Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

computer infected with babylon and browser manager need help [Solved]

Started by billgtr , Sep 29 2012 03:36 PM

This topic is locked

#1
billgtr

Posted 29 September 2012 - 03:36 PM

Member

Member
13 posts

Hi all

I was out of town for a few weeks and had a friend house sitting for me. He asked if it was ok to use my computer and I had no problems with it. But when I returned home, I found out that my computer is infected. Initially my search engine was defaulted to Babylon. I ran some anti-malware software (Ad-Aware, Avast, Search and Destroy, I ran them all

) and I was able to stop that, I also noticed a browser manager program and somehow I *think* I removed it because I don't see it anywhere anymore. However, Avast is still popping up with "Threat Detected" on almost every google search and sometimes I am still getting redirected to advertisement. the advertisement is coming from 29.advertising5new.com , if that helps.

I know the problem is still there but when I run my anti-malware programs it says the system is clean!!!!!
So the virus/malware is probably hidden somewhere. I was able to download and run OTL and got a log, which I am attaching to this thread. I would really appreciate any help. I use this computer for work and for my music studio and it would be terrible if I lost anything due to an infection.

Thank you so much.

Bill

Attached Files

OTL.Txt 113.7KB 198 downloads

Edited by billgtr, 29 September 2012 - 03:39 PM.

#2
emeraldnzl

Posted 29 September 2012 - 05:30 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello billgtr,

Welcome to Geekstogo.

There should have been a text file "Extras.txt" generated at the same time as the OTL.txt. Please post it when you come back.

For now

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-1547161642-1715567821-839522115-1004\..\SearchScopes,BrowserMngrDefaultScope = {A66ADB57-3D67-4A44-8586-5FC55C14A2BD}
IE - HKU\S-1-5-21-1547161642-1715567821-839522115-1004\..\SearchScopes,DefaultScope = {A66ADB57-3D67-4A44-8586-5FC55C14A2BD}
FF - prefs.js..extensions.enabledAddons: {47861E1B-D351-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "Search the web (Babylon)"
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&affID=110796&tt=3612_5&babsrc=SP_ss&mntrId=003f8dbc00000000000020cf30d7067c
O2 - BHO: (no name) - {836772ce-a898-4eaf-b8ed-951cadf5d81a} - No CLSID value found.
O37 - HKU\S-1-5-21-1547161642-1715567821-839522115-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\yosewute

:Files
ipconfig /flushdns /c

:Commands
[ResetHosts]
[emptyflash]
[emptyjava]
[CreateRestorePoint]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.

Next

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

So when you return please post
OTL fix .txt
Extras.txt
aswMBR log

Note: Unless otherwise instructed always post the logs in the forum. No need to attach them.

#3
billgtr

Posted 29 September 2012 - 08:32 PM

Member

Topic Starter
Member
13 posts

Hi emeraldnzl,

Thank you. I won't attach files anymore.

I did what you asked me but OTL did not generate a fix log. It did run and reboot the computer. I also noticed that OTL was deleted from my system upon reboot, is that normal?

here are the 2 other logs you asked me:

extra.txt

OTL Extras logfile created on: 9/29/2012 1:34:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Bill Lima\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.33% Memory free
3.85 Gb Paging File | 3.56 Gb Available in Paging File | 92.64% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.16 Gb Total Space | 14.82 Gb Free Space | 38.83% Space Free | Partition Type: NTFS
Drive D: | 115.22 Gb Total Space | 62.94 Gb Free Space | 54.63% Space Free | Partition Type: NTFS
Drive F: | 7.20 Gb Total Space | 3.93 Gb Free Space | 54.59% Space Free | Partition Type: FAT32
 
Computer Name: BILL | User Name: Bill Lima | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1004\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management 
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 10 Maguire Road. Lexington, MA 02421)
"C:\WINDOWS\system32\nvsvc32.exe" = C:\WINDOWS\system32\nvsvc32.exe:*:Enabled:nvsvc32 -- (NVIDIA Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Documents and Settings\Bill Lima\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Bill Lima\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\adawaretb\dtUser.exe" = C:\Program Files\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker -- (Visicom Media Inc.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D6A5BD9-FE4B-49CD-8D96-2C4746302A82}" = D-Link DFE-530TX+
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B3A31EEE-7C65-4EE6-BB0D-5549FD2D67B9}" = Ipswitch WS_FTP LE
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4DCFD0F-7B68-4C44-B208-99027AD1AC69}" = keFIR VST plugin
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"adawaretb" = Ad-Aware Security Toolbar
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = ATI - Software Uninstall Utility
"Antares Tube VST v1.02" = Antares Tube VST v1.02
"ASAPI Update" = ASAPI Update
"ATT-HSI" = ATT-HSI
"avast" = avast! Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"BBE Sonic Maximizer Plugin" = BBE Sonic Maximizer Plugin
"CCleaner" = CCleaner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2D6A5BD9-FE4B-49CD-8D96-2C4746302A82}" = D-Link DFE-530TX+
"IZotope Ozone DX VST RTAS v3.08" = IZotope Ozone DX VST RTAS v3.08
"Leapic Video Cutter_is1" = Leapic Video Cutter 4.0
"Lexicon PSP 42 VST DX v1.0" = Lexicon PSP 42 VST DX v1.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PSP 608 MultiDelay VST DX RTAS v1.0.0" = PSP 608 MultiDelay VST DX RTAS v1.0.0
"RealPlayer 15.0" = RealPlayer
"REAPER" = REAPER
"SONAR7Producer_is1" = SONAR 7 Producer Edition
"Steinberg FreeFilter v1.1 - OxYGeN" = Steinberg FreeFilter v1.1 - OxYGeN
"Steinberg WaveLab 5.01a" = Steinberg WaveLab 5.01a
"US-122" = US-122
"VN_VUIns_Rhine_D-Link" = D-Link PCI Fast Ethernet Adapter
"Voxengo Warmifier VST v1.4" = Voxengo Warmifier VST v1.4
"Waves Gold Processors 3.5" = Waves Gold Processors 3.5
"Waves L3 Multimaximizer v1.0" = Waves L3 Multimaximizer v1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 1/23/2012 10:18:49 PM | Computer Name = BILL | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 2/7/2012 5:02:47 AM | Computer Name = BILL | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 2/20/2012 5:27:46 AM | Computer Name = BILL | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 5/6/2012 9:32:57 PM | Computer Name = BILL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 5/6/2012 9:32:57 PM | Computer Name = BILL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 5/6/2012 9:32:57 PM | Computer Name = BILL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 9/5/2012 9:49:06 PM | Computer Name = BILL | Source = MsiInstaller | ID = 1008
Description = The installation of C:\DOCUME~1\BILLLI~1\LOCALS~1\Temp\5C00C774-BAB0-7891-86A8-9A28ED7C5B33\Latest\BabylonObjectInstaller.msi
 is not permitted due to an error in software restriction policy processing. The
 object cannot be trusted.
 
Error - 9/9/2012 10:48:34 PM | Computer Name = BILL | Source = ESENT | ID = 490
Description = svchost (1416) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 for read / write access failed with system error 32 (0x00000020): "The process 
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 9/9/2012 10:48:34 PM | Computer Name = BILL | Source = ESENT | ID = 439
Description = Catalog Database (1416) Unable to write a shadowed header for file
 C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
 -1032.
 
Error - 9/9/2012 10:48:35 PM | Computer Name = BILL | Source = ESENT | ID = 473
Description = Catalog Database (1416) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
 was partially detached.  Error -1032 encountered updating database headers.
 
[ System Events ]
Error - 9/27/2012 9:07:13 PM | Computer Name = BILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SBAMSvc with
 arguments ""  in order to run the server:  {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}
 
Error - 9/27/2012 9:07:25 PM | Computer Name = BILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SBAMSvc with
 arguments ""  in order to run the server:  {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}
 
Error - 9/27/2012 9:07:37 PM | Computer Name = BILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SBAMSvc with
 arguments ""  in order to run the server:  {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}
 
Error - 9/27/2012 10:59:33 PM | Computer Name = BILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SBAMSvc with
 arguments ""  in order to run the server:  {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}
 
Error - 9/28/2012 10:18:22 AM | Computer Name = BILL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Lbd  SBRE
 
Error - 9/28/2012 10:18:46 AM | Computer Name = BILL | Source = System Error | ID = 1003
Description = Error code 00000035, parameter1 89914520, parameter2 00000000, parameter3
 00000000, parameter4 00000000.
 
Error - 9/29/2012 3:40:29 PM | Computer Name = BILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 9/29/2012 3:41:38 PM | Computer Name = BILL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Aavmker4  aswSnx  aswSP  aswTdi  Fips  Lbd  Processor  SBRE
 
Error - 9/29/2012 4:03:04 PM | Computer Name = BILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 9/29/2012 4:04:16 PM | Computer Name = BILL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   is3srv  Lbd
 
 
< End of report >

aswMBR log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-29 19:17:56
-----------------------------
19:17:56.234    OS Version: Windows 5.1.2600 Service Pack 3
19:17:56.234    Number of processors: 1 586 0x2C02
19:17:56.234    ComputerName: BILL  UserName: 
19:17:56.859    Initialize success
19:17:56.968    AVAST engine defs: 12092901
19:18:54.140    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-e
19:18:54.140    Disk 0 Vendor: HDS722516VLAT80 V34OA6MA Size: 157066MB BusType: 3
19:18:54.156    Disk 0 MBR read successfully
19:18:54.156    Disk 0 MBR scan
19:18:54.156    Disk 0 Windows XP default MBR code
19:18:54.171    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        39079 MB offset 63
19:18:54.171    Disk 0 Partition - 00     0F Extended LBA            117985 MB offset 80035830
19:18:54.187    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       117985 MB offset 80035893
19:18:54.187    Disk 0 scanning sectors +321669495
19:18:54.265    Disk 0 scanning C:\WINDOWS\system32\drivers
19:19:01.156    Service scanning
19:19:11.937    Modules scanning
19:19:27.656    Disk 0 trace - called modules:
19:19:28.171    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
19:19:28.171    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a354ab8]
19:19:28.187    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000063[0x8a3559e8]
19:19:28.187    5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-e[0x8a3bad98]
19:19:28.390    AVAST engine scan C:\WINDOWS
19:19:35.500    AVAST engine scan C:\WINDOWS\system32
19:21:13.937    AVAST engine scan C:\WINDOWS\system32\drivers
19:21:22.812    AVAST engine scan C:\Documents and Settings\Bill Lima
19:25:37.906    AVAST engine scan C:\Documents and Settings\All Users
19:27:12.875    Scan finished successfully
19:27:45.812    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bill Lima\Desktop\MBR.dat"
19:27:45.812    The log file has been saved successfully to "C:\Documents and Settings\Bill Lima\Desktop\aswMBR.txt"

Thanks again for your help, I really appreciate it!!

Edited by billgtr, 29 September 2012 - 08:34 PM.

#4
emeraldnzl

Posted 29 September 2012 - 09:04 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Thank you. I won't attach files anymore.

Thanks billgtr. Also, if you wouldn't mind, just post your logs normally into the thread i.e. copy and past without tags. Looks like you used code tags on that last one. Bit hard to read :lol:

I did what you asked me but OTL did not generate a fix log.

It usually generates a log to the same location as OTL was saved to. If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

OTL was deleted from my system upon reboot, is that normal?

No that is not normal. I take it that is has disappeared from where you saved it? Sometimes an Anti Virus will remove it by mistake but otherwise I don't know what is going on there.

Download a new copy of OTL to your desktop.

It would be good to have a look at that OTL fix log before we go on. See if you can find it and post it back. Not to worry if you can't. Come back and tell me how you get on.

#5
billgtr

Posted 30 September 2012 - 01:28 PM

Member

Topic Starter
Member
13 posts

Hi emeraldnzl,

Oh I'm sorry for pasting them as code, it looked like a good idea

for now on I will just paste tham as text.

I downloaded OTL and ran it again, this time OTL was not deleted upon reboot, but the "OTL Fix" log was not generated again

Do you think there is any way to proceed without it?

Thank you

Bill

#6
emeraldnzl

Posted 30 September 2012 - 01:41 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Bill,

A copy of the OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

Should find it there but don't worry about it now.

Do you think there is any way to proceed without it?

Oh yes... just would have been helpful to see before moving on.

Let's do this

Download AdwCleaner from here to your desktop

Click on the green downward facing arrow on the right to commence download.
Run AdwCleaner and select Delete

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

After that

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

When you come back please post
AdwCleaner log
MBAM report

#7
billgtr

Posted 30 September 2012 - 04:50 PM

Member

Topic Starter
Member
13 posts

Hi emeraldnzl,

Ok I went to the _OTL folder and found this log:

========== OTL ==========
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: {47861E1B-D351-11E1-8270-B8AC6F996F26}:2.0.14 removed from extensions.enabledAddons
Prefs.js: "Search the web (Babylon)" removed from searchreset.backup.browser.search.defaultenginename
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{836772ce-a898-4eaf-b8ed-951cadf5d81a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{836772ce-a898-4eaf-b8ed-951cadf5d81a}\ not found.
Registry key HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1004_Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1004_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File C:\WINDOWS\System32\yosewute not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Bill Lima\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bill Lima\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: Bill Lima
->Flash cache emptied: 820 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Bill Lima
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 09302012_121617

------

Here's the AdwCleaner log:

# AdwCleaner v2.003 - Logfile created 09/30/2012 at 15:33:01
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Bill Lima - BILL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Bill Lima\My Documents\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Giant Savings
Folder Deleted : C:\Program Files\Giant Savings
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Giant Savings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Giant Savings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110796&tt=3612_5&babsrc=NT_ss&mntrId=003f8dbc00000000000020cf30d7067c --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Bill Lima\Application Data\Mozilla\Firefox\Profiles\rlms1erm.default\prefs.js

C:\Documents and Settings\Bill Lima\Application Data\Mozilla\Firefox\Profiles\rlms1erm.default\user.js ... Deleted !

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "003f8dbc00000000000020cf30d7067c");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15589");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110796&tt=3612_5");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1218:48:10");

-\\ Google Chrome v22.0.1229.79

File : C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.82] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.85] : keyword = "babylon.com",
Deleted [l.88] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110796&tt=3612_5&babsrc=SP_ss&mntrId=003f8dbc00000000000020cf30d7067c",

-\\ Opera v [Unable to get version]

File : C:\Documents and Settings\Bill Lima\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5257 octets] - [30/09/2012 15:31:54]
AdwCleaner[S1].txt - [5528 octets] - [30/09/2012 15:33:01]

########## EOF - C:\AdwCleaner[S1].txt - [5588 octets] ##########

And finally Malwarebytes did not find any threats in my system, here's the log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.30.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bill Lima :: BILL [administrator]

9/30/2012 3:39:39 PM
mbam-log-2012-09-30 (15-39-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204412
Time elapsed: 5 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

My browser is still being redirected though

Thank you

Edited by billgtr, 30 September 2012 - 04:57 PM.

#8
emeraldnzl

Posted 30 September 2012 - 05:22 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello billgtr,

Ok I went to the _OTL folder and found this log:

Well done. :cool:

Now

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#9
billgtr

Posted 30 September 2012 - 08:16 PM

Member

Topic Starter
Member
13 posts

Hi emeraldnzl

Thanks you

Here's the TDK log:

19:11:32.0375 3592 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:11:34.0328 3592 ============================================================
19:11:34.0328 3592 Current date / time: 2012/09/30 19:11:34.0328
19:11:34.0328 3592 SystemInfo:
19:11:34.0328 3592
19:11:34.0328 3592 OS Version: 5.1.2600 ServicePack: 3.0
19:11:34.0328 3592 Product type: Workstation
19:11:34.0328 3592 ComputerName: BILL
19:11:34.0359 3592 UserName: Bill Lima
19:11:34.0359 3592 Windows directory: C:\WINDOWS
19:11:34.0359 3592 System windows directory: C:\WINDOWS
19:11:34.0359 3592 Processor architecture: Intel x86
19:11:34.0359 3592 Number of processors: 1
19:11:34.0359 3592 Page size: 0x1000
19:11:34.0359 3592 Boot type: Normal boot
19:11:34.0359 3592 ============================================================
19:11:37.0656 3592 BG loaded
19:11:38.0031 3592 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:11:38.0031 3592 Drive \Device\Harddisk1\DR3 - Size: 0x1CD538000 (7.21 Gb), SectorSize: 0x200, Cylinders: 0x3AC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:11:38.0046 3592 Drive \Device\Harddisk2\DR4 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:11:38.0046 3592 ============================================================
19:11:38.0046 3592 \Device\Harddisk0\DR0:
19:11:38.0046 3592 MBR partitions:
19:11:38.0046 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C53FB7
19:11:38.0062 3592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4C54035, BlocksNum 0xE670942
19:11:38.0062 3592 \Device\Harddisk1\DR3:
19:11:38.0062 3592 MBR partitions:
19:11:38.0062 3592 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xE68A40
19:11:38.0062 3592 \Device\Harddisk2\DR4:
19:11:38.0062 3592 MBR partitions:
19:11:38.0062 3592 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039
19:11:38.0062 3592 ============================================================
19:11:38.0312 3592 C: <-> \Device\Harddisk0\DR0\Partition1
19:11:38.0734 3592 D: <-> \Device\Harddisk0\DR0\Partition2
19:11:38.0953 3592 ============================================================
19:11:38.0953 3592 Initialize success
19:11:38.0953 3592 ============================================================
19:12:36.0968 3944 ============================================================
19:12:36.0968 3944 Scan started
19:12:36.0968 3944 Mode: Manual; SigCheck; TDLFS;
19:12:36.0968 3944 ============================================================
19:12:37.0140 3944 ================ Scan system memory ========================
19:12:37.0140 3944 System memory - ok
19:12:37.0140 3944 ================ Scan services =============================
19:12:37.0265 3944 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
19:12:37.0453 3944 Aavmker4 - ok
19:12:37.0468 3944 Abiosdsk - ok
19:12:37.0484 3944 abp480n5 - ok
19:12:37.0500 3944 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:12:38.0234 3944 ACPI - ok
19:12:38.0250 3944 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:12:38.0406 3944 ACPIEC - ok
19:12:38.0453 3944 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:12:38.0484 3944 AdobeFlashPlayerUpdateSvc - ok
19:12:38.0484 3944 adpu160m - ok
19:12:38.0531 3944 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:12:38.0703 3944 aec - ok
19:12:38.0718 3944 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:12:38.0765 3944 AFD - ok
19:12:38.0812 3944 [ 994A42D273C35B43EE9D1E8A5D8BC639 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:12:38.0890 3944 AgereSoftModem - ok
19:12:38.0906 3944 Aha154x - ok
19:12:38.0906 3944 aic78u2 - ok
19:12:38.0921 3944 aic78xx - ok
19:12:39.0046 3944 [ 00696C0AB6AABA7FD4E64AB61BE95F6A ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:12:39.0281 3944 ALCXWDM - ok
19:12:39.0296 3944 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:12:39.0421 3944 Alerter - ok
19:12:39.0453 3944 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:12:39.0515 3944 ALG - ok
19:12:39.0515 3944 AliIde - ok
19:12:39.0531 3944 amsint - ok
19:12:39.0531 3944 AppMgmt - ok
19:12:39.0578 3944 [ 875F9079CABEE679D34B49E466B61701 ] Asapi C:\WINDOWS\system32\drivers\Asapi.sys
19:12:39.0593 3944 Asapi ( UnsignedFile.Multi.Generic ) - warning
19:12:39.0593 3944 Asapi - detected UnsignedFile.Multi.Generic (1)
19:12:39.0609 3944 asc - ok
19:12:39.0609 3944 asc3350p - ok
19:12:39.0625 3944 asc3550 - ok
19:12:39.0687 3944 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:12:39.0718 3944 aspnet_state - ok
19:12:39.0750 3944 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:12:39.0750 3944 aswFsBlk - ok
19:12:39.0781 3944 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
19:12:39.0796 3944 aswMon2 - ok
19:12:39.0828 3944 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
19:12:39.0828 3944 AswRdr - ok
19:12:39.0875 3944 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
19:12:39.0906 3944 aswSnx - ok
19:12:39.0921 3944 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
19:12:39.0953 3944 aswSP - ok
19:12:39.0968 3944 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
19:12:39.0984 3944 aswTdi - ok
19:12:40.0015 3944 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:12:40.0140 3944 AsyncMac - ok
19:12:40.0156 3944 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:12:40.0328 3944 atapi - ok
19:12:40.0328 3944 Atdisk - ok
19:12:40.0343 3944 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:12:40.0500 3944 Atmarpc - ok
19:12:40.0531 3944 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:12:40.0671 3944 AudioSrv - ok
19:12:40.0703 3944 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:12:40.0875 3944 audstub - ok
19:12:40.0953 3944 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:12:40.0968 3944 avast! Antivirus - ok
19:12:41.0000 3944 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:12:41.0156 3944 Beep - ok
19:12:41.0203 3944 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:12:41.0375 3944 BITS - ok
19:12:41.0406 3944 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:12:41.0421 3944 Bonjour Service - ok
19:12:41.0453 3944 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:12:41.0500 3944 Browser - ok
19:12:41.0515 3944 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:12:41.0687 3944 cbidf2k - ok
19:12:41.0703 3944 cd20xrnt - ok
19:12:41.0734 3944 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:12:41.0859 3944 Cdaudio - ok
19:12:41.0890 3944 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:12:42.0062 3944 Cdfs - ok
19:12:42.0078 3944 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:12:42.0234 3944 Cdrom - ok
19:12:42.0250 3944 Changer - ok
19:12:42.0265 3944 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:12:42.0406 3944 CiSvc - ok
19:12:42.0421 3944 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:12:42.0625 3944 ClipSrv - ok
19:12:42.0640 3944 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:12:42.0750 3944 clr_optimization_v2.0.50727_32 - ok
19:12:42.0750 3944 CmdIde - ok
19:12:42.0765 3944 COMSysApp - ok
19:12:42.0781 3944 Cpqarray - ok
19:12:42.0812 3944 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:12:42.0968 3944 CryptSvc - ok
19:12:42.0968 3944 dac2w2k - ok
19:12:42.0984 3944 dac960nt - ok
19:12:43.0015 3944 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:12:43.0062 3944 DcomLaunch - ok
19:12:43.0093 3944 [ 0819D9AF77D51B1C397D1097AA5BFDDC ] DfuUsb C:\WINDOWS\system32\DRIVERS\DFUUsb.sys
19:12:43.0109 3944 DfuUsb ( UnsignedFile.Multi.Generic ) - warning
19:12:43.0109 3944 DfuUsb - detected UnsignedFile.Multi.Generic (1)
19:12:43.0140 3944 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:12:43.0296 3944 Dhcp - ok
19:12:43.0312 3944 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:12:43.0500 3944 Disk - ok
19:12:43.0500 3944 dmadmin - ok
19:12:43.0531 3944 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:12:43.0703 3944 dmboot - ok
19:12:43.0718 3944 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:12:43.0875 3944 dmio - ok
19:12:43.0906 3944 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:12:44.0046 3944 dmload - ok
19:12:44.0078 3944 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:12:44.0265 3944 dmserver - ok
19:12:44.0281 3944 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:12:44.0484 3944 DMusic - ok
19:12:44.0515 3944 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:12:44.0546 3944 Dnscache - ok
19:12:44.0593 3944 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:12:44.0765 3944 Dot3svc - ok
19:12:44.0781 3944 dpti2o - ok
19:12:44.0796 3944 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:12:44.0937 3944 drmkaud - ok
19:12:44.0984 3944 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:12:45.0171 3944 EapHost - ok
19:12:45.0218 3944 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:12:45.0390 3944 ERSvc - ok
19:12:45.0437 3944 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:12:45.0468 3944 Eventlog - ok
19:12:45.0546 3944 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
19:12:45.0562 3944 EventSystem - ok
19:12:45.0625 3944 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:12:45.0765 3944 Fastfat - ok
19:12:45.0812 3944 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:12:45.0843 3944 FastUserSwitchingCompatibility - ok
19:12:45.0859 3944 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:12:46.0046 3944 Fdc - ok
19:12:46.0078 3944 [ 95BC4D8493FE30312F5E1AB57EF36083 ] FETNDISB C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys
19:12:46.0140 3944 FETNDISB - ok
19:12:46.0171 3944 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:12:46.0343 3944 Fips - ok
19:12:46.0375 3944 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:12:46.0546 3944 Flpydisk - ok
19:12:46.0562 3944 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:12:46.0734 3944 FltMgr - ok
19:12:46.0812 3944 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:12:46.0828 3944 FontCache3.0.0.0 - ok
19:12:46.0843 3944 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:12:47.0015 3944 Fs_Rec - ok
19:12:47.0031 3944 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:12:47.0187 3944 Ftdisk - ok
19:12:47.0218 3944 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:12:47.0421 3944 Gpc - ok
19:12:47.0484 3944 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:12:47.0640 3944 helpsvc - ok
19:12:47.0656 3944 HidServ - ok
19:12:47.0687 3944 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:12:47.0859 3944 hkmsvc - ok
19:12:47.0859 3944 hpn - ok
19:12:47.0875 3944 HSFHWBS2 - ok
19:12:47.0890 3944 HSF_DPV - ok
19:12:47.0921 3944 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:12:47.0937 3944 HTTP - ok
19:12:47.0968 3944 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:12:48.0109 3944 HTTPFilter - ok
19:12:48.0125 3944 i2omgmt - ok
19:12:48.0140 3944 i2omp - ok
19:12:48.0171 3944 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:12:48.0343 3944 i8042prt - ok
19:12:48.0437 3944 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:12:48.0484 3944 idsvc - ok
19:12:48.0500 3944 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:12:48.0671 3944 Imapi - ok
19:12:48.0687 3944 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:12:48.0843 3944 ImapiService - ok
19:12:48.0859 3944 ini910u - ok
19:12:48.0875 3944 IntelIde - ok
19:12:48.0890 3944 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:12:49.0078 3944 ip6fw - ok
19:12:49.0093 3944 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:12:49.0265 3944 IpFilterDriver - ok
19:12:49.0296 3944 [ DFA48FECE1B9D662FA279BDE906D334B ] ipgd C:\WINDOWS\system32\DRIVERS\ipgdnd51.sys
19:12:49.0312 3944 ipgd - ok
19:12:49.0328 3944 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:12:49.0468 3944 IpInIp - ok
19:12:49.0500 3944 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:12:49.0656 3944 IpNat - ok
19:12:49.0671 3944 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:12:49.0843 3944 IPSec - ok
19:12:49.0859 3944 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:12:49.0906 3944 IRENUM - ok
19:12:49.0937 3944 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:12:50.0093 3944 isapnp - ok
19:12:50.0187 3944 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:12:50.0187 3944 JavaQuickStarterService - ok
19:12:50.0203 3944 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:12:50.0375 3944 Kbdclass - ok
19:12:50.0421 3944 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:12:50.0578 3944 kmixer - ok
19:12:50.0609 3944 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:12:50.0640 3944 KSecDD - ok
19:12:50.0671 3944 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:12:50.0703 3944 lanmanserver - ok
19:12:50.0734 3944 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:12:50.0750 3944 lanmanworkstation - ok
19:12:50.0765 3944 Lbd - ok
19:12:50.0781 3944 lbrtfdc - ok
19:12:50.0812 3944 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:12:50.0984 3944 LmHosts - ok
19:12:51.0015 3944 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:12:51.0031 3944 MBAMProtector - ok
19:12:51.0078 3944 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:12:51.0109 3944 MBAMScheduler - ok
19:12:51.0140 3944 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:12:51.0171 3944 MBAMService - ok
19:12:51.0234 3944 [ FB4125937B07247E236BDB49B91102BF ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
19:12:51.0265 3944 McciCMService ( UnsignedFile.Multi.Generic ) - warning
19:12:51.0265 3944 McciCMService - detected UnsignedFile.Multi.Generic (1)
19:12:51.0296 3944 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:12:51.0468 3944 Messenger - ok
19:12:51.0500 3944 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:12:51.0671 3944 mnmdd - ok
19:12:51.0703 3944 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:12:51.0875 3944 mnmsrvc - ok
19:12:51.0890 3944 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:12:52.0062 3944 Modem - ok
19:12:52.0078 3944 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:12:52.0250 3944 Mouclass - ok
19:12:52.0281 3944 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:12:52.0453 3944 MountMgr - ok
19:12:52.0500 3944 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:12:52.0515 3944 MozillaMaintenance - ok
19:12:52.0531 3944 mraid35x - ok
19:12:52.0546 3944 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:12:52.0562 3944 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
19:12:52.0562 3944 MREMP50 - detected UnsignedFile.Multi.Generic (1)
19:12:52.0578 3944 MREMP50a64 - ok
19:12:52.0578 3944 MREMPR5 - ok
19:12:52.0593 3944 MRENDIS5 - ok
19:12:52.0609 3944 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:12:52.0625 3944 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
19:12:52.0625 3944 MRESP50 - detected UnsignedFile.Multi.Generic (1)
19:12:52.0640 3944 MRESP50a64 - ok
19:12:52.0656 3944 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:12:52.0812 3944 MRxDAV - ok
19:12:52.0843 3944 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:12:52.0890 3944 MRxSmb - ok
19:12:52.0921 3944 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:12:53.0078 3944 MSDTC - ok
19:12:53.0093 3944 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:12:53.0281 3944 Msfs - ok
19:12:53.0296 3944 MSIServer - ok
19:12:53.0312 3944 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:12:53.0468 3944 MSKSSRV - ok
19:12:53.0484 3944 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:12:53.0640 3944 MSPCLOCK - ok
19:12:53.0640 3944 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:12:53.0812 3944 MSPQM - ok
19:12:53.0828 3944 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:12:54.0000 3944 mssmbios - ok
19:12:54.0015 3944 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:12:54.0046 3944 Mup - ok
19:12:54.0078 3944 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:12:54.0234 3944 napagent - ok
19:12:54.0265 3944 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:12:54.0437 3944 NDIS - ok
19:12:54.0468 3944 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:12:54.0484 3944 NdisTapi - ok
19:12:54.0515 3944 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:12:54.0687 3944 Ndisuio - ok
19:12:54.0718 3944 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:12:54.0859 3944 NdisWan - ok
19:12:54.0906 3944 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:12:54.0921 3944 NDProxy - ok
19:12:54.0937 3944 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:12:55.0140 3944 NetBIOS - ok
19:12:55.0156 3944 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:12:55.0296 3944 NetBT - ok
19:12:55.0328 3944 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:12:55.0500 3944 NetDDE - ok
19:12:55.0500 3944 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:12:55.0671 3944 NetDDEdsdm - ok
19:12:55.0703 3944 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:12:55.0890 3944 Netlogon - ok
19:12:55.0921 3944 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:12:56.0078 3944 Netman - ok
19:12:56.0125 3944 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:12:56.0140 3944 NetTcpPortSharing - ok
19:12:56.0171 3944 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:12:56.0203 3944 Nla - ok
19:12:56.0218 3944 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:12:56.0390 3944 Npfs - ok
19:12:56.0421 3944 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:12:56.0609 3944 Ntfs - ok
19:12:56.0625 3944 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
19:12:56.0796 3944 NtLmSsp - ok
19:12:56.0843 3944 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:12:57.0015 3944 NtmsSvc - ok
19:12:57.0031 3944 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:12:57.0218 3944 Null - ok
19:12:57.0328 3944 [ A4564B01C9ECF070D2492AC3D75E7FF5 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:12:57.0437 3944 nv ( UnsignedFile.Multi.Generic ) - warning
19:12:57.0437 3944 nv - detected UnsignedFile.Multi.Generic (1)
19:12:57.0468 3944 [ 67AFE15B2959607B5D2A373516476209 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
19:12:57.0484 3944 NVSvc ( UnsignedFile.Multi.Generic ) - warning
19:12:57.0484 3944 NVSvc - detected UnsignedFile.Multi.Generic (1)
19:12:57.0500 3944 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:12:57.0671 3944 NwlnkFlt - ok
19:12:57.0703 3944 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:12:57.0859 3944 NwlnkFwd - ok
19:12:57.0890 3944 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:12:58.0062 3944 Parport - ok
19:12:58.0093 3944 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:12:58.0265 3944 PartMgr - ok
19:12:58.0296 3944 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:12:58.0468 3944 ParVdm - ok
19:12:58.0500 3944 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:12:58.0687 3944 PCI - ok
19:12:58.0687 3944 PCIDump - ok
19:12:58.0718 3944 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:12:58.0906 3944 PCIIde - ok
19:12:58.0937 3944 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:12:59.0140 3944 Pcmcia - ok
19:12:59.0140 3944 PDCOMP - ok
19:12:59.0156 3944 PDFRAME - ok
19:12:59.0156 3944 PDRELI - ok
19:12:59.0171 3944 PDRFRAME - ok
19:12:59.0187 3944 perc2 - ok
19:12:59.0187 3944 perc2hib - ok
19:12:59.0234 3944 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:12:59.0250 3944 PlugPlay - ok
19:12:59.0281 3944 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:12:59.0453 3944 PolicyAgent - ok
19:12:59.0484 3944 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:12:59.0671 3944 PptpMiniport - ok
19:12:59.0687 3944 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:12:59.0906 3944 Processor - ok
19:12:59.0921 3944 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:13:00.0093 3944 ProtectedStorage - ok
19:13:00.0109 3944 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:13:00.0296 3944 PSched - ok
19:13:00.0343 3944 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:13:00.0546 3944 Ptilink - ok
19:13:00.0562 3944 ql1080 - ok
19:13:00.0562 3944 Ql10wnt - ok
19:13:00.0578 3944 ql12160 - ok
19:13:00.0593 3944 ql1240 - ok
19:13:00.0593 3944 ql1280 - ok
19:13:00.0625 3944 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:13:00.0796 3944 RasAcd - ok
19:13:00.0843 3944 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:13:01.0031 3944 RasAuto - ok
19:13:01.0046 3944 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:13:01.0234 3944 Rasl2tp - ok
19:13:01.0296 3944 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:13:01.0484 3944 RasMan - ok
19:13:01.0500 3944 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:13:01.0703 3944 RasPppoe - ok
19:13:01.0718 3944 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:13:01.0906 3944 Raspti - ok
19:13:01.0953 3944 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:13:02.0109 3944 Rdbss - ok
19:13:02.0140 3944 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:13:03.0453 3944 RDPCDD - ok
19:13:03.0500 3944 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:13:04.0375 3944 RDPWD - ok
19:13:04.0390 3944 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:13:06.0500 3944 RDSessMgr - ok
19:13:06.0515 3944 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:13:06.0921 3944 redbook - ok
19:13:06.0953 3944 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:13:07.0156 3944 RemoteAccess - ok
19:13:07.0187 3944 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
19:13:07.0359 3944 ROOTMODEM - ok
19:13:07.0375 3944 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
19:13:07.0546 3944 RpcLocator - ok
19:13:07.0578 3944 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:13:07.0625 3944 RpcSs - ok
19:13:07.0656 3944 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
19:13:07.0828 3944 RSVP - ok
19:13:07.0875 3944 [ 38BF30654E031A5BEF3A87E992CDBC2E ] RTL8023xp C:\WINDOWS\system32\DRIVERS\TE100XP.sys
19:13:07.0890 3944 RTL8023xp - ok
19:13:07.0906 3944 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:13:08.0078 3944 rtl8139 - ok
19:13:08.0078 3944 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:13:08.0250 3944 SamSs - ok
19:13:08.0265 3944 SBRE - ok
19:13:08.0296 3944 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:13:08.0468 3944 SCardSvr - ok
19:13:08.0500 3944 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:13:08.0671 3944 Schedule - ok
19:13:08.0703 3944 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:13:08.0750 3944 Secdrv - ok
19:13:08.0781 3944 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:13:08.0937 3944 seclogon - ok
19:13:08.0968 3944 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:13:09.0140 3944 SENS - ok
19:13:09.0171 3944 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:13:09.0343 3944 serenum - ok
19:13:09.0375 3944 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:13:09.0531 3944 Serial - ok
19:13:09.0562 3944 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:13:09.0734 3944 Sfloppy - ok
19:13:09.0781 3944 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:13:09.0953 3944 SharedAccess - ok
19:13:09.0984 3944 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:13:10.0000 3944 ShellHWDetection - ok
19:13:10.0000 3944 Simbad - ok
19:13:10.0046 3944 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:13:10.0234 3944 SONYPVU1 - ok
19:13:10.0250 3944 Sparrow - ok
19:13:10.0265 3944 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:13:10.0453 3944 splitter - ok
19:13:10.0484 3944 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:13:10.0515 3944 Spooler - ok
19:13:10.0546 3944 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:13:10.0593 3944 sr - ok
19:13:10.0625 3944 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:13:10.0687 3944 srservice - ok
19:13:10.0718 3944 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:13:10.0750 3944 Srv - ok
19:13:10.0765 3944 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:13:10.0828 3944 SSDPSRV - ok
19:13:10.0875 3944 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:13:11.0046 3944 stisvc - ok
19:13:11.0062 3944 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:13:11.0250 3944 swenum - ok
19:13:11.0265 3944 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:13:11.0453 3944 swmidi - ok
19:13:11.0453 3944 SwPrv - ok
19:13:11.0468 3944 symc810 - ok
19:13:11.0468 3944 symc8xx - ok
19:13:11.0484 3944 sym_hi - ok
19:13:11.0500 3944 sym_u3 - ok
19:13:11.0515 3944 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:13:11.0687 3944 sysaudio - ok
19:13:11.0718 3944 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:13:11.0890 3944 SysmonLog - ok
19:13:11.0921 3944 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:13:12.0093 3944 TapiSrv - ok
19:13:12.0109 3944 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:13:12.0140 3944 Tcpip - ok
19:13:12.0171 3944 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:13:12.0343 3944 TDPIPE - ok
19:13:12.0359 3944 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:13:12.0515 3944 TDTCP - ok
19:13:12.0546 3944 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:13:12.0734 3944 TermDD - ok
19:13:12.0781 3944 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:13:12.0937 3944 TermService - ok
19:13:12.0953 3944 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:13:12.0984 3944 Themes - ok
19:13:12.0984 3944 TosIde - ok
19:13:13.0015 3944 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:13:13.0187 3944 TrkWks - ok
19:13:13.0218 3944 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:13:13.0390 3944 Udfs - ok
19:13:13.0390 3944 ultra - ok
19:13:13.0421 3944 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:13:13.0609 3944 Update - ok
19:13:13.0640 3944 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:13:13.0718 3944 upnphost - ok
19:13:13.0734 3944 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:13:13.0906 3944 UPS - ok
19:13:13.0953 3944 [ 47B29011B966E87213304A7A506F9A53 ] US122 C:\WINDOWS\system32\Drivers\US122.sys
19:13:13.0953 3944 US122 ( UnsignedFile.Multi.Generic ) - warning
19:13:13.0953 3944 US122 - detected UnsignedFile.Multi.Generic (1)
19:13:13.0968 3944 [ E3F6900877C9D49F20F9909D5417C43B ] US122DL C:\WINDOWS\system32\Drivers\US122DL.sys
19:13:13.0984 3944 US122DL ( UnsignedFile.Multi.Generic ) - warning
19:13:13.0984 3944 US122DL - detected UnsignedFile.Multi.Generic (1)
19:13:14.0015 3944 [ 1F9012164ED655E5EB7D4F2A4D4419BE ] Us122WdmService C:\WINDOWS\system32\Drivers\US122Wdm.sys
19:13:14.0031 3944 Us122WdmService ( UnsignedFile.Multi.Generic ) - warning
19:13:14.0031 3944 Us122WdmService - detected UnsignedFile.Multi.Generic (1)
19:13:14.0046 3944 USBAAPL - ok
19:13:14.0062 3944 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:13:14.0250 3944 usbaudio - ok
19:13:14.0265 3944 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:13:14.0437 3944 usbccgp - ok
19:13:14.0453 3944 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:13:14.0625 3944 usbehci - ok
19:13:14.0640 3944 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:13:14.0828 3944 usbhub - ok
19:13:14.0843 3944 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:13:15.0000 3944 usbohci - ok
19:13:15.0031 3944 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:13:15.0203 3944 usbscan - ok
19:13:15.0218 3944 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:13:15.0390 3944 USBSTOR - ok
19:13:15.0406 3944 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:13:15.0578 3944 usbuhci - ok
19:13:15.0593 3944 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:13:15.0765 3944 VgaSave - ok
19:13:15.0765 3944 ViaIde - ok
19:13:15.0781 3944 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:13:15.0968 3944 VolSnap - ok
19:13:16.0000 3944 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:13:16.0062 3944 VSS - ok
19:13:16.0078 3944 [ C9A8BA443F809B70BCCCCD60CC73FA5C ] vulfnths C:\WINDOWS\System32\Drivers\vulfnth.sys
19:13:16.0093 3944 vulfnths ( UnsignedFile.Multi.Generic ) - warning
19:13:16.0093 3944 vulfnths - detected UnsignedFile.Multi.Generic (1)
19:13:16.0109 3944 [ 2D8C55889616F7767E9FB8ADEE37A02A ] vulfntrs C:\WINDOWS\System32\Drivers\vulfntr.sys
19:13:16.0125 3944 vulfntrs ( UnsignedFile.Multi.Generic ) - warning
19:13:16.0125 3944 vulfntrs - detected UnsignedFile.Multi.Generic (1)
19:13:16.0156 3944 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:13:16.0281 3944 W32Time - ok
19:13:16.0312 3944 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:13:16.0515 3944 Wanarp - ok
19:13:16.0515 3944 WDICA - ok
19:13:16.0546 3944 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:13:16.0718 3944 wdmaud - ok
19:13:16.0750 3944 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:13:16.0921 3944 WebClient - ok
19:13:16.0921 3944 winachsf - ok
19:13:16.0968 3944 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:13:17.0125 3944 winmgmt - ok
19:13:17.0171 3944 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
19:13:17.0250 3944 WinRM - ok
19:13:17.0281 3944 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:13:17.0296 3944 WmdmPmSN - ok
19:13:17.0343 3944 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:13:17.0531 3944 WmiApSrv - ok
19:13:17.0578 3944 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:13:17.0656 3944 WMPNetworkSvc - ok
19:13:17.0687 3944 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:13:17.0843 3944 WS2IFSL - ok
19:13:17.0890 3944 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:13:18.0062 3944 wscsvc - ok
19:13:18.0078 3944 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:13:18.0265 3944 wuauserv - ok
19:13:18.0281 3944 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:13:18.0312 3944 WudfPf - ok
19:13:18.0343 3944 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:13:18.0375 3944 WudfRd - ok
19:13:18.0390 3944 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:13:18.0437 3944 WudfSvc - ok
19:13:18.0484 3944 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:13:18.0671 3944 WZCSVC - ok
19:13:18.0703 3944 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:13:18.0875 3944 xmlprov - ok
19:13:18.0890 3944 ================ Scan global ===============================
19:13:18.0921 3944 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:13:18.0968 3944 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:13:18.0984 3944 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:13:19.0000 3944 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:13:19.0015 3944 [Global] - ok
19:13:19.0015 3944 ================ Scan MBR ==================================
19:13:19.0031 3944 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:13:19.0296 3944 \Device\Harddisk0\DR0 - ok
19:13:19.0312 3944 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
19:13:19.0484 3944 \Device\Harddisk1\DR3 - ok
19:13:19.0500 3944 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR4
19:13:19.0562 3944 \Device\Harddisk2\DR4 - ok
19:13:19.0562 3944 ================ Scan VBR ==================================
19:13:19.0562 3944 [ 46021D1E02D86B6C1457767186540154 ] \Device\Harddisk0\DR0\Partition1
19:13:19.0562 3944 \Device\Harddisk0\DR0\Partition1 - ok
19:13:19.0593 3944 [ BC8CA4A01EA6DD00E88F4CB046D30D06 ] \Device\Harddisk0\DR0\Partition2
19:13:19.0593 3944 \Device\Harddisk0\DR0\Partition2 - ok
19:13:19.0593 3944 [ FEE75E8987031B7A851CBD972DC80624 ] \Device\Harddisk1\DR3\Partition1
19:13:19.0593 3944 \Device\Harddisk1\DR3\Partition1 - ok
19:13:19.0609 3944 ================ Scan active images ========================
19:13:19.0625 3944 [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
19:13:19.0625 3944 C:\WINDOWS\system32\drivers\processr.sys - ok
19:13:19.0625 3944 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
19:13:19.0625 3944 C:\WINDOWS\system32\drivers\videoprt.sys - ok
19:13:19.0640 3944 [ A4564B01C9ECF070D2492AC3D75E7FF5 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
19:13:19.0640 3944 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
19:13:19.0640 3944 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
19:13:19.0640 3944 C:\WINDOWS\system32\drivers\usbport.sys - ok
19:13:19.0656 3944 [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
19:13:19.0656 3944 C:\WINDOWS\system32\drivers\usbohci.sys - ok
19:13:19.0656 3944 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
19:13:19.0656 3944 C:\WINDOWS\system32\drivers\usbehci.sys - ok
19:13:19.0671 3944 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
19:13:19.0671 3944 C:\WINDOWS\system32\drivers\imapi.sys - ok
19:13:19.0671 3944 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
19:13:19.0671 3944 C:\WINDOWS\system32\drivers\cdrom.sys - ok
19:13:19.0687 3944 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
19:13:19.0687 3944 C:\WINDOWS\system32\drivers\ks.sys - ok
19:13:19.0687 3944 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
19:13:19.0687 3944 C:\WINDOWS\system32\drivers\redbook.sys - ok
19:13:19.0703 3944 [ 875F9079CABEE679D34B49E466B61701 ] C:\WINDOWS\system32\drivers\asapi.sys
19:13:19.0703 3944 C:\WINDOWS\system32\drivers\asapi.sys - ok
19:13:19.0703 3944 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
19:13:19.0703 3944 C:\WINDOWS\system32\drivers\fdc.sys - ok
19:13:19.0718 3944 [ DFA48FECE1B9D662FA279BDE906D334B ] C:\WINDOWS\system32\drivers\ipgdnd51.sys
19:13:19.0718 3944 C:\WINDOWS\system32\drivers\ipgdnd51.sys - ok
19:13:19.0718 3944 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
19:13:19.0718 3944 C:\WINDOWS\system32\drivers\serenum.sys - ok
19:13:19.0734 3944 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
19:13:19.0734 3944 C:\WINDOWS\system32\drivers\serial.sys - ok
19:13:19.0734 3944 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
19:13:19.0734 3944 C:\WINDOWS\system32\drivers\parport.sys - ok
19:13:19.0750 3944 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
19:13:19.0750 3944 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
19:13:19.0750 3944 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
19:13:19.0750 3944 C:\WINDOWS\system32\drivers\mouclass.sys - ok
19:13:19.0765 3944 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
19:13:19.0765 3944 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
19:13:19.0765 3944 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
19:13:19.0765 3944 C:\WINDOWS\system32\drivers\audstub.sys - ok
19:13:19.0781 3944 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
19:13:19.0781 3944 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
19:13:19.0781 3944 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
19:13:19.0781 3944 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
19:13:19.0796 3944 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
19:13:19.0796 3944 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
19:13:19.0796 3944 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
19:13:19.0796 3944 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
19:13:19.0812 3944 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
19:13:19.0812 3944 C:\WINDOWS\system32\drivers\tdi.sys - ok
19:13:19.0812 3944 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
19:13:19.0812 3944 C:\WINDOWS\system32\drivers\raspptp.sys - ok
19:13:19.0828 3944 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
19:13:19.0828 3944 C:\WINDOWS\system32\drivers\msgpc.sys - ok
19:13:19.0828 3944 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
19:13:19.0828 3944 C:\WINDOWS\system32\drivers\psched.sys - ok
19:13:19.0843 3944 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
19:13:19.0843 3944 C:\WINDOWS\system32\drivers\ptilink.sys - ok
19:13:19.0843 3944 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
19:13:19.0843 3944 C:\WINDOWS\system32\drivers\raspti.sys - ok
19:13:19.0859 3944 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
19:13:19.0859 3944 C:\WINDOWS\system32\drivers\swenum.sys - ok
19:13:19.0859 3944 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
19:13:19.0859 3944 C:\WINDOWS\system32\drivers\termdd.sys - ok
19:13:19.0875 3944 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
19:13:19.0875 3944 C:\WINDOWS\system32\drivers\update.sys - ok
19:13:19.0875 3944 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
19:13:19.0875 3944 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
19:13:19.0890 3944 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
19:13:19.0890 3944 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
19:13:19.0890 3944 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
19:13:19.0890 3944 C:\WINDOWS\system32\drivers\usbd.sys - ok
19:13:19.0906 3944 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
19:13:19.0906 3944 C:\WINDOWS\system32\drivers\usbhub.sys - ok
19:13:19.0906 3944 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
19:13:19.0906 3944 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
19:13:19.0921 3944 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
19:13:19.0921 3944 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
19:13:19.0921 3944 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
19:13:19.0921 3944 C:\WINDOWS\system32\drivers\beep.sys - ok
19:13:19.0937 3944 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
19:13:19.0937 3944 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
19:13:19.0937 3944 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
19:13:19.0937 3944 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
19:13:19.0953 3944 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
19:13:19.0953 3944 C:\WINDOWS\system32\drivers\null.sys - ok
19:13:19.0953 3944 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
19:13:19.0953 3944 C:\WINDOWS\system32\drivers\vga.sys - ok
19:13:19.0968 3944 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
19:13:19.0968 3944 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
19:13:19.0968 3944 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
19:13:19.0968 3944 C:\WINDOWS\system32\drivers\msfs.sys - ok
19:13:19.0984 3944 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
19:13:19.0984 3944 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
19:13:19.0984 3944 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
19:13:19.0984 3944 C:\WINDOWS\system32\drivers\ipsec.sys - ok
19:13:20.0000 3944 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
19:13:20.0000 3944 C:\WINDOWS\system32\drivers\npfs.sys - ok
19:13:20.0000 3944 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
19:13:20.0000 3944 C:\WINDOWS\system32\drivers\rasacd.sys - ok
19:13:20.0015 3944 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
19:13:20.0015 3944 C:\WINDOWS\system32\drivers\tcpip.sys - ok
19:13:20.0015 3944 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] C:\WINDOWS\system32\drivers\aswTdi.sys
19:13:20.0015 3944 C:\WINDOWS\system32\drivers\aswTdi.sys - ok
19:13:20.0031 3944 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
19:13:20.0031 3944 C:\WINDOWS\system32\drivers\netbt.sys - ok
19:13:20.0031 3944 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
19:13:20.0031 3944 C:\WINDOWS\system32\drivers\afd.sys - ok
19:13:20.0046 3944 [ B7D5E4486BA658ED08624D8084ABB830 ] C:\WINDOWS\system32\drivers\aswRdr.sys
19:13:20.0046 3944 C:\WINDOWS\system32\drivers\aswRdr.sys - ok
19:13:20.0046 3944 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
19:13:20.0046 3944 C:\WINDOWS\system32\drivers\ipnat.sys - ok
19:13:20.0062 3944 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
19:13:20.0062 3944 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
19:13:20.0062 3944 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
19:13:20.0062 3944 C:\WINDOWS\system32\drivers\netbios.sys - ok
19:13:20.0078 3944 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
19:13:20.0078 3944 C:\WINDOWS\system32\drivers\rdbss.sys - ok
19:13:20.0078 3944 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
19:13:20.0078 3944 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
19:13:20.0093 3944 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
19:13:20.0093 3944 C:\WINDOWS\system32\drivers\fips.sys - ok
19:13:20.0093 3944 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] C:\WINDOWS\system32\drivers\aswSP.sys
19:13:20.0093 3944 C:\WINDOWS\system32\drivers\aswSP.sys - ok
19:13:20.0109 3944 [ 30E45AF8B4D83176CA850FC9699E860B ] C:\WINDOWS\system32\drivers\aswSnx.sys
19:13:20.0109 3944 C:\WINDOWS\system32\drivers\aswSnx.sys - ok
19:13:20.0109 3944 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] C:\WINDOWS\system32\drivers\aavmker4.sys
19:13:20.0109 3944 C:\WINDOWS\system32\drivers\aavmker4.sys - ok
19:13:20.0125 3944 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
19:13:20.0125 3944 C:\WINDOWS\system32\smss.exe - ok
19:13:20.0125 3944 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
19:13:20.0125 3944 C:\WINDOWS\system32\ntdll.dll - ok
19:13:20.0140 3944 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
19:13:20.0140 3944 C:\WINDOWS\system32\autochk.exe - ok
19:13:20.0140 3944 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
19:13:20.0140 3944 C:\WINDOWS\system32\sfcfiles.dll - ok
19:13:20.0156 3944 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
19:13:20.0156 3944 C:\WINDOWS\system32\drivers\cdfs.sys - ok
19:13:20.0171 3944 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
19:13:20.0171 3944 C:\WINDOWS\system32\drivers\wanarp.sys - ok
19:13:20.0171 3944 [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
19:13:20.0171 3944 C:\WINDOWS\system32\drivers\usbstor.sys - ok
19:13:20.0171 3944 [ 47B29011B966E87213304A7A506F9A53 ] C:\WINDOWS\system32\drivers\US122.sys
19:13:20.0171 3944 C:\WINDOWS\system32\drivers\US122.sys - ok
19:13:20.0187 3944 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
19:13:20.0187 3944 C:\WINDOWS\system32\drivers\drmk.sys - ok
19:13:20.0187 3944 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
19:13:20.0187 3944 C:\WINDOWS\system32\drivers\portcls.sys - ok
19:13:20.0203 3944 [ 1F9012164ED655E5EB7D4F2A4D4419BE ] C:\WINDOWS\system32\drivers\US122Wdm.sys
19:13:20.0203 3944 C:\WINDOWS\system32\drivers\US122Wdm.sys - ok
19:13:20.0203 3944 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
19:13:20.0203 3944 C:\WINDOWS\system32\drivers\wmilib.sys - ok
19:13:20.0218 3944 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
19:13:20.0218 3944 C:\WINDOWS\system32\drivers\atapi.sys - ok
19:13:20.0218 3944 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
19:13:20.0218 3944 C:\WINDOWS\system32\drivers\dxapi.sys - ok
19:13:20.0234 3944 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
19:13:20.0234 3944 C:\WINDOWS\system32\watchdog.sys - ok
19:13:20.0234 3944 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
19:13:20.0234 3944 C:\WINDOWS\system32\csrsrv.dll - ok
19:13:20.0250 3944 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
19:13:20.0250 3944 C:\WINDOWS\system32\csrss.exe - ok
19:13:20.0250 3944 [ D6F934A361D7F0BE8271673988D4E7FD ] C:\WINDOWS\system32\win32k.sys
19:13:20.0250 3944 C:\WINDOWS\system32\win32k.sys - ok
19:13:20.0265 3944 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:13:20.0265 3944 C:\WINDOWS\system32\basesrv.dll - ok
19:13:20.0265 3944 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:13:20.0265 3944 C:\WINDOWS\system32\winsrv.dll - ok
19:13:20.0281 3944 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
19:13:20.0281 3944 C:\WINDOWS\system32\gdi32.dll - ok
19:13:20.0281 3944 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
19:13:20.0281 3944 C:\WINDOWS\system32\kernel32.dll - ok
19:13:20.0296 3944 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
19:13:20.0296 3944 C:\WINDOWS\system32\user32.dll - ok
19:13:20.0296 3944 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
19:13:20.0296 3944 C:\WINDOWS\system32\drivers\dxg.sys - ok
19:13:20.0312 3944 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
19:13:20.0312 3944 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
19:13:20.0312 3944 [ A8AD1D1695933E56CF49C0B626882A24 ] C:\WINDOWS\system32\nv4_disp.dll
19:13:20.0312 3944 C:\WINDOWS\system32\nv4_disp.dll - ok
19:13:20.0328 3944 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
19:13:20.0328 3944 C:\WINDOWS\system32\vga.dll - ok
19:13:20.0328 3944 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
19:13:20.0328 3944 C:\WINDOWS\system32\winlogon.exe - ok
19:13:20.0343 3944 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
19:13:20.0343 3944 C:\WINDOWS\system32\advapi32.dll - ok
19:13:20.0343 3944 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
19:13:20.0343 3944 C:\WINDOWS\system32\rpcrt4.dll - ok
19:13:20.0359 3944 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
19:13:20.0359 3944 C:\WINDOWS\system32\authz.dll - ok
19:13:20.0359 3944 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
19:13:20.0359 3944 C:\WINDOWS\system32\secur32.dll - ok
19:13:20.0375 3944 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
19:13:20.0375 3944 C:\WINDOWS\system32\msvcrt.dll - ok
19:13:20.0375 3944 [ 64416C6E07606720C1ECE6DD374BDFFD ] C:\WINDOWS\system32\crypt32.dll
19:13:20.0375 3944 C:\WINDOWS\system32\crypt32.dll - ok
19:13:20.0390 3944 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
19:13:20.0390 3944 C:\WINDOWS\system32\msasn1.dll - ok
19:13:20.0390 3944 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
19:13:20.0390 3944 C:\WINDOWS\system32\nddeapi.dll - ok
19:13:20.0406 3944 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
19:13:20.0406 3944 C:\WINDOWS\system32\profmap.dll - ok
19:13:20.0406 3944 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
19:13:20.0406 3944 C:\WINDOWS\system32\netapi32.dll - ok
19:13:20.0421 3944 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
19:13:20.0421 3944 C:\WINDOWS\system32\userenv.dll - ok
19:13:20.0421 3944 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
19:13:20.0421 3944 C:\WINDOWS\system32\psapi.dll - ok
19:13:20.0437 3944 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
19:13:20.0437 3944 C:\WINDOWS\system32\regapi.dll - ok
19:13:20.0437 3944 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
19:13:20.0437 3944 C:\WINDOWS\system32\setupapi.dll - ok
19:13:20.0453 3944 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
19:13:20.0453 3944 C:\WINDOWS\system32\version.dll - ok
19:13:20.0453 3944 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
19:13:20.0453 3944 C:\WINDOWS\system32\winsta.dll - ok
19:13:20.0468 3944 [ 95F5C420E9BDD4C3569602911420A774 ] C:\WINDOWS\system32\wintrust.dll
19:13:20.0468 3944 C:\WINDOWS\system32\wintrust.dll - ok
19:13:20.0468 3944 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
19:13:20.0468 3944 C:\WINDOWS\system32\imagehlp.dll - ok
19:13:20.0484 3944 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
19:13:20.0484 3944 C:\WINDOWS\system32\ws2_32.dll - ok
19:13:20.0484 3944 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
19:13:20.0484 3944 C:\WINDOWS\system32\imm32.dll - ok
19:13:20.0500 3944 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
19:13:20.0500 3944 C:\WINDOWS\system32\ws2help.dll - ok
19:13:20.0500 3944 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
19:13:20.0500 3944 C:\WINDOWS\system32\kbdus.dll - ok
19:13:20.0515 3944 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
19:13:20.0515 3944 C:\WINDOWS\system32\msgina.dll - ok
19:13:20.0515 3944 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
19:13:20.0515 3944 C:\WINDOWS\system32\comctl32.dll - ok
19:13:20.0531 3944 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
19:13:20.0531 3944 C:\WINDOWS\system32\comdlg32.dll - ok
19:13:20.0531 3944 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
19:13:20.0531 3944 C:\WINDOWS\system32\odbc32.dll - ok
19:13:20.0546 3944 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
19:13:20.0546 3944 C:\WINDOWS\system32\shell32.dll - ok
19:13:20.0546 3944 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
19:13:20.0546 3944 C:\WINDOWS\system32\shlwapi.dll - ok
19:13:20.0562 3944 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
19:13:20.0562 3944 C:\WINDOWS\system32\sxs.dll - ok
19:13:20.0562 3944 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
19:13:20.0562 3944 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
19:13:20.0562 3944 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
19:13:20.0562 3944 C:\WINDOWS\system32\odbcint.dll - ok
19:13:20.0578 3944 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
19:13:20.0578 3944 C:\WINDOWS\system32\sfc.dll - ok
19:13:20.0578 3944 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
19:13:20.0578 3944 C:\WINDOWS\system32\shsvcs.dll - ok
19:13:20.0593 3944 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
19:13:20.0593 3944 C:\WINDOWS\system32\ole32.dll - ok
19:13:20.0609 3944 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
19:13:20.0609 3944 C:\WINDOWS\system32\sfc_os.dll - ok
19:13:20.0609 3944 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
19:13:20.0609 3944 C:\WINDOWS\system32\apphelp.dll - ok
19:13:20.0609 3944 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
19:13:20.0609 3944 C:\WINDOWS\system32\lsass.exe - ok
19:13:20.0625 3944 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:13:20.0625 3944 C:\WINDOWS\system32\services.exe - ok
19:13:20.0625 3944 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
19:13:20.0625 3944 C:\WINDOWS\system32\lsasrv.dll - ok
19:13:20.0640 3944 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
19:13:20.0640 3944 C:\WINDOWS\system32\ncobjapi.dll - ok
19:13:20.0640 3944 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
19:13:20.0640 3944 C:\WINDOWS\system32\msvcp60.dll - ok
19:13:20.0656 3944 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
19:13:20.0656 3944 C:\WINDOWS\system32\mpr.dll - ok
19:13:20.0671 3944 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
19:13:20.0671 3944 C:\WINDOWS\system32\scesrv.dll - ok
19:13:20.0671 3944 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
19:13:20.0671 3944 C:\WINDOWS\system32\ntdsapi.dll - ok
19:13:20.0687 3944 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
19:13:20.0687 3944 C:\WINDOWS\system32\dnsapi.dll - ok
19:13:20.0687 3944 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
19:13:20.0687 3944 C:\WINDOWS\system32\umpnpmgr.dll - ok
19:13:20.0703 3944 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
19:13:20.0703 3944 C:\WINDOWS\system32\wldap32.dll - ok
19:13:20.0703 3944 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
19:13:20.0703 3944 C:\WINDOWS\system32\shimeng.dll - ok
19:13:20.0718 3944 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
19:13:20.0718 3944 C:\WINDOWS\AppPatch\acadproc.dll - ok
19:13:20.0718 3944 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
19:13:20.0718 3944 C:\WINDOWS\system32\samlib.dll - ok
19:13:20.0734 3944 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
19:13:20.0734 3944 C:\WINDOWS\system32\samsrv.dll - ok
19:13:20.0734 3944 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
19:13:20.0734 3944 C:\WINDOWS\system32\cryptdll.dll - ok
19:13:20.0750 3944 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
19:13:20.0750 3944 C:\WINDOWS\AppPatch\acgenral.dll - ok
19:13:20.0750 3944 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
19:13:20.0750 3944 C:\WINDOWS\system32\oleaut32.dll - ok
19:13:20.0750 3944 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
19:13:20.0750 3944 C:\WINDOWS\system32\winmm.dll - ok
19:13:20.0765 3944 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
19:13:20.0765 3944 C:\WINDOWS\system32\msacm32.dll - ok
19:13:20.0765 3944 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
19:13:20.0765 3944 C:\WINDOWS\system32\uxtheme.dll - ok
19:13:20.0781 3944 [ 83A083A42F97BCF3F8E016820178DDE2 ] C:\WINDOWS\system32\vct3216.acm
19:13:20.0781 3944 C:\WINDOWS\system32\vct3216.acm - ok
19:13:20.0781 3944 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
19:13:20.0781 3944 C:\WINDOWS\system32\msapsspc.dll - ok
19:13:20.0796 3944 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
19:13:20.0796 3944 C:\WINDOWS\system32\msvcrt40.dll - ok
19:13:20.0796 3944 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
19:13:20.0796 3944 C:\WINDOWS\system32\digest.dll - ok
19:13:20.0812 3944 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
19:13:20.0812 3944 C:\WINDOWS\system32\msnsspc.dll - ok
19:13:20.0812 3944 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
19:13:20.0812 3944 C:\WINDOWS\system32\schannel.dll - ok
19:13:20.0828 3944 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
19:13:20.0828 3944 C:\WINDOWS\system32\msctfime.ime - ok
19:13:20.0828 3944 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
19:13:20.0828 3944 C:\WINDOWS\system32\msprivs.dll - ok
19:13:20.0843 3944 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
19:13:20.0843 3944 C:\WINDOWS\system32\iphlpapi.dll - ok
19:13:20.0843 3944 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
19:13:20.0843 3944 C:\WINDOWS\system32\kerberos.dll - ok
19:13:20.0859 3944 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
19:13:20.0859 3944 C:\WINDOWS\system32\msv1_0.dll - ok
19:13:20.0859 3944 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
19:13:20.0859 3944 C:\WINDOWS\system32\atmfd.dll - ok
19:13:20.0875 3944 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
19:13:20.0875 3944 C:\WINDOWS\system32\netlogon.dll - ok
19:13:20.0875 3944 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
19:13:20.0875 3944 C:\WINDOWS\system32\w32time.dll - ok
19:13:20.0890 3944 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
19:13:20.0890 3944 C:\WINDOWS\system32\wdigest.dll - ok
19:13:20.0890 3944 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
19:13:20.0890 3944 C:\WINDOWS\system32\rsaenh.dll - ok
19:13:20.0906 3944 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
19:13:20.0906 3944 C:\WINDOWS\system32\winscard.dll - ok
19:13:20.0906 3944 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
19:13:20.0906 3944 C:\WINDOWS\system32\wtsapi32.dll - ok
19:13:20.0921 3944 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
19:13:20.0921 3944 C:\WINDOWS\system32\scecli.dll - ok
19:13:20.0921 3944 [ F5DC168BF77572D51BE28BA261B30CB4 ] C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:13:20.0921 3944 C:\WINDOWS\system32\drivers\aswFsBlk.sys - ok
19:13:20.0937 3944 [ 65E794E86468B61F2BC79ABC48BC4433 ] C:\WINDOWS\system32\drivers\mbam.sys
19:13:20.0937 3944 C:\WINDOWS\system32\drivers\mbam.sys - ok
19:13:20.0937 3944 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
19:13:20.0937 3944 C:\WINDOWS\system32\svchost.exe - ok
19:13:20.0953 3944 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
19:13:20.0953 3944 C:\WINDOWS\system32\ntmarta.dll - ok
19:13:20.0953 3944 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
19:13:20.0953 3944 C:\WINDOWS\system32\rpcss.dll - ok
19:13:20.0968 3944 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
19:13:20.0968 3944 C:\WINDOWS\system32\xpsp2res.dll - ok
19:13:20.0968 3944 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
19:13:20.0968 3944 C:\WINDOWS\system32\eventlog.dll - ok
19:13:20.0984 3944 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
19:13:20.0984 3944 C:\WINDOWS\system32\mswsock.dll - ok
19:13:20.0984 3944 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
19:13:20.0984 3944 C:\WINDOWS\system32\hnetcfg.dll - ok
19:13:21.0000 3944 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
19:13:21.0000 3944 C:\WINDOWS\system32\wshtcpip.dll - ok
19:13:21.0000 3944 [ 292F92469EFB2FD402E00742C06D539D ] C:\Program Files\Bonjour\mdnsNSP.dll
19:13:21.0000 3944 C:\Program Files\Bonjour\mdnsNSP.dll - ok
19:13:21.0015 3944 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
19:13:21.0015 3944 C:\WINDOWS\system32\winrnr.dll - ok
19:13:21.0015 3944 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
19:13:21.0015 3944 C:\WINDOWS\system32\rasadhlp.dll - ok
19:13:21.0031 3944 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
19:13:21.0031 3944 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
19:13:21.0031 3944 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
19:13:21.0031 3944 C:\WINDOWS\system32\dhcpcsvc.dll - ok
19:13:21.0046 3944 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
19:13:21.0046 3944 C:\WINDOWS\system32\dnsrslvr.dll - ok
19:13:21.0046 3944 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
19:13:21.0046 3944 C:\WINDOWS\system32\wzcsvc.dll - ok
19:13:21.0062 3944 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
19:13:21.0062 3944 C:\WINDOWS\system32\atl.dll - ok
19:13:21.0062 3944 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
19:13:21.0062 3944 C:\WINDOWS\system32\eapolqec.dll - ok
19:13:21.0078 3944 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
19:13:21.0078 3944 C:\WINDOWS\system32\qutil.dll - ok
19:13:21.0078 3944 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
19:13:21.0078 3944 C:\WINDOWS\system32\rtutils.dll - ok
19:13:21.0093 3944 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
19:13:21.0093 3944 C:\WINDOWS\system32\wmi.dll - ok
19:13:21.0093 3944 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
19:13:21.0093 3944 C:\WINDOWS\system32\dot3api.dll - ok
19:13:21.0109 3944 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
19:13:21.0109 3944 C:\WINDOWS\system32\esent.dll - ok
19:13:21.0109 3944 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
19:13:21.0109 3944 C:\WINDOWS\system32\clbcatq.dll - ok
19:13:21.0125 3944 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
19:13:21.0125 3944 C:\WINDOWS\system32\comres.dll - ok
19:13:21.0125 3944 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
19:13:21.0125 3944 C:\WINDOWS\system32\cryptui.dll - ok
19:13:21.0140 3944 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
19:13:21.0140 3944 C:\WINDOWS\system32\rastls.dll - ok
19:13:21.0140 3944 [ FF1C14BCA1A797CE45DD359FA2C9EDA8 ] C:\WINDOWS\system32\wininet.dll
19:13:21.0140 3944 C:\WINDOWS\system32\wininet.dll - ok
19:13:21.0156 3944 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
19:13:21.0156 3944 C:\WINDOWS\system32\normaliz.dll - ok
19:13:21.0156 3944 [ 9371862D37E8F0AF21E4DEA95E867C39 ] C:\WINDOWS\system32\urlmon.dll
19:13:21.0156 3944 C:\WINDOWS\system32\urlmon.dll - ok
19:13:21.0171 3944 [ 0579CC3B95EDD1CE664A35E016F3DD58 ] C:\WINDOWS\system32\iertutil.dll
19:13:21.0171 3944 C:\WINDOWS\system32\iertutil.dll - ok
19:13:21.0171 3944 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
19:13:21.0171 3944 C:\WINDOWS\system32\activeds.dll - ok
19:13:21.0187 3944 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
19:13:21.0187 3944 C:\WINDOWS\system32\mprapi.dll - ok
19:13:21.0187 3944 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
19:13:21.0187 3944 C:\WINDOWS\system32\adsldpc.dll - ok
19:13:21.0203 3944 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
19:13:21.0203 3944 C:\WINDOWS\system32\rasapi32.dll - ok
19:13:21.0203 3944 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
19:13:21.0203 3944 C:\WINDOWS\system32\rasman.dll - ok
19:13:21.0218 3944 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
19:13:21.0218 3944 C:\WINDOWS\system32\tapi32.dll - ok
19:13:21.0218 3944 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
19:13:21.0218 3944 C:\WINDOWS\system32\riched20.dll - ok
19:13:21.0234 3944 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
19:13:21.0234 3944 C:\WINDOWS\system32\raschap.dll - ok
19:13:21.0234 3944 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
19:13:21.0234 3944 C:\WINDOWS\system32\logonui.exe - ok
19:13:21.0250 3944 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
19:13:21.0250 3944 C:\WINDOWS\system32\cscdll.dll - ok
19:13:21.0250 3944 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] C:\WINDOWS\system32\drivers\aswmon2.sys
19:13:21.0250 3944 C:\WINDOWS\system32\drivers\aswmon2.sys - ok
19:13:21.0265 3944 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
19:13:21.0265 3944 C:\WINDOWS\system32\dimsntfy.dll - ok
19:13:21.0265 3944 [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
19:13:21.0265 3944 C:\WINDOWS\system32\drivers\fastfat.sys - ok
19:13:21.0281 3944 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
19:13:21.0281 3944 C:\WINDOWS\system32\duser.dll - ok
19:13:21.0281 3944 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
19:13:21.0281 3944 C:\WINDOWS\system32\wlnotify.dll - ok
19:13:21.0281 3944 [ 46856447F0EBF2F7B2473660B056B419 ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
19:13:21.0281 3944 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
19:13:21.0296 3944 [ 061E11A56CDCAB73188E216280C05D66 ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
19:13:21.0296 3944 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
19:13:21.0296 3944 [ 3C1EE2FFFCBEF877934EFDF3A5C3BCB1 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
19:13:21.0296 3944 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
19:13:21.0312 3944 [ 04AC21E821F259845BD7367CEE057290 ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:13:21.0312 3944 C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok
19:13:21.0312 3944 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
19:13:21.0312 3944 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
19:13:21.0328 3944 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
19:13:21.0328 3944 C:\WINDOWS\system32\winspool.drv - ok
19:13:21.0328 3944 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
19:13:21.0328 3944 C:\WINDOWS\system32\msimg32.dll - ok
19:13:21.0343 3944 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
19:13:21.0343 3944 C:\WINDOWS\system32\oleacc.dll - ok
19:13:21.0343 3944 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
19:13:21.0343 3944 C:\WINDOWS\system32\shgina.dll - ok
19:13:21.0359 3944 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
19:13:21.0359 3944 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
19:13:21.0359 3944 [ 1D716EB7BCC07F5B1EF442B13A5FDDFE ] C:\Program Files\AVAST Software\Avast\ashBase.dll
19:13:21.0359 3944 C:\Program Files\AVAST Software\Avast\ashBase.dll - ok
19:13:21.0375 3944 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
19:13:21.0375 3944 C:\WINDOWS\system32\wsock32.dll - ok
19:13:21.0375 3944 [ 42A6DC8B861EF5BD6AF8DC2CBD7DF321 ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
19:13:21.0375 3944 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
19:13:21.0390 3944 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
19:13:21.0390 3944 C:\WINDOWS\system32\dbghelp.dll - ok
19:13:21.0390 3944 [ 4CC47E4FEA86625FD5419D864E6A16D1 ] C:\Program Files\AVAST Software\Avast\1033\Base.dll
19:13:21.0390 3944 C:\Program Files\AVAST Software\Avast\1033\Base.dll - ok
19:13:21.0406 3944 [ 7E118D66ECACCF3299F732ED0F3CE467 ] C:\Program Files\AVAST Software\Avast\ashServ.dll
19:13:21.0406 3944 C:\Program Files\AVAST Software\Avast\ashServ.dll - ok
19:13:21.0406 3944 [ DEA2847BFCD2BCCE777C27DB47A69EB8 ] C:\Program Files\AVAST Software\Avast\ashTask.dll
19:13:21.0406 3944 C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
19:13:21.0421 3944 [ 2566C94919F8F46215E38F3357011EBF ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
19:13:21.0421 3944 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok
19:13:21.0421 3944 [ 3C1513365EFF8D185C5BB2BDEBBE5D3A ] C:\Program Files\AVAST Software\Avast\aswAux.dll
19:13:21.0437 3944 C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
19:13:21.0437 3944 [ 3079F9345ED39D0E9DA1D5E8CC407235 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
19:13:21.0437 3944 C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
19:13:21.0453 3944 [ 662E62F776A508CA4C997F7DA8007769 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
19:13:21.0453 3944 C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
19:13:21.0453 3944 [ 1D445E0FD43BE0F81C07DFFBF6AB92EC ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
19:13:21.0453 3944 C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
19:13:21.0468 3944 [ 3A2CF698443EAD2C14CF528B4F2A51A0 ] C:\Program Files\AVAST Software\Avast\Aavm4h.dll
19:13:21.0468 3944 C:\Program Files\AVAST Software\Avast\Aavm4h.dll - ok
19:13:21.0468 3944 [ C5DBD35CF4EB0CB8E72A7B6DA2EDEA51 ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
19:13:21.0468 3944 C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
19:13:21.0484 3944 [ 35BD2AABE21E86D760D4FB93225D8BB4 ] C:\Program Files\AVAST Software\Avast\aswIdle.dll
19:13:21.0484 3944 C:\Program Files\AVAST Software\Avast\aswIdle.dll - ok
19:13:21.0484 3944 [ 0F84219E9FC89D4FEC963F78E4983E0B ] C:\Program Files\AVAST Software\Avast\aswDld.dll
19:13:21.0484 3944 C:\Program Files\AVAST Software\Avast\aswDld.dll - ok
19:13:21.0500 3944 [ 3B3AD17FAAA838CC0368F0947B5D43DB ] C:\Program Files\AVAST Software\Avast\aswStrm.dll
19:13:21.0500 3944 C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok
19:13:21.0500 3944 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
19:13:21.0500 3944 C:\WINDOWS\system32\schedsvc.dll - ok
19:13:21.0500 3944 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
19:13:21.0500 3944 C:\WINDOWS\system32\msidle.dll - ok
19:13:21.0515 3944 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
19:13:21.0515 3944 C:\WINDOWS\system32\spoolsv.exe - ok
19:13:21.0515 3944 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
19:13:21.0515 3944 C:\WINDOWS\system32\audiosrv.dll - ok
19:13:21.0531 3944 [ 1869C1A8ABB6D3E0B7FA81EE4346DC14 ] C:\Program Files\AVAST Software\Avast\defs\12093001\aswEngin.dll
19:13:21.0531 3944 C:\Program Files\AVAST Software\Avast\defs\12093001\aswEngin.dll - ok
19:13:21.0531 3944 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
19:13:21.0531 3944 C:\WINDOWS\system32\wkssvc.dll - ok
19:13:21.0546 3944 [ 9AB833956EB46BA28FAE9611569AB921 ] C:\Program Files\AVAST Software\Avast\defs\12093001\aswCmnOS.dll
19:13:21.0546 3944 C:\Program Files\AVAST Software\Avast\defs\12093001\aswCmnOS.dll - ok
19:13:21.0546 3944 [ 2935740E9E6B71C6D28CDA78E2ECDABD ] C:\Program Files\AVAST Software\Avast\defs\12093001\aswCmnIS.dll
19:13:21.0546 3944 C:\Program Files\AVAST Software\Avast\defs\12093001\aswCmnIS.dll - ok
19:13:21.0562 3944 [ 16D72F62FBF97AFD0511BCFE4C732EA9 ] C:\Program Files\AVAST Software\Avast\defs\12093001\aswCmnBS.dll
19:13:21.0562 3944 C:\Program Files\AVAST Software\Avast\defs\12093001\aswCmnBS.dll - ok
19:13:21.0562 3944 [ 45551558282528DD5AD76606D51E6F09 ] C:\Program Files\AVAST Software\Avast\defs\12093001\aswScan.dll
19:13:21.0562 3944 C:\Program Files\AVAST Software\Avast\defs\12093001\aswScan.dll - ok
19:13:21.0578 3944 [ E2D37F405E21BE2534FF4A84F5032ECA ] C:\Program Files\AVAST Software\Avast\defs\12093001\aswRep.dll
19:13:21.0578 3944 C:\Program Files\AVAST Software\Avast\defs\12093001\aswRep.dll - ok
19:13:21.0578 3944 [ C71A884DD6F8CFFA87D70FB75857449C ] C:\Program Files\AVAST Software\Avast\defs\12093001\aswFiDb.dll
19:13:21.0578 3944 C:\Program Files\AVAST Software\Avast\defs\12093001\aswFiDb.dll - ok
19:13:21.0593 3944 [ D63A743C2EB3DB8216D4F8D82040266F ] C:\Program Files\AVAST Software\Avast\defs\12093001\algo.dll
19:13:21.0593 3944 C:\Program Files\AVAST Software\Avast\defs\12093001\algo.dll - ok
19:13:21.0593 3944 [ 9B1B3C9FC4011CB5A6C6423ABEEB3793 ] C:\Program Files\AVAST Software\Avast\Setup\setiface.dll
19:13:21.0593 3944 C:\Program Files\AVAST Software\Avast\Setup\setiface.dll - ok
19:13:21.0609 3944 [ 545DE96D552AEDCDE95D1C86BDC9B95B ] C:\Program Files\AVAST Software\Avast\AhResBhv.dll
19:13:21.0609 3944 C:\Program Files\AVAST Software\Avast\AhResBhv.dll - ok
19:13:21.0609 3944 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
19:13:21.0609 3944 C:\WINDOWS\system32\fltlib.dll - ok
19:13:21.0625 3944 [ D7BF4E050440CF0B7B2A2596F0F370F3 ] C:\Program Files\AVAST Software\Avast\AhResJs.dll
19:13:21.0625 3944 C:\Program Files\AVAST Software\Avast\AhResJs.dll - ok
19:13:21.0625 3944 [ 37DAD7CA011038616E067C8F62029FD0 ] C:\Program Files\AVAST Software\Avast\AhResMai.dll
19:13:21.0625 3944 C:\Program Files\AVAST Software\Avast\AhResMai.dll - ok
19:13:21.0640 3944 [ 8122EE05F327EF470670E2CDDFFEB929 ] C:\Program Files\AVAST Software\Avast\AhResMes.dll
19:13:21.0640 3944 C:\Program Files\AVAST Software\Avast\AhResMes.dll - ok
19:13:21.0640 3944 [ EFFA04908678EF527EA32B2E2EE6EC93 ] C:\Program Files\AVAST Software\Avast\AhResNS.dll
19:13:21.0640 3944 C:\Program Files\AVAST Software\Avast\AhResNS.dll - ok
19:13:21.0656 3944 [ A5905C582C88AE8D56834CE4A3627FD1 ] C:\Program Files\AVAST Software\Avast\AhResP2P.dll
19:13:21.0656 3944 C:\Program Files\AVAST Software\Avast\AhResP2P.dll - ok
19:13:21.0656 3944 [ 9207F1A1440EAF18BE0D0C1D487E4F02 ] C:\Program Files\AVAST Software\Avast\AhResStd.dll
19:13:21.0656 3944 C:\Program Files\AVAST Software\Avast\AhResStd.dll - ok
19:13:21.0671 3944 [ 4509D54DF9276534AC433F80E8392206 ] C:\Program Files\AVAST Software\Avast\AhResWS.dll
19:13:21.0671 3944 C:\Program Files\AVAST Software\Avast\AhResWS.dll - ok
19:13:21.0687 3944 [ 72A7C1EC4D3BF38CB115395AD721AE3C ] C:\Program Files\AVAST Software\Avast\defs\12093001\ArPot.dll
19:13:21.0687 3944 C:\Program Files\AVAST Software\Avast\defs\12093001\ArPot.dll - ok
19:13:21.0687 3944 [ 285AC1245590372A88B75144A8656A5F ] C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
19:13:21.0687 3944 C:\Program Files\AVAST Software\Avast\ashMaiSv.dll - ok
19:13:21.0703 3944 [ CFB3EEDF620E7F32464A3091BA76D5E8 ] C:\Program Files\AVAST Software\Avast\defs\12093001\exts.dll
19:13:21.0703 3944 C:\Program Files\AVAST Software\Avast\defs\12093001\exts.dll - ok
19:13:21.0703 3944 [ F787D427F7EB96FBA1E495600BB8CD30 ] C:\Program Files\AVAST Software\Avast\ashWebSv.dll
19:13:21.0703 3944 C:\Program Files\AVAST Software\Avast\ashWebSv.dll - ok
19:13:21.0718 3944 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
19:13:21.0718 3944 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
19:13:21.0718 3944 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
19:13:21.0718 3944 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
19:13:21.0718 3944 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
19:13:21.0734 3944 C:\WINDOWS\system32\security.dll - ok
19:13:21.0734 3944 [ 4130D86B0642EFCBB65AD6B2C9BD022E ] C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
19:13:21.0734 3944 C:\Program Files\AVAST Software\Avast\ashWsFtr.dll - ok
19:13:21.0734 3944 [ 87F664BF0B8728382D03B2126127DC98 ] C:\Program Files\AVAST Software\Avast\defs\12093001\aswAR.dll
19:13:21.0734 3944 C:\Program Files\AVAST Software\Avast\defs\12093001\aswAR.dll - ok
19:13:21.0750 3944 [ 0D0FA4434A9434641AB0A6332AC5560A ] C:\Program Files\AVAST Software\Avast\defs\12093001\aswRawFS.dll
19:13:21.0750 3944 C:\Program Files\AVAST Software\Avast\defs\12093001\aswRawFS.dll - ok
19:13:21.0750 3944 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
19:13:21.0750 3944 C:\WINDOWS\system32\drivers\parvdm.sys - ok
19:13:21.0765 3944 [ 3F56903E124E820AEECE6D471583C6C1 ] C:\Program Files\Bonjour\mDNSResponder.exe
19:13:21.0765 3944 C:\Program Files\Bonjour\mDNSResponder.exe - ok
19:13:21.0765 3944 [ 2B460CA1AC9A2249C92E54E39A8ACF42 ] C:\Program Files\AVAST Software\Avast\snxhk.dll
19:13:21.0765 3944 C:\Program Files\AVAST Software\Avast\snxhk.dll - ok
19:13:21.0781 3944 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
19:13:21.0781 3944 C:\WINDOWS\system32\cryptsvc.dll - ok
19:13:21.0781 3944 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
19:13:21.0781 3944 C:\WINDOWS\system32\certcli.dll - ok
19:13:21.0796 3944 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:13:21.0796 3944 C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - ok
19:13:21.0796 3944 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
19:13:21.0796 3944 C:\WINDOWS\system32\es.dll - ok
19:13:21.0812 3944 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
19:13:21.0812 3944 C:\WINDOWS\system32\ersvc.dll - ok
19:13:21.0812 3944 [ A12175F063302CD68F8FC6D572D7E5FD ] C:\Program Files\Java\jre7\bin\jqs.exe
19:13:21.0812 3944 C:\Program Files\Java\jre7\bin\jqs.exe - ok
19:13:21.0828 3944 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
19:13:21.0828 3944 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
19:13:21.0828 3944 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
19:13:21.0828 3944 C:\WINDOWS\system32\pdh.dll - ok
19:13:21.0843 3944 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
19:13:21.0843 3944 C:\WINDOWS\system32\odbcbcp.dll - ok
19:13:21.0843 3944 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
19:13:21.0843 3944 C:\WINDOWS\system32\perfos.dll - ok
19:13:21.0859 3944 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
19:13:21.0859 3944 C:\WINDOWS\system32\perfdisk.dll - ok
19:13:21.0859 3944 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
19:13:21.0859 3944 C:\WINDOWS\system32\netmsg.dll - ok
19:13:21.0875 3944 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
19:13:21.0875 3944 C:\WINDOWS\system32\srvsvc.dll - ok
19:13:21.0875 3944 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
19:13:21.0875 3944 C:\WINDOWS\system32\drivers\srv.sys - ok
19:13:21.0890 3944 [ 0DCF16B1449811EFA47AB52CAC84093C ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:13:21.0890 3944 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
19:13:21.0890 3944 [ 923BB61D913C37EAB1570F236CCDCE41 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
19:13:21.0890 3944 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
19:13:21.0906 3944 [ AEBDB652D9273AD61E10C5D8F51C86FB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
19:13:21.0906 3944 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
19:13:21.0906 3944 [ ECC911343337D8AEE839A14F205AA12A ] C:\WINDOWS\system32\kbdusx.dll
19:13:21.0906 3944 C:\WINDOWS\system32\kbdusx.dll - ok
19:13:21.0921 3944 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
19:13:21.0921 3944 C:\WINDOWS\system32\cscui.dll - ok
19:13:21.0921 3944 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
19:13:21.0921 3944 C:\WINDOWS\system32\powrprof.dll - ok
19:13:21.0937 3944 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\system32\dpcdll.dll
19:13:21.0937 3944 C:\WINDOWS\system32\dpcdll.dll - ok
19:13:21.0937 3944 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
19:13:21.0937 3944 C:\WINDOWS\system32\wdmaud.drv - ok
19:13:21.0953 3944 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
19:13:21.0953 3944 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
19:13:21.0953 3944 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
19:13:21.0953 3944 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
19:13:21.0968 3944 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
19:13:21.0968 3944 C:\WINDOWS\system32\drivers\splitter.sys - ok
19:13:21.0968 3944 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
19:13:21.0968 3944 C:\WINDOWS\system32\drivers\aec.sys - ok
19:13:21.0984 3944 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
19:13:21.0984 3944 C:\WINDOWS\system32\drivers\swmidi.sys - ok
19:13:21.0984 3944 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
19:13:21.0984 3944 C:\WINDOWS\system32\drivers\dmusic.sys - ok
19:13:22.0000 3944 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:13:22.0000 3944 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
19:13:22.0000 3944 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
19:13:22.0000 3944 C:\WINDOWS\system32\drivers\kmixer.sys - ok
19:13:22.0015 3944 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
19:13:22.0015 3944 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
19:13:22.0015 3944 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
19:13:22.0015 3944 C:\WINDOWS\system32\msacm32.drv - ok
19:13:22.0031 3944 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
19:13:22.0031 3944 C:\WINDOWS\system32\midimap.dll - ok
19:13:22.0031 3944 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
19:13:22.0031 3944 C:\WINDOWS\system32\userinit.exe - ok
19:13:22.0046 3944 [ 420E9BF21339F51B31DF4194D5A0E12E ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
19:13:22.0046 3944 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
19:13:22.0046 3944 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
19:13:22.0046 3944 C:\WINDOWS\explorer.exe - ok
19:13:22.0062 3944 [ 6A05110733966830F85BC2FE957C79EB ] C:\Documents and Settings\Bill Lima\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
19:13:22.0062 3944 C:\Documents and Settings\Bill Lima\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe - ok
19:13:22.0062 3944 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
19:13:22.0062 3944 C:\WINDOWS\system32\browseui.dll - ok
19:13:22.0078 3944 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
19:13:22.0078 3944 C:\WINDOWS\system32\shdocvw.dll - ok
19:13:22.0078 3944 [ D412AC27FE3C9F8BC19741DAC0E0329D ] C:\Program Files\real\RealUpgrade\realupgrade.exe
19:13:22.0078 3944 C:\Program Files\real\RealUpgrade\realupgrade.exe - ok
19:13:22.0093 3944 [ FB4125937B07247E236BDB49B91102BF ] C:\Program Files\Common Files\Motive\McciCMService.exe
19:13:22.0093 3944 C:\Program Files\Common Files\Motive\McciCMService.exe - ok
19:13:22.0093 3944 [ C98FAC19A0FFA2A65F2BD73FA2D9D693 ] C:\Program Files\AVAST Software\Avast\ashShell.dll
19:13:22.0093 3944 C:\Program Files\AVAST Software\Avast\ashShell.dll - ok
19:13:22.0109 3944 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
19:13:22.0109 3944 C:\WINDOWS\system32\msi.dll - ok
19:13:22.0109 3944 [ 12517C9BB249B072A3179C786A0DD32F ] C:\Program Files\real\RealUpgrade\Common\hxmedpltfm.dll
19:13:22.0109 3944 C:\Program Files\real\RealUpgrade\Common\hxmedpltfm.dll - ok
19:13:22.0125 3944 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
19:13:22.0125 3944 C:\WINDOWS\system32\desk.cpl - ok
19:13:22.0125 3944 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
19:13:22.0125 3944 C:\WINDOWS\system32\netman.dll - ok
19:13:22.0140 3944 [ B174DE0DE6C9AA8AFFD3B926653E625F ] C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
19:13:22.0140 3944 C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe - ok
19:13:22.0140 3944 [ 7D5A8BD7548FB8EE039F3F3B45B1FCC8 ] C:\Program Files\real\RealUpgrade\Plugins\upgrade.dll
19:13:22.0140 3944 C:\Program Files\real\RealUpgrade\Plugins\upgrade.dll - ok
19:13:22.0156 3944 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
19:13:22.0156 3944 C:\WINDOWS\system32\themeui.dll - ok
19:13:22.0156 3944 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
19:13:22.0156 3944 C:\WINDOWS\system32\netshell.dll - ok
19:13:22.0156 3944 [ E0D2F6BF46E6053193FAA3E294D657FF ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
19:13:22.0156 3944 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
19:13:22.0171 3944 [ 67AFE15B2959607B5D2A373516476209 ] C:\WINDOWS\system32\nvsvc32.exe
19:13:22.0171 3944 C:\WINDOWS\system32\nvsvc32.exe - ok
19:13:22.0187 3944 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
19:13:22.0187 3944 C:\WINDOWS\system32\ipsecsvc.dll - ok
19:13:22.0187 3944 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
19:13:22.0187 3944 C:\WINDOWS\system32\credui.dll - ok
19:13:22.0203 3944 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
19:13:22.0203 3944 C:\WINDOWS\system32\oakley.dll - ok
19:13:22.0203 3944 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
19:13:22.0203 3944 C:\WINDOWS\system32\winipsec.dll - ok
19:13:22.0218 3944 [ E8D7301384CDB7967F57247B87D3A108 ] C:\WINDOWS\system32\nvcpl.dll
19:13:22.0218 3944 C:\WINDOWS\system32\nvcpl.dll - ok
19:13:22.0218 3944 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
19:13:22.0218 3944 C:\WINDOWS\system32\dot3dlg.dll - ok
19:13:22.0234 3944 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
19:13:22.0234 3944 C:\WINDOWS\system32\pstorsvc.dll - ok
19:13:22.0234 3944 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
19:13:22.0234 3944 C:\WINDOWS\system32\wiaservc.dll - ok
19:13:22.0250 3944 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
19:13:22.0250 3944 C:\WINDOWS\system32\onex.dll - ok
19:13:22.0250 3944 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
19:13:22.0250 3944 C:\WINDOWS\system32\psbase.dll - ok
19:13:22.0265 3944 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
19:13:22.0265 3944 C:\WINDOWS\system32\dssenh.dll - ok
19:13:22.0265 3944 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
19:13:22.0265 3944 C:\WINDOWS\system32\eappcfg.dll - ok
19:13:22.0265 3944 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
19:13:22.0265 3944 C:\WINDOWS\system32\eappprxy.dll - ok
19:13:22.0281 3944 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
19:13:22.0281 3944 C:\WINDOWS\system32\cfgmgr32.dll - ok
19:13:22.0281 3944 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
19:13:22.0281 3944 C:\WINDOWS\system32\wzcsapi.dll - ok
19:13:22.0296 3944 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
19:13:22.0296 3944 C:\WINDOWS\system32\mscms.dll - ok
19:13:22.0296 3944 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
19:13:22.0296 3944 C:\WINDOWS\system32\actxprxy.dll - ok
19:13:22.0312 3944 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
19:13:22.0312 3944 C:\WINDOWS\system32\browser.dll - ok
19:13:22.0312 3944 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
19:13:22.0312 3944 C:\WINDOWS\system32\wuauserv.dll - ok
19:13:22.0328 3944 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
19:13:22.0328 3944 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
19:13:22.0328 3944 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
19:13:22.0328 3944 C:\WINDOWS\system32\vssapi.dll - ok
19:13:22.0343 3944 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
19:13:22.0343 3944 C:\WINDOWS\system32\wuaueng.dll - ok
19:13:22.0343 3944 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
19:13:22.0343 3944 C:\WINDOWS\system32\cabinet.dll - ok
19:13:22.0359 3944 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
19:13:22.0359 3944 C:\WINDOWS\system32\winhttp.dll - ok
19:13:22.0359 3944 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
19:13:22.0359 3944 C:\WINDOWS\system32\mspatcha.dll - ok
19:13:22.0375 3944 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
19:13:22.0375 3944 C:\WINDOWS\system32\srsvc.dll - ok
19:13:22.0375 3944 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
19:13:22.0375 3944 C:\WINDOWS\system32\cmd.exe - ok
19:13:22.0390 3944 [ D573DEB87CB2DF4E5116D2A4E284EAB4 ] C:\WINDOWS\system32\ieframe.dll
19:13:22.0390 3944 C:\WINDOWS\system32\ieframe.dll - ok
19:13:22.0390 3944 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
19:13:22.0390 3944 C:\WINDOWS\system32\sens.dll - ok
19:13:22.0406 3944 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
19:13:22.0406 3944 C:\WINDOWS\system32\seclogon.dll - ok
19:13:22.0406 3944 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
19:13:22.0406 3944 C:\WINDOWS\system32\wscsvc.dll - ok
19:13:22.0421 3944 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
19:13:22.0421 3944 C:\WINDOWS\system32\ipnathlp.dll - ok
19:13:22.0421 3944 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
19:13:22.0421 3944 C:\WINDOWS\system32\rundll32.exe - ok
19:13:22.0437 3944 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
19:13:22.0437 3944 C:\WINDOWS\system32\wups.dll - ok
19:13:22.0437 3944 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
19:13:22.0437 3944 C:\WINDOWS\system32\wups2.dll - ok
19:13:22.0453 3944 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
19:13:22.0453 3944 C:\WINDOWS\system32\comsvcs.dll - ok
19:13:22.0453 3944 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
19:13:22.0453 3944 C:\WINDOWS\system32\colbact.dll - ok
19:13:22.0468 3944 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
19:13:22.0468 3944 C:\WINDOWS\system32\mtxclu.dll - ok
19:13:22.0468 3944 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
19:13:22.0468 3944 C:\WINDOWS\system32\clusapi.dll - ok
19:13:22.0484 3944 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
19:13:22.0484 3944 C:\WINDOWS\system32\resutils.dll - ok
19:13:22.0484 3944 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
19:13:22.0484 3944 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
19:13:22.0500 3944 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
19:13:22.0500 3944 C:\WINDOWS\system32\wbem\esscli.dll - ok
19:13:22.0500 3944 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
19:13:22.0500 3944 C:\WINDOWS\system32\wbem\fastprox.dll - ok
19:13:22.0515 3944 [ 2B8B64AA14F817BDF3E3204FB041A61D ] C:\WINDOWS\system32\mtxoci.dll
19:13:22.0515 3944 C:\WINDOWS\system32\mtxoci.dll - ok
19:13:22.0515 3944 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
19:13:22.0515 3944 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
19:13:22.0531 3944 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
19:13:22.0531 3944 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
19:13:22.0531 3944 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
19:13:22.0531 3944 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
19:13:22.0546 3944 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
19:13:22.0546 3944 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
19:13:22.0546 3944 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
19:13:22.0546 3944 C:\WINDOWS\system32\wbem\wbemess.dll - ok
19:13:22.0562 3944 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
19:13:22.0562 3944 C:\WINDOWS\system32\wuapi.dll - ok
19:13:22.0562 3944 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
19:13:22.0562 3944 C:\WINDOWS\system32\wbem\ncprov.dll - ok
19:13:22.0578 3944 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
19:13:22.0578 3944 C:\WINDOWS\system32\wuauclt.exe - ok
19:13:22.0578 3944 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
19:13:22.0578 3944 C:\WINDOWS\system32\cryptnet.dll - ok
19:13:22.0593 3944 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
19:13:22.0593 3944 C:\WINDOWS\system32\sensapi.dll - ok
19:13:22.0593 3944 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
19:13:22.0593 3944 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
19:13:22.0609 3944 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
19:13:22.0609 3944 C:\WINDOWS\system32\termsrv.dll - ok
19:13:22.0609 3944 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
19:13:22.0609 3944 C:\WINDOWS\system32\icaapi.dll - ok
19:13:22.0625 3944 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
19:13:22.0625 3944 C:\WINDOWS\system32\mstlsapi.dll - ok
19:13:22.0625 3944 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
19:13:22.0625 3944 C:\WINDOWS\system32\tapisrv.dll - ok
19:13:22.0640 3944 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
19:13:22.0640 3944 C:\WINDOWS\system32\rasmans.dll - ok
19:13:22.0640 3944 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
19:13:22.0640 3944 C:\WINDOWS\system32\netcfgx.dll - ok
19:13:22.0656 3944 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
19:13:22.0656 3944 C:\WINDOWS\system32\rastapi.dll - ok
19:13:22.0656 3944 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
19:13:22.0656 3944 C:\WINDOWS\system32\unimdm.tsp - ok
19:13:22.0671 3944 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
19:13:22.0671 3944 C:\WINDOWS\system32\uniplat.dll - ok
19:13:22.0671 3944 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
19:13:22.0671 3944 C:\WINDOWS\system32\kmddsp.tsp - ok
19:13:22.0687 3944 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
19:13:22.0687 3944 C:\WINDOWS\system32\ndptsp.tsp - ok
19:13:22.0687 3944 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
19:13:22.0687 3944 C:\WINDOWS\system32\h323.tsp - ok
19:13:22.0703 3944 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
19:13:22.0703 3944 C:\WINDOWS\system32\ipconf.tsp - ok
19:13:22.0703 3944 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
19:13:22.0703 3944 C:\WINDOWS\system32\hidphone.tsp - ok
19:13:22.0718 3944 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
19:13:22.0718 3944 C:\WINDOWS\system32\hid.dll - ok
19:13:22.0718 3944 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
19:13:22.0718 3944 C:\WINDOWS\system32\rasppp.dll - ok
19:13:22.0734 3944 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
19:13:22.0734 3944 C:\WINDOWS\system32\ntlsapi.dll - ok
19:13:22.0734 3944 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
19:13:22.0734 3944 C:\WINDOWS\system32\rasqec.dll - ok
19:13:22.0750 3944 [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
19:13:22.0750 3944 C:\WINDOWS\system32\mstask.dll - ok
19:13:22.0750 3944 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
19:13:22.0750 3944 C:\WINDOWS\system32\spoolss.dll - ok
19:13:22.0765 3944 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
19:13:22.0765 3944 C:\WINDOWS\system32\localspl.dll - ok
19:13:22.0765 3944 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
19:13:22.0765 3944 C:\WINDOWS\system32\cnbjmon.dll - ok
19:13:22.0781 3944 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
19:13:22.0781 3944 C:\WINDOWS\system32\pjlmon.dll - ok
19:13:22.0781 3944 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
19:13:22.0781 3944 C:\WINDOWS\system32\tcpmon.dll - ok
19:13:22.0796 3944 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
19:13:22.0796 3944 C:\WINDOWS\system32\usbmon.dll - ok
19:13:22.0796 3944 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
19:13:22.0796 3944 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
19:13:22.0812 3944 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
19:13:22.0812 3944 C:\WINDOWS\system32\win32spl.dll - ok
19:13:22.0812 3944 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
19:13:22.0812 3944 C:\WINDOWS\system32\netrap.dll - ok
19:13:22.0828 3944 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
19:13:22.0828 3944 C:\WINDOWS\system32\inetpp.dll - ok
19:13:22.0828 3944 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
19:13:22.0828 3944 C:\WINDOWS\system32\alg.exe - ok
19:13:22.0843 3944 [ B47BC7138241E1B836384D5211AE34C8 ] C:\Program Files\AVAST Software\Avast\Setup\avast.setup
19:13:22.0843 3944 C:\Program Files\AVAST Software\Avast\Setup\avast.setup - ok
19:13:22.0843 3944 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
19:13:22.0843 3944 C:\WINDOWS\system32\oledlg.dll - ok
19:13:22.0859 3944 [ AFDCC326174D131C374766FEB946F496 ] C:\Program Files\Java\jre7\bin\awt.dll
19:13:22.0859 3944 C:\Program Files\Java\jre7\bin\awt.dll - ok
19:13:22.0859 3944 [ 47B5CF49EF651E9954231BA079A95058 ] C:\Program Files\Java\jre7\bin\client\jvm.dll
19:13:22.0859 3944 C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
19:13:22.0875 3944 [ 615F729DF8E1E7160445858C6D32C910 ] C:\Program Files\Java\jre7\bin\dcpr.dll
19:13:22.0875 3944 C:\Program Files\Java\jre7\bin\dcpr.dll - ok
19:13:22.0875 3944 [ 40D1D0A2569395D34A7CE070F99A5365 ] C:\Program Files\Java\jre7\bin\deploy.dll
19:13:22.0875 3944 C:\Program Files\Java\jre7\bin\deploy.dll - ok
19:13:22.0875 3944 [ DA443EC760094294B23EBDE1CB1FF213 ] C:\Program Files\Java\jre7\bin\fontmanager.dll
19:13:22.0875 3944 C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
19:13:22.0890 3944 [ 26F2B2669BBEEFA02DCC8052701D9563 ] C:\Program Files\Java\jre7\bin\java.dll
19:13:22.0890 3944 C:\Program Files\Java\jre7\bin\java.dll - ok
19:13:22.0890 3944 [ 9ED9F21D73F9D71E30EAB71835E656EB ] C:\DOCUME~1\BILLLI~1\LOCALS~1\temp\B60E4F1F-0531-4BB8-97C1-7BA57458B6EA.exe
19:13:22.0890 3944 C:\DOCUME~1\BILLLI~1\LOCALS~1\temp\B60E4F1F-0531-4BB8-97C1-7BA57458B6EA.exe - ok
19:13:22.0906 3944 [ 5BD255C0051A41738FCB67F3A0C68DCA ] C:\Program Files\Java\jre7\bin\javaw.exe
19:13:22.0906 3944 C:\Program Files\Java\jre7\bin\javaw.exe - ok
19:13:22.0906 3944 [ 8CB1564D5084BAA5B79A77CBC92621C5 ] C:\Program Files\Java\jre7\bin\jp2native.dll
19:13:22.0906 3944 C:\Program Files\Java\jre7\bin\jp2native.dll - ok
19:13:22.0921 3944 [ 9A85F6C0D35643AA02199C95ECCE2CF1 ] C:\Program Files\Java\jre7\bin\jpeg.dll
19:13:22.0921 3944 C:\Program Files\Java\jre7\bin\jpeg.dll - ok
19:13:22.0937 3944 [ 687A1BEA3FEF91B75F8CF46B0620C9D7 ] C:\Program Files\Java\jre7\bin\net.dll
19:13:22.0937 3944 C:\Program Files\Java\jre7\bin\net.dll - ok
19:13:22.0937 3944 [ 8C1D980BD50D81261B770B47C1553976 ] C:\Program Files\Java\jre7\bin\nio.dll
19:13:22.0937 3944 C:\Program Files\Java\jre7\bin\nio.dll - ok
19:13:22.0953 3944 [ 8CC69BCE988C0921CCFE7AFFEA394B17 ] C:\Program Files\Java\jre7\bin\verify.dll
19:13:22.0953 3944 C:\Program Files\Java\jre7\bin\verify.dll - ok
19:13:22.0953 3944 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
19:13:22.0953 3944 C:\WINDOWS\system32\msutb.dll - ok
19:13:22.0968 3944 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
19:13:22.0968 3944 C:\WINDOWS\system32\msctf.dll - ok
19:13:22.0968 3944 [ 2A65F096DFEFD5AF498A43CD53D53B0C ] C:\Program Files\Java\jre7\bin\zip.dll
19:13:22.0968 3944 C:\Program Files\Java\jre7\bin\zip.dll - ok
19:13:22.0984 3944 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
19:13:22.0984 3944 C:\WINDOWS\system32\linkinfo.dll - ok
19:13:22.0984 3944 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
19:13:22.0984 3944 C:\WINDOWS\system32\ntshrui.dll - ok
19:13:23.0000 3944 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
19:13:23.0000 3944 C:\WINDOWS\system32\verclsid.exe - ok
19:13:23.0000 3944 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
19:13:23.0000 3944 C:\WINDOWS\system32\upnp.dll - ok
19:13:23.0000 3944 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
19:13:23.0015 3944 C:\WINDOWS\system32\webcheck.dll - ok
19:13:23.0015 3944 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
19:13:23.0015 3944 C:\WINDOWS\system32\ssdpapi.dll - ok
19:13:23.0015 3944 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
19:13:23.0015 3944 C:\WINDOWS\system32\imapi.exe - ok
19:13:23.0031 3944 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
19:13:23.0031 3944 C:\WINDOWS\system32\mlang.dll - ok
19:13:23.0031 3944 [ FB1BC9A15A3DF6CFD446E1B3BD0B5099 ] C:\WINDOWS\soundman.exe
19:13:23.0031 3944 C:\WINDOWS\soundman.exe - ok
19:13:23.0046 3944 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
19:13:23.0046 3944 C:\WINDOWS\system32\stobject.dll - ok
19:13:23.0046 3944 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
19:13:23.0046 3944 C:\WINDOWS\system32\batmeter.dll - ok
19:13:23.0062 3944 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
19:13:23.0062 3944 C:\WINDOWS\system32\drivers\http.sys - ok
19:13:23.0062 3944 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
19:13:23.0062 3944 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
19:13:23.0078 3944 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
19:13:23.0078 3944 C:\WINDOWS\system32\mydocs.dll - ok
19:13:23.0078 3944 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
19:13:23.0078 3944 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
19:13:23.0093 3944 [ B8E421C0890356CD4A793D8A346D9096 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
19:13:23.0093 3944 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
19:13:23.0093 3944 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
19:13:23.0093 3944 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
19:13:23.0109 3944 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
19:13:23.0109 3944 C:\WINDOWS\system32\ssdpsrv.dll - ok
19:13:23.0109 3944 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
19:13:23.0109 3944 C:\WINDOWS\system32\rasdlg.dll - ok
19:13:23.0125 3944 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
19:13:23.0125 3944 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
19:13:23.0125 3944 [ BAD0D303EF0A519409C625738F3E10A3 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
19:13:23.0125 3944 C:\Program Files\AVAST Software\Avast\AvastUI.exe - ok
19:13:23.0140 3944 [ 390679F7A217A5E73D756276C40AE887 ] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
19:13:23.0140 3944 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - ok
19:13:23.0140 3944 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
19:13:23.0140 3944 C:\WINDOWS\system32\ctfmon.exe - ok
19:13:23.0156 3944 [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
19:13:23.0156 3944 C:\WINDOWS\system32\msisip.dll - ok
19:13:23.0156 3944 [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
19:13:23.0156 3944 C:\WINDOWS\system32\wshext.dll - ok
19:13:23.0171 3944 [ 7943A80F1A6FD37969AACD411B511F91 ] C:\WINDOWS\system32\WindowsPowerShell\v1.0\pwrshsip.dll
19:13:23.0171 3944 C:\WINDOWS\system32\WindowsPowerShell\v1.0\pwrshsip.dll - ok
19:13:23.0171 3944 [ E9AF8B12CFFC04C0F4399ED8E4D3826E ] C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
19:13:23.0171 3944 C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll - ok
19:13:23.0187 3944 [ C8841EF9357DD13468CDAFC28BFBC86F ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
19:13:23.0187 3944 C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
19:13:23.0187 3944 [ B70FA5FEA34B4F803E543F92B6C206BE ] C:\Program Files\Microsoft Office\Office\OSA9.EXE
19:13:23.0187 3944 C:\Program Files\Microsoft Office\Office\OSA9.EXE - ok
19:13:23.0203 3944 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
19:13:23.0203 3944 C:\WINDOWS\ime\sptip.dll - ok
19:13:23.0203 3944 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\91515585.sys
19:13:23.0203 3944 C:\WINDOWS\system32\drivers\91515585.sys - ok
19:13:23.0218 3944 [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx
19:13:23.0218 3944 C:\WINDOWS\system32\hhctrl.ocx - ok
19:13:23.0218 3944 [ 3EFC5664D175919524C858D16C064752 ] C:\Program Files\Microsoft Office\Office\MSO9.DLL
19:13:23.0218 3944 C:\Program Files\Microsoft Office\Office\MSO9.DLL - ok
19:13:23.0234 3944 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
19:13:23.0234 3944 C:\WINDOWS\system32\msxml3.dll - ok
19:13:23.0234 3944 [ 28F9344A4ADFE21D1BE8D05B2529DF4A ] C:\Program Files\AVAST Software\Avast\aswUtil.dll
19:13:23.0234 3944 C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok
19:13:23.0250 3944 [ AED6413A35DC43E2C0075ABE7515C3F1 ] C:\WINDOWS\system32\jsproxy.dll
19:13:23.0250 3944 C:\WINDOWS\system32\jsproxy.dll - ok
19:13:23.0250 3944 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
19:13:23.0250 3944 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll - ok
19:13:23.0265 3944 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
19:13:23.0265 3944 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll - ok
19:13:23.0265 3944 [ D77B93504CAFE32D9051A241BDC21B33 ] C:\Program Files\AVAST Software\Avast\aswAra.dll
19:13:23.0265 3944 C:\Program Files\AVAST Software\Avast\aswAra.dll - ok
19:13:23.0281 3944 [ A4865DD58110A6455921D9B4F2D6D991 ] C:\Program Files\AVAST Software\Avast\aswData.dll
19:13:23.0281 3944 C:\Program Files\AVAST Software\Avast\aswData.dll - ok
19:13:23.0281 3944 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
19:13:23.0281 3944 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
19:13:23.0296 3944 [ 6DBFCD6270BC91EAEE1CCDFCB02E4378 ] C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll
19:13:23.0296 3944 C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll - ok
19:13:23.0296 3944 [ C678F64DC988A4AACECDDB459FDB7A25 ] C:\Program Files\AVAST Software\Avast\CommonRes.dll
19:13:23.0296 3944 C:\Program Files\AVAST Software\Avast\CommonRes.dll - ok
19:13:23.0312 3944 [ 263C2D26D30A60588774727A7E6B1088 ] C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_278.ocx
19:13:23.0312 3944 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_278.ocx - ok
19:13:23.0312 3944 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
19:13:23.0312 3944 C:\WINDOWS\system32\dsound.dll - ok
19:13:23.0328 3944 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
19:13:23.0328 3944 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
19:13:23.0328 3944 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
19:13:23.0328 3944 C:\WINDOWS\system32\wbem\framedyn.dll - ok
19:13:23.0343 3944 [ 695106DF3C15A9EA30069CCECEEC2B66 ] C:\Program Files\AVAST Software\Avast\defs\12093001\uiext.dll
19:13:23.0343 3944 C:\Program Files\AVAST Software\Avast\defs\12093001\uiext.dll - ok
19:13:23.0343 3944 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
19:13:23.0343 3944 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
19:13:23.0359 3944 [ AD1EA59C74D873AC22FB839B8E3E97F7 ] C:\Program Files\Spybot - Search & Destroy\advcheck.dll
19:13:23.0359 3944 C:\Program Files\Spybot - Search & Destroy\advcheck.dll - ok
19:13:23.0359 3944 [ 9C376F42BDE37F18D0A39AF7415D9BE6 ] C:\Program Files\Mozilla Firefox\firefox.exe
19:13:23.0359 3944 C:\Program Files\Mozilla Firefox\firefox.exe - ok
19:13:23.0375 3944 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Mozilla Firefox\msvcr100.dll
19:13:23.0375 3944 C:\Program Files\Mozilla Firefox\msvcr100.dll - ok
19:13:23.0375 3944 [ 730D87DF83F82967DA6EA893263E0D16 ] C:\Program Files\Mozilla Firefox\mozglue.dll
19:13:23.0375 3944 C:\Program Files\Mozilla Firefox\mozglue.dll - ok
19:13:23.0390 3944 [ 5C94FF7FABE1A23C9EF651D89C1FBDED ] C:\Program Files\Mozilla Firefox\nspr4.dll
19:13:23.0390 3944 C:\Program Files\Mozilla Firefox\nspr4.dll - ok
19:13:23.0390 3944 [ 21FA8728B0E6D2D00063987BBC7C33E9 ] C:\Program Files\Mozilla Firefox\plc4.dll
19:13:23.0390 3944 C:\Program Files\Mozilla Firefox\plc4.dll - ok
19:13:23.0406 3944 [ 32510F1FA8D3327BE3B29DBC4B01B3CB ] C:\Program Files\Mozilla Firefox\mozalloc.dll
19:13:23.0406 3944 C:\Program Files\Mozilla Firefox\mozalloc.dll - ok
19:13:23.0406 3944 [ 4EE96E9788C2C74353315DB612253D03 ] C:\Program Files\Mozilla Firefox\plds4.dll
19:13:23.0406 3944 C:\Program Files\Mozilla Firefox\plds4.dll - ok
19:13:23.0421 3944 [ E013596DCCEC82B05B166523B91265AD ] C:\Program Files\Mozilla Firefox\mozsqlite3.dll
19:13:23.0421 3944 C:\Program Files\Mozilla Firefox\mozsqlite3.dll - ok
19:13:23.0421 3944 [ 8B0FAFC68CB2674CFAF7B9E70464FDBB ] C:\Program Files\Mozilla Firefox\nssutil3.dll
19:13:23.0421 3944 C:\Program Files\Mozilla Firefox\nssutil3.dll - ok
19:13:23.0437 3944 [ 84EAABD444291C9E6A845AF2A1CE1523 ] C:\Program Files\Mozilla Firefox\softokn3.dll
19:13:23.0437 3944 C:\Program Files\Mozilla Firefox\softokn3.dll - ok
19:13:23.0437 3944 [ 49AD92A2247654C4A2A95081ACE07B93 ] C:\Program Files\Mozilla Firefox\nss3.dll
19:13:23.0437 3944 C:\Program Files\Mozilla Firefox\nss3.dll - ok
19:13:23.0453 3944 [ A586CAB4FB1DE3872C2D6E153E961D3B ] C:\Program Files\Mozilla Firefox\ssl3.dll
19:13:23.0453 3944 C:\Program Files\Mozilla Firefox\ssl3.dll - ok
19:13:23.0453 3944 [ D5E323543C0A1A9FEBC324519EFE2EC8 ] C:\Program Files\Mozilla Firefox\smime3.dll
19:13:23.0453 3944 C:\Program Files\Mozilla Firefox\smime3.dll - ok
19:13:23.0468 3944 [ 4B70B15F477972E0189BE25F4573DB80 ] C:\Program Files\Mozilla Firefox\mozjs.dll
19:13:23.0468 3944 C:\Program Files\Mozilla Firefox\mozjs.dll - ok
19:13:23.0468 3944 [ C97002A83722AD37A37A35CDE3FF3FFA ] C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
19:13:23.0468 3944 C:\Program Files\AVAST Software\Avast\aswJsFlt.dll - ok
19:13:23.0484 3944 [ 03E9314004F504A14A61C3D364B62F66 ] C:\Program Files\Mozilla Firefox\msvcp100.dll
19:13:23.0484 3944 C:\Program Files\Mozilla Firefox\msvcp100.dll - ok
19:13:23.0484 3944 [ F18042C3223D6AAAF30346506463516E ] C:\Program Files\Mozilla Firefox\xul.dll
19:13:23.0484 3944 C:\Program Files\Mozilla Firefox\xul.dll - ok
19:13:23.0500 3944 [ 4AB72BB5D7FE5163D3AF85050351EDCB ] C:\Program Files\Mozilla Firefox\gkmedias.dll
19:13:23.0500 3944 C:\Program Files\Mozilla Firefox\gkmedias.dll - ok
19:13:23.0500 3944 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
19:13:23.0500 3944 C:\WINDOWS\system32\usp10.dll - ok
19:13:23.0515 3944 [ CD4B4E5652377E441688377D300E62A8 ] C:\Program Files\Mozilla Firefox\xpcom.dll
19:13:23.0515 3944 C:\Program Files\Mozilla Firefox\xpcom.dll - ok
19:13:23.0515 3944 [ FCFCADA2B35D0599DC485F06DED21788 ] C:\Program Files\Mozilla Firefox\components\browsercomps.dll
19:13:23.0515 3944 C:\Program Files\Mozilla Firefox\components\browsercomps.dll - ok
19:13:23.0531 3944 [ C3200506FB212A0F4FB736A80E646C40 ] C:\WINDOWS\system32\lz32.dll
19:13:23.0531 3944 C:\WINDOWS\system32\lz32.dll - ok
19:13:23.0531 3944 [ D0049860B63DD87A73A5D165C829C65F ] C:\WINDOWS\system32\t2embed.dll
19:13:23.0531 3944 C:\WINDOWS\system32\t2embed.dll - ok
19:13:23.0546 3944 [ DD31BE71EBBF9BB9342AA8811956C2F0 ] C:\Program Files\Mozilla Firefox\nssdbm3.dll
19:13:23.0546 3944 C:\Program Files\Mozilla Firefox\nssdbm3.dll - ok
19:13:23.0546 3944 [ AF68099C841EE4BE1C19458D41664A77 ] C:\Program Files\Mozilla Firefox\freebl3.dll
19:13:23.0546 3944 C:\Program Files\Mozilla Firefox\freebl3.dll - ok
19:13:23.0562 3944 [ 6B77AC593EEFE2D7E855CA691F4A5C84 ] C:\Program Files\Mozilla Firefox\nssckbi.dll
19:13:23.0562 3944 C:\Program Files\Mozilla Firefox\nssckbi.dll - ok
19:13:23.0562 3944 [ 303A63F4B913AA5D8998161CB77A8CE7 ] C:\WINDOWS\system32\feclient.dll
19:13:23.0562 3944 C:\WINDOWS\system32\feclient.dll - ok
19:13:23.0578 3944 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
19:13:23.0578 3944 C:\WINDOWS\system32\drprov.dll - ok
19:13:23.0578 3944 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
19:13:23.0578 3944 C:\WINDOWS\system32\ntlanman.dll - ok
19:13:23.0593 3944 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
19:13:23.0593 3944 C:\WINDOWS\system32\netui0.dll - ok
19:13:23.0593 3944 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
19:13:23.0593 3944 C:\WINDOWS\system32\netui1.dll - ok
19:13:23.0609 3944 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
19:13:23.0609 3944 C:\WINDOWS\system32\davclnt.dll - ok
19:13:23.0609 3944 ============================================================
19:13:23.0609 3944 Scan finished
19:13:23.0609 3944 ============================================================
19:13:23.0718 3932 Detected object count: 12
19:13:23.0718 3932 Actual detected object count: 12
19:14:43.0218 3932 Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0218 3932 Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0218 3932 DfuUsb ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0218 3932 DfuUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0218 3932 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0218 3932 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0218 3932 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0218 3932 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0218 3932 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0218 3932 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0218 3932 nv ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0218 3932 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0218 3932 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0218 3932 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0218 3932 US122 ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0218 3932 US122 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0234 3932 US122DL ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0234 3932 US122DL ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0234 3932 Us122WdmService ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0234 3932 Us122WdmService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0234 3932 vulfnths ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0234 3932 vulfnths ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0234 3932 vulfntrs ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0234 3932 vulfntrs ( UnsignedFile.Multi.Generic ) - User select action: Skip

Thanks!!

Bill

Edited by billgtr, 30 September 2012 - 08:20 PM.

#10
emeraldnzl

Posted 30 September 2012 - 09:53 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello billgtr,

No action required there.

Moving along

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal.
ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

After that

Close all windows and open OTL again.
Click Run Scan and let the program run uninterrupted
It will produce a log for you. Post the log here.

Note: If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

When you return please post
ComboFix.txt
OTL.txt

#11
billgtr

Posted 01 October 2012 - 06:54 PM

Member

Topic Starter
Member
13 posts

Sorry for the delay. Here's the Combo fix log:

ComboFix 12-09-30.03 - Bill Lima 10/01/2012 7:19.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1352 [GMT -7:00]
Running from: c:\documents and settings\Bill Lima\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
.
.
2012-09-30 22:38 . 2012-09-30 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-30 22:38 . 2012-09-08 00:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-30 02:11 . 2012-09-30 02:11 -------- d-----w- C:\_OTL
2012-09-29 19:40 . 2012-09-29 19:40 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-09-28 14:16 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-28 14:16 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-28 14:16 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-28 14:16 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-28 14:16 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-28 14:16 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-09-28 14:16 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-09-28 14:16 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-09-28 14:16 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-28 14:16 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-28 14:15 . 2012-09-28 14:15 -------- d-----w- c:\program files\AVAST Software
2012-09-28 14:15 . 2012-09-28 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-09-28 03:01 . 2012-09-28 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-09-28 01:15 . 2012-09-28 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-09-28 01:15 . 2012-09-28 01:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-20 01:01 . 2012-09-29 20:56 -------- d-----w- c:\documents and settings\Bill Lima\Application Data\REAPER
2012-09-20 01:01 . 2012-09-20 01:01 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2012-09-20 01:01 . 2012-09-20 01:01 -------- d-----w- c:\program files\REAPER
2012-09-18 14:26 . 2012-09-18 14:26 -------- d-----w- c:\program files\US122_Install
2012-09-10 03:18 . 2012-09-20 02:40 102400 ----a-w- c:\windows\RegBootClean.exe
2012-09-09 21:54 . 2012-09-10 02:40 -------- d-----w- c:\program files\Common Files\Java
2012-09-09 21:54 . 2012-09-09 21:54 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-09 21:30 . 2012-09-09 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-09-06 01:37 . 2012-09-06 01:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-06 01:22 . 2012-09-06 01:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ad-Aware Antivirus
2012-09-06 01:22 . 2012-09-06 01:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-09-06 01:01 . 2012-09-06 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\6F63A58823D761060000D6037B07D329
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 00:14 . 2012-04-13 13:54 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 00:14 . 2011-10-06 00:38 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-09 21:53 . 2012-06-10 22:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-09 21:53 . 2011-07-16 09:57 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-09 21:53 . 2008-04-08 12:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14 . 2006-06-23 19:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-07-06 13:58 . 2003-03-31 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-03-19 06:24 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-10 03:34 . 2012-06-27 01:02 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-16 7110656]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-01 02:07 135664 ----atw- c:\documents and settings\Bill Lima\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2011-11-23 18:21 6856528 ----a-w- c:\documents and settings\Bill Lima\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-28 02:18 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\nvsvc32.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Bill Lima\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [3/19/2008 6:20 PM 11264]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/28/2012 7:16 AM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/28/2012 7:16 AM 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/28/2012 7:16 AM 21256]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/30/2012 3:38 PM 399432]
R3 ipgd;ASUS NX1101 Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\ipgdnd51.sys [7/1/2011 2:11 PM 33408]
R3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [7/30/2004 11:49 AM 217472]
R3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [7/30/2004 11:49 AM 86648]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/30/2012 3:38 PM 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/13/2012 6:54 AM 250288]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [11/27/2001 3:46 PM 10880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/30/2012 3:38 PM 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/18/2012 6:04 PM 114144]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [7/30/2004 12:02 PM 17277]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17183617
*NewlyCreated* - 67742217
*Deregistered* - 17183617
*Deregistered* - 67742217
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 00:14]
.
2012-10-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-28 09:12]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1715567821-839522115-1004Core.job
- c:\documents and settings\Bill Lima\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-01 02:07]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1715567821-839522115-1004UA.job
- c:\documents and settings\Bill Lima\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-01 02:07]
.
2012-10-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1715567821-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-10-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1715567821-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-10-01 c:\windows\Tasks\ReclaimerUpdateFiles_Bill Lima.job
- c:\documents and settings\Bill Lima\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-27 02:24]
.
2012-10-01 c:\windows\Tasks\ReclaimerUpdateXML_Bill Lima.job
- c:\documents and settings\Bill Lima\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-27 02:24]
.
2012-10-01 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Bill Lima.job
- c:\documents and settings\Bill Lima\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-27 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
FF - ProfilePath - c:\documents and settings\Bill Lima\Application Data\Mozilla\Firefox\Profiles\rlms1erm.default\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-TPSvc - TPSvc.dll
SafeBoot-17183617.sys
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-01 07:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3668)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-10-01 07:26:08
ComboFix-quarantined-files.txt 2012-10-01 14:26
.
Pre-Run: 15,459,270,656 bytes free
Post-Run: 15,415,140,352 bytes free
.
- - End Of File - - C9787D266700E72F0AABDB485F74E351

And here's the new OTL log

OTL logfile created on: 10/1/2012 5:49:14 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bill Lima\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 78.28% Memory free
3.85 Gb Paging File | 3.61 Gb Available in Paging File | 93.87% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.16 Gb Total Space | 14.30 Gb Free Space | 37.46% Space Free | Partition Type: NTFS
Drive D: | 115.22 Gb Total Space | 62.94 Gb Free Space | 54.63% Space Free | Partition Type: NTFS
Drive F: | 7.20 Gb Total Space | 3.93 Gb Free Space | 54.59% Space Free | Partition Type: FAT32
Drive H: | 1.84 Gb Total Space | 1.48 Gb Free Space | 80.34% Space Free | Partition Type: FAT

Computer Name: BILL | User Name: Bill Lima | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/30 12:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill Lima\Desktop\OTL.exe
PRC - [2012/09/09 14:53:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/21 02:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 06:42:52 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/01 14:20:34 | 001,813,504 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12100101\algo.dll
MOD - [2012/10/01 00:10:22 | 001,813,504 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12100100\algo.dll
MOD - [2012/09/30 12:34:15 | 001,813,504 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12093001\algo.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/20 17:14:33 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/09 20:34:45 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/09 14:53:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_USR.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\USR_BSC2.sys -- (HSFHWBS2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\USR_MDMV.sys -- (HSF_DPV)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\BILLLI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/21 02:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 02:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 02:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 02:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 02:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 02:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 02:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/09/19 08:28:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/09/19 08:28:43 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/11/08 13:51:54 | 000,010,880 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DFUUsb.sys -- (DfuUsb)
DRV - [2007/07/31 19:30:12 | 000,096,384 | R--- | M] (TRENDnet ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TE100XP.sys -- (RTL8023xp)
DRV - [2007/07/13 11:44:22 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2007/01/25 17:37:16 | 004,027,456 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2006/11/13 20:31:44 | 000,033,408 | R--- | M] (ASUSTeK Computer Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipgdnd51.sys -- (ipgd)
DRV - [2006/01/25 01:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2004/07/30 12:02:54 | 000,017,277 | ---- | M] (Frontier Design Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\US122DL.sys -- (US122DL)
DRV - [2004/07/30 11:49:30 | 000,086,648 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\US122Wdm.sys -- (Us122WdmService)
DRV - [2004/07/30 11:49:10 | 000,217,472 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\US122.sys -- (US122)
DRV - [2002/04/17 21:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {A66ADB57-3D67-4A44-8586-5FC55C14A2BD}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{A66ADB57-3D67-4A44-8586-5FC55C14A2BD}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/27 19:18:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/27 19:18:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/28 07:16:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 20:34:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/09 14:53:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{47861E1B-D351-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\Bill Lima\Local Settings\Application Data\{47861E1B-D351-11E1-8270-B8AC6F996F26}\ [2012/07/21 09:29:50 | 000,000,000 | ---D | M]

[2011/12/03 12:13:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill Lima\Application Data\Mozilla\Extensions
[2010/01/15 20:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill Lima\Application Data\Mozilla\Extensions\[email protected]
[2012/09/29 12:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill Lima\Application Data\Mozilla\Firefox\Profiles\rlms1erm.default\extensions
[2012/08/31 16:29:28 | 001,625,368 | ---- | M] () (No name found) -- C:\Documents and Settings\Bill Lima\Application Data\Mozilla\Firefox\Profiles\rlms1erm.default\extensions\[email protected]
[2012/06/26 18:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/21 09:29:50 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\BILL LIMA\LOCAL SETTINGS\APPLICATION DATA\{47861E1B-D351-11E1-8270-B8AC6F996F26}
[2012/09/09 20:34:45 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 20:47:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/30 20:47:30 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: about:blank
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Bill Lima\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/30 12:16:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F098974-AE8D-4AC5-A85D-8E20C03B3AF2}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A27D462E-7DCC-419F-BAD8-F9F98C8E0C78}: DhcpNameServer = 192.168.0.1 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/18 23:27:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/10 23:43:07 | 000,126,077 | ---- | M] () - D:\Autosave Copy of (Untitled).cwp -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/01 07:18:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/01 07:18:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/01 07:18:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/01 07:18:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/01 07:18:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/01 07:15:20 | 004,759,381 | R--- | C] (Swearware) -- C:\Documents and Settings\Bill Lima\Desktop\ComboFix.exe
[2012/09/30 19:08:24 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bill Lima\Desktop\tdsskiller.exe
[2012/09/30 15:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/30 15:38:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/30 15:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/30 12:15:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill Lima\Desktop\OTL.exe
[2012/09/29 19:11:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/29 15:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Lima\My Documents\case
[2012/09/29 12:40:55 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/09/28 07:16:59 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/09/28 07:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/09/28 07:16:58 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/09/28 07:16:46 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/09/28 07:16:46 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/09/28 07:16:45 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/09/28 07:16:44 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/09/28 07:16:44 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/09/28 07:16:44 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/09/28 07:16:16 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/09/28 07:16:14 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/09/28 07:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/28 07:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/27 20:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2012/09/27 18:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/27 18:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/09/27 18:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/09/27 07:42:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/09/27 07:28:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bill Lima\Recent
[2012/09/19 18:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Lima\My Documents\REAPER Media
[2012/09/19 18:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Lima\Application Data\REAPER
[2012/09/19 18:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\REAPER
[2012/09/19 18:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software
[2012/09/19 18:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\REAPER
[2012/09/18 07:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\US122_Install
[2012/09/18 07:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Lima\Start Menu\Programs\US-122
[2012/09/09 14:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/09 14:54:14 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/09 14:54:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/09 14:54:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/09 14:54:11 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/09 14:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/09/05 18:37:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/05 18:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\6F63A58823D761060000D6037B07D329
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/01 17:23:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1715567821-839522115-1004UA.job
[2012/10/01 17:14:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/01 07:16:05 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/01 07:15:35 | 004,759,381 | R--- | M] (Swearware) -- C:\Documents and Settings\Bill Lima\Desktop\ComboFix.exe
[2012/10/01 04:23:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1715567821-839522115-1004Core.job
[2012/09/30 22:29:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Bill Lima.job
[2012/09/30 20:31:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Bill Lima.job
[2012/09/30 20:03:32 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/30 19:11:34 | 000,029,239 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/09/30 19:11:05 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1715567821-839522115-1004.job
[2012/09/30 19:11:04 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1715567821-839522115-1004.job
[2012/09/30 19:10:46 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Bill Lima.job
[2012/09/30 19:10:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/30 19:08:32 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bill Lima\Desktop\tdsskiller.exe
[2012/09/30 15:38:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/30 12:16:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/09/30 12:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill Lima\Desktop\OTL.exe
[2012/09/29 19:27:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Bill Lima\Desktop\MBR.dat
[2012/09/29 19:14:24 | 000,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/29 19:11:02 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Bill Lima\Desktop\Shortcut to aswMBR.exe.lnk
[2012/09/29 12:40:33 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/09/29 12:39:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/28 07:16:59 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/09/28 07:16:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/27 18:15:14 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Bill Lima\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/09/27 18:15:14 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Bill Lima\Desktop\Spybot - Search & Destroy.lnk
[2012/09/27 07:42:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120927-191443.backup
[2012/09/26 02:27:54 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Bill Lima\Desktop\Google Chrome.lnk
[2012/09/26 02:27:54 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\Bill Lima\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/20 17:14:32 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/20 17:14:32 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/19 19:40:46 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2012/09/19 18:01:15 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\REAPER.lnk
[2012/09/16 17:06:37 | 001,153,839 | ---- | M] () -- C:\Documents and Settings\Bill Lima\My Documents\rct.mp3
[2012/09/10 18:11:15 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Bill Lima\Desktop\Shortcut to attk_far_gui_x86(1).exe.lnk
[2012/09/09 19:45:33 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bill Lima\Local Settings\Application Data\housecall.guid.cache
[2012/09/09 14:54:00 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/09 14:53:59 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/09/09 14:53:59 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/09/09 14:53:59 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/09 14:53:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/09 14:53:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/09 14:53:59 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/01 07:18:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/01 07:18:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/01 07:18:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/01 07:18:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/01 07:18:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/30 15:38:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/29 19:27:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Bill Lima\Desktop\MBR.dat
[2012/09/29 19:11:02 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\Bill Lima\Desktop\Shortcut to aswMBR.exe.lnk
[2012/09/28 07:16:59 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/09/28 07:16:45 | 000,000,322 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/27 18:15:14 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Bill Lima\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/09/27 18:15:14 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Bill Lima\Desktop\Spybot - Search & Destroy.lnk
[2012/09/26 22:25:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Bill Lima.job
[2012/09/26 22:25:00 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Bill Lima.job
[2012/09/26 22:25:00 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Bill Lima.job
[2012/09/19 18:01:15 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\REAPER.lnk
[2012/09/16 17:06:29 | 001,153,839 | ---- | C] () -- C:\Documents and Settings\Bill Lima\My Documents\rct.mp3
[2012/09/10 18:11:15 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Bill Lima\Desktop\Shortcut to attk_far_gui_x86(1).exe.lnk
[2012/09/09 20:18:31 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/09/09 19:45:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bill Lima\Local Settings\Application Data\housecall.guid.cache
[2012/09/05 19:02:14 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1715567821-839522115-1004.job
[2012/02/14 23:56:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/02 07:11:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/02 07:11:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2008/04/26 03:27:57 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\Bill Lima\Application Data\AVSDVDPlayer.m3u
[2008/03/22 16:52:47 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Bill Lima\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/03/19 03:00:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Thanks again :thumbsup:

#12
emeraldnzl

Posted 01 October 2012 - 07:05 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again billgtr,

When you come back please tell me how your computer is now.

Meantime

Please download Security Check by screen317 from here .

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#13
billgtr

Posted 01 October 2012 - 07:08 PM

Member

Topic Starter
Member
13 posts

Hi emeraldnzl

My browser is still being re-directed

I will run Security Check and come back with the log soon.

Thank you!!

Bill

EDIT: Only Firefox is still being redirected, Chrome and IE seem fine.

Edited by billgtr, 01 October 2012 - 07:14 PM.

#14
billgtr

Posted 01 October 2012 - 07:10 PM

Member

Topic Starter
Member
13 posts

well that was quick :lol:

here's the security check log:

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
JavaFX 2.1.0
Java™ 6 Update 29
Java 7 Update 7
Adobe Flash Player 11.4.402.265
Adobe Reader X 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````