004-08-04 10:00 1876352 ------w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 12:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2006-10-29 18:16 1581056 ----a-r- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 03:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2007-10-03 09:58 53248 ------w- c:\windows\system32\SiSPower.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [03/07/2013 11:57 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [03/07/2013 11:57 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17/04/2012 10:44 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/04/2012 10:44 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/04/2012 10:44 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [03/07/2013 11:57 66336]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [30/05/2012 10:23 21520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-19 09:16 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:22]
.
2013-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2013-07-05 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-18 08:58]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 14:46]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 14:46]
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4a4tzi6o.default\
FF - ExtSQL: 2013-07-03 09:38; {9309FA47-1B48-4768-AFA4-9E0556F5DC81}; c:\program files\LyricsPal\116.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-05 10:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1696)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-07-05  10:49:31
ComboFix-quarantined-files.txt  2013-07-05 09:49
ComboFix2.txt  2013-07-05 09:11
.
Pre-Run: 68,561,887,232 bytes free
Post-Run: 68,569,575,424 bytes free
.
- - End Of File - - 36A68EB8676A239A12F932B97E5D0474
8F558EB6672622401DA993E1E865C861
 



#15 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 July 2013 - 07:09 AM

Did you run the entire script? The second part was not done.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#16 jc_vaughn1981

jc_vaughn1981

    New Member

  • Members
  • Pip
  • 16 posts

Posted 05 July 2013 - 07:38 AM

I thought so, should I try it again?

 

So if I paste:

 

SecCenter::
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

FireFox::
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4a4tzi6o.default\
FF - ExtSQL: 2013-07-03 09:38; {9309FA47-1B48-4768-AFA4-9E0556F5DC81}; c:\program files\LyricsPal\116.xpi

JavaClearCache::

 

into Combofix.txt and insert into Combofix icon, and run it again that should run the whole script? Or should I reinstall ComboFix and start again?



#17 jc_vaughn1981

jc_vaughn1981

    New Member

  • Members
  • Pip
  • 16 posts

Posted 05 July 2013 - 07:42 AM

Correction: insert CFScript.txt into Combofix icon



#18 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 July 2013 - 07:48 AM

That's what I want to know.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#19 jc_vaughn1981

jc_vaughn1981

    New Member

  • Members
  • Pip
  • 16 posts

Posted 05 July 2013 - 08:07 AM

Okay, OTL.Txt:

 

OTL logfile created on: 05/07/2013 13:58:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
606.42 Mb Total Physical Memory | 337.09 Mb Available Physical Memory | 55.59% Memory free
1.21 Gb Paging File | 0.97 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 63.88 Gb Free Space | 81.77% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/05 13:55:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/05 08:13:35 | 002,090,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13070500\algo.dll
MOD - [2013/07/03 12:29:21 | 002,090,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13070300\algo.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/24 09:22:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/30 15:22:15 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/07/03 11:57:52 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/07/03 11:57:52 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/07/03 11:57:52 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 09:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 09:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 09:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 09:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 09:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/05/30 10:23:46 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2010/10/26 04:12:36 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010/10/26 03:39:24 | 000,325,120 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/10/26 11:20:40 | 004,124,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2006/10/29 19:16:14 | 000,379,726 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci)
DRV - [2004/08/03 23:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-842925246-2049760794-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-842925246-2049760794-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk...ew_Energy_Rush/
IE - HKU\S-1-5-21-842925246-2049760794-725345543-1003\..\SearchScopes,DefaultScope = {3934EA92-CFEB-4E86-9E8E-6663035E7F1C}
IE - HKU\S-1-5-21-842925246-2049760794-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-842925246-2049760794-725345543-1003\..\SearchScopes\{3934EA92-CFEB-4E86-9E8E-6663035E7F1C}: "URL" = http://www.google.co...{outputEncoding?}
IE - HKU\S-1-5-21-842925246-2049760794-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-842925246-2049760794-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-2049760794-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/07/03 11:57:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/30 15:22:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/30 15:21:58 | 000,000,000 | ---D | M]
 
[2010/07/08 13:12:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/10/26 15:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4a4tzi6o.default\extensions
[2013/05/30 15:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/30 15:22:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\LYRICSPAL\116.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Lyrics-Pal = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf\1.116_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/07/03 17:15:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-2049760794-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-2049760794-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-2049760794-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-2049760794-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1361889444218 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{340DF53E-640C-464A-9AA5-2F733148BB23}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/08 12:42:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/05 13:55:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/07/05 10:49:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/07/05 10:36:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/07/05 10:36:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/07/05 10:36:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/07/05 10:36:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/07/05 10:36:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/05 10:32:47 | 005,085,494 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/07/03 16:59:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/07/03 16:53:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/03 16:33:00 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2013/07/03 15:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RK_Quarantine
[2013/07/03 15:07:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/07/03 15:07:20 | 000,000,000 | ---D | C] -- C:\JRT
[2013/07/03 15:02:55 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/07/03 15:00:44 | 001,973,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2012_2125.exe
[2013/07/03 14:38:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2013/07/03 14:35:47 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2013/07/03 12:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/07/03 12:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Sophos
[2013/07/03 12:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013/07/03 12:29:20 | 072,642,064 | ---- | C] (Sophos Limited) -- C:\Documents and Settings\Owner\Desktop\Sophos Virus Removal Tool.exe
[2013/07/03 11:57:08 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/07/03 09:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2013/07/03 09:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
[2013/07/03 09:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2013/06/11 17:35:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Alison Crum
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/05 13:55:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/07/05 13:39:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/05 13:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/05 11:57:06 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/07/05 10:32:55 | 005,085,494 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/07/05 10:16:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/05 09:42:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/05 09:42:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/03 17:15:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/07/03 16:59:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/07/03 16:33:06 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2013/07/03 15:44:26 | 000,915,456 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
[2013/07/03 15:15:21 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
[2013/07/03 15:02:59 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/07/03 15:00:46 | 001,973,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2012_2125.exe
[2013/07/03 14:35:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2013/07/03 12:33:49 | 000,002,074 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sophos Virus Removal Tool.lnk
[2013/07/03 12:29:45 | 072,642,064 | ---- | M] (Sophos Limited) -- C:\Documents and Settings\Owner\Desktop\Sophos Virus Removal Tool.exe
[2013/07/03 11:57:52 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/07/03 11:57:52 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/07/03 11:57:52 | 000,175,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/07/03 11:57:52 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/07/03 11:57:52 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/07/03 11:57:52 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/07/03 11:57:08 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/06/25 11:07:00 | 003,177,433 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\duvets.JPG
[2013/06/24 18:07:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/20 14:45:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/11 15:28:39 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2013/06/11 15:19:14 | 000,054,654 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\untitled.bmp
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/05 10:36:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/07/05 10:36:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/07/05 10:36:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/07/05 10:36:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/07/05 10:36:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/03 16:59:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/07/03 16:59:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/03 15:44:25 | 000,915,456 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
[2013/07/03 15:15:20 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
[2013/07/03 12:33:49 | 000,002,074 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Sophos Virus Removal Tool.lnk
[2013/07/03 11:57:52 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/07/03 11:57:52 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/07/03 11:57:52 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/07/03 11:57:10 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/07/03 11:57:10 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/25 11:08:14 | 003,177,433 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\duvets.JPG
[2013/06/11 15:19:14 | 000,054,654 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\untitled.bmp
[2013/05/14 14:42:35 | 000,046,840 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/15 10:37:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/30 14:37:20 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/14 13:33:42 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Owner\USB001
[2010/09/25 12:14:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/05/14 14:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/04/17 10:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/15 11:11:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/26 13:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kruptos
[2013/07/03 12:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2010/12/08 12:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/05/04 08:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2012/03/09 10:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2012/05/30 15:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2010/12/08 12:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Trusteer
 
========== Purity Check ==========
 
 

< End of report >



#20 jc_vaughn1981

jc_vaughn1981

    New Member

  • Members
  • Pip
  • 16 posts

Posted 05 July 2013 - 08:09 AM

... and Extras.Txt:

 

OTL Extras logfile created on: 05/07/2013 13:58:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
606.42 Mb Total Physical Memory | 337.09 Mb Available Physical Memory | 55.59% Memory free
1.21 Gb Paging File | 0.97 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 63.88 Gb Free Space | 81.77% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-842925246-2049760794-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{16578528-A913-4075-9CEB-2A787DED4600}" = Kruptos 2 Professional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.3
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EF2FCE63-7C80-42BA-A679-7F51D0F61F44}" = Brother HL-2040
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Shrink_is1" = DVD Shrink 3.2
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 en-GB)" = Mozilla Firefox 21.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PCI Audio Driver" = PCI Audio Driver
"VLC media player" = VLC media player 1.1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13/09/2012 05:25:40 | Computer Name = PC | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
 
Error - 22/10/2012 10:00:48 | Computer Name = PC | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.5604.0, stamp 3f314a2f,
 faulting module mso.dll, version 11.0.5606.0, stamp 3f334cce, debug? 0, fault address
 0x000368c0.
 
[ System Events ]
Error - 07/05/2013 06:05:40 | Computer Name = PC | Source = Print | ID = 6161
Description = The document Rpt receipt owned by Owner failed to print on printer
 Auto Brother HL-2040 series (Copy 1) on ANNA. Data type: NT EMF 1.008. Size of
the spool file in bytes: 51460. Number of bytes printed: 0. Total number of pages
 in the document: 1. Number of pages printed: 0. Client machine: \\PC. Win32 error
 code returned by the print processor: 53 (0x35).
 
Error - 09/05/2013 04:33:40 | Computer Name = PC | Source = Print | ID = 54
Description = Document Test Page was corrupted and has been deleted.  The associated
 driver is: Brother HL-2040 series.
 
 
< End of report >
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users