Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't sign in hotmail, gmail, ebay, twitter... [Solved]

Started by shannibutterfly , Jan 02 2013 08:34 PM

  • This topic is locked This topic is locked

#1
shannibutterfly
Posted 02 January 2013 - 08:34 PM

shannibutterfly

    Member

  • Member
  • PipPip
  • 14 posts
I recently got a nasty virus on my computer, now I can't sign in anything. It told me the passwords were incorrect and I couldn't even reset my passwords.

At work today I managed to change all my passwords with my Ipod. Then I came back home and it's still doing the same thing.

When I try to log in Hotmail, it just keeps going back to the log in page, and it won't let me log in.

Twitter keeps telling me "Something is technically wrong."

My Gmail says "Your browser's cookie functionality is turned off. Please turn it on. [?]"

My Ebay says "Your web browser settings are blocking cookies."

But I'm sure my cookies are turned on...what's happening, how do I fix this? :(
My Facebook and Yahoo mail are the only things that weren't affected.
  • 0

Advertisements

#2
shannibutterfly
Posted 03 January 2013 - 07:13 PM

shannibutterfly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Forgot to mention, I did disc clean-ups, used CCleaner, deleted my cache history and cookies, deleted my temp folder, and I even went into my Mozilla folder and deleted my cookies from there.
  • 0

#3
maliprog
Posted 04 January 2013 - 02:10 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello shannibutterfly and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Let make sure that you have all setting right

  • Start Firefox and click Tools from menu
  • Click Privacy tab
  • Set Firefox will: drop down option to Use custom setting for history
  • Make sure to enable (check) Accept cookies from sites and Accept third party cookies
  • Now click Exceptions... button
  • If you see any of this sites your are trying to access in this list remove them from there by selecting site and clicking Remove site button
  • Click OK button to save changes and exit dialog box.
  • Close Firefox

Step 2

  • Open Control Panel
  • Double click Internet Options
  • Click on Privacy tab
  • Set security level slider to Medium
  • Click Sites button
  • If you see any of this sites your are trying to access in this list remove them from there by selecting site and clicking Remove button
  • Click OK button to save changes and exit dialog box.

After this start your Firefox again and try to login to your accounts.

Step 3

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 4

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 5

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#4
shannibutterfly
Posted 04 January 2013 - 06:20 PM

shannibutterfly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you so much for helping me!

I have tried step 1 and step 2 but it did not work at all.
I will post my logs now!

OTL logfile created on: 04/01/2013 6:58:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Documents and Settings\Chantal Lalonde\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 73.87% Memory free
5.09 Gb Paging File | 4.27 Gb Available in Paging File | 83.90% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 9.77 Gb Total Space | 2.31 Gb Free Space | 23.63% Space Free | Partition Type: NTFS
Drive D: | 27.49 Gb Total Space | 27.32 Gb Free Space | 99.38% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 17.67 Gb Free Space | 47.42% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 599.86 Gb Free Space | 64.40% Space Free | Partition Type: NTFS
Drive Z: | 671.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHANTAL-886CCFB | User Name: Chantal Lalonde | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/04 18:57:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Chantal Lalonde\Desktop\OTL.exe
PRC - [2012/12/31 16:39:44 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- E:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- E:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/29 00:27:34 | 000,916,960 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/06 13:16:50 | 000,485,272 | ---- | M] (Lavasoft.) -- E:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe
PRC - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- E:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2011/06/14 22:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- E:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2011/01/04 15:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
PRC - [2011/01/04 15:51:14 | 004,318,520 | ---- | M] (Rogers) -- E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
PRC - [2011/01/04 15:51:14 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
PRC - [2010/07/26 23:01:58 | 003,474,848 | ---- | M] (Webshots.com) -- E:\Program Files\Webshots\3.1.5.7619\Webshots.scr
PRC - [2010/06/29 07:04:18 | 000,020,480 | ---- | M] (AG Interactive) -- E:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
PRC - [2010/06/07 14:10:06 | 000,166,944 | ---- | M] (Rogers) -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
PRC - [2010/06/07 14:09:06 | 000,382,208 | ---- | M] (Rogers) -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
PRC - [2010/06/07 09:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) -- E:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe
PRC - [2010/06/07 09:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) -- E:\Program Files\Rogers Backup Manager\VaultClientSRV.exe
PRC - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- E:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/11/29 00:27:37 | 002,397,152 | ---- | M] () -- E:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/11/14 20:05:51 | 000,141,312 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\0049820f680f609298f91b15f455a86d\System.Configuration.Install.ni.dll
MOD - [2012/11/14 20:05:50 | 000,212,992 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/14 20:04:56 | 000,627,712 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MOD - [2012/11/14 19:51:48 | 005,450,752 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/14 19:51:10 | 000,971,264 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/14 19:50:44 | 007,977,472 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/14 19:49:19 | 011,492,352 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- E:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- E:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/04 15:42:24 | 000,158,208 | ---- | M] () -- E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\Windows7Features.dll
MOD - [2010/06/07 09:40:44 | 000,147,456 | ---- | M] () -- E:\Program Files\Rogers Backup Manager\libexpat.dll
MOD - [2009/11/06 11:53:08 | 000,202,752 | ---- | M] () -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\smartscn.dll
MOD - [2009/11/02 15:26:48 | 000,077,824 | ---- | M] () -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll
MOD - [2009/11/02 15:26:48 | 000,057,344 | ---- | M] () -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll
MOD - [2009/10/23 13:25:54 | 000,225,280 | ---- | M] () -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\bdfltlib.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/11 20:21:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/05 15:27:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- E:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- E:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- E:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/07/10 17:00:03 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\scan.dll -- (scan)
SRV - [2011/01/04 15:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2010/06/29 07:04:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- E:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe -- (AGCoreService)
SRV - [2010/06/07 14:10:06 | 000,166,944 | ---- | M] (Rogers) [Auto | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/06/07 14:09:06 | 000,382,208 | ---- | M] (Rogers) [Auto | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe -- (RP_FWS)
SRV - [2010/06/07 09:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- E:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe -- (VaultClientUpgrade)
SRV - [2010/06/07 09:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- E:\Program Files\Rogers Backup Manager\VaultClientSRV.exe -- (VaultClientSRV)
SRV - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | System | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LVCM.sys -- (QCMerced)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- E:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/07/10 16:24:29 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT)
DRV - [2011/06/15 00:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/11/26 09:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys -- (Trufos)
DRV - [2009/11/26 09:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys -- (Profos)
DRV - [2009/11/02 15:27:02 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 15:27:02 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 15:27:02 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
DRV - [2009/11/02 15:27:02 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)
DRV - [2009/10/23 13:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- E:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/06/08 09:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- E:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2007/07/28 10:30:26 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/10 14:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/09 20:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\tpm.sys -- (TPM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.ca/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.l...&u=___userid___
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.l...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-05-14 23:01:04&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8BawnE6K&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 99.241.215.227

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://safesearchr.l...u=___userid___"
FF - prefs.js..browser.search.selectedEngine: "blekko"
FF - prefs.js..browser.startup.homepage: "http://safesearchr.l...u=___userid___"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://isearch.avg.c...1:04&sap=ku&q="
FF - prefs.js..network.proxy.autoconfig_url: "99.241.215.227"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program files\ITunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: E:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll (Rogers)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: e:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: e:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/31 16:35:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2013/01/03 21:38:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2013/01/03 21:38:08 | 000,000,000 | ---D | M]

[2011/06/28 17:03:14 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Chantal Lalonde\Application Data\Mozilla\Extensions
[2013/01/01 12:38:38 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Chantal Lalonde\Application Data\Mozilla\Firefox\Profiles\j9vneut3.default\extensions
[2011/09/11 18:50:13 | 000,550,833 | ---- | M] () (No name found) -- E:\Documents and Settings\Chantal Lalonde\Application Data\Mozilla\Firefox\Profiles\j9vneut3.default\extensions\[email protected]
[2011/07/03 20:12:19 | 000,002,055 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Mozilla\Firefox\Profiles\j9vneut3.default\searchplugins\daemon-search.xml
[2012/12/31 16:51:23 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2012/12/05 15:27:30 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/11/29 00:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/08 20:49:04 | 001,037,112 | ---- | M] (BitComet) -- E:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2012/12/31 16:39:52 | 000,124,056 | ---- | M] (RealPlayer) -- E:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2013/01/01 00:05:34 | 000,000,584 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/05/14 22:00:54 | 000,003,676 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/11/29 00:27:12 | 000,002,465 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 00:27:12 | 000,002,058 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://safesearchr.l...&u=___userid___
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://safesearchr.l...&u=___userid___
CHR - plugin: Shockwave Flash (Enabled) = E:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = E:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = E:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = E:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = E:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = E:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = E:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft® DRM (Enabled) = E:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = E:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = E:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Update (Enabled) = E:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = E:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Rogers Servicepoint Agent (Enabled) = E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = H:\Program files\ITunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealDownloader = E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Gmail = E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2001/08/23 04:00:00 | 000,000,734 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] E:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [APSDaemon] E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [PHIME2002A] E:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] E:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RogersServicepointAgent.exe] E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKLM..\Run: [SearchProtection] E:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat ()
O4 - HKLM..\Run: [TkBellExe] E:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] H:\system c backup\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe (Uniblue Software)
O4 - HKCU..\Run: [Xvid] E:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: E:\Documents and Settings\Chantal Lalonde\Start Menu\Programs\Startup\Webshots.lnk = E:\Program Files\Webshots\3.1.5.7619\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O8 - Extra context menu item: &D&ownload &with BitComet - E:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - E:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1357184255734 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4ED053E-A1D0-47A0-B69E-11643D96DAD1}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found.
O24 - Desktop WallPaper: E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/18 10:55:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/19 01:27:15 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 04:56:50 | 000,000,036 | RH-- | M] () - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/09/20 23:00:00 | 000,000,027 | R--- | M] () - Z:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c7f5fae2-a851-11e0-889e-001125f768b6}\Shell - "" = AutoRun
O33 - MountPoints2\{c7f5fae2-a851-11e0-889e-001125f768b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume3\Program Files\Ad-Aware Antivirus\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/04 18:57:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Chantal Lalonde\Desktop\OTL.exe
[2013/01/03 21:38:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Start Menu\Programs\Pulse Entertainment
[2013/01/03 21:38:10 | 000,086,016 | ---- | C] (MindVision) -- E:\WINDOWS\unvise32qt.exe
[2013/01/03 21:37:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/01/03 21:37:32 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\QuickTime
[2013/01/03 21:37:32 | 000,000,000 | ---D | C] -- E:\Program Files\QuickTime
[2013/01/03 21:37:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\QuickTime
[2013/01/03 21:36:53 | 000,000,000 | ---D | C] -- E:\Program Files\BADMOJO
[2013/01/02 22:24:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Malwarebytes
[2013/01/02 22:24:07 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/02 20:22:13 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2013/01/02 20:21:52 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Live SkyDrive
[2013/01/02 20:21:46 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Live
[2013/01/01 00:13:50 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2013/01/01 00:06:38 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
[2013/01/01 00:06:37 | 000,077,816 | ---- | C] (GFI Software) -- E:\WINDOWS\System32\drivers\sbapifs.sys
[2013/01/01 00:06:36 | 000,021,240 | ---- | C] (GFI Software) -- E:\WINDOWS\System32\drivers\sbaphd.sys
[2013/01/01 00:06:35 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Lavasoft
[2013/01/01 00:06:32 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\drivers\VDD
[2013/01/01 00:06:31 | 000,000,000 | ---D | C] -- E:\Program Files\Ad-Aware Antivirus
[2013/01/01 00:05:49 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Downloaded Installations
[2013/01/01 00:05:43 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Search Protection
[2013/01/01 00:05:42 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\blekko toolbars
[2013/01/01 00:05:42 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\adawarebp
[2013/01/01 00:05:36 | 000,000,000 | ---D | C] -- E:\Program Files\Toolbar Cleaner
[2013/01/01 00:05:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\blekko
[2013/01/01 00:05:33 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\adawaretb
[2013/01/01 00:05:32 | 000,000,000 | ---D | C] -- E:\Program Files\adawaretb
[2012/12/31 23:54:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\DriverCure
[2012/12/31 23:54:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\PC Utility Kit
[2012/12/31 23:53:51 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/12/31 17:41:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Ad-Aware Antivirus
[2012/12/31 16:40:22 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\xing shared
[2012/12/31 16:39:47 | 000,272,896 | ---- | C] (Progressive Networks) -- E:\WINDOWS\System32\pncrt.dll
[2012/12/31 16:35:49 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\RealNetworks
[2012/12/31 16:35:41 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Real
[2012/12/31 16:35:02 | 000,000,000 | ---D | C] -- E:\Program Files\RealNetworks
[2012/12/31 16:34:57 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\RealNetworks
[2012/12/31 16:34:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/12/31 16:33:54 | 000,000,000 | ---D | C] -- E:\Program Files\Real
[2012/12/31 16:33:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Real
[2012/12/31 16:33:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/12/31 16:32:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Google
[2012/12/31 16:32:05 | 000,000,000 | ---D | C] -- E:\Program Files\Google
[2012/12/31 16:31:27 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Real
[2012/12/29 12:05:42 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\Chantal Lalonde\Recent
[2012/12/29 11:28:29 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Deployment
[2012/12/26 06:01:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\AlawarEntertainment
[2012/12/25 03:14:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Top Evidence
[2012/12/25 03:14:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Top Evidence
[2012/12/25 03:11:31 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\The Curse of the Werewolves
[2012/12/25 02:59:43 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Freeze Tag
[2012/12/25 00:47:15 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Frogwares
[2012/12/25 00:03:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Application Data\Sun
[2012/12/24 13:02:13 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/12/24 13:02:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Application Data\Adobe
[2012/12/22 11:28:40 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\ERS Game Studios
[2012/12/22 11:09:37 | 000,000,000 | R--D | C] -- E:\Documents and Settings\Chantal Lalonde\My Documents\My Videos
[2012/12/22 11:09:37 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Atari
[2012/12/22 11:07:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Leadertech
[2012/12/22 11:07:18 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\My Documents\RCT3
[2012/12/22 11:07:17 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Atari
[2012/12/22 10:47:50 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Big Fish Games
[2012/12/22 05:33:09 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Wise Installation Wizard
[2012/12/22 04:34:17 | 000,299,008 | ---- | C] (InstallShield Corporation, Inc.) -- E:\WINDOWS\uninst.exe
[2012/12/22 04:26:02 | 000,000,000 | ---D | C] -- E:\WINDOWS\BBSTORE
[2012/12/22 04:22:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\WINDOWS
[2012/12/22 03:24:32 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\HTML Executable
[2012/12/22 03:24:31 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\HTML Executable Viewer
[2012/12/18 11:08:14 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/12/18 11:07:35 | 000,000,000 | ---D | C] -- E:\Program Files\iPod
[2012/12/18 11:07:27 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/09 12:01:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\MSNInstaller
[2012/12/05 19:36:07 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\REVOLT
[9 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/04 18:59:45 | 000,000,664 | ---- | M] () -- E:\WINDOWS\System32\d3d9caps.dat
[2013/01/04 18:57:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Chantal Lalonde\Desktop\OTL.exe
[2013/01/04 18:42:00 | 000,000,904 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/04 18:21:00 | 000,000,830 | ---- | M] () -- E:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/04 16:42:00 | 000,000,900 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/04 08:44:43 | 000,000,298 | ---- | M] () -- E:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-789336058-1177238915-839522115-1003.job
[2013/01/04 08:44:41 | 000,001,615 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013/01/04 08:44:26 | 000,000,306 | ---- | M] () -- E:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-789336058-1177238915-839522115-1003.job
[2013/01/04 08:44:21 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2013/01/04 08:43:32 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2013/01/03 21:40:40 | 000,054,156 | -H-- | M] () -- E:\WINDOWS\QTFont.qfn
[2013/01/03 21:40:40 | 000,001,409 | ---- | M] () -- E:\WINDOWS\QTFont.for
[2013/01/03 21:39:37 | 000,000,575 | ---- | M] () -- E:\WINDOWS\BADMOJO.INI
[2013/01/03 21:37:42 | 000,000,742 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2013/01/01 11:54:50 | 000,002,881 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\My Documents\Sharedaccess.reg
[2013/01/01 00:15:50 | 000,000,964 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/12/31 23:57:34 | 000,000,878 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.1.3.lnk
[2012/12/31 16:51:25 | 000,000,742 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/31 16:51:25 | 000,000,724 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/12/31 16:43:12 | 000,001,813 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/12/31 16:39:47 | 000,272,896 | ---- | M] (Progressive Networks) -- E:\WINDOWS\System32\pncrt.dll
[2012/12/31 16:33:06 | 000,001,791 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/29 12:07:37 | 000,070,518 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\My Documents\cc_20121229_120720.reg
[2012/12/29 09:41:01 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/12/25 02:59:31 | 000,063,488 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/22 11:08:07 | 000,000,595 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
[2012/12/22 11:07:46 | 000,316,640 | ---- | M] () -- E:\WINDOWS\WMSysPr9.prx
[2012/12/22 11:07:45 | 000,687,354 | ---- | M] () -- E:\WINDOWS\System32\drivers\Cat.DB
[2012/12/22 04:46:29 | 000,000,060 | ---- | M] () -- E:\WINDOWS\RESULT.QTW
[2012/12/22 04:46:12 | 000,000,126 | ---- | M] () -- E:\WINDOWS\QTW.INI
[2012/12/21 09:17:52 | 000,000,804 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/12/21 09:17:51 | 000,023,392 | ---- | M] () -- E:\WINDOWS\System32\nscompat.tlb
[2012/12/21 09:17:51 | 000,016,832 | ---- | M] () -- E:\WINDOWS\System32\amcompat.tlb
[2012/12/21 03:19:18 | 000,147,608 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/19 11:01:15 | 000,000,777 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Start Menu\Programs\Startup\Webshots.lnk
[2012/12/18 11:08:14 | 000,001,452 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/12/09 20:14:40 | 000,030,540 | -H-- | M] () -- E:\WINDOWS\System32\mlfcache.dat
[2012/12/09 12:39:15 | 000,000,986 | ---- | M] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/12/06 22:13:53 | 000,471,946 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2012/12/06 22:13:53 | 000,075,694 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[9 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/03 21:39:38 | 000,054,156 | -H-- | C] () -- E:\WINDOWS\QTFont.qfn
[2013/01/03 21:39:38 | 000,001,409 | ---- | C] () -- E:\WINDOWS\QTFont.for
[2013/01/03 21:38:24 | 000,000,575 | ---- | C] () -- E:\WINDOWS\BADMOJO.INI
[2013/01/03 21:37:42 | 000,000,742 | ---- | C] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2013/01/01 11:54:50 | 000,002,881 | ---- | C] () -- E:\Documents and Settings\Chantal Lalonde\My Documents\Sharedaccess.reg
[2013/01/01 00:15:49 | 000,000,964 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/01/01 00:06:38 | 000,001,615 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012/12/31 16:35:50 | 000,000,298 | ---- | C] () -- E:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-789336058-1177238915-839522115-1003.job
[2012/12/31 16:35:49 | 000,000,306 | ---- | C] () -- E:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-789336058-1177238915-839522115-1003.job
[2012/12/31 16:33:06 | 000,001,813 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/12/31 16:33:06 | 000,001,791 | ---- | C] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/31 16:32:31 | 000,000,904 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/31 16:32:31 | 000,000,900 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/29 12:07:25 | 000,070,518 | ---- | C] () -- E:\Documents and Settings\Chantal Lalonde\My Documents\cc_20121229_120720.reg
[2012/12/24 13:03:23 | 000,000,664 | ---- | C] () -- E:\WINDOWS\System32\d3d9caps.dat
[2012/12/22 11:08:07 | 000,000,595 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
[2012/12/22 04:25:52 | 000,000,126 | ---- | C] () -- E:\WINDOWS\QTW.INI
[2012/12/22 04:24:59 | 000,000,060 | ---- | C] () -- E:\WINDOWS\RESULT.QTW
[2012/12/22 04:22:26 | 000,284,160 | ---- | C] () -- E:\WINDOWS\unin040c.exe
[2012/12/18 11:08:14 | 000,001,452 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/12/09 12:39:14 | 000,000,455 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2012/12/09 12:39:14 | 000,000,452 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2012/12/09 12:29:49 | 000,000,986 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/12/05 22:02:32 | 000,000,830 | ---- | C] () -- E:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/01/07 18:08:35 | 000,354,816 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
[2011/12/18 13:46:57 | 000,030,540 | -H-- | C] () -- E:\WINDOWS\System32\mlfcache.dat
[2011/09/11 18:53:01 | 000,645,632 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll
[2011/09/11 18:53:01 | 000,240,640 | ---- | C] () -- E:\WINDOWS\System32\xvidvfw.dll
[2011/07/26 20:31:33 | 000,010,240 | ---- | C] () -- E:\WINDOWS\System32\vidx16.dll
[2011/07/26 18:03:05 | 000,000,286 | ---- | C] () -- E:\WINDOWS\reimage.ini
[2011/07/23 12:19:46 | 000,000,185 | ---- | C] () -- E:\Program Files\^Just one Click to Get More Stuff.url
[2011/07/23 12:19:46 | 000,000,158 | ---- | C] () -- E:\Program Files\^ Enter Here.url
[2011/07/17 10:47:40 | 000,043,520 | ---- | C] () -- E:\WINDOWS\System32\CmdLineExt03.dll
[2011/07/16 22:25:55 | 000,000,239 | ---- | C] () -- E:\WINDOWS\WINCMD.INI
[2011/07/06 21:03:46 | 000,063,488 | ---- | C] () -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/28 17:03:02 | 000,000,000 | ---- | C] () -- E:\WINDOWS\nsreg.dat
[2011/06/27 20:50:58 | 000,972,072 | R--- | C] () -- E:\WINDOWS\System32\ativva6x.dat
[2011/06/27 20:50:55 | 003,107,788 | R--- | C] () -- E:\WINDOWS\System32\ativva5x.dat
[2011/06/27 20:50:53 | 003,107,788 | R--- | C] () -- E:\WINDOWS\System32\ativvaxx.dat
[2011/06/27 20:50:53 | 000,151,367 | R--- | C] () -- E:\WINDOWS\System32\atiicdxx.dat
[2011/06/26 14:08:04 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat
[2011/06/26 14:03:11 | 000,021,640 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat
[2011/06/26 07:08:41 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
[2011/06/26 07:06:26 | 000,147,608 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2011/07/03 17:48:06 | 000,000,227 | RHS- | M] () -- E:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 08:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = E:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = E:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/18 11:08:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/07/03 21:02:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\agi
[2012/02/28 20:40:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Big Fish Games
[2013/01/01 00:05:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\blekko toolbars
[2011/07/11 18:38:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/07/03 20:11:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/01/01 20:23:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\EA Core
[2011/07/03 18:08:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/11/16 21:32:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Inbit
[2012/08/05 10:24:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\InstallMate
[2012/02/28 21:07:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MumboJumbo
[2012/10/31 19:06:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Origin
[2013/01/01 00:04:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/08/05 10:24:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Premium
[2012/11/17 23:56:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Radialpoint
[2012/12/05 19:36:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\REVOLT
[2011/07/10 16:23:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Rogers Online Protection
[2013/01/01 00:05:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Search Protection
[2013/01/01 00:19:49 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/25 03:14:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Top Evidence
[2011/07/26 18:33:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/07/11 06:40:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/26 18:33:47 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2013/01/01 11:50:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Ad-Aware Antivirus
[2013/01/01 00:05:33 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\adawaretb
[2011/07/20 20:36:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\AGI
[2012/12/26 06:01:30 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\AlawarEntertainment
[2012/12/22 11:09:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Atari
[2012/12/22 10:47:50 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Big Fish Games
[2012/12/29 11:16:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\BitComet
[2013/01/01 00:05:34 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\blekko
[2012/04/22 16:34:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\DAEMON Tools Lite
[2012/11/22 20:16:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\DMCache
[2012/12/31 23:54:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\DriverCure
[2012/02/28 20:47:20 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\ERS G-Studio
[2013/01/01 12:42:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\ERS Game Studios
[2012/12/25 02:59:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Freeze Tag
[2012/12/25 00:47:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Frogwares
[2012/12/22 03:24:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\HTML Executable
[2011/11/16 21:32:33 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Inbit
[2012/12/22 11:07:48 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Leadertech
[2012/12/09 12:01:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\MSNInstaller
[2012/08/31 19:56:49 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Origin
[2012/12/31 23:54:05 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\PC Utility Kit
[2012/11/04 13:09:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Peter L Jones
[2011/07/10 16:41:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Rogers Online Protection
[2012/08/05 10:24:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\SendSpace
[2012/12/25 03:11:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\The Curse of the Werewolves
[2012/12/25 03:14:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Top Evidence
[2011/07/26 18:34:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Uniblue
[2011/07/03 21:04:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Webshots

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- E:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- E:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/03 20:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- E:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 03:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- E:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 16:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- E:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 16:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- E:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 09:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- E:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 02:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- E:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- E:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- E:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- E:\WINDOWS\system32\services.exe
[2004/08/03 20:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- E:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- E:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- E:\WINDOWS\system32\svchost.exe
[2004/08/03 20:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- E:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 20:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- E:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- E:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- E:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- E:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 20:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- E:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- E:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- E:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[E:\WINDOWS\$NtUninstallKB40641$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 139 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:5520ED93
@Alternate Data Stream - 135 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:0F5DCBF5
@Alternate Data Stream - 120 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:71612023

< End of report >
  • 0

#5
shannibutterfly
Posted 04 January 2013 - 06:21 PM

shannibutterfly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL Extras logfile created on: 04/01/2013 6:58:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Documents and Settings\Chantal Lalonde\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 73.87% Memory free
5.09 Gb Paging File | 4.27 Gb Available in Paging File | 83.90% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 9.77 Gb Total Space | 2.31 Gb Free Space | 23.63% Space Free | Partition Type: NTFS
Drive D: | 27.49 Gb Total Space | 27.32 Gb Free Space | 99.38% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 17.67 Gb Free Space | 47.42% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 599.86 Gb Free Space | 64.40% Space Free | Partition Type: NTFS
Drive Z: | 671.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHANTAL-886CCFB | User Name: Chantal Lalonde | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\Mozilla Firefox\firefox.exe" = E:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"E:\Program Files\Internet Explorer\iexplore.exe" = E:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims™ 3 Diesel Stuff
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java™ 6 Update 37
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33A783E8-DC11-427F-A56C-8ED43EEC0695}" = RPS CRT
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35AE9CC9-10A3-4A24-87DF-A6A99BDC1969}" = Rogers Online Protection
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548B7B4A-B4F6-4074-A2D2-40154DC906B5}" = RPS PerfectDiskStub
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779C01A3-8466-499D-88FC-EB820EB3AC51}" = RPS RpsCore
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2506E3-9A3F-45B5-96BF-509CAD584650}" = The Sims™ 3 Katy Perry's Sweet Treats
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Aiseesoft Total Video Converter_is1" = Aiseesoft Total Video Converter
"ATI Display Driver" = ATI Display Driver
"Bad Mojo" = Bad Mojo
"BitComet" = BitComet 1.29
"BitComet_x64" = BitComet 1.28 64-bit
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"HTMLExecutableIERuntimeSetup44" = HTML Executable IERuntime
"ie8" = Windows Internet Explorer 8
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"IrfanView" = IrfanView (remove only)
"KeyHoleTV" = KeyHoleTV
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Origin" = Origin
"PowerISO" = PowerISO
"QuickTime" = QuickTime
"RadialpointClientGateway_is1" = Rogers Servicepoint Agent 3.7.44
"RealPlayer 16.0" = RealPlayer
"Scriptorium_for_TS2_is1" = Scriptorium for TS2
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"VLC media player" = VLC media player 1.1.11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fd341535b3f9900a" = Registry Easy 5.6 Keygen

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/12/2012 3:48:25 AM | Computer Name = CHANTAL-886CCFB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 23/12/2012 3:48:25 AM | Computer Name = CHANTAL-886CCFB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 23/12/2012 3:48:25 AM | Computer Name = CHANTAL-886CCFB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 25/12/2012 5:02:02 AM | Computer Name = CHANTAL-886CCFB | Source = Application Hang | ID = 1002
Description = Hanging application BitComet.exe, version 1.29.9.23, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29/12/2012 3:41:52 PM | Computer Name = CHANTAL-886CCFB | Source = MSDTC | ID = 4160
Description = Invalid command line argument

Error - 31/12/2012 12:26:40 AM | Computer Name = CHANTAL-886CCFB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 31/12/2012 12:26:40 AM | Computer Name = CHANTAL-886CCFB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 31/12/2012 12:26:40 AM | Computer Name = CHANTAL-886CCFB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 01/01/2013 4:06:53 AM | Computer Name = CHANTAL-886CCFB | Source = Application Error | ID = 0
Description =

Error - 01/01/2013 4:18:23 AM | Computer Name = CHANTAL-886CCFB | Source = pctsSvc.exe | ID = 0
Description =

[ System Events ]
Error - 04/01/2013 8:44:56 PM | Computer Name = CHANTAL-886CCFB | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 04/01/2013 9:00:50 PM | Computer Name = CHANTAL-886CCFB | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 04/01/2013 9:17:19 PM | Computer Name = CHANTAL-886CCFB | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 04/01/2013 9:36:17 PM | Computer Name = CHANTAL-886CCFB | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 04/01/2013 9:55:22 PM | Computer Name = CHANTAL-886CCFB | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 04/01/2013 10:03:49 PM | Computer Name = CHANTAL-886CCFB | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 04/01/2013 10:17:20 PM | Computer Name = CHANTAL-886CCFB | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 04/01/2013 10:37:41 PM | Computer Name = CHANTAL-886CCFB | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 04/01/2013 10:51:16 PM | Computer Name = CHANTAL-886CCFB | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 04/01/2013 11:04:14 PM | Computer Name = CHANTAL-886CCFB | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
  • 0

#6
shannibutterfly
Posted 04 January 2013 - 07:47 PM

shannibutterfly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
GMER 2.0.18327 - http://www.gmer.net
Rootkit scan 2013-01-04 20:47:45
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD400BD-08LRA0 rev.07.01D07 37.27GB
Running: bff16c0l.exe; Driver: E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\afqdipob.sys


---- System - GMER 2.0 ----

SSDT \SystemRoot\system32\drivers\sbaphd.sys (GFI ActiveProtection hook driver/GFI Software) ZwCreateKey [0xB9E514D0]
SSDT \??\E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xA97B1470]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (GFI ActiveProtection hook driver/GFI Software) ZwSetValueKey [0xB9E51520]
SSDT \??\E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xA97B1520]
SSDT \??\E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xA97B15C0]
SSDT \??\E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xA97B1660]

---- Kernel code sections - GMER 2.0 ----

.text cdrom.sys F7518000 8 Bytes [43, 02, C7, 43, 0C, 00, 00, ...]
.text cdrom.sys F7518009 21 Bytes [75, 19, 8B, 45, 0C, 8B, 80, ...]
.text cdrom.sys F751801F 52 Bytes [43, 30, 35, EB, 1E, 83, 7D, ...]
.text cdrom.sys F7518054 92 Bytes [00, 85, C0, 74, 26, 56, FF, ...]
.text cdrom.sys F75180B1 625 Bytes [07, 00, 89, 45, FC, 89, 7D, ...]
.text ...
.rsrc E:\WINDOWS\system32\DRIVERS\cdrom.sys section is executable [0xF7525000, 0x4369, 0x68000020]
? E:\WINDOWS\system32\DRIVERS\cdrom.sys suspicious PE modification
? System32\Drivers\21d17679.sys The system cannot find the path specified. !
? System32\Drivers\3020937b.sys The system cannot find the path specified. !

---- User code sections - GMER 2.0 ----

.text E:\program files\real\realplayer\update\realsched.exe[1440] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text E:\WINDOWS\System32\svchost.exe[3748] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 008D000A
.text E:\WINDOWS\System32\svchost.exe[3748] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 008C000A
.text E:\WINDOWS\System32\svchost.exe[3748] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 008B000A
.text E:\Program Files\Mozilla Firefox\firefox.exe[6028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01604470 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Program Files\Mozilla Firefox\firefox.exe[6028] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0185047C E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Program Files\Mozilla Firefox\firefox.exe[6028] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01850459 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Program Files\Mozilla Firefox\firefox.exe[6028] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 0160F972 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Program Files\Mozilla Firefox\firefox.exe[6028] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 018503DA E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text E:\Program Files\Mozilla Firefox\firefox.exe[6028] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A92F42 7 Bytes JMP 0365EE40
.text E:\Program Files\Mozilla Firefox\firefox.exe[6028] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A9B761 7 Bytes JMP 0365EEB0

---- Kernel IAT/EAT - GMER 2.0 ----

IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlNtStatusToDosError] 560C598B
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoDeleteSymbolicLink] 5714758B
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsGetCurrentProcessId] 6828788B
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoGetCurrentProcess] 68436353
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!SeDeassignSecurity] FF56246A
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlFreeUnicodeString] 50511075
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsLookupThreadByThreadId] FF670BE8
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!wcscmp] 74C085FF
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmIsAddressValid] 3A4E8A45
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoGetStackLimits] C610558B
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!_allmul] C6AD3046
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!strstr] C6803746
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!FsRtlGetNextFileLock] C6003846
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!_aulldiv] 8A243946
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KdDisableDebugger] 06E0C003

---- Modules - GMER 2.0 ----

Module (noname) (*** hidden *** ) B9628000-B963C000 (81920 bytes)

---- Processes - GMER 2.0 ----

Process E:\WINDOWS\System32\svchost.exe (*** hidden *** ) 3748

---- Registry - GMER 2.0 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{1a8558a5-dcbd-41e8-93b1-70e334c3e7a2}@Model 282
Reg HKLM\SOFTWARE\Classes\CLSID\{1a8558a5-dcbd-41e8-93b1-70e334c3e7a2}@Therad 18
Reg HKLM\SOFTWARE\Classes\CLSID\{1a8558a5-dcbd-41e8-93b1-70e334c3e7a2}@MData 0x73 0xD5 0xCF 0xB8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x74 0x0F 0x94 0x67 ...

---- Files - GMER 2.0 ----

File E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MGRIK9YI\bloggingelite_com[1].txt 52243 bytes
File E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NX16V2ML\background_gradient[1] 453 bytes
File E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TOYECN3T\b1ac4db4496a6bc27d1af49517df01bc[1].jpg 25676 bytes
File E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TOYECN3T\default[1].jpg 3662 bytes
File E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TOYECN3T\default[3].jpg 3524 bytes
File E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TOYECN3T\2-002134003-00001j;size=1[1].htm 169 bytes
File E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TOYECN3T\ajs[2].php 810 bytes
File E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TOYECN3T\defaultCA92TPCY.jpg 4666 bytes
File E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UW8ZWH59\atrk[6].gif 43 bytes
File E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UW8ZWH59\errorPageStrings[1] 1817 bytes
File E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UW8ZWH59\ajs[4].php 956 bytes
File E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UW8ZWH59\ajs[5].php 0 bytes
File E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UZUTU8LJ\fp[4] 24539 bytes
File E:\WINDOWS\$NtUninstallKB40641$\1748115354 0 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980 0 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980\@ 2048 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980\Desktop.ini 4608 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980\L 0 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980\L\00000004.@ 804 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980\L\201d3dde 262 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980\L\76603ac3 0 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980\L\kjijdmdh 62976 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980\U 0 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\00000004.@ 2048 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\00000008.@ 232960 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\000000cb.@ 1632 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\80000000.@ 11776 bytes
File E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\80000032.@ 96256 bytes

---- EOF - GMER 2.0 ----
  • 0

#7
maliprog
Posted 05 January 2013 - 05:45 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi shannibutterfly,

Your system is heavily infected. Let's try to remove this from your system.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Loaded modules

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Make sure to check:

    • Services and drivers
    • Boot sectors
    • Loaded modules
    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\\ folder) in the form of \"TDSSKiller.[Version]_[Date]_[Time]_log.txt\". Please copy and paste its contents on your next reply.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#8
shannibutterfly
Posted 05 January 2013 - 10:55 AM

shannibutterfly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi! Just to let you know, when I ran Combofix it said something about the Microsoft Windows Recovery Console not being installed and it asked me if I wanted to install, I clicked No...

11:02:36.0968 3704 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:02:37.0421 3704 ============================================================
11:02:37.0421 3704 Current date / time: 2013/01/05 11:02:37.0421
11:02:37.0421 3704 SystemInfo:
11:02:37.0421 3704
11:02:37.0421 3704 OS Version: 5.1.2600 ServicePack: 3.0
11:02:37.0421 3704 Product type: Workstation
11:02:37.0421 3704 ComputerName: CHANTAL-886CCFB
11:02:37.0421 3704 UserName: Chantal Lalonde
11:02:37.0421 3704 Windows directory: E:\WINDOWS
11:02:37.0421 3704 System windows directory: E:\WINDOWS
11:02:37.0421 3704 Processor architecture: Intel x86
11:02:37.0421 3704 Number of processors: 2
11:02:37.0421 3704 Page size: 0x1000
11:02:37.0421 3704 Boot type: Normal boot
11:02:37.0421 3704 ============================================================
11:02:41.0296 3704 BG loaded
11:02:41.0937 3704 Drive \Device\Harddisk0\DR0 - Size: 0x951240000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:02:42.0000 3704 Drive \Device\Harddisk1\DR1 - Size: 0x951240000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:02:42.0078 3704 Drive \Device\Harddisk2\DR5 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:02:42.0078 3704 ============================================================
11:02:42.0078 3704 \Device\Harddisk0\DR0:
11:02:42.0171 3704 MBR partitions:
11:02:42.0171 3704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1388AFC
11:02:42.0203 3704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1388B7A, BlocksNum 0x36FC786
11:02:42.0203 3704 \Device\Harddisk1\DR1:
11:02:42.0656 3704 MBR partitions:
11:02:42.0656 3704 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
11:02:42.0656 3704 \Device\Harddisk2\DR5:
11:02:42.0656 3704 MBR partitions:
11:02:42.0656 3704 \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
11:02:42.0656 3704 ============================================================
11:02:42.0828 3704 C: <-> \Device\Harddisk0\DR0\Partition1
11:02:42.0843 3704 H: <-> \Device\Harddisk2\DR5\Partition1
11:02:42.0875 3704 D: <-> \Device\Harddisk0\DR0\Partition2
11:02:43.0093 3704 E: <-> \Device\Harddisk1\DR1\Partition1
11:02:43.0093 3704 ============================================================
11:02:43.0093 3704 Initialize success
11:02:43.0093 3704 ============================================================
11:06:23.0609 1096 ============================================================
11:06:23.0609 1096 Scan started
11:06:23.0609 1096 Mode: Manual; SigCheck; TDLFS;
11:06:23.0609 1096 ============================================================
11:06:23.0859 1096 ================ Scan system memory ========================
11:06:23.0875 1096 System memory - ok
11:06:23.0875 1096 ================ Scan services =============================
11:06:23.0968 1096 Abiosdsk - ok
11:06:23.0968 1096 abp480n5 - ok
11:06:24.0031 1096 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI E:\WINDOWS\system32\DRIVERS\ACPI.sys
11:06:24.0390 1096 ACPI - ok
11:06:24.0421 1096 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC E:\WINDOWS\system32\drivers\ACPIEC.sys
11:06:24.0578 1096 ACPIEC - ok
11:06:24.0718 1096 [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service E:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
11:06:24.0796 1096 Ad-Aware Service - ok
11:06:24.0890 1096 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:06:24.0906 1096 AdobeFlashPlayerUpdateSvc - ok
11:06:24.0921 1096 adpu160m - ok
11:06:24.0968 1096 [ 3CB6AE5435987B1F8C83FD2730479878 ] aeaudio E:\WINDOWS\system32\drivers\aeaudio.sys
11:06:25.0031 1096 aeaudio - ok
11:06:25.0078 1096 [ 8BED39E3C35D6A489438B8141717A557 ] aec E:\WINDOWS\system32\drivers\aec.sys
11:06:25.0234 1096 aec - ok
11:06:25.0281 1096 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD E:\WINDOWS\System32\drivers\afd.sys
11:06:25.0375 1096 AFD - ok
11:06:25.0421 1096 [ EAD9C3AB25A3159ABD7B05DCAC607A61 ] AGCoreService E:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
11:06:25.0453 1096 AGCoreService ( UnsignedFile.Multi.Generic ) - warning
11:06:25.0453 1096 AGCoreService - detected UnsignedFile.Multi.Generic (1)
11:06:25.0453 1096 Aha154x - ok
11:06:25.0468 1096 aic78u2 - ok
11:06:25.0484 1096 aic78xx - ok
11:06:25.0500 1096 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter E:\WINDOWS\system32\alrsvc.dll
11:06:25.0656 1096 Alerter - ok
11:06:25.0687 1096 [ 8C515081584A38AA007909CD02020B3D ] ALG E:\WINDOWS\System32\alg.exe
11:06:25.0781 1096 ALG - ok
11:06:25.0796 1096 AliIde - ok
11:06:25.0796 1096 amsint - ok
11:06:25.0921 1096 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:06:25.0937 1096 Apple Mobile Device - ok
11:06:25.0984 1096 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt E:\WINDOWS\System32\appmgmts.dll
11:06:26.0078 1096 AppMgmt - ok
11:06:26.0078 1096 asc - ok
11:06:26.0093 1096 asc3350p - ok
11:06:26.0109 1096 asc3550 - ok
11:06:26.0203 1096 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:06:26.0218 1096 aspnet_state - ok
11:06:26.0250 1096 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac E:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:06:26.0390 1096 AsyncMac - ok
11:06:26.0421 1096 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi E:\WINDOWS\system32\DRIVERS\atapi.sys
11:06:26.0562 1096 atapi - ok
11:06:26.0578 1096 Atdisk - ok
11:06:26.0671 1096 [ 65B2AF103A6BF703D9BA6873C4725553 ] Ati HotKey Poller E:\WINDOWS\system32\Ati2evxx.exe
11:06:26.0781 1096 Ati HotKey Poller - ok
11:06:26.0875 1096 [ 3B88B6466896CC1A3A7E3287D72ACA85 ] ati2mtag E:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:06:27.0078 1096 ati2mtag - ok
11:06:27.0109 1096 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc E:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:06:27.0265 1096 Atmarpc - ok
11:06:27.0296 1096 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv E:\WINDOWS\System32\audiosrv.dll
11:06:27.0453 1096 AudioSrv - ok
11:06:27.0500 1096 [ D9F724AA26C010A217C97606B160ED68 ] audstub E:\WINDOWS\system32\DRIVERS\audstub.sys
11:06:27.0640 1096 audstub - ok
11:06:27.0687 1096 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k E:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:06:27.0781 1096 b57w2k - ok
11:06:27.0828 1096 [ 9B281F5F673CBC5B9EC886D59E0B4F26 ] bdfsfltr E:\WINDOWS\system32\drivers\bdfsfltr.sys
11:06:27.0921 1096 bdfsfltr - ok
11:06:27.0953 1096 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep E:\WINDOWS\system32\drivers\Beep.sys
11:06:28.0109 1096 Beep - ok
11:06:28.0187 1096 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service E:\Program Files\Bonjour\mDNSResponder.exe
11:06:28.0234 1096 Bonjour Service - ok
11:06:28.0265 1096 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser E:\WINDOWS\System32\browser.dll
11:06:28.0390 1096 Browser - ok
11:06:28.0406 1096 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k E:\WINDOWS\system32\drivers\cbidf2k.sys
11:06:28.0546 1096 cbidf2k - ok
11:06:28.0578 1096 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE E:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:06:28.0734 1096 CCDECODE - ok
11:06:28.0734 1096 cd20xrnt - ok
11:06:28.0765 1096 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio E:\WINDOWS\system32\drivers\Cdaudio.sys
11:06:28.0968 1096 Cdaudio - ok
11:06:29.0000 1096 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs E:\WINDOWS\system32\drivers\Cdfs.sys
11:06:29.0171 1096 Cdfs - ok
11:06:29.0203 1096 [ 1477CAD56A8BC34A017381A2D73E9518 ] Cdrom E:\WINDOWS\system32\DRIVERS\cdrom.sys
11:06:29.0203 1096 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 1477CAD56A8BC34A017381A2D73E9518, Fake md5: 1F4260CC5B42272D71F79E570A27A4FE
11:06:29.0203 1096 Cdrom ( Virus.Win32.ZAccess.aml ) - infected
11:06:29.0203 1096 Cdrom - detected Virus.Win32.ZAccess.aml (0)
11:06:29.0203 1096 Changer - ok
11:06:29.0250 1096 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc E:\WINDOWS\system32\cisvc.exe
11:06:29.0406 1096 CiSvc - ok
11:06:29.0437 1096 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv E:\WINDOWS\system32\clipsrv.exe
11:06:29.0578 1096 ClipSrv - ok
11:06:29.0609 1096 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 e:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:06:29.0640 1096 clr_optimization_v2.0.50727_32 - ok
11:06:29.0734 1096 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:06:29.0796 1096 clr_optimization_v4.0.30319_32 - ok
11:06:29.0796 1096 CmdIde - ok
11:06:29.0812 1096 COMSysApp - ok
11:06:29.0843 1096 Cpqarray - ok
11:06:29.0984 1096 cpuz134 - ok
11:06:30.0031 1096 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc E:\WINDOWS\System32\cryptsvc.dll
11:06:30.0203 1096 CryptSvc - ok
11:06:30.0203 1096 dac2w2k - ok
11:06:30.0218 1096 dac960nt - ok
11:06:30.0265 1096 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch E:\WINDOWS\system32\rpcss.dll
11:06:30.0328 1096 DcomLaunch - ok
11:06:30.0390 1096 [ 65C7122D1115A4E1DB3E8C11DF919A40 ] DefragFS E:\WINDOWS\system32\drivers\DefragFS.sys
11:06:30.0406 1096 DefragFS - ok
11:06:30.0453 1096 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp E:\WINDOWS\System32\dhcpcsvc.dll
11:06:30.0609 1096 Dhcp - ok
11:06:30.0656 1096 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk E:\WINDOWS\system32\DRIVERS\disk.sys
11:06:30.0796 1096 Disk - ok
11:06:30.0812 1096 dmadmin - ok
11:06:30.0843 1096 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot E:\WINDOWS\system32\drivers\dmboot.sys
11:06:31.0031 1096 dmboot - ok
11:06:31.0078 1096 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio E:\WINDOWS\system32\drivers\dmio.sys
11:06:31.0234 1096 dmio - ok
11:06:31.0265 1096 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload E:\WINDOWS\system32\drivers\dmload.sys
11:06:31.0421 1096 dmload - ok
11:06:31.0468 1096 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver E:\WINDOWS\System32\dmserver.dll
11:06:31.0625 1096 dmserver - ok
11:06:31.0656 1096 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic E:\WINDOWS\system32\drivers\DMusic.sys
11:06:31.0812 1096 DMusic - ok
11:06:31.0843 1096 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache E:\WINDOWS\System32\dnsrslvr.dll
11:06:31.0984 1096 Dnscache - ok
11:06:32.0031 1096 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc E:\WINDOWS\System32\dot3svc.dll
11:06:32.0203 1096 Dot3svc - ok
11:06:32.0203 1096 dpti2o - ok
11:06:32.0218 1096 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud E:\WINDOWS\system32\drivers\drmkaud.sys
11:06:32.0375 1096 drmkaud - ok
11:06:32.0406 1096 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost E:\WINDOWS\System32\eapsvc.dll
11:06:32.0609 1096 EapHost - ok
11:06:32.0687 1096 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc E:\WINDOWS\System32\ersvc.dll
11:06:32.0890 1096 ERSvc - ok
11:06:32.0937 1096 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog E:\WINDOWS\system32\services.exe
11:06:32.0968 1096 Eventlog - ok
11:06:33.0015 1096 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem E:\WINDOWS\system32\es.dll
11:06:33.0078 1096 EventSystem - ok
11:06:33.0125 1096 [ 38D332A6D56AF32635675F132548343E ] Fastfat E:\WINDOWS\system32\drivers\Fastfat.sys
11:06:33.0281 1096 Fastfat - ok
11:06:33.0328 1096 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility E:\WINDOWS\System32\shsvcs.dll
11:06:33.0421 1096 FastUserSwitchingCompatibility - ok
11:06:33.0453 1096 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc E:\WINDOWS\system32\DRIVERS\fdc.sys
11:06:33.0640 1096 Fdc - ok
11:06:33.0687 1096 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips E:\WINDOWS\system32\drivers\Fips.sys
11:06:33.0859 1096 Fips - ok
11:06:33.0921 1096 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk E:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:06:34.0093 1096 Flpydisk - ok
11:06:34.0187 1096 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr E:\WINDOWS\system32\drivers\fltmgr.sys
11:06:34.0359 1096 FltMgr - ok
11:06:34.0531 1096 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:06:34.0562 1096 FontCache3.0.0.0 - ok
11:06:34.0578 1096 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec E:\WINDOWS\system32\drivers\Fs_Rec.sys
11:06:34.0765 1096 Fs_Rec - ok
11:06:34.0781 1096 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk E:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:06:34.0984 1096 Ftdisk - ok
11:06:35.0031 1096 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:06:35.0062 1096 GEARAspiWDM - ok
11:06:35.0093 1096 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc E:\WINDOWS\system32\DRIVERS\msgpc.sys
11:06:35.0281 1096 Gpc - ok
11:06:35.0406 1096 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate E:\Program Files\Google\Update\GoogleUpdate.exe
11:06:35.0437 1096 gupdate - ok
11:06:35.0437 1096 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem E:\Program Files\Google\Update\GoogleUpdate.exe
11:06:35.0468 1096 gupdatem - ok
11:06:35.0578 1096 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:06:35.0734 1096 helpsvc - ok
11:06:35.0750 1096 HidServ - ok
11:06:35.0812 1096 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb E:\WINDOWS\system32\DRIVERS\hidusb.sys
11:06:36.0562 1096 hidusb - ok
11:06:36.0609 1096 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc E:\WINDOWS\System32\kmsvc.dll
11:06:36.0765 1096 hkmsvc - ok
11:06:36.0781 1096 hpn - ok
11:06:36.0843 1096 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP E:\WINDOWS\system32\Drivers\HTTP.sys
11:06:36.0937 1096 HTTP - ok
11:06:36.0984 1096 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter E:\WINDOWS\System32\w3ssl.dll
11:06:37.0156 1096 HTTPFilter - ok
11:06:37.0156 1096 i2omgmt - ok
11:06:37.0171 1096 i2omp - ok
11:06:37.0234 1096 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt E:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:06:37.0421 1096 i8042prt - ok
11:06:37.0593 1096 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:06:37.0687 1096 idsvc - ok
11:06:37.0718 1096 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi E:\WINDOWS\system32\DRIVERS\imapi.sys
11:06:37.0890 1096 Imapi - ok
11:06:37.0953 1096 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService E:\WINDOWS\system32\imapi.exe
11:06:38.0109 1096 ImapiService - ok
11:06:38.0125 1096 ini910u - ok
11:06:38.0156 1096 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde E:\WINDOWS\system32\DRIVERS\intelide.sys
11:06:38.0328 1096 IntelIde - ok
11:06:38.0359 1096 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm E:\WINDOWS\system32\DRIVERS\intelppm.sys
11:06:38.0500 1096 intelppm - ok
11:06:38.0531 1096 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw E:\WINDOWS\system32\drivers\ip6fw.sys
11:06:38.0718 1096 Ip6Fw - ok
11:06:38.0828 1096 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:06:39.0015 1096 IpFilterDriver - ok
11:06:39.0046 1096 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp E:\WINDOWS\system32\DRIVERS\ipinip.sys
11:06:39.0203 1096 IpInIp - ok
11:06:39.0250 1096 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat E:\WINDOWS\system32\DRIVERS\ipnat.sys
11:06:39.0406 1096 IpNat - ok
11:06:39.0625 1096 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service E:\Program Files\iPod\bin\iPodService.exe
11:06:39.0687 1096 iPod Service - ok
11:06:39.0796 1096 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec E:\WINDOWS\system32\DRIVERS\ipsec.sys
11:06:39.0984 1096 IPSec - ok
11:06:40.0015 1096 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM E:\WINDOWS\system32\DRIVERS\irenum.sys
11:06:40.0156 1096 IRENUM - ok
11:06:40.0187 1096 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp E:\WINDOWS\system32\DRIVERS\isapnp.sys
11:06:40.0343 1096 isapnp - ok
11:06:40.0750 1096 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService E:\Program Files\Java\jre6\bin\jqs.exe
11:06:40.0781 1096 JavaQuickStarterService - ok
11:06:40.0859 1096 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass E:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:06:41.0062 1096 Kbdclass - ok
11:06:41.0093 1096 [ 692BCF44383D056AED41B045A323D378 ] kmixer E:\WINDOWS\system32\drivers\kmixer.sys
11:06:41.0265 1096 kmixer - ok
11:06:41.0375 1096 [ B467646C54CC746128904E1654C750C1 ] KSecDD E:\WINDOWS\system32\drivers\KSecDD.sys
11:06:41.0546 1096 KSecDD - ok
11:06:41.0625 1096 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver E:\WINDOWS\System32\srvsvc.dll
11:06:41.0750 1096 lanmanserver - ok
11:06:41.0875 1096 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation E:\WINDOWS\System32\wkssvc.dll
11:06:42.0031 1096 lanmanworkstation - ok
11:06:42.0046 1096 lbrtfdc - ok
11:06:42.0187 1096 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts E:\WINDOWS\System32\lmhsvc.dll
11:06:42.0406 1096 LmHosts - ok
11:06:42.0406 1096 LVUSBSta - ok
11:06:42.0421 1096 mcdbus - ok
11:06:42.0578 1096 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger E:\WINDOWS\System32\msgsvc.dll
11:06:42.0796 1096 Messenger - ok
11:06:42.0875 1096 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd E:\WINDOWS\system32\drivers\mnmdd.sys
11:06:43.0046 1096 mnmdd - ok
11:06:43.0093 1096 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc E:\WINDOWS\system32\mnmsrvc.exe
11:06:43.0281 1096 mnmsrvc - ok
11:06:43.0328 1096 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem E:\WINDOWS\system32\drivers\Modem.sys
11:06:43.0531 1096 Modem - ok
11:06:43.0578 1096 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass E:\WINDOWS\system32\DRIVERS\mouclass.sys
11:06:43.0890 1096 Mouclass - ok
11:06:43.0953 1096 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid E:\WINDOWS\system32\DRIVERS\mouhid.sys
11:06:44.0171 1096 mouhid - ok
11:06:44.0203 1096 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr E:\WINDOWS\system32\drivers\MountMgr.sys
11:06:44.0453 1096 MountMgr - ok
11:06:44.0546 1096 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:06:44.0593 1096 MozillaMaintenance - ok
11:06:44.0609 1096 mraid35x - ok
11:06:44.0937 1096 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV E:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:06:45.0125 1096 MRxDAV - ok
11:06:45.0234 1096 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:06:45.0328 1096 MRxSmb - ok
11:06:45.0406 1096 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC E:\WINDOWS\system32\msdtc.exe
11:06:45.0609 1096 MSDTC - ok
11:06:45.0687 1096 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs E:\WINDOWS\system32\drivers\Msfs.sys
11:06:45.0921 1096 Msfs - ok
11:06:45.0937 1096 MSIServer - ok
11:06:45.0968 1096 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV E:\WINDOWS\system32\drivers\MSKSSRV.sys
11:06:46.0140 1096 MSKSSRV - ok
11:06:46.0171 1096 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK E:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:06:46.0406 1096 MSPCLOCK - ok
11:06:46.0625 1096 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM E:\WINDOWS\system32\drivers\MSPQM.sys
11:06:46.0796 1096 MSPQM - ok
11:06:46.0921 1096 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios E:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:06:47.0125 1096 mssmbios - ok
11:06:47.0187 1096 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE E:\WINDOWS\system32\drivers\MSTEE.sys
11:06:47.0359 1096 MSTEE - ok
11:06:47.0468 1096 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup E:\WINDOWS\system32\drivers\Mup.sys
11:06:47.0625 1096 Mup - ok
11:06:47.0781 1096 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:06:47.0968 1096 NABTSFEC - ok
11:06:48.0031 1096 [ 0102140028FAD045756796E1C685D695 ] napagent E:\WINDOWS\System32\qagentrt.dll
11:06:48.0234 1096 napagent - ok
11:06:48.0296 1096 [ 1DF7F42665C94B825322FAE71721130D ] NDIS E:\WINDOWS\system32\drivers\NDIS.sys
11:06:48.0531 1096 NDIS - ok
11:06:48.0546 1096 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP E:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:06:48.0734 1096 NdisIP - ok
11:06:48.0781 1096 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi E:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:06:48.0921 1096 NdisTapi - ok
11:06:48.0953 1096 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio E:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:06:49.0156 1096 Ndisuio - ok
11:06:49.0203 1096 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan E:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:06:49.0421 1096 NdisWan - ok
11:06:49.0484 1096 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy E:\WINDOWS\system32\drivers\NDProxy.sys
11:06:49.0593 1096 NDProxy - ok
11:06:49.0640 1096 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS E:\WINDOWS\system32\DRIVERS\netbios.sys
11:06:49.0875 1096 NetBIOS - ok
11:06:49.0906 1096 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT E:\WINDOWS\system32\DRIVERS\netbt.sys
11:06:50.0125 1096 NetBT - ok
11:06:50.0203 1096 [ B857BA82860D7FF85AE29B095645563B ] NetDDE E:\WINDOWS\system32\netdde.exe
11:06:50.0468 1096 NetDDE - ok
11:06:50.0515 1096 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm E:\WINDOWS\system32\netdde.exe
11:06:50.0734 1096 NetDDEdsdm - ok
11:06:50.0796 1096 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon E:\WINDOWS\system32\lsass.exe
11:06:51.0031 1096 Netlogon - ok
11:06:51.0125 1096 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman E:\WINDOWS\System32\netman.dll
11:06:51.0343 1096 Netman - ok
11:06:51.0375 1096 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:06:51.0421 1096 NetTcpPortSharing - ok
11:06:51.0500 1096 [ 943337D786A56729263071623BBB9DE5 ] Nla E:\WINDOWS\System32\mswsock.dll
11:06:51.0531 1096 Nla - ok
11:06:51.0578 1096 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs E:\WINDOWS\system32\drivers\Npfs.sys
11:06:51.0843 1096 Npfs - ok
11:06:51.0906 1096 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs E:\WINDOWS\system32\drivers\Ntfs.sys
11:06:52.0156 1096 Ntfs - ok
11:06:52.0187 1096 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp E:\WINDOWS\system32\lsass.exe
11:06:52.0390 1096 NtLmSsp - ok
11:06:52.0515 1096 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc E:\WINDOWS\system32\ntmssvc.dll
11:06:53.0203 1096 NtmsSvc - ok
11:06:53.0218 1096 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null E:\WINDOWS\system32\drivers\Null.sys
11:06:53.0406 1096 Null - ok
11:06:53.0453 1096 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:06:53.0656 1096 NwlnkFlt - ok
11:06:53.0687 1096 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:06:53.0890 1096 NwlnkFwd - ok
11:06:54.0015 1096 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport E:\WINDOWS\system32\DRIVERS\parport.sys
11:06:54.0218 1096 Parport - ok
11:06:54.0281 1096 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr E:\WINDOWS\system32\drivers\PartMgr.sys
11:06:54.0453 1096 PartMgr - ok
11:06:54.0531 1096 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm E:\WINDOWS\system32\drivers\ParVdm.sys
11:06:59.0187 1096 ParVdm - ok
11:06:59.0250 1096 [ A219903CCF74233761D92BEF471A07B1 ] PCI E:\WINDOWS\system32\DRIVERS\pci.sys
11:06:59.0515 1096 PCI - ok
11:06:59.0531 1096 PCIDump - ok
11:06:59.0578 1096 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde E:\WINDOWS\system32\drivers\PCIIde.sys
11:06:59.0906 1096 PCIIde - ok
11:07:00.0078 1096 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia E:\WINDOWS\system32\drivers\Pcmcia.sys
11:07:00.0296 1096 Pcmcia - ok
11:07:00.0312 1096 PDCOMP - ok
11:07:00.0328 1096 PDFRAME - ok
11:07:00.0343 1096 PDRELI - ok
11:07:00.0359 1096 PDRFRAME - ok
11:07:00.0375 1096 perc2 - ok
11:07:00.0390 1096 perc2hib - ok
11:07:00.0453 1096 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay E:\WINDOWS\system32\services.exe
11:07:00.0484 1096 PlugPlay - ok
11:07:00.0500 1096 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent E:\WINDOWS\system32\lsass.exe
11:07:00.0734 1096 PolicyAgent - ok
11:07:00.0796 1096 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport E:\WINDOWS\system32\DRIVERS\raspptp.sys
11:07:01.0031 1096 PptpMiniport - ok
11:07:01.0171 1096 [ D90A33660D328A9F587580F0B38C85DE ] Profos E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys
11:07:01.0421 1096 Profos ( UnsignedFile.Multi.Generic ) - warning
11:07:01.0421 1096 Profos - detected UnsignedFile.Multi.Generic (1)
11:07:01.0484 1096 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage E:\WINDOWS\system32\lsass.exe
11:07:01.0734 1096 ProtectedStorage - ok
11:07:01.0812 1096 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched E:\WINDOWS\system32\DRIVERS\psched.sys
11:07:02.0078 1096 PSched - ok
11:07:02.0140 1096 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink E:\WINDOWS\system32\DRIVERS\ptilink.sys
11:07:02.0437 1096 Ptilink - ok
11:07:02.0453 1096 QCMerced - ok
11:07:02.0468 1096 ql1080 - ok
11:07:02.0484 1096 Ql10wnt - ok
11:07:02.0500 1096 ql12160 - ok
11:07:02.0515 1096 ql1240 - ok
11:07:02.0531 1096 ql1280 - ok
11:07:02.0609 1096 [ 6DCEFFAD9F0A9AB4FBFEFC044C2EA0ED ] Radialpoint Security Services E:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
11:07:02.0703 1096 Radialpoint Security Services - ok
11:07:03.0484 1096 [ C4890ACE6384522E9B678F403AB5A145 ] RadialpointIDSAgent E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
11:07:04.0109 1096 RadialpointIDSAgent - ok
11:07:04.0312 1096 [ 9DC4B985729C8AE26B0FD607D2081048 ] RadialpointIDSDriver E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
11:07:04.0328 1096 RadialpointIDSDriver - ok
11:07:04.0359 1096 [ 2457250CA176E7FDE9C3D3B2C94341F0 ] RadialpointIDSEH E:\WINDOWS\system32\drivers\AVGIDSEH.sys
11:07:04.0390 1096 RadialpointIDSEH - ok
11:07:04.0406 1096 [ 0871AAD56C4960E311150FD724E106AE ] RadialpointIDSFilter E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
11:07:04.0437 1096 RadialpointIDSFilter - ok
11:07:04.0453 1096 [ 2B949205F1C53B6E4002A3C38327C9A2 ] RadialpointIDSShim E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
11:07:04.0484 1096 RadialpointIDSShim - ok
11:07:04.0546 1096 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd E:\WINDOWS\system32\DRIVERS\rasacd.sys
11:07:04.0765 1096 RasAcd - ok
11:07:04.0812 1096 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto E:\WINDOWS\System32\rasauto.dll
11:07:05.0046 1096 RasAuto - ok
11:07:05.0078 1096 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:07:05.0250 1096 Rasl2tp - ok
11:07:05.0359 1096 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan E:\WINDOWS\System32\rasmans.dll
11:07:05.0703 1096 RasMan - ok
11:07:05.0750 1096 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe E:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:07:06.0015 1096 RasPppoe - ok
11:07:06.0062 1096 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti E:\WINDOWS\system32\DRIVERS\raspti.sys
11:07:06.0312 1096 Raspti - ok
11:07:06.0359 1096 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss E:\WINDOWS\system32\DRIVERS\rdbss.sys
11:07:06.0593 1096 Rdbss - ok
11:07:06.0609 1096 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:07:06.0843 1096 RDPCDD - ok
11:07:06.0890 1096 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr E:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:07:07.0109 1096 rdpdr - ok
11:07:07.0234 1096 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD E:\WINDOWS\system32\drivers\RDPWD.sys
11:07:07.0390 1096 RDPWD - ok
11:07:07.0453 1096 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr E:\WINDOWS\system32\sessmgr.exe
11:07:07.0656 1096 RDSessMgr - ok
11:07:08.0062 1096 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service E:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
11:07:08.0078 1096 RealNetworks Downloader Resolver Service - ok
11:07:08.0109 1096 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook E:\WINDOWS\system32\DRIVERS\redbook.sys
11:07:08.0312 1096 redbook - ok
11:07:08.0359 1096 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess E:\WINDOWS\System32\mprdim.dll
11:07:08.0578 1096 RemoteAccess - ok
11:07:08.0625 1096 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry E:\WINDOWS\system32\regsvc.dll
11:07:08.0843 1096 RemoteRegistry - ok
11:07:08.0875 1096 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM E:\WINDOWS\system32\Drivers\RootMdm.sys
11:07:09.0062 1096 ROOTMODEM - ok
11:07:09.0125 1096 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator E:\WINDOWS\system32\locator.exe
11:07:09.0265 1096 RpcLocator - ok
11:07:09.0296 1096 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs E:\WINDOWS\system32\rpcss.dll
11:07:09.0359 1096 RpcSs - ok
11:07:09.0421 1096 [ B7E136986BB3DAC249A00E760281F0A9 ] RPPKT E:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
11:07:09.0437 1096 RPPKT - ok
11:07:09.0500 1096 [ 750D83C39D60964B6BC2B8A75ED7A165 ] RPSKT E:\WINDOWS\system32\DRIVERS\rp_skt32.sys
11:07:09.0515 1096 RPSKT - ok
11:07:09.0578 1096 [ 3FC8401DF4EE3C257569CD50F2FF2F0D ] RP_FWS E:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
11:07:09.0625 1096 RP_FWS - ok
11:07:09.0671 1096 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP E:\WINDOWS\system32\rsvp.exe
11:07:09.0906 1096 RSVP - ok
11:07:09.0937 1096 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs E:\WINDOWS\system32\lsass.exe
11:07:10.0078 1096 SamSs - ok
11:07:10.0421 1096 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc E:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
11:07:10.0625 1096 SBAMSvc - ok
11:07:10.0656 1096 [ 62BA65CC0B4A4BD1EAFF5FED6E2B5069 ] sbaphd E:\WINDOWS\system32\drivers\sbaphd.sys
11:07:10.0687 1096 sbaphd - ok
11:07:10.0718 1096 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs E:\WINDOWS\system32\drivers\sbapifs.sys
11:07:10.0750 1096 sbapifs - ok
11:07:10.0812 1096 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE E:\WINDOWS\system32\drivers\SBREdrv.sys
11:07:10.0843 1096 SBRE - ok
11:07:10.0890 1096 [ 4BEA90F7D79143CC2135E2C5E85C9EB0 ] scan E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\scan.dll
11:07:10.0921 1096 scan ( UnsignedFile.Multi.Generic ) - warning
11:07:10.0921 1096 scan - detected UnsignedFile.Multi.Generic (1)
11:07:10.0984 1096 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr E:\WINDOWS\System32\SCardSvr.exe
11:07:11.0125 1096 SCardSvr - ok
11:07:11.0171 1096 [ 9FEB2026A460916D1A1198B460632630 ] SCDEmu E:\WINDOWS\system32\drivers\SCDEmu.sys
11:07:11.0203 1096 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
11:07:11.0203 1096 SCDEmu - detected UnsignedFile.Multi.Generic (1)
11:07:11.0265 1096 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule E:\WINDOWS\system32\schedsvc.dll
11:07:11.0406 1096 Schedule - ok
11:07:11.0453 1096 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv E:\WINDOWS\system32\DRIVERS\secdrv.sys
11:07:11.0546 1096 Secdrv - ok
11:07:11.0593 1096 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon E:\WINDOWS\System32\seclogon.dll
11:07:11.0765 1096 seclogon - ok
11:07:11.0828 1096 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS E:\WINDOWS\system32\sens.dll
11:07:12.0000 1096 SENS - ok
11:07:12.0031 1096 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum E:\WINDOWS\system32\DRIVERS\serenum.sys
11:07:12.0171 1096 serenum - ok
11:07:12.0203 1096 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial E:\WINDOWS\system32\DRIVERS\serial.sys
11:07:12.0359 1096 Serial - ok
11:07:13.0500 1096 [ 47C274B918DFA3DE8E25E902568CBEA6 ] ServicepointService E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
11:07:13.0718 1096 ServicepointService - ok
11:07:13.0750 1096 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy E:\WINDOWS\system32\drivers\Sfloppy.sys
11:07:13.0937 1096 Sfloppy - ok
11:07:13.0984 1096 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess E:\WINDOWS\System32\ipnathlp.dll
11:07:14.0187 1096 SharedAccess - ok
11:07:14.0218 1096 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection E:\WINDOWS\System32\shsvcs.dll
11:07:14.0265 1096 ShellHWDetection - ok
11:07:14.0265 1096 Simbad - ok
11:07:14.0296 1096 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP E:\WINDOWS\system32\DRIVERS\SLIP.sys
11:07:14.0437 1096 SLIP - ok
11:07:14.0500 1096 [ 4AA922332433CDEB8B82C072C212E32E ] smwdm E:\WINDOWS\system32\drivers\smwdm.sys
11:07:14.0562 1096 smwdm - ok
11:07:14.0578 1096 Sparrow - ok
11:07:14.0625 1096 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter E:\WINDOWS\system32\drivers\splitter.sys
11:07:14.0781 1096 splitter - ok
11:07:14.0843 1096 [ 60784F891563FB1B767F70117FC2428F ] Spooler E:\WINDOWS\system32\spoolsv.exe
11:07:14.0921 1096 Spooler - ok
11:07:14.0937 1096 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr E:\WINDOWS\system32\DRIVERS\sr.sys
11:07:15.0031 1096 sr - ok
11:07:15.0093 1096 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice E:\WINDOWS\system32\srsvc.dll
11:07:15.0187 1096 srservice - ok
11:07:15.0250 1096 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv E:\WINDOWS\system32\DRIVERS\srv.sys
11:07:15.0312 1096 Srv - ok
11:07:15.0359 1096 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV E:\WINDOWS\System32\ssdpsrv.dll
11:07:15.0453 1096 SSDPSRV - ok
11:07:15.0468 1096 StarOpen - ok
11:07:15.0515 1096 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc E:\WINDOWS\system32\wiaservc.dll
11:07:15.0671 1096 stisvc - ok
11:07:15.0750 1096 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip E:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:07:15.0937 1096 streamip - ok
11:07:16.0000 1096 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum E:\WINDOWS\system32\DRIVERS\swenum.sys
11:07:16.0140 1096 swenum - ok
11:07:16.0171 1096 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi E:\WINDOWS\system32\drivers\swmidi.sys
11:07:17.0000 1096 swmidi - ok
11:07:17.0015 1096 SwPrv - ok
11:07:17.0046 1096 symc810 - ok
11:07:17.0046 1096 symc8xx - ok
11:07:17.0078 1096 sym_hi - ok
11:07:17.0093 1096 sym_u3 - ok
11:07:17.0125 1096 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio E:\WINDOWS\system32\drivers\sysaudio.sys
11:07:17.0281 1096 sysaudio - ok
11:07:17.0328 1096 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog E:\WINDOWS\system32\smlogsvc.exe
11:07:17.0484 1096 SysmonLog - ok
11:07:17.0531 1096 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv E:\WINDOWS\System32\tapisrv.dll
11:07:17.0687 1096 TapiSrv - ok
11:07:17.0734 1096 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip E:\WINDOWS\system32\DRIVERS\tcpip.sys
11:07:17.0796 1096 Tcpip - ok
11:07:17.0812 1096 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE E:\WINDOWS\system32\drivers\TDPIPE.sys
11:07:17.0984 1096 TDPIPE - ok
11:07:18.0015 1096 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP E:\WINDOWS\system32\drivers\TDTCP.sys
11:07:18.0187 1096 TDTCP - ok
11:07:18.0203 1096 [ 88155247177638048422893737429D9E ] TermDD E:\WINDOWS\system32\DRIVERS\termdd.sys
11:07:18.0359 1096 TermDD - ok
11:07:18.0421 1096 [ FF3477C03BE7201C294C35F684B3479F ] TermService E:\WINDOWS\System32\termsrv.dll
11:07:18.0562 1096 TermService - ok
11:07:18.0593 1096 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes E:\WINDOWS\System32\shsvcs.dll
11:07:18.0625 1096 Themes - ok
11:07:18.0687 1096 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr E:\WINDOWS\system32\tlntsvr.exe
11:07:18.0781 1096 TlntSvr - ok
11:07:18.0796 1096 TosIde - ok
11:07:18.0843 1096 [ 317B746B6069A10D635FDBDF48723845 ] TPM E:\WINDOWS\system32\DRIVERS\tpm.sys
11:07:18.0906 1096 TPM - ok
11:07:18.0953 1096 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks E:\WINDOWS\system32\trkwks.dll
11:07:19.0109 1096 TrkWks - ok
11:07:19.0140 1096 [ B16D66A71DE03285E14E9F165B59EDA4 ] Trufos E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys
11:07:19.0156 1096 Trufos ( UnsignedFile.Multi.Generic ) - warning
11:07:19.0156 1096 Trufos - detected UnsignedFile.Multi.Generic (1)
11:07:19.0187 1096 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs E:\WINDOWS\system32\drivers\Udfs.sys
11:07:19.0343 1096 Udfs - ok
11:07:19.0343 1096 ultra - ok
11:07:19.0406 1096 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update E:\WINDOWS\system32\DRIVERS\update.sys
11:07:19.0578 1096 Update - ok
11:07:19.0625 1096 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost E:\WINDOWS\System32\upnphost.dll
11:07:19.0734 1096 upnphost - ok
11:07:19.0765 1096 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS E:\WINDOWS\System32\ups.exe
11:07:19.0953 1096 UPS - ok
11:07:20.0000 1096 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL E:\WINDOWS\system32\Drivers\usbaapl.sys
11:07:20.0062 1096 USBAAPL - ok
11:07:20.0078 1096 [ E919708DB44ED8543A7C017953148330 ] usbaudio E:\WINDOWS\system32\drivers\usbaudio.sys
11:07:20.0234 1096 usbaudio - ok
11:07:20.0312 1096 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp E:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:07:20.0468 1096 usbccgp - ok
11:07:20.0500 1096 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci E:\WINDOWS\system32\DRIVERS\usbehci.sys
11:07:20.0640 1096 usbehci - ok
11:07:20.0703 1096 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub E:\WINDOWS\system32\DRIVERS\usbhub.sys
11:07:20.0843 1096 usbhub - ok
11:07:20.0875 1096 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:07:21.0031 1096 USBSTOR - ok
11:07:21.0093 1096 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci E:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:07:21.0234 1096 usbuhci - ok
11:07:21.0359 1096 [ F56F0E24E35FD91F74A5319E7081A0DB ] VaultClientSRV E:\Program Files\Rogers Backup Manager\VaultClientSRV.exe
11:07:21.0437 1096 VaultClientSRV - ok
11:07:21.0468 1096 [ CF3B0AD3091B2997A1E5D4B6BE87EC07 ] VaultClientUpgrade E:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe
11:07:21.0500 1096 VaultClientUpgrade - ok
11:07:21.0546 1096 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave E:\WINDOWS\System32\drivers\vga.sys
11:07:21.0703 1096 VgaSave - ok
11:07:21.0703 1096 ViaIde - ok
11:07:21.0750 1096 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap E:\WINDOWS\system32\drivers\VolSnap.sys
11:07:21.0921 1096 VolSnap - ok
11:07:21.0968 1096 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS E:\WINDOWS\System32\vssvc.exe
11:07:22.0078 1096 VSS - ok
11:07:22.0109 1096 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time E:\WINDOWS\system32\w32time.dll
11:07:22.0250 1096 W32Time - ok
11:07:22.0296 1096 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp E:\WINDOWS\system32\DRIVERS\wanarp.sys
11:07:22.0437 1096 Wanarp - ok
11:07:22.0453 1096 WDICA - ok
11:07:22.0484 1096 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud E:\WINDOWS\system32\drivers\wdmaud.sys
11:07:22.0625 1096 wdmaud - ok
11:07:22.0671 1096 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient E:\WINDOWS\System32\webclnt.dll
11:07:22.0859 1096 WebClient - ok
11:07:22.0937 1096 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt E:\WINDOWS\system32\wbem\WMIsvc.dll
11:07:23.0078 1096 winmgmt - ok
11:07:23.0140 1096 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN E:\WINDOWS\system32\mspmsnsv.dll
11:07:23.0281 1096 WmdmPmSN - ok
11:07:23.0343 1096 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi E:\WINDOWS\System32\advapi32.dll
11:07:23.0421 1096 Wmi - ok
11:07:23.0468 1096 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv E:\WINDOWS\system32\wbem\wmiapsrv.exe
11:07:23.0640 1096 WmiApSrv - ok
11:07:23.0734 1096 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:07:23.0812 1096 WPFFontCache_v0400 - ok
11:07:23.0859 1096 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL E:\WINDOWS\System32\drivers\ws2ifsl.sys
11:07:24.0031 1096 WS2IFSL - ok
11:07:24.0078 1096 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:07:24.0218 1096 WSTCODEC - ok
11:07:24.0265 1096 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC E:\WINDOWS\System32\wzcsvc.dll
11:07:24.0453 1096 WZCSVC - ok
11:07:24.0484 1096 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov E:\WINDOWS\System32\xmlprov.dll
11:07:24.0640 1096 xmlprov - ok
11:07:24.0640 1096 ================ Scan global ===============================
11:07:24.0703 1096 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] E:\WINDOWS\system32\basesrv.dll
11:07:24.0765 1096 [ 8C7DCA4B158BF16894120786A7A5F366 ] E:\WINDOWS\system32\winsrv.dll
11:07:24.0781 1096 [ 8C7DCA4B158BF16894120786A7A5F366 ] E:\WINDOWS\system32\winsrv.dll
11:07:24.0796 1096 [ 65DF52F5B8B6E9BBD183505225C37315 ] E:\WINDOWS\system32\services.exe
11:07:24.0796 1096 [Global] - ok
11:07:24.0796 1096 ================ Scan MBR ==================================
11:07:24.0812 1096 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:07:25.0062 1096 \Device\Harddisk0\DR0 - ok
11:07:25.0078 1096 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
11:07:25.0140 1096 \Device\Harddisk1\DR1 - ok
11:07:25.0562 1096 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR5
11:07:25.0734 1096 \Device\Harddisk2\DR5 - ok
11:07:25.0734 1096 ================ Scan VBR ==================================
11:07:25.0750 1096 [ 2DAB343926C0928CB3CC1D44707FE369 ] \Device\Harddisk0\DR0\Partition1
11:07:25.0750 1096 \Device\Harddisk0\DR0\Partition1 - ok
11:07:25.0765 1096 [ F4C6CB4291A74808CCA48A9475F1F443 ] \Device\Harddisk0\DR0\Partition2
11:07:25.0765 1096 \Device\Harddisk0\DR0\Partition2 - ok
11:07:25.0781 1096 [ 5C80B8767B3DC67625FAD46692ECACE8 ] \Device\Harddisk1\DR1\Partition1
11:07:25.0781 1096 \Device\Harddisk1\DR1\Partition1 - ok
11:07:25.0781 1096 [ EEEE46DC1EFBD91B80EC5E5F809D8DFE ] \Device\Harddisk2\DR5\Partition1
11:07:25.0781 1096 \Device\Harddisk2\DR5\Partition1 - ok
11:07:25.0796 1096 ================ Scan active images ========================
11:07:25.0796 1096 [ 8C953733D8F36EB2133F5BB58808B66B ] E:\WINDOWS\system32\drivers\intelppm.sys
11:07:25.0796 1096 E:\WINDOWS\system32\drivers\intelppm.sys - ok
11:07:25.0796 1096 [ E28726B72C46821A28830E077D39A55B ] E:\WINDOWS\system32\drivers\videoprt.sys
11:07:25.0796 1096 E:\WINDOWS\system32\drivers\videoprt.sys - ok
11:07:25.0812 1096 [ 3B88B6466896CC1A3A7E3287D72ACA85 ] E:\WINDOWS\system32\drivers\ati2mtag.sys
11:07:25.0812 1096 E:\WINDOWS\system32\drivers\ati2mtag.sys - ok
11:07:25.0828 1096 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] E:\WINDOWS\system32\drivers\usbport.sys
11:07:25.0828 1096 E:\WINDOWS\system32\drivers\usbport.sys - ok
11:07:25.0828 1096 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] E:\WINDOWS\system32\drivers\usbehci.sys
11:07:25.0828 1096 E:\WINDOWS\system32\drivers\usbehci.sys - ok
11:07:25.0843 1096 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] E:\WINDOWS\system32\drivers\usbuhci.sys
11:07:25.0843 1096 E:\WINDOWS\system32\drivers\usbuhci.sys - ok
11:07:25.0859 1096 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] E:\WINDOWS\system32\drivers\b57xp32.sys
11:07:25.0859 1096 E:\WINDOWS\system32\drivers\b57xp32.sys - ok
11:07:25.0875 1096 [ 0753515F78DF7F271A5E61C20BCD36A1 ] E:\WINDOWS\system32\drivers\ks.sys
11:07:25.0875 1096 E:\WINDOWS\system32\drivers\ks.sys - ok
11:07:25.0875 1096 [ 6CB08593487F5701D2D2254E693EAFCE ] E:\WINDOWS\system32\drivers\drmk.sys
11:07:25.0875 1096 E:\WINDOWS\system32\drivers\drmk.sys - ok
11:07:25.0890 1096 [ E82A496C3961EFC6828B508C310CE98F ] E:\WINDOWS\system32\drivers\portcls.sys
11:07:25.0890 1096 E:\WINDOWS\system32\drivers\portcls.sys - ok
11:07:25.0906 1096 [ 4AA922332433CDEB8B82C072C212E32E ] E:\WINDOWS\system32\drivers\smwdm.sys
11:07:25.0906 1096 E:\WINDOWS\system32\drivers\smwdm.sys - ok
11:07:25.0921 1096 [ 3CB6AE5435987B1F8C83FD2730479878 ] E:\WINDOWS\system32\drivers\aeaudio.sys
11:07:25.0921 1096 E:\WINDOWS\system32\drivers\aeaudio.sys - ok
11:07:25.0921 1096 [ 4A0B06AA8943C1E332520F7440C0AA30 ] E:\WINDOWS\system32\drivers\i8042prt.sys
11:07:25.0937 1096 E:\WINDOWS\system32\drivers\i8042prt.sys - ok
11:07:25.0937 1096 [ 463C1EC80CD17420A542B7F36A36F128 ] E:\WINDOWS\system32\drivers\kbdclass.sys
11:07:25.0937 1096 E:\WINDOWS\system32\drivers\kbdclass.sys - ok
11:07:25.0953 1096 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] E:\WINDOWS\system32\drivers\fdc.sys
11:07:25.0953 1096 E:\WINDOWS\system32\drivers\fdc.sys - ok
11:07:25.0953 1096 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] E:\WINDOWS\system32\drivers\serial.sys
11:07:25.0953 1096 E:\WINDOWS\system32\drivers\serial.sys - ok
11:07:25.0968 1096 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] E:\WINDOWS\system32\drivers\serenum.sys
11:07:25.0968 1096 E:\WINDOWS\system32\drivers\serenum.sys - ok
11:07:25.0968 1096 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] E:\WINDOWS\system32\drivers\parport.sys
11:07:25.0968 1096 E:\WINDOWS\system32\drivers\parport.sys - ok
11:07:25.0984 1096 [ 1477CAD56A8BC34A017381A2D73E9518 ] E:\WINDOWS\system32\drivers\cdrom.sys
11:07:25.0984 1096 E:\WINDOWS\system32\drivers\cdrom.sys - ok
11:07:25.0984 1096 [ 317B746B6069A10D635FDBDF48723845 ] E:\WINDOWS\system32\drivers\tpm.sys
11:07:25.0984 1096 E:\WINDOWS\system32\drivers\tpm.sys - ok
11:07:26.0000 1096 [ 1F4260CC5B42272D71F79E570A27A4FE ] E:\WINDOWS\system32\drivers\`
11:07:26.0000 1096 E:\WINDOWS\system32\drivers\` - ok
11:07:26.0000 1096 [ F828DD7E1419B6653894A8F97A0094C5 ] E:\WINDOWS\system32\drivers\redbook.sys
11:07:26.0000 1096 E:\WINDOWS\system32\drivers\redbook.sys - ok
11:07:26.0015 1096 [ D9F724AA26C010A217C97606B160ED68 ] E:\WINDOWS\system32\drivers\audstub.sys
11:07:26.0015 1096 E:\WINDOWS\system32\drivers\audstub.sys - ok
11:07:26.0015 1096 [ 185ADA973B5020655CEE342059A86CBB ] E:\WINDOWS\system32\drivers\GEARAspiWDM.sys
11:07:26.0015 1096 E:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
11:07:26.0031 1096 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] E:\WINDOWS\system32\drivers\rootmdm.sys
11:07:26.0031 1096 E:\WINDOWS\system32\drivers\rootmdm.sys - ok
11:07:26.0046 1096 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] E:\WINDOWS\system32\drivers\modem.sys
11:07:26.0046 1096 E:\WINDOWS\system32\drivers\modem.sys - ok
11:07:26.0046 1096 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] E:\WINDOWS\system32\drivers\rasl2tp.sys
11:07:26.0046 1096 E:\WINDOWS\system32\drivers\rasl2tp.sys - ok
11:07:26.0062 1096 [ 0109C4F3850DFBAB279542515386AE22 ] E:\WINDOWS\system32\drivers\ndistapi.sys
11:07:26.0062 1096 E:\WINDOWS\system32\drivers\ndistapi.sys - ok
11:07:26.0062 1096 [ EDC1531A49C80614B2CFDA43CA8659AB ] E:\WINDOWS\system32\drivers\ndiswan.sys
11:07:26.0062 1096 E:\WINDOWS\system32\drivers\ndiswan.sys - ok
11:07:26.0078 1096 [ 5BC962F2654137C9909C3D4603587DEE ] E:\WINDOWS\system32\drivers\raspppoe.sys
11:07:26.0078 1096 E:\WINDOWS\system32\drivers\raspppoe.sys - ok
11:07:26.0078 1096 [ 0539D5E53587F82D1B4FD74C5BE205CF ] E:\WINDOWS\system32\drivers\tdi.sys
11:07:26.0093 1096 E:\WINDOWS\system32\drivers\tdi.sys - ok
11:07:26.0093 1096 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] E:\WINDOWS\system32\drivers\raspptp.sys
11:07:26.0093 1096 E:\WINDOWS\system32\drivers\raspptp.sys - ok
11:07:26.0109 1096 [ 09298EC810B07E5D582CB3A3F9255424 ] E:\WINDOWS\system32\drivers\psched.sys
11:07:26.0109 1096 E:\WINDOWS\system32\drivers\psched.sys - ok
11:07:26.0109 1096 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] E:\WINDOWS\system32\drivers\msgpc.sys
11:07:26.0109 1096 E:\WINDOWS\system32\drivers\msgpc.sys - ok
11:07:26.0125 1096 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] E:\WINDOWS\system32\drivers\ptilink.sys
11:07:26.0125 1096 E:\WINDOWS\system32\drivers\ptilink.sys - ok
11:07:26.0125 1096 [ FDBB1D60066FCFBB7452FD8F9829B242 ] E:\WINDOWS\system32\drivers\raspti.sys
11:07:26.0125 1096 E:\WINDOWS\system32\drivers\raspti.sys - ok
11:07:26.0140 1096 [ 750D83C39D60964B6BC2B8A75ED7A165 ] E:\WINDOWS\system32\drivers\rp_skt32.sys
11:07:26.0140 1096 E:\WINDOWS\system32\drivers\rp_skt32.sys - ok
11:07:26.0140 1096 [ 15CABD0F7C00C47C70124907916AF3F1 ] E:\WINDOWS\system32\drivers\rdpdr.sys
11:07:26.0140 1096 E:\WINDOWS\system32\drivers\rdpdr.sys - ok
11:07:26.0156 1096 [ 88155247177638048422893737429D9E ] E:\WINDOWS\system32\drivers\termdd.sys
11:07:26.0156 1096 E:\WINDOWS\system32\drivers\termdd.sys - ok
11:07:26.0171 1096 [ 35C9E97194C8CFB8430125F8DBC34D04 ] E:\WINDOWS\system32\drivers\mouclass.sys
11:07:26.0171 1096 E:\WINDOWS\system32\drivers\mouclass.sys - ok
11:07:26.0171 1096 [ B7E136986BB3DAC249A00E760281F0A9 ] E:\WINDOWS\system32\drivers\rp_pkt32.sys
11:07:26.0171 1096 E:\WINDOWS\system32\drivers\rp_pkt32.sys - ok
11:07:26.0187 1096 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] E:\WINDOWS\system32\drivers\swenum.sys
11:07:26.0187 1096 E:\WINDOWS\system32\drivers\swenum.sys - ok
11:07:26.0187 1096 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] E:\WINDOWS\system32\drivers\update.sys
11:07:26.0187 1096 E:\WINDOWS\system32\drivers\update.sys - ok
11:07:26.0203 1096 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] E:\WINDOWS\system32\drivers\mssmbios.sys
11:07:26.0203 1096 E:\WINDOWS\system32\drivers\mssmbios.sys - ok
11:07:26.0203 1096 [ 9282BD12DFB069D3889EB3FCC1000A9B ] E:\WINDOWS\system32\drivers\ndproxy.sys
11:07:26.0203 1096 E:\WINDOWS\system32\drivers\ndproxy.sys - ok
11:07:26.0218 1096 [ 596EB39B50D6EBD9B734DC4AE0544693 ] E:\WINDOWS\system32\drivers\usbd.sys
11:07:26.0218 1096 E:\WINDOWS\system32\drivers\usbd.sys - ok
11:07:26.0218 1096 [ 1AB3CDDE553B6E064D2E754EFE20285C ] E:\WINDOWS\system32\drivers\usbhub.sys
11:07:26.0218 1096 E:\WINDOWS\system32\drivers\usbhub.sys - ok
11:07:26.0234 1096 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] E:\WINDOWS\system32\drivers\flpydisk.sys
11:07:26.0234 1096 E:\WINDOWS\system32\drivers\flpydisk.sys - ok
11:07:26.0234 1096 [ 8E6B8C671615D126FDC553D1E2DE5562 ] E:\WINDOWS\system32\drivers\sfloppy.sys
11:07:26.0234 1096 E:\WINDOWS\system32\drivers\sfloppy.sys - ok
11:07:26.0250 1096 [ C1B486A7658353D33A10CC15211A873B ] E:\WINDOWS\system32\drivers\cdaudio.sys
11:07:26.0250 1096 E:\WINDOWS\system32\drivers\cdaudio.sys - ok
11:07:26.0265 1096 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] E:\WINDOWS\system32\drivers\fs_rec.sys
11:07:26.0265 1096 E:\WINDOWS\system32\drivers\fs_rec.sys - ok
11:07:26.0265 1096 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] E:\WINDOWS\system32\drivers\null.sys
11:07:26.0265 1096 E:\WINDOWS\system32\drivers\null.sys - ok
11:07:26.0281 1096 [ DA1F27D85E0D1525F6621372E7B685E9 ] E:\WINDOWS\system32\drivers\beep.sys
11:07:26.0281 1096 E:\WINDOWS\system32\drivers\beep.sys - ok
11:07:26.0281 1096 [ 1FD538C4FEB36B793D2121F20BBDC16F ] E:\WINDOWS\system32\drivers\SBREDrv.sys
11:07:26.0281 1096 E:\WINDOWS\system32\drivers\SBREDrv.sys - ok
11:07:26.0296 1096 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] E:\WINDOWS\system32\drivers\vga.sys
11:07:26.0296 1096 E:\WINDOWS\system32\drivers\vga.sys - ok
11:07:26.0296 1096 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] E:\WINDOWS\system32\drivers\mnmdd.sys
11:07:26.0296 1096 E:\WINDOWS\system32\drivers\mnmdd.sys - ok
11:07:26.0312 1096 [ 4912D5B403614CE99C28420F75353332 ] E:\WINDOWS\system32\drivers\rdpcdd.sys
11:07:26.0312 1096 E:\WINDOWS\system32\drivers\rdpcdd.sys - ok
11:07:26.0312 1096 [ C941EA2454BA8350021D774DAF0F1027 ] E:\WINDOWS\system32\drivers\msfs.sys
11:07:26.0312 1096 E:\WINDOWS\system32\drivers\msfs.sys - ok
11:07:26.0328 1096 [ 3182D64AE053D6FB034F44B6DEF8034A ] E:\WINDOWS\system32\drivers\npfs.sys
11:07:26.0328 1096 E:\WINDOWS\system32\drivers\npfs.sys - ok
11:07:26.0343 1096 [ 96ECCF28FDBF1B2CC12725818A63628D ] E:\WINDOWS\system32\drivers\hidparse.sys
11:07:26.0343 1096 E:\WINDOWS\system32\drivers\hidparse.sys - ok
11:07:26.0343 1096 [ 1AF592532532A402ED7C060F6954004F ] E:\WINDOWS\system32\drivers\hidclass.sys
11:07:26.0343 1096 E:\WINDOWS\system32\drivers\hidclass.sys - ok
11:07:26.0359 1096 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] E:\WINDOWS\system32\drivers\hidusb.sys
11:07:26.0359 1096 E:\WINDOWS\system32\drivers\hidusb.sys - ok
11:07:26.0359 1096 [ FE0D99D6F31E4FAD8159F690D68DED9C ] E:\WINDOWS\system32\drivers\rasacd.sys
11:07:26.0359 1096 E:\WINDOWS\system32\drivers\rasacd.sys - ok
11:07:26.0375 1096 [ 23C74D75E36E7158768DD63D92789A91 ] E:\WINDOWS\system32\drivers\ipsec.sys
11:07:26.0375 1096 E:\WINDOWS\system32\drivers\ipsec.sys - ok
11:07:26.0375 1096 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] E:\WINDOWS\system32\drivers\tcpip.sys
11:07:26.0375 1096 E:\WINDOWS\system32\drivers\tcpip.sys - ok
11:07:26.0390 1096 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] E:\WINDOWS\system32\drivers\netbt.sys
11:07:26.0390 1096 E:\WINDOWS\system32\drivers\netbt.sys - ok
11:07:26.0406 1096 [ CC748EA12C6EFFDE940EE98098BF96BB ] E:\WINDOWS\system32\drivers\ipnat.sys
11:07:26.0406 1096 E:\WINDOWS\system32\drivers\ipnat.sys - ok
11:07:26.0406 1096 [ E20B95BAEDB550F32DD489265C1DA1F6 ] E:\WINDOWS\system32\drivers\wanarp.sys
11:07:26.0406 1096 E:\WINDOWS\system32\drivers\wanarp.sys - ok
11:07:26.0421 1096 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] E:\WINDOWS\system32\drivers\afd.sys
11:07:26.0421 1096 E:\WINDOWS\system32\drivers\afd.sys - ok
11:07:26.0421 1096 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] E:\WINDOWS\system32\drivers\netbios.sys
11:07:26.0421 1096 E:\WINDOWS\system32\drivers\netbios.sys - ok
11:07:26.0437 1096 [ 62BA65CC0B4A4BD1EAFF5FED6E2B5069 ] E:\WINDOWS\system32\drivers\sbaphd.sys
11:07:26.0437 1096 E:\WINDOWS\system32\drivers\sbaphd.sys - ok
11:07:26.0437 1096 [ 9FEB2026A460916D1A1198B460632630 ] E:\WINDOWS\system32\drivers\scdemu.sys
11:07:26.0437 1096 E:\WINDOWS\system32\drivers\scdemu.sys - ok
11:07:26.0453 1096 [ 7AD224AD1A1437FE28D89CF22B17780A ] E:\WINDOWS\system32\drivers\rdbss.sys
11:07:26.0453 1096 E:\WINDOWS\system32\drivers\rdbss.sys - ok
11:07:26.0453 1096 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] E:\WINDOWS\system32\drivers\mrxsmb.sys
11:07:26.0453 1096 E:\WINDOWS\system32\drivers\mrxsmb.sys - ok
11:07:26.0468 1096 [ A32426D9B14A089EAA1D922E0C5801A9 ] E:\WINDOWS\system32\drivers\USBSTOR.SYS
11:07:26.0468 1096 E:\WINDOWS\system32\drivers\USBSTOR.SYS - ok
11:07:26.0468 1096 [ 083A052659F5310DD8B6A6CB05EDCF8E ] E:\WINDOWS\system32\drivers\imapi.sys
11:07:26.0468 1096 E:\WINDOWS\system32\drivers\imapi.sys - ok
11:07:26.0484 1096 [ D45926117EB9FA946A6AF572FBE1CAA3 ] E:\WINDOWS\system32\drivers\fips.sys
11:07:26.0484 1096 E:\WINDOWS\system32\drivers\fips.sys - ok
11:07:26.0484 1096 [ B1C303E17FB9D46E87A98E4BA6769685 ] E:\WINDOWS\system32\drivers\mouhid.sys
11:07:26.0500 1096 E:\WINDOWS\system32\drivers\mouhid.sys - ok
11:07:26.0500 1096 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] E:\WINDOWS\system32\ntdll.dll
11:07:26.0500 1096 E:\WINDOWS\system32\ntdll.dll - ok
11:07:26.0515 1096 [ 5F816C1F539266D2D4C78694239DA0B5 ] E:\WINDOWS\system32\smss.exe
11:07:26.0515 1096 E:\WINDOWS\system32\smss.exe - ok
11:07:26.0515 1096 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] E:\WINDOWS\system32\autochk.exe
11:07:26.0515 1096 E:\WINDOWS\system32\autochk.exe - ok
11:07:26.0531 1096 [ 9DD07AF82244867CA36681EA2D29CE79 ] E:\WINDOWS\system32\sfcfiles.dll
11:07:26.0531 1096 E:\WINDOWS\system32\sfcfiles.dll - ok
11:07:26.0531 1096 [ C885B02847F5D2FD45A24E219ED93B32 ] E:\WINDOWS\system32\drivers\cdfs.sys
11:07:26.0531 1096 E:\WINDOWS\system32\drivers\cdfs.sys - ok
11:07:26.0546 1096 [ 2F31B7F954BED437F2C75026C65CAF7B ] E:\WINDOWS\system32\drivers\wmilib.sys
11:07:26.0546 1096 E:\WINDOWS\system32\drivers\wmilib.sys - ok
11:07:26.0546 1096 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] E:\WINDOWS\system32\drivers\atapi.sys
11:07:26.0546 1096 E:\WINDOWS\system32\drivers\atapi.sys - ok
11:07:26.0562 1096 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] E:\WINDOWS\system32\drivers\dxapi.sys
11:07:26.0562 1096 E:\WINDOWS\system32\drivers\dxapi.sys - ok
11:07:26.0562 1096 [ 9A10AACBFDC4922715375FB4065EC930 ] E:\WINDOWS\system32\watchdog.sys
11:07:26.0562 1096 E:\WINDOWS\system32\watchdog.sys - ok
11:07:26.0578 1096 [ 44F275C64738EA2056E3D9580C23B60F ] E:\WINDOWS\system32\csrss.exe
11:07:26.0578 1096 E:\WINDOWS\system32\csrss.exe - ok
11:07:26.0593 1096 [ F984CAE54E536681B209F7816D8F68DA ] E:\WINDOWS\system32\win32k.sys
11:07:26.0593 1096 E:\WINDOWS\system32\win32k.sys - ok
11:07:26.0593 1096 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] E:\WINDOWS\system32\basesrv.dll
11:07:26.0593 1096 E:\WINDOWS\system32\basesrv.dll - ok
11:07:26.0609 1096 [ DD40363ABAD230A84C5E2178B11EFA88 ] E:\WINDOWS\system32\csrsrv.dll
11:07:26.0609 1096 E:\WINDOWS\system32\csrsrv.dll - ok
11:07:26.0609 1096 [ 8C7DCA4B158BF16894120786A7A5F366 ] E:\WINDOWS\system32\winsrv.dll
11:07:26.0609 1096 E:\WINDOWS\system32\winsrv.dll - ok
11:07:26.0625 1096 [ 8B1F3320AEBB536E021A5014409862DE ] E:\WINDOWS\system32\gdi32.dll
11:07:26.0625 1096 E:\WINDOWS\system32\gdi32.dll - ok
11:07:26.0625 1096 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] E:\WINDOWS\system32\kernel32.dll
11:07:26.0625 1096 E:\WINDOWS\system32\kernel32.dll - ok
11:07:26.0640 1096 [ B26B135FF1B9F60C9388B4A7D16F600B ] E:\WINDOWS\system32\user32.dll
11:07:26.0640 1096 E:\WINDOWS\system32\user32.dll - ok
11:07:26.0640 1096 [ 012DF358CEBAA23ACB26D82077820817 ] E:\WINDOWS\system32\lpk.dll
11:07:26.0640 1096 E:\WINDOWS\system32\lpk.dll - ok
11:07:26.0656 1096 [ 9E03DC5AB51CFD0190541CE2038D819D ] E:\WINDOWS\system32\usp10.dll
11:07:26.0656 1096 E:\WINDOWS\system32\usp10.dll - ok
11:07:26.0656 1096 [ E76F8807070ED04E7408A86D6D3A6137 ] E:\WINDOWS\system32\advapi32.dll
11:07:26.0656 1096 E:\WINDOWS\system32\advapi32.dll - ok
11:07:26.0671 1096 [ D4502F124289A31976130CCCB014C9AA ] E:\WINDOWS\system32\rpcrt4.dll
11:07:26.0671 1096 E:\WINDOWS\system32\rpcrt4.dll - ok
11:07:26.0671 1096 [ 5357826C8A8DD6A07F17C48BB45BE46E ] E:\WINDOWS\system32\secur32.dll
11:07:26.0687 1096 E:\WINDOWS\system32\secur32.dll - ok
11:07:26.0687 1096 [ AC7280566A7BB85CB3291F04DDC1198E ] E:\WINDOWS\system32\drivers\dxg.sys
11:07:26.0687 1096 E:\WINDOWS\system32\drivers\dxg.sys - ok
11:07:26.0703 1096 [ A73F5D6705B1D820C19B18782E176EFD ] E:\WINDOWS\system32\drivers\dxgthk.sys
11:07:26.0703 1096 E:\WINDOWS\system32\drivers\dxgthk.sys - ok
11:07:26.0703 1096 [ 145BAC9F4B4878FA7F990DCEE5F967B0 ] E:\WINDOWS\system32\ati2cqag.dll
11:07:26.0703 1096 E:\WINDOWS\system32\ati2cqag.dll - ok
11:07:26.0718 1096 [ 11D970BC95E893E2E12230B1322AF177 ] E:\WINDOWS\system32\ati2dvag.dll
11:07:26.0718 1096 E:\WINDOWS\system32\ati2dvag.dll - ok
11:07:26.0718 1096 [ 6121E1AB35E74D1053CF83067ECCDB32 ] E:\WINDOWS\system32\atikvmag.dll
11:07:26.0718 1096 E:\WINDOWS\system32\atikvmag.dll - ok
11:07:26.0750 1096 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] E:\WINDOWS\system32\vga.dll
11:07:26.0750 1096 E:\WINDOWS\system32\vga.dll - ok
11:07:26.0750 1096 [ 52B8AA845ACA9A76920963FBC21A1710 ] E:\WINDOWS\system32\atiok3x2.dll
11:07:26.0750 1096 E:\WINDOWS\system32\atiok3x2.dll - ok
11:07:26.0750 1096 [ 98D7A0F50DB530D858AF656B5953542B ] E:\WINDOWS\system32\ati3duag.dll
11:07:26.0750 1096 E:\WINDOWS\system32\ati3duag.dll - ok
11:07:26.0750 1096 [ C77225FEE0F0CC678552FB6D9409CCD7 ] E:\WINDOWS\system32\ativvaxx.dll
11:07:26.0750 1096 E:\WINDOWS\system32\ativvaxx.dll - ok
11:07:26.0765 1096 [ ED0EF0A136DEC83DF69F04118870003E ] E:\WINDOWS\system32\winlogon.exe
11:07:26.0765 1096 E:\WINDOWS\system32\winlogon.exe - ok
11:07:26.0765 1096 [ 714705F29A917993536A6AB2DEDB0B7F ] E:\WINDOWS\system32\authz.dll
11:07:26.0765 1096 E:\WINDOWS\system32\authz.dll - ok
11:07:26.0781 1096 [ 355EDBB4D412B01F1740C17E3F50FA00 ] E:\WINDOWS\system32\msvcrt.dll
11:07:26.0781 1096 E:\WINDOWS\system32\msvcrt.dll - ok
11:07:26.0781 1096 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] E:\WINDOWS\system32\crypt32.dll
11:07:26.0781 1096 E:\WINDOWS\system32\crypt32.dll - ok
11:07:26.0796 1096 [ 04D898830DF96A17A20FD35D7590F87E ] E:\WINDOWS\system32\msasn1.dll
11:07:26.0796 1096 E:\WINDOWS\system32\msasn1.dll - ok
11:07:26.0812 1096 [ 013C1148C1EC025596896E093F60F608 ] E:\WINDOWS\system32\nddeapi.dll
11:07:26.0812 1096 E:\WINDOWS\system32\nddeapi.dll - ok
11:07:26.0812 1096 [ CAC752BF84DB4666ED3CE0948E6EA937 ] E:\WINDOWS\system32\netapi32.dll
11:07:26.0812 1096 E:\WINDOWS\system32\netapi32.dll - ok
11:07:26.0828 1096 [ FCFA1C55971CC229D353B3A15ACCD995 ] E:\WINDOWS\system32\profmap.dll
11:07:26.0828 1096 E:\WINDOWS\system32\profmap.dll - ok
11:07:26.0828 1096 [ 43D13C80EBEC0135A3611E0F616F179B ] E:\WINDOWS\system32\userenv.dll
11:07:26.0828 1096 E:\WINDOWS\system32\userenv.dll - ok
11:07:26.0843 1096 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] E:\WINDOWS\system32\psapi.dll
11:07:26.0843 1096 E:\WINDOWS\system32\psapi.dll - ok
11:07:26.0859 1096 [ AF11C591F2F4AFF4A6CF699D376F618B ] E:\WINDOWS\system32\regapi.dll
11:07:26.0859 1096 E:\WINDOWS\system32\regapi.dll - ok
11:07:26.0859 1096 [ 24192246760E0E64435522E246B1D6C2 ] E:\WINDOWS\system32\setupapi.dll
11:07:26.0859 1096 E:\WINDOWS\system32\setupapi.dll - ok
11:07:26.0875 1096 [ C7CE131408739B0B3A318BE2D0032719 ] E:\WINDOWS\system32\version.dll
11:07:26.0875 1096 E:\WINDOWS\system32\version.dll - ok
11:07:26.0890 1096 [ 430CEB794F6E6EF8AC86958C242366D6 ] E:\WINDOWS\system32\winsta.dll
11:07:26.0890 1096 E:\WINDOWS\system32\winsta.dll - ok
11:07:26.0906 1096 [ D458B738B4C2CE33174CFB2CE12412DB ] E:\WINDOWS\system32\wintrust.dll
11:07:26.0906 1096 E:\WINDOWS\system32\wintrust.dll - ok
11:07:26.0921 1096 [ FFC01A72D1C25CCB39F61B202CE60819 ] E:\WINDOWS\system32\imagehlp.dll
11:07:26.0921 1096 E:\WINDOWS\system32\imagehlp.dll - ok
11:07:26.0921 1096 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] E:\WINDOWS\system32\ws2_32.dll
11:07:26.0921 1096 E:\WINDOWS\system32\ws2_32.dll - ok
11:07:26.0937 1096 [ 0DA85218E92526972A821587E6A8BF8F ] E:\WINDOWS\system32\imm32.dll
11:07:26.0937 1096 E:\WINDOWS\system32\imm32.dll - ok
11:07:26.0953 1096 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] E:\WINDOWS\system32\ws2help.dll
11:07:26.0953 1096 E:\WINDOWS\system32\ws2help.dll - ok
11:07:26.0953 1096 [ 56C5B179FE3308B655EB6208C3256FEC ] E:\WINDOWS\system32\kbdus.dll
11:07:26.0953 1096 E:\WINDOWS\system32\kbdus.dll - ok
11:07:26.0953 1096 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] E:\WINDOWS\system32\msgina.dll
11:07:26.0953 1096 E:\WINDOWS\system32\msgina.dll - ok
11:07:26.0968 1096 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] E:\WINDOWS\system32\comctl32.dll
11:07:26.0968 1096 E:\WINDOWS\system32\comctl32.dll - ok
11:07:26.0968 1096 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] E:\WINDOWS\system32\odbc32.dll
11:07:26.0968 1096 E:\WINDOWS\system32\odbc32.dll - ok
11:07:26.0984 1096 [ 86987A5000DFA3EBE2275C0456BCF2FE ] E:\WINDOWS\system32\comdlg32.dll
11:07:26.0984 1096 E:\WINDOWS\system32\comdlg32.dll - ok
11:07:27.0000 1096 [ 6843D54BC4A40CC8C5741AF750233D10 ] E:\WINDOWS\system32\shell32.dll
11:07:27.0000 1096 E:\WINDOWS\system32\shell32.dll - ok
11:07:27.0000 1096 [ C448A248B743F5FB935C787A5D97268B ] E:\WINDOWS\system32\shlwapi.dll
11:07:27.0000 1096 E:\WINDOWS\system32\shlwapi.dll - ok
11:07:27.0015 1096 [ 694503348B586E99D56C0E30AB5B3EF8 ] E:\WINDOWS\system32\sxs.dll
11:07:27.0015 1096 E:\WINDOWS\system32\sxs.dll - ok
11:07:27.0015 1096 [ 736B12B725AEB2B07F0241A9F680CB10 ] E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
11:07:27.0015 1096 E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
11:07:27.0031 1096 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] E:\WINDOWS\system32\odbcint.dll
11:07:27.0031 1096 E:\WINDOWS\system32\odbcint.dll - ok
11:07:27.0031 1096 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] E:\WINDOWS\system32\sfc.dll
11:07:27.0031 1096 E:\WINDOWS\system32\sfc.dll - ok
11:07:27.0046 1096 [ 99BC0B50F511924348BE19C7C7313BBF ] E:\WINDOWS\system32\shsvcs.dll
11:07:27.0046 1096 E:\WINDOWS\system32\shsvcs.dll - ok
11:07:27.0062 1096 [ 6BAD1BED9872E62049E487FB91AE2F3A ] E:\WINDOWS\system32\ole32.dll
11:07:27.0062 1096 E:\WINDOWS\system32\ole32.dll - ok
11:07:27.0062 1096 [ 6B5DB6789177A4FD0DEBC248041D0739 ] E:\WINDOWS\system32\sfc_os.dll
11:07:27.0062 1096 E:\WINDOWS\system32\sfc_os.dll - ok
11:07:27.0078 1096 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] E:\WINDOWS\system32\apphelp.dll
11:07:27.0078 1096 E:\WINDOWS\system32\apphelp.dll - ok
11:07:27.0078 1096 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] E:\WINDOWS\system32\lsasrv.dll
11:07:27.0078 1096 E:\WINDOWS\system32\lsasrv.dll - ok
11:07:27.0093 1096 [ BF2466B3E18E970D8A976FB95FC1CA85 ] E:\WINDOWS\system32\lsass.exe
11:07:27.0093 1096 E:\WINDOWS\system32\lsass.exe - ok
11:07:27.0093 1096 [ EC29A79F1E76DC509E24D401F29D0678 ] E:\WINDOWS\system32\ncobjapi.dll
11:07:27.0093 1096 E:\WINDOWS\system32\ncobjapi.dll - ok
11:07:27.0109 1096 [ 65DF52F5B8B6E9BBD183505225C37315 ] E:\WINDOWS\system32\services.exe
11:07:27.0109 1096 E:\WINDOWS\system32\services.exe - ok
11:07:27.0109 1096 [ F404830F3CD9BF8F2515E489C0CDA297 ] E:\WINDOWS\system32\msvcp60.dll
11:07:27.0109 1096 E:\WINDOWS\system32\msvcp60.dll - ok
11:07:27.0125 1096 [ B24A42A413E694AD73FDFB7FBD492C31 ] E:\WINDOWS\system32\scesrv.dll
11:07:27.0125 1096 E:\WINDOWS\system32\scesrv.dll - ok
11:07:27.0125 1096 [ DD7BD97FB8BD800963789158A5E4B41D ] E:\WINDOWS\system32\mpr.dll
11:07:27.0125 1096 E:\WINDOWS\system32\mpr.dll - ok
11:07:27.0140 1096 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] E:\WINDOWS\system32\ntdsapi.dll
11:07:27.0140 1096 E:\WINDOWS\system32\ntdsapi.dll - ok
11:07:27.0140 1096 [ 2EDFC2A8893435723AD80481803C6D5C ] E:\WINDOWS\system32\umpnpmgr.dll
11:07:27.0140 1096 E:\WINDOWS\system32\umpnpmgr.dll - ok
11:07:27.0156 1096 [ 389496118B3B03C2328024AF320132AC ] E:\WINDOWS\system32\dnsapi.dll
11:07:27.0156 1096 E:\WINDOWS\system32\dnsapi.dll - ok
11:07:27.0171 1096 [ 1F03103598BD817B1078DAB1326DDE11 ] E:\WINDOWS\system32\shimeng.dll
11:07:27.0171 1096 E:\WINDOWS\system32\shimeng.dll - ok
11:07:27.0171 1096 [ 0492CF5870F0E616B0C71695A433D162 ] E:\WINDOWS\system32\wldap32.dll
11:07:27.0171 1096 E:\WINDOWS\system32\wldap32.dll - ok
11:07:27.0187 1096 [ EA9EE60B408878E5F2012F9C783836DB ] E:\WINDOWS\AppPatch\acadproc.dll
11:07:27.0187 1096 E:\WINDOWS\AppPatch\acadproc.dll - ok
11:07:27.0187 1096 [ 8329A39D5A402A75A74301D6A62ECDA1 ] E:\WINDOWS\system32\samlib.dll
11:07:27.0187 1096 E:\WINDOWS\system32\samlib.dll - ok
11:07:27.0203 1096 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] E:\WINDOWS\system32\samsrv.dll
11:07:27.0203 1096 E:\WINDOWS\system32\samsrv.dll - ok
11:07:27.0203 1096 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] E:\WINDOWS\system32\cryptdll.dll
11:07:27.0203 1096 E:\WINDOWS\system32\cryptdll.dll - ok
11:07:27.0218 1096 [ 310C15FD8358B2C4CD7A5B98A112883F ] E:\WINDOWS\AppPatch\acgenral.dll
11:07:27.0218 1096 E:\WINDOWS\AppPatch\acgenral.dll - ok
11:07:27.0218 1096 [ 4A953F13942867BA8FB41F141EC1B80C ] E:\WINDOWS\system32\winmm.dll
11:07:27.0218 1096 E:\WINDOWS\system32\winmm.dll - ok
11:07:27.0234 1096 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] E:\WINDOWS\system32\oleaut32.dll
11:07:27.0234 1096 E:\WINDOWS\system32\oleaut32.dll - ok
11:07:27.0234 1096 [ 2098AB52BD5316E59AA36F3437B13BE6 ] E:\WINDOWS\system32\msacm32.dll
11:07:27.0234 1096 E:\WINDOWS\system32\msacm32.dll - ok
11:07:27.0250 1096 [ 7A2CC3719B255E6B5D74396183B7715B ] E:\WINDOWS\system32\uxtheme.dll
11:07:27.0250 1096 E:\WINDOWS\system32\uxtheme.dll - ok
11:07:27.0250 1096 [ F24B12786D60A17008319E3F2AEE7799 ] E:\WINDOWS\system32\msapsspc.dll
11:07:27.0250 1096 E:\WINDOWS\system32\msapsspc.dll - ok
11:07:27.0265 1096 [ 7A660EDC0757849DF5F8706FB6E9F740 ] E:\WINDOWS\system32\msvcrt40.dll
11:07:27.0265 1096 E:\WINDOWS\system32\msvcrt40.dll - ok
11:07:27.0265 1096 [ 0F64207B49390C8063C36AE7CBF9C2DB ] E:\WINDOWS\system32\schannel.dll
11:07:27.0265 1096 E:\WINDOWS\system32\schannel.dll - ok
11:07:27.0281 1096 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] E:\WINDOWS\system32\digest.dll
11:07:27.0281 1096 E:\WINDOWS\system32\digest.dll - ok
11:07:27.0281 1096 [ A4388DF80E52695AE92EE5F3F61F1619 ] E:\WINDOWS\system32\msnsspc.dll
11:07:27.0296 1096 E:\WINDOWS\system32\msnsspc.dll - ok
11:07:27.0296 1096 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] E:\WINDOWS\system32\kerberos.dll
11:07:27.0296 1096 E:\WINDOWS\system32\kerberos.dll - ok
11:07:27.0312 1096 [ 3F790874A85819E94574F3E7AF9C5806 ] E:\WINDOWS\system32\msctfime.ime
11:07:27.0312 1096 E:\WINDOWS\system32\msctfime.ime - ok
11:07:27.0312 1096 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] E:\WINDOWS\system32\msprivs.dll
11:07:27.0312 1096 E:\WINDOWS\system32\msprivs.dll - ok
11:07:27.0328 1096 [ C11D10A3C164AC222BC9AAB3650A88B3 ] E:\WINDOWS\system32\atmfd.dll
11:07:27.0328 1096 E:\WINDOWS\system32\atmfd.dll - ok
11:07:27.0328 1096 [ 517561A1113B04E51D936CD018DE1C1F ] E:\WINDOWS\system32\msv1_0.dll
11:07:27.0328 1096 E:\WINDOWS\system32\msv1_0.dll - ok
11:07:27.0343 1096 [ AF07DC9B7CC455629E732340C7B15F3A ] E:\WINDOWS\system32\iphlpapi.dll
11:07:27.0343 1096 E:\WINDOWS\system32\iphlpapi.dll - ok
11:07:27.0343 1096 [ 1B7F071C51B77C272875C3A23E1E4550 ] E:\WINDOWS\system32\netlogon.dll
11:07:27.0343 1096 E:\WINDOWS\system32\netlogon.dll - ok
11:07:27.0359 1096 [ 54AF4B1D5459500EF0937F6D33B1914F ] E:\WINDOWS\system32\w32time.dll
11:07:27.0359 1096 E:\WINDOWS\system32\w32time.dll - ok
11:07:27.0359 1096 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] E:\WINDOWS\system32\wdigest.dll
11:07:27.0359 1096 E:\WINDOWS\system32\wdigest.dll - ok
11:07:27.0375 1096 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] E:\WINDOWS\system32\rsaenh.dll
11:07:27.0375 1096 E:\WINDOWS\system32\rsaenh.dll - ok
11:07:27.0375 1096 [ 02988B904C386B500CD08639C4C20EEA ] E:\WINDOWS\system32\winscard.dll
11:07:27.0375 1096 E:\WINDOWS\system32\winscard.dll - ok
11:07:27.0390 1096 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] E:\WINDOWS\system32\wtsapi32.dll
11:07:27.0390 1096 E:\WINDOWS\system32\wtsapi32.dll - ok
11:07:27.0406 1096 [ 943337D786A56729263071623BBB9DE5 ] E:\WINDOWS\system32\mswsock.dll
11:07:27.0406 1096 E:\WINDOWS\system32\mswsock.dll - ok
11:07:27.0406 1096 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] E:\WINDOWS\system32\scecli.dll
11:07:27.0406 1096 E:\WINDOWS\system32\scecli.dll - ok
11:07:27.0421 1096 [ 65B2AF103A6BF703D9BA6873C4725553 ] E:\WINDOWS\system32\ati2evxx.exe
11:07:27.0421 1096 E:\WINDOWS\system32\ati2evxx.exe - ok
11:07:27.0421 1096 [ 65C7122D1115A4E1DB3E8C11DF919A40 ] E:\WINDOWS\system32\drivers\DefragFs.sys
11:07:27.0421 1096 E:\WINDOWS\system32\drivers\DefragFs.sys - ok
11:07:27.0437 1096 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] E:\WINDOWS\system32\drivers\sbapifs.sys
11:07:27.0437 1096 E:\WINDOWS\system32\drivers\sbapifs.sys - ok
11:07:27.0437 1096 [ 50A166237A0FA771261275A405646CC0 ] E:\WINDOWS\system32\powrprof.dll
11:07:27.0437 1096 E:\WINDOWS\system32\powrprof.dll - ok
11:07:27.0453 1096 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] E:\WINDOWS\system32\cfgmgr32.dll
11:07:27.0453 1096 E:\WINDOWS\system32\cfgmgr32.dll - ok
11:07:27.0453 1096 [ F9D3C78CFE15271D80790677C893CE45 ] E:\WINDOWS\system32\cabinet.dll
11:07:27.0453 1096 E:\WINDOWS\system32\cabinet.dll - ok
11:07:27.0468 1096 [ BCA608797A3E8EEC0094CD6D596D77D7 ] E:\WINDOWS\system32\urlmon.dll
11:07:27.0468 1096 E:\WINDOWS\system32\urlmon.dll - ok
11:07:27.0468 1096 [ 994B77915EA49A467CDA144806AE42D6 ] E:\WINDOWS\system32\iertutil.dll
11:07:27.0468 1096 E:\WINDOWS\system32\iertutil.dll - ok
11:07:27.0484 1096 [ DEA2F8B8A0781BD893044412C2420636 ] E:\WINDOWS\system32\ati2edxx.dll
11:07:27.0484 1096 E:\WINDOWS\system32\ati2edxx.dll - ok
11:07:27.0484 1096 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] E:\WINDOWS\system32\hnetcfg.dll
11:07:27.0484 1096 E:\WINDOWS\system32\hnetcfg.dll - ok
11:07:27.0500 1096 [ 1F16C1D344A8AB01E71EAC9C24D3B613 ] E:\WINDOWS\system32\atipdlxx.dll
11:07:27.0500 1096 E:\WINDOWS\system32\atipdlxx.dll - ok
11:07:27.0500 1096 [ 4E3D06D6E68EEDB52565080F55B460D3 ] E:\WINDOWS\system32\wshtcpip.dll
11:07:27.0500 1096 E:\WINDOWS\system32\wshtcpip.dll - ok
11:07:27.0515 1096 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] E:\WINDOWS\system32\svchost.exe
11:07:27.0515 1096 E:\WINDOWS\system32\svchost.exe - ok
11:07:27.0531 1096 [ 549290DBC280C887681D7652978DBBE0 ] E:\WINDOWS\system32\ntmarta.dll
11:07:27.0531 1096 E:\WINDOWS\system32\ntmarta.dll - ok
11:07:27.0531 1096 [ 6B27A5C03DFB94B4245739065431322C ] E:\WINDOWS\system32\rpcss.dll
11:07:27.0531 1096 E:\WINDOWS\system32\rpcss.dll - ok
11:07:27.0546 1096 [ 16403217AB6FC5C30C14C6B12098AD4B ] E:\WINDOWS\system32\xpsp2res.dll
11:07:27.0546 1096 E:\WINDOWS\system32\xpsp2res.dll - ok
11:07:27.0546 1096 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] E:\WINDOWS\system32\eventlog.dll
11:07:27.0546 1096 E:\WINDOWS\system32\eventlog.dll - ok
11:07:27.0562 1096 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] E:\WINDOWS\system32\logonui.exe
11:07:27.0562 1096 E:\WINDOWS\system32\logonui.exe - ok
11:07:27.0562 1096 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] E:\WINDOWS\system32\duser.dll
11:07:27.0562 1096 E:\WINDOWS\system32\duser.dll - ok
11:07:27.0578 1096 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] E:\WINDOWS\system32\msimg32.dll
11:07:27.0578 1096 E:\WINDOWS\system32\msimg32.dll - ok
11:07:27.0578 1096 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] E:\WINDOWS\system32\oleacc.dll
11:07:27.0578 1096 E:\WINDOWS\system32\oleacc.dll - ok
11:07:27.0593 1096 [ D72B9EC3337B247A666F098F3D6B43DE ] E:\WINDOWS\system32\winrnr.dll
11:07:27.0593 1096 E:\WINDOWS\system32\winrnr.dll - ok
11:07:27.0593 1096 [ 40947436A70E0034E41123DF5A0A7702 ] E:\Program Files\Bonjour\mdnsNSP.dll
11:07:27.0609 1096 E:\Program Files\Bonjour\mdnsNSP.dll - ok
11:07:27.0609 1096 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] E:\WINDOWS\system32\rasadhlp.dll
11:07:27.0609 1096 E:\WINDOWS\system32\rasadhlp.dll - ok
11:07:27.0625 1096 [ F137A0CA70003DB20448D540651FA003 ] E:\WINDOWS\system32\clbcatq.dll
11:07:27.0625 1096 E:\WINDOWS\system32\clbcatq.dll - ok
11:07:27.0625 1096 [ 1280A158C722FA95A80FB7AEBE78FA7D ] E:\WINDOWS\system32\comres.dll
11:07:27.0625 1096 E:\WINDOWS\system32\comres.dll - ok
11:07:27.0640 1096 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] E:\WINDOWS\system32\shgina.dll
11:07:27.0640 1096 E:\WINDOWS\system32\shgina.dll - ok
11:07:27.0640 1096 [ 3FC8401DF4EE3C257569CD50F2FF2F0D ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
11:07:27.0640 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe - ok
11:07:27.0656 1096 [ 687E03E8E214A51ED936596051F778B8 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\OemLibR.dll
11:07:27.0656 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\OemLibR.dll - ok
11:07:27.0656 1096 [ B1A88C751D0E3FC66D101656B2E8E3A2 ] E:\WINDOWS\system32\ati2evxx.dll
11:07:27.0656 1096 E:\WINDOWS\system32\ati2evxx.dll - ok
11:07:27.0671 1096 [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
11:07:27.0671 1096 E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll - ok
11:07:27.0687 1096 [ C9564CF4976E7E96B4052737AA2492B4 ] E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
11:07:27.0687 1096 E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
11:07:27.0703 1096 [ 515A7FAE2070C2B0242B2353443E2F11 ] E:\WINDOWS\system32\cscdll.dll
11:07:27.0703 1096 E:\WINDOWS\system32\cscdll.dll - ok
11:07:27.0703 1096 [ E2092F0A1D7ABC243F9C2362483D150D ] E:\WINDOWS\system32\dimsntfy.dll
11:07:27.0703 1096 E:\WINDOWS\system32\dimsntfy.dll - ok
11:07:27.0703 1096 [ 2CC34E8BB667EEF78899546E12649196 ] E:\WINDOWS\system32\wlnotify.dll
11:07:27.0703 1096 E:\WINDOWS\system32\wlnotify.dll - ok
11:07:27.0718 1096 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] E:\WINDOWS\system32\winspool.drv
11:07:27.0718 1096 E:\WINDOWS\system32\winspool.drv - ok
11:07:27.0734 1096 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
11:07:27.0734 1096 E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
11:07:27.0734 1096 [ C401CCF45D3C2F11D9C252CCE7021C91 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\PktShimR.dll
11:07:27.0734 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\PktShimR.dll - ok
11:07:27.0750 1096 [ 02CF580510234E519736559A7F19EA20 ] E:\WINDOWS\system32\WgaLogon.dll
11:07:27.0750 1096 E:\WINDOWS\system32\WgaLogon.dll - ok
11:07:27.0765 1096 [ EC43FFED505C4B4B41232EE3E5CF82E9 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\ClBR.dll
11:07:27.0765 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\ClBR.dll - ok
11:07:27.0765 1096 [ E9390AFA4CB30AF10400C89C153E9E26 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\LibZkR.dll
11:07:27.0765 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\LibZkR.dll - ok
11:07:27.0781 1096 [ ACFEE2392503DD5E457363A0510B8BCB ] E:\WINDOWS\system32\msxml3.dll
11:07:27.0781 1096 E:\WINDOWS\system32\msxml3.dll - ok
11:07:27.0781 1096 [ 8C22083ED515DC94D575438662F0BE6A ] E:\WINDOWS\system32\msi.dll
11:07:27.0781 1096 E:\WINDOWS\system32\msi.dll - ok
11:07:27.0796 1096 [ 74EDBB03DE3291FCF2094AF1FB363F1D ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\dbghelp.dll
11:07:27.0796 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\dbghelp.dll - ok
11:07:27.0796 1096 [ 9AD88EA663124336E88EB031F917CE20 ] E:\WINDOWS\system32\wininet.dll
11:07:27.0796 1096 E:\WINDOWS\system32\wininet.dll - ok
11:07:27.0812 1096 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] E:\WINDOWS\system32\normaliz.dll
11:07:27.0812 1096 E:\WINDOWS\system32\normaliz.dll - ok
11:07:27.0812 1096 [ 54D5E02A4C66671BEEA956A6679865C5 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\inhR.dll
11:07:27.0812 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\inhR.dll - ok
11:07:27.0828 1096 [ 6FC7C2503F3D43B8F493DDA15AA1BC50 ] E:\WINDOWS\system32\kbdcan.dll
11:07:27.0828 1096 E:\WINDOWS\system32\kbdcan.dll - ok
11:07:27.0828 1096 [ BB902C9860255A25E6F1458391F55A9B ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\SktShimR.dll
11:07:27.0828 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\SktShimR.dll - ok
11:07:27.0843 1096 [ A45507D531DE275CF0CFF2FB7F29846E ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\SecurityAwareLIBR.dll
11:07:27.0843 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\SecurityAwareLIBR.dll - ok
11:07:27.0859 1096 [ A4877C15981A532502836F5F36B69B38 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\CstmUIR.dll
11:07:27.0859 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\CstmUIR.dll - ok
11:07:27.0875 1096 [ 6EA00AD5A7D552A3D17BF6D2121A4D2B ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\PersistR.dll
11:07:27.0875 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\PersistR.dll - ok
11:07:27.0890 1096 [ 05C3BF97E84F6D132C48B204B83ACEE3 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\UpdMgrR.dll
11:07:27.0890 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\UpdMgrR.dll - ok
11:07:27.0906 1096 [ CEA890BBEF0704F49DAEA9B340FB6A6C ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\firer.dll
11:07:27.0906 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\firer.dll - ok
11:07:27.0921 1096 [ 28A09777D2D952122567A8A82F1A2C7B ] E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
11:07:27.0921 1096 E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll - ok
11:07:27.0937 1096 [ 085ED2E391A871C7BAE87E0228B546BA ] E:\WINDOWS\system32\cscui.dll
11:07:27.0937 1096 E:\WINDOWS\system32\cscui.dll - ok
11:07:27.0937 1096 [ 663C165C99E0B902AB9B6CBF0D46DDF9 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\resources\zk_en_US\ClB_Rsrc.dll
11:07:27.0937 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\resources\zk_en_US\ClB_Rsrc.dll - ok
11:07:27.0953 1096 [ 87F398EECC74E57FBC9B4E7657E8F550 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\resources\zk_en_US\inh_Rsrc.dll
11:07:27.0953 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\resources\zk_en_US\inh_Rsrc.dll - ok
11:07:27.0953 1096 [ 2BC7128348265CABA9BBC058729A8B7B ] E:\WINDOWS\system32\dpcdll.dll
11:07:27.0953 1096 E:\WINDOWS\system32\dpcdll.dll - ok
11:07:27.0968 1096 [ F927A4434C5028758A842943EF1A3849 ] E:\WINDOWS\system32\drivers\ndisuio.sys
11:07:27.0968 1096 E:\WINDOWS\system32\drivers\ndisuio.sys - ok
11:07:27.0968 1096 [ 5E38D7684A49CACFB752B046357E0589 ] E:\WINDOWS\system32\dhcpcsvc.dll
11:07:27.0968 1096 E:\WINDOWS\system32\dhcpcsvc.dll - ok
11:07:27.0984 1096 [ 5BF0CAF1CDCFAB7DA7C2CD7E0603C654 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\resources\zk_en_US\Fws_Rsrc.dll
11:07:27.0984 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\resources\zk_en_US\Fws_Rsrc.dll - ok
11:07:27.0984 1096 [ A0AE7F043497C9971E9D7FE291099D40 ] E:\WINDOWS\system32\msxml6.dll
11:07:27.0984 1096 E:\WINDOWS\system32\msxml6.dll - ok
11:07:28.0000 1096 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] E:\WINDOWS\system32\userinit.exe
11:07:28.0000 1096 E:\WINDOWS\system32\userinit.exe - ok
11:07:28.0000 1096 [ B1296D52B0D2096EC4759EEEB806D759 ] E:\WINDOWS\system32\WgaTray.exe
11:07:28.0000 1096 E:\WINDOWS\system32\WgaTray.exe - ok
11:07:28.0015 1096 [ 5F7E24FA9EAB896051FFB87F840730D2 ] E:\WINDOWS\system32\dnsrslvr.dll
11:07:28.0015 1096 E:\WINDOWS\system32\dnsrslvr.dll - ok
11:07:28.0031 1096 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] E:\WINDOWS\explorer.exe
11:07:28.0031 1096 E:\WINDOWS\explorer.exe - ok
11:07:28.0031 1096 [ B1C23558820A1B889949C1B5B050AA62 ] E:\WINDOWS\system32\browseui.dll
11:07:28.0031 1096 E:\WINDOWS\system32\browseui.dll - ok
11:07:28.0046 1096 [ C14AA05881A35B6D6BB8D55B117EE22D ] E:\WINDOWS\system32\shfolder.dll
11:07:28.0046 1096 E:\WINDOWS\system32\shfolder.dll - ok
11:07:28.0046 1096 [ EA28E642E65DC6767578EA3B37D3DA0C ] E:\WINDOWS\system32\shdocvw.dll
11:07:28.0046 1096 E:\WINDOWS\system32\shdocvw.dll - ok
11:07:28.0062 1096 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] E:\WINDOWS\system32\cryptui.dll
11:07:28.0062 1096 E:\WINDOWS\system32\cryptui.dll - ok
11:07:28.0062 1096 [ A7DB739AE99A796D91580147E919CC59 ] E:\WINDOWS\system32\lmhsvc.dll
11:07:28.0062 1096 E:\WINDOWS\system32\lmhsvc.dll - ok
11:07:28.0078 1096 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] E:\WINDOWS\system32\wzcsvc.dll
11:07:28.0078 1096 E:\WINDOWS\system32\wzcsvc.dll - ok
11:07:28.0078 1096 [ 876CCF164E08D6B903CD14398E056DD2 ] E:\WINDOWS\system32\rtutils.dll
11:07:28.0078 1096 E:\WINDOWS\system32\rtutils.dll - ok
11:07:28.0093 1096 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] E:\WINDOWS\system32\eapolqec.dll
11:07:28.0093 1096 E:\WINDOWS\system32\eapolqec.dll - ok
11:07:28.0093 1096 [ 7B0770526801F05D58C51A3DFB87B4BD ] E:\WINDOWS\system32\wmi.dll
11:07:28.0093 1096 E:\WINDOWS\system32\wmi.dll - ok
11:07:28.0109 1096 [ 224FB925C641DA16CEB6D60F40CA4C75 ] E:\WINDOWS\system32\atl.dll
11:07:28.0109 1096 E:\WINDOWS\system32\atl.dll - ok
11:07:28.0109 1096 [ 8AE93AACC648921BAACB8602991AC4B3 ] E:\WINDOWS\system32\qutil.dll
11:07:28.0109 1096 E:\WINDOWS\system32\qutil.dll - ok
11:07:28.0125 1096 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] E:\WINDOWS\system32\dot3api.dll
11:07:28.0125 1096 E:\WINDOWS\system32\dot3api.dll - ok
11:07:28.0140 1096 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] E:\WINDOWS\system32\esent.dll
11:07:28.0140 1096 E:\WINDOWS\system32\esent.dll - ok
11:07:28.0140 1096 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] E:\WINDOWS\system32\riched20.dll
11:07:28.0140 1096 E:\WINDOWS\system32\riched20.dll - ok
11:07:28.0156 1096 [ C14350FC0D47D806699C4F907FC6785B ] E:\WINDOWS\system32\cryptnet.dll
11:07:28.0156 1096 E:\WINDOWS\system32\cryptnet.dll - ok
11:07:28.0156 1096 [ 3CBA2210FA39C6ED7895634842E930DD ] E:\WINDOWS\system32\sensapi.dll
11:07:28.0156 1096 E:\WINDOWS\system32\sensapi.dll - ok
11:07:28.0171 1096 [ 684559A03CBC1D05BA120A18B0D8BA5D ] E:\WINDOWS\system32\winhttp.dll
11:07:28.0171 1096 E:\WINDOWS\system32\winhttp.dll - ok
11:07:28.0171 1096 [ CC26451A90025F6C55F64146C333DEA5 ] E:\WINDOWS\system32\LegitCheckControl.dll
11:07:28.0171 1096 E:\WINDOWS\system32\LegitCheckControl.dll - ok
11:07:28.0187 1096 [ 205ADD80FF8099B1A8101EB490B933D1 ] E:\WINDOWS\system32\wbem\wbemprox.dll
11:07:28.0187 1096 E:\WINDOWS\system32\wbem\wbemprox.dll - ok
11:07:28.0187 1096 [ A39BE37C9237DB5F1990D61B268EA555 ] E:\WINDOWS\system32\rastls.dll
11:07:28.0187 1096 E:\WINDOWS\system32\rastls.dll - ok
11:07:28.0203 1096 [ D95C71052E5EF63B55997FB31483D02F ] E:\WINDOWS\system32\wbem\wbemcomn.dll
11:07:28.0203 1096 E:\WINDOWS\system32\wbem\wbemcomn.dll - ok
11:07:28.0203 1096 [ 9C080E899A92A4DAD24AB4205A47CED9 ] E:\Program Files\Rogers Backup Manager\VaultClientMenu.dll
11:07:28.0203 1096 E:\Program Files\Rogers Backup Manager\VaultClientMenu.dll - ok
11:07:28.0218 1096 [ EA5B8BECA3F279C757578CD7F1E95855 ] E:\WINDOWS\system32\mprapi.dll
11:07:28.0218 1096 E:\WINDOWS\system32\mprapi.dll - ok
11:07:28.0218 1096 [ 2CDAE321B8E878A278BA2D2FA013060B ] E:\WINDOWS\system32\activeds.dll
11:07:28.0218 1096 E:\WINDOWS\system32\activeds.dll - ok
11:07:28.0234 1096 [ 0D84657DBF93DB98673DEFDF2B29E25A ] E:\WINDOWS\system32\adsldpc.dll
11:07:28.0234 1096 E:\WINDOWS\system32\adsldpc.dll - ok
11:07:28.0234 1096 [ 952BFA893477F97A0F254D82D38F45D4 ] E:\Program Files\Rogers Backup Manager\libexpat.dll
11:07:28.0234 1096 E:\Program Files\Rogers Backup Manager\libexpat.dll - ok
11:07:28.0250 1096 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
11:07:28.0250 1096 E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll - ok
11:07:28.0265 1096 [ 92C4F48B62B0B876194584C3FF09CCB6 ] E:\WINDOWS\system32\rasapi32.dll
11:07:28.0265 1096 E:\WINDOWS\system32\rasapi32.dll - ok
11:07:28.0265 1096 [ 4DEF926F6A0545AE486A03C84F2EE482 ] E:\WINDOWS\system32\rasman.dll
11:07:28.0265 1096 E:\WINDOWS\system32\rasman.dll - ok
11:07:28.0281 1096 [ 00AABF131B4823785818DB99A075A313 ] E:\WINDOWS\system32\tapi32.dll
11:07:28.0281 1096 E:\WINDOWS\system32\tapi32.dll - ok
11:07:28.0281 1096 [ 56CE97FF94B7662A300D359CD6F4D601 ] E:\WINDOWS\system32\raschap.dll
11:07:28.0281 1096 E:\WINDOWS\system32\raschap.dll - ok
11:07:28.0296 1096 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] E:\WINDOWS\system32\netman.dll
11:07:28.0296 1096 E:\WINDOWS\system32\netman.dll - ok
11:07:28.0312 1096 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] E:\WINDOWS\system32\desk.cpl
11:07:28.0312 1096 E:\WINDOWS\system32\desk.cpl - ok
11:07:28.0312 1096 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] E:\WINDOWS\system32\netshell.dll
11:07:28.0312 1096 E:\WINDOWS\system32\netshell.dll - ok
11:07:28.0328 1096 [ A314EEA2A503A8E04085201E436384A5 ] E:\WINDOWS\system32\themeui.dll
11:07:28.0328 1096 E:\WINDOWS\system32\themeui.dll - ok
11:07:28.0328 1096 [ 235892E493845D64D890163CFEF90E97 ] E:\WINDOWS\system32\credui.dll
11:07:28.0328 1096 E:\WINDOWS\system32\credui.dll - ok
11:07:28.0343 1096 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] E:\WINDOWS\system32\dot3dlg.dll
11:07:28.0343 1096 E:\WINDOWS\system32\dot3dlg.dll - ok
11:07:28.0343 1096 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] E:\WINDOWS\system32\eappcfg.dll
11:07:28.0343 1096 E:\WINDOWS\system32\eappcfg.dll - ok
11:07:28.0359 1096 [ ABC4206543450C0666D152F4B65833B8 ] E:\WINDOWS\system32\eappprxy.dll
11:07:28.0359 1096 E:\WINDOWS\system32\eappprxy.dll - ok
11:07:28.0359 1096 [ CA04959077AFE36369D37B3504740C87 ] E:\WINDOWS\system32\onex.dll
11:07:28.0359 1096 E:\WINDOWS\system32\onex.dll - ok
11:07:28.0375 1096 [ 767FF54A552732CE772C2302025FA82F ] E:\WINDOWS\system32\wzcsapi.dll
11:07:28.0375 1096 E:\WINDOWS\system32\wzcsapi.dll - ok
11:07:28.0375 1096 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] E:\WINDOWS\system32\schedsvc.dll
11:07:28.0375 1096 E:\WINDOWS\system32\schedsvc.dll - ok
11:07:28.0390 1096 [ 2B949205F1C53B6E4002A3C38327C9A2 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
11:07:28.0390 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys - ok
11:07:28.0406 1096 [ E47E364C96467FD54FA44D59F927C3AB ] E:\WINDOWS\system32\msidle.dll
11:07:28.0406 1096 E:\WINDOWS\system32\msidle.dll - ok
11:07:28.0406 1096 [ 60784F891563FB1B767F70117FC2428F ] E:\WINDOWS\system32\spoolsv.exe
11:07:28.0406 1096 E:\WINDOWS\system32\spoolsv.exe - ok
11:07:28.0421 1096 [ C4890ACE6384522E9B678F403AB5A145 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
11:07:28.0421 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe - ok
11:07:28.0421 1096 [ 9DC4B985729C8AE26B0FD607D2081048 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
11:07:28.0421 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys - ok
11:07:28.0437 1096 [ 0871AAD56C4960E311150FD724E106AE ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys
11:07:28.0437 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys - ok
11:07:28.0453 1096 [ 912B67BB8249925A5C972FC5839EAE09 ] E:\WINDOWS\system32\actxprxy.dll
11:07:28.0453 1096 E:\WINDOWS\system32\actxprxy.dll - ok
11:07:28.0453 1096 [ 6D778E0F95447E6546553EEEA709D03C ] E:\WINDOWS\system32\cmd.exe
11:07:28.0453 1096 E:\WINDOWS\system32\cmd.exe - ok
11:07:28.0453 1096 [ 903C8C110131B8A71501514B61A17761 ] E:\WINDOWS\system32\ieframe.dll
11:07:28.0453 1096 E:\WINDOWS\system32\ieframe.dll - ok
11:07:28.0468 1096 [ 86F1895AE8C5E8B17D99ECE768A70732 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\msvcr71.dll
11:07:28.0468 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\msvcr71.dll - ok
11:07:28.0484 1096 [ 561FA2ABB31DFA8FAB762145F81667C2 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\msvcp71.dll
11:07:28.0484 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\msvcp71.dll - ok
11:07:28.0484 1096 [ E5322258C0859233BCAEC8E12FC2D05A ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll
11:07:28.0484 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll - ok
11:07:28.0500 1096 [ 4751DE5B5F266F700BA89ECDCA108AB0 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll
11:07:28.0500 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll - ok
11:07:28.0515 1096 [ 9A7F1691F76E019C11481B6355125072 ] E:\Program Files\Real\RealUpgrade\realupgrade.exe
11:07:28.0515 1096 E:\Program Files\Real\RealUpgrade\realupgrade.exe - ok
11:07:28.0515 1096 [ 506708142BC63DABA64F2D3AD1DCD5BF ] E:\Program Files\Google\Update\GoogleUpdate.exe
11:07:28.0515 1096 E:\Program Files\Google\Update\GoogleUpdate.exe - ok
11:07:28.0531 1096 [ 0E37FBFA79D349D672456923EC5FBBE3 ] E:\WINDOWS\system32\msvcr100.dll
11:07:28.0531 1096 E:\WINDOWS\system32\msvcr100.dll - ok
11:07:28.0531 1096 [ BC83108B18756547013ED443B8CDB31B ] E:\WINDOWS\system32\msvcp100.dll
11:07:28.0531 1096 E:\WINDOWS\system32\msvcp100.dll - ok
11:07:28.0546 1096 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] E:\Program Files\Google\Update\1.3.21.123\goopdate.dll
11:07:28.0546 1096 E:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
11:07:28.0562 1096 [ 8F9D6B4AB86A39319078814ABBDD40BC ] E:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
11:07:28.0562 1096 E:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
11:07:28.0562 1096 [ B6E6F3F5B63053D5DC1F4EE32992492F ] E:\WINDOWS\system32\dbghelp.dll
11:07:28.0562 1096 E:\WINDOWS\system32\dbghelp.dll - ok
11:07:28.0578 1096 [ 47188B0092466FD476E23DEA70CC1D4F ] E:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
11:07:28.0578 1096 E:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll - ok
11:07:28.0578 1096 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] E:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
11:07:28.0578 1096 E:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
11:07:28.0593 1096 [ 4044E880593FE1AC9942190FCE414BE7 ] E:\WINDOWS\system32\mstask.dll
11:07:28.0593 1096 E:\WINDOWS\system32\mstask.dll - ok
11:07:28.0609 1096 [ 2DC5A8019E2387987905F77C664E4BE2 ] E:\WINDOWS\system32\linkinfo.dll
11:07:28.0609 1096 E:\WINDOWS\system32\linkinfo.dll - ok
11:07:28.0609 1096 [ A70A2D85AD143D6BB823C246CEB699A5 ] E:\WINDOWS\system32\ntshrui.dll
11:07:28.0609 1096 E:\WINDOWS\system32\ntshrui.dll - ok
11:07:28.0625 1096 [ C444B433A340C24B51A2DACE9D13FC70 ] E:\WINDOWS\system32\zipfldr.dll
11:07:28.0625 1096 E:\WINDOWS\system32\zipfldr.dll - ok
11:07:28.0625 1096 [ B714735C12A70171DE28657948FD91F1 ] E:\WINDOWS\system32\mlang.dll
11:07:28.0625 1096 E:\WINDOWS\system32\mlang.dll - ok
11:07:28.0640 1096 [ DEF7A7882BEC100FE0B2CE2549188F9D ] E:\WINDOWS\system32\audiosrv.dll
11:07:28.0640 1096 E:\WINDOWS\system32\audiosrv.dll - ok
11:07:28.0640 1096 [ A8888A5327621856C0CEC4E385F69309 ] E:\WINDOWS\system32\wkssvc.dll
11:07:28.0640 1096 E:\WINDOWS\system32\wkssvc.dll - ok
11:07:28.0656 1096 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] E:\WINDOWS\system32\wdmaud.drv
11:07:28.0656 1096 E:\WINDOWS\system32\wdmaud.drv - ok
11:07:28.0656 1096 [ 6768ACF64B18196494413695F0C3A00F ] E:\WINDOWS\system32\drivers\wdmaud.sys
11:07:28.0656 1096 E:\WINDOWS\system32\drivers\wdmaud.sys - ok
11:07:28.0671 1096 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] E:\WINDOWS\system32\drivers\sysaudio.sys
11:07:28.0671 1096 E:\WINDOWS\system32\drivers\sysaudio.sys - ok
11:07:28.0671 1096 [ 8BED39E3C35D6A489438B8141717A557 ] E:\WINDOWS\system32\drivers\aec.sys
11:07:28.0671 1096 E:\WINDOWS\system32\drivers\aec.sys - ok
11:07:28.0687 1096 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] E:\WINDOWS\system32\drivers\splitter.sys
11:07:28.0687 1096 E:\WINDOWS\system32\drivers\splitter.sys - ok
11:07:28.0703 1096 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] E:\WINDOWS\system32\drivers\swmidi.sys
11:07:28.0703 1096 E:\WINDOWS\system32\drivers\swmidi.sys - ok
11:07:28.0703 1096 [ 8A208DFCF89792A484E76C40E5F50B45 ] E:\WINDOWS\system32\drivers\dmusic.sys
11:07:28.0703 1096 E:\WINDOWS\system32\drivers\dmusic.sys - ok
11:07:28.0703 1096 [ 692BCF44383D056AED41B045A323D378 ] E:\WINDOWS\system32\drivers\kmixer.sys
11:07:28.0718 1096 E:\WINDOWS\system32\drivers\kmixer.sys - ok
11:07:28.0718 1096 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] E:\WINDOWS\system32\drivers\drmkaud.sys
11:07:28.0718 1096 E:\WINDOWS\system32\drivers\drmkaud.sys - ok
11:07:28.0734 1096 [ 9A3BD5F55AADFF859539142F6328A66E ] E:\WINDOWS\system32\msacm32.drv
11:07:28.0734 1096 E:\WINDOWS\system32\msacm32.drv - ok
11:07:28.0734 1096 [ 5C12660A97822F6E61576943B49AAAD6 ] E:\WINDOWS\system32\midimap.dll
11:07:28.0734 1096 E:\WINDOWS\system32\midimap.dll - ok
11:07:28.0750 1096 [ 79E3A8C328E7E569C32B0998377D9742 ] E:\WINDOWS\system32\spoolss.dll
11:07:28.0750 1096 E:\WINDOWS\system32\spoolss.dll - ok
11:07:28.0750 1096 [ 5677DFE438EC1F009273FC84FEED6B10 ] E:\WINDOWS\system32\localspl.dll
11:07:28.0750 1096 E:\WINDOWS\system32\localspl.dll - ok
11:07:28.0765 1096 [ 5D3D1AB0EF4EA55B731863050482C111 ] E:\WINDOWS\system32\cnbjmon.dll
11:07:28.0765 1096 E:\WINDOWS\system32\cnbjmon.dll - ok
11:07:28.0765 1096 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] E:\WINDOWS\system32\pjlmon.dll
11:07:28.0765 1096 E:\WINDOWS\system32\pjlmon.dll - ok
11:07:28.0781 1096 [ AE0382AD9C73D343D85E1A50C80B7C20 ] E:\WINDOWS\system32\tcpmon.dll
11:07:28.0781 1096 E:\WINDOWS\system32\tcpmon.dll - ok
11:07:28.0781 1096 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] E:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
11:07:28.0781 1096 E:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
11:07:28.0796 1096 [ F26385E8BA4549B5186B774EC0E45D86 ] E:\WINDOWS\system32\usbmon.dll
11:07:28.0796 1096 E:\WINDOWS\system32\usbmon.dll - ok
11:07:28.0812 1096 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] E:\WINDOWS\system32\win32spl.dll
11:07:28.0812 1096 E:\WINDOWS\system32\win32spl.dll - ok
11:07:28.0812 1096 [ B41D53899E37CC43DA85DA19998BEE81 ] E:\WINDOWS\system32\netrap.dll
11:07:28.0812 1096 E:\WINDOWS\system32\netrap.dll - ok
11:07:28.0828 1096 [ EE4C651A217B01D636B5364AC77DA892 ] E:\WINDOWS\system32\inetpp.dll
11:07:28.0828 1096 E:\WINDOWS\system32\inetpp.dll - ok
11:07:28.0828 1096 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] E:\WINDOWS\system32\drivers\mrxdav.sys
11:07:28.0828 1096 E:\WINDOWS\system32\drivers\mrxdav.sys - ok
11:07:28.0843 1096 [ 77A354E28153AD2D5E120A5A8687BC06 ] E:\WINDOWS\system32\webclnt.dll
11:07:28.0843 1096 E:\WINDOWS\system32\webclnt.dll - ok
11:07:28.0859 1096 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] E:\WINDOWS\system32\drivers\parvdm.sys
11:07:28.0859 1096 E:\WINDOWS\system32\drivers\parvdm.sys - ok
11:07:28.0875 1096 [ AF9658974154C3B6A333D86DC2E0AAC8 ] E:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
11:07:28.0875 1096 E:\Program Files\Ad-Aware Antivirus\AdAwareService.exe - ok
11:07:28.0875 1096 [ EAD9C3AB25A3159ABD7B05DCAC607A61 ] E:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
11:07:28.0875 1096 E:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe - ok
11:07:28.0890 1096 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] E:\WINDOWS\system32\mscoree.dll
11:07:28.0890 1096 E:\WINDOWS\system32\mscoree.dll - ok
11:07:28.0906 1096 [ 83BA5E873164A3711B44052F58C8FE9F ] E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
11:07:28.0906 1096 E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
11:07:28.0921 1096 [ FB53A700132D9A97D1E10E9F80BD6174 ] E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11:07:28.0921 1096 E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
11:07:28.0937 1096 [ 7A4D7B91BC815ED33E63122CA7078FD0 ] E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
11:07:28.0937 1096 E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll - ok
11:07:28.0953 1096 [ B560A085EED4D5D72B039929F9AE4991 ] E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11:07:28.0953 1096 E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
11:07:28.0953 1096 [ 0C4CF4D4A914B092FBE9FACEF606D378 ] E:\Program Files\AGI\core\4.2.0.10754\agicore.dll
11:07:28.0953 1096 E:\Program Files\AGI\core\4.2.0.10754\agicore.dll - ok
11:07:28.0968 1096 [ B89CB7F3F1A1E2807E708F5435DEB13D ] E:\Program Files\AGI\core\4.2.0.10754\log4net.dll
11:07:28.0968 1096 E:\Program Files\AGI\core\4.2.0.10754\log4net.dll - ok
11:07:28.0968 1096 [ C2B9B86D3037AD3902058939954D6109 ] E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
11:07:28.0968 1096 E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll - ok
11:07:28.0984 1096 [ 878F6183CEF9BEF0019FE03EE10AD269 ] E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
11:07:28.0984 1096 E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll - ok
11:07:29.0000 1096 [ 89BE7F1E47ADE757E0460027EC5CD998 ] E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
11:07:29.0000 1096 E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll - ok
11:07:29.0015 1096 [ 7DD59B0FF41EA39D320FFCD825D61B4F ] E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
11:07:29.0015 1096 E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll - ok
11:07:29.0015 1096 [ 2508AEFAF8EB5D452B34D359762C5C93 ] E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\0049820f680f609298f91b15f455a86d\System.Configuration.Install.ni.dll
11:07:29.0015 1096 E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\0049820f680f609298f91b15f455a86d\System.Configuration.Install.ni.dll - ok
11:07:29.0031 1096 [ E209D63C8188CE04580DE52D893F0523 ] E:\Program Files\AGI\core\4.2.0.10754\AutoUpdateServicePlugin.dll
11:07:29.0031 1096 E:\Program Files\AGI\core\4.2.0.10754\AutoUpdateServicePlugin.dll - ok
11:07:29.0046 1096 [ 2F98EB23A86DB12DE20F94913A9BBF74 ] E:\Program Files\AGI\core\4.2.0.10754\InstallLibrary.dll
11:07:29.0046 1096 E:\Program Files\AGI\core\4.2.0.10754\InstallLibrary.dll - ok
11:07:29.0046 1096 [ A5299D04ED225D64CF07A568A3E1BF8C ] E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:07:29.0046 1096 E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
11:07:29.0062 1096 [ DBCA711619F8A5DE5D49F6EFB49089ED ] E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
11:07:29.0062 1096 E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll - ok
11:07:29.0062 1096 [ 60C079CB2150760263D1FE5FF6218961 ] E:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
11:07:29.0062 1096 E:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
11:07:29.0078 1096 [ 64894527838C86454E2F378FF39FA336 ] E:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
11:07:29.0078 1096 E:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
11:07:29.0093 1096 [ EF8CD3C64EE9C08980D6D06CCCE46C68 ] E:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
11:07:29.0093 1096 E:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
11:07:29.0093 1096 [ DF1C1CD0C7EE95CC00D71E9E415E7BCD ] E:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
11:07:29.0093 1096 E:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
11:07:29.0109 1096 [ 67156D5A9AC356DC99D7BCCB388E3316 ] E:\WINDOWS\system32\wsock32.dll
11:07:29.0109 1096 E:\WINDOWS\system32\wsock32.dll - ok
11:07:29.0109 1096 [ 78865ABC5F5D13190F8B35BD9044714A ] E:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
11:07:29.0109 1096 E:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
11:07:29.0125 1096 [ FF9831030678C7B6D70BAC00F68F8976 ] E:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
11:07:29.0125 1096 E:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
11:07:29.0140 1096 [ FD86C605FD7AD4A41C01EC7A4A1E1C5D ] E:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
11:07:29.0140 1096 E:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
11:07:29.0140 1096 [ A3609397EF273B03295DBB10274BE12C ] E:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
11:07:29.0140 1096 E:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
11:07:29.0156 1096 [ 149D74E1128A86DC9CFB2851FBEA11EB ] E:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
11:07:29.0156 1096 E:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
11:07:29.0156 1096 [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] E:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
11:07:29.0156 1096 E:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
11:07:29.0171 1096 [ 4E4EDF9CA82E95BAB2977DD9F21B00F6 ] E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
11:07:29.0171 1096 E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
11:07:29.0171 1096 [ 062373995EAE5F0EAC9EAA9192136BFB ] E:\WINDOWS\system32\dnssd.dll
11:07:29.0187 1096 E:\WINDOWS\system32\dnssd.dll - ok
11:07:29.0187 1096 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] E:\Program Files\Bonjour\mDNSResponder.exe
11:07:29.0187 1096 E:\Program Files\Bonjour\mDNSResponder.exe - ok
11:07:29.0203 1096 [ 0E1B02C9CC352A1F61703B7D1A8A2C45 ] E:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
11:07:29.0203 1096 E:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
11:07:29.0203 1096 [ C5A75EB48E2344ABDC162BDA79E16841 ] E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:07:29.0203 1096 E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
11:07:29.0218 1096 [ E5F7C30EDF0892667933BE879F067D67 ] E:\WINDOWS\system32\msvcr100_clr0400.dll
11:07:29.0218 1096 E:\WINDOWS\system32\msvcr100_clr0400.dll - ok
11:07:29.0218 1096 [ A56CCBBFCCEDCE2FD9C69FED24E035E3 ] E:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
11:07:29.0218 1096 E:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
11:07:29.0234 1096 [ E53B389AABC47A86A41884E94C9A3012 ] E:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
11:07:29.0234 1096 E:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
11:07:29.0234 1096 [ 3D4E199942E29207970E04315D02AD3B ] E:\WINDOWS\system32\cryptsvc.dll
11:07:29.0234 1096 E:\WINDOWS\system32\cryptsvc.dll - ok
11:07:29.0250 1096 [ 00709952D444EAE14DBBD30D36FBAE0F ] E:\WINDOWS\system32\certcli.dll
11:07:29.0250 1096 E:\WINDOWS\system32\certcli.dll - ok
11:07:29.0250 1096 [ BC93B4A066477954555966D77FEC9ECB ] E:\WINDOWS\system32\ersvc.dll
11:07:29.0250 1096 E:\WINDOWS\system32\ersvc.dll - ok
11:07:29.0265 1096 [ D4991D98F2DB73C60D042F1AEF79EFAE ] E:\WINDOWS\system32\es.dll
11:07:29.0265 1096 E:\WINDOWS\system32\es.dll - ok
11:07:29.0281 1096 [ 57EDEC2E5F59F0335E92F35184BC8631 ] E:\WINDOWS\system32\dmserver.dll
11:07:29.0281 1096 E:\WINDOWS\system32\dmserver.dll - ok
11:07:29.0281 1096 [ C28FD3B37B6F18751C99E6022A2A9782 ] E:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
11:07:29.0281 1096 E:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
11:07:29.0296 1096 [ 18301B40411B2108076AB685B4E4B6DC ] E:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
11:07:29.0296 1096 E:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
11:07:29.0296 1096 [ 691B9B7C0CC1653732717D292D6B305D ] E:\Program Files\Java\jre6\bin\jqs.exe
11:07:29.0296 1096 E:\Program Files\Java\jre6\bin\jqs.exe - ok
11:07:29.0312 1096 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] E:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
11:07:29.0312 1096 E:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
11:07:29.0312 1096 [ 86F1895AE8C5E8B17D99ECE768A70732 ] E:\Program Files\Java\jre6\bin\msvcr71.dll
11:07:29.0312 1096 E:\Program Files\Java\jre6\bin\msvcr71.dll - ok
11:07:29.0328 1096 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] E:\WINDOWS\system32\pdh.dll
11:07:29.0328 1096 E:\WINDOWS\system32\pdh.dll - ok
11:07:29.0343 1096 [ 369F7B1A4F358B976176556A1A331F36 ] E:\WINDOWS\system32\odbcbcp.dll
11:07:29.0343 1096 E:\WINDOWS\system32\odbcbcp.dll - ok
11:07:29.0343 1096 [ 332760FBA1655FCFD35BD6F4FD871300 ] E:\WINDOWS\system32\ipsecsvc.dll
11:07:29.0343 1096 E:\WINDOWS\system32\ipsecsvc.dll - ok
11:07:29.0359 1096 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] E:\WINDOWS\system32\srvsvc.dll
11:07:29.0359 1096 E:\WINDOWS\system32\srvsvc.dll - ok
11:07:29.0359 1096 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] E:\WINDOWS\system32\oakley.dll
11:07:29.0359 1096 E:\WINDOWS\system32\oakley.dll - ok
11:07:29.0375 1096 [ 6DCEFFAD9F0A9AB4FBFEFC044C2EA0ED ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
11:07:29.0375 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe - ok
11:07:29.0375 1096 [ 248712EA6BA17B9FF0C542A3828375DD ] E:\WINDOWS\system32\winipsec.dll
11:07:29.0375 1096 E:\WINDOWS\system32\winipsec.dll - ok
11:07:29.0390 1096 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] E:\WINDOWS\system32\pstorsvc.dll
11:07:29.0390 1096 E:\WINDOWS\system32\pstorsvc.dll - ok
11:07:29.0390 1096 [ 22D89D84E8E081CDA529DBF8C0255A38 ] E:\WINDOWS\system32\psbase.dll
11:07:29.0390 1096 E:\WINDOWS\system32\psbase.dll - ok
11:07:29.0406 1096 [ 20FD44370267CCD0A64A1B31861C21D2 ] E:\WINDOWS\system32\netmsg.dll
11:07:29.0406 1096 E:\WINDOWS\system32\netmsg.dll - ok
11:07:29.0406 1096 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] E:\WINDOWS\system32\dssenh.dll
11:07:29.0406 1096 E:\WINDOWS\system32\dssenh.dll - ok
11:07:29.0421 1096 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] E:\WINDOWS\system32\drivers\srv.sys
11:07:29.0421 1096 E:\WINDOWS\system32\drivers\srv.sys - ok
11:07:29.0437 1096 [ D5E459BED3DB9CF7FC6CC1455F177D2D ] E:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
11:07:29.0437 1096 E:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll - ok
11:07:29.0437 1096 [ CA9ED725BBD3F4795EBBED935FE6E824 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\FreeSCR.dll
11:07:29.0437 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\FreeSCR.dll - ok
11:07:29.0453 1096 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] E:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
11:07:29.0453 1096 E:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe - ok
11:07:29.0453 1096 [ 0ADAB1389E99DEB9CA9B89E0857FA65A ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\MalwareEngineR.dll
11:07:29.0453 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\MalwareEngineR.dll - ok
11:07:29.0468 1096 [ 5B19B557B0C188210A56A6B699D90B8F ] E:\WINDOWS\system32\regsvc.dll
11:07:29.0468 1096 E:\WINDOWS\system32\regsvc.dll - ok
11:07:29.0468 1096 [ BCE943896289A91AD75CC5652620B1C6 ] E:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
11:07:29.0468 1096 E:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe - ok
11:07:29.0484 1096 [ 6D15FEB597B46286F23ECADE64D32B0F ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefenderEngineR.dll
11:07:29.0484 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefenderEngineR.dll - ok
11:07:29.0500 1096 [ ACDAFCD14EC0ECE89198503746A5C147 ] E:\WINDOWS\system32\perfos.dll
11:07:29.0500 1096 E:\WINDOWS\system32\perfos.dll - ok
11:07:29.0500 1096 [ ABFB673B24A9B3287761D497529FB5B9 ] E:\WINDOWS\system32\perfdisk.dll
11:07:29.0500 1096 E:\WINDOWS\system32\perfdisk.dll - ok
11:07:29.0515 1096 [ 4BEA90F7D79143CC2135E2C5E85C9EB0 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\scan.dll
11:07:29.0515 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\scan.dll - ok
11:07:29.0515 1096 [ FD78388D822D8577FF014154E201F487 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\bdardrv.dll
11:07:29.0515 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\bdardrv.dll - ok
11:07:29.0531 1096 [ 1AD48F96E15FCE567ACED6F50497E9D3 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.dll
11:07:29.0531 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.dll - ok
11:07:29.0531 1096 [ 894AA89090BB1E9F41B3D9638EC175A0 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.dll
11:07:29.0531 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.dll - ok
11:07:29.0546 1096 [ 6474634AE2A5BADC279F86C10ABDA06F ] E:\Program Files\Ad-Aware Antivirus\SpursDownload.dll
11:07:29.0546 1096 E:\Program Files\Ad-Aware Antivirus\SpursDownload.dll - ok
11:07:29.0546 1096 [ 9C883843FA33BDAD926E237AB5F765E0 ] E:\Program Files\Ad-Aware Antivirus\SBTE.dll
11:07:29.0546 1096 E:\Program Files\Ad-Aware Antivirus\SBTE.dll - ok
11:07:29.0562 1096 [ E0EB8DDB9CA785F2A0D7EC9E268EFCB0 ] E:\Program Files\Ad-Aware Antivirus\sbap.dll
11:07:29.0562 1096 E:\Program Files\Ad-Aware Antivirus\sbap.dll - ok
11:07:29.0578 1096 [ 9B34A300F29D2E9BBD397BC0E3FFAB9B ] E:\Program Files\Ad-Aware Antivirus\SBArva.dll
11:07:29.0578 1096 E:\Program Files\Ad-Aware Antivirus\SBArva.dll - ok
11:07:29.0578 1096 [ 9CE7BD04EDF43A81685030FF09E7F4D7 ] E:\Program Files\Ad-Aware Antivirus\mimepp.dll
11:07:29.0578 1096 E:\Program Files\Ad-Aware Antivirus\mimepp.dll - ok
11:07:29.0593 1096 [ 293864F48B7FA48DE3A3984C150B58F8 ] E:\Program Files\Ad-Aware Antivirus\SbHips.dll
11:07:29.0593 1096 E:\Program Files\Ad-Aware Antivirus\SbHips.dll - ok
11:07:29.0593 1096 [ CBE612E2BB6A10E3563336191EDA1250 ] E:\WINDOWS\system32\seclogon.dll
11:07:29.0593 1096 E:\WINDOWS\system32\seclogon.dll - ok
11:07:29.0609 1096 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] E:\WINDOWS\system32\sens.dll
11:07:29.0609 1096 E:\WINDOWS\system32\sens.dll - ok
11:07:29.0609 1096 [ 47C274B918DFA3DE8E25E902568CBEA6 ] E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
11:07:29.0609 1096 E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe - ok
11:07:29.0625 1096 [ 9E4261C9FD4F0396A090BDB9E8E0E35C ] E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\BSUtil.dll
11:07:29.0625 1096 E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\BSUtil.dll - ok
11:07:29.0625 1096 [ 3805DF0AC4296A34BA4BF93B346CC378 ] E:\WINDOWS\system32\srsvc.dll
11:07:29.0625 1096 E:\WINDOWS\system32\srsvc.dll - ok
11:07:29.0640 1096 [ 869E96DB271E01CF2FF8DBED91422723 ] E:\Program Files\Ad-Aware Antivirus\vipre.dll
11:07:29.0640 1096 E:\Program Files\Ad-Aware Antivirus\vipre.dll - ok
11:07:29.0656 1096 [ C731FC78CB6546C7FE189C9A40D7EED0 ] E:\Program Files\Ad-Aware Antivirus\Definitions\remediation.dll
11:07:29.0656 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\remediation.dll - ok
11:07:29.0656 1096 [ DA9E66F0B2DE8B14CF919AAAA67833DB ] E:\Program Files\Ad-Aware Antivirus\Definitions\vcore.dll
11:07:29.0656 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\vcore.dll - ok
11:07:29.0671 1096 [ 55BCA12F7F523D35CA3CB833C725F54E ] E:\WINDOWS\system32\trkwks.dll
11:07:29.0671 1096 E:\WINDOWS\system32\trkwks.dll - ok
11:07:29.0671 1096 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] E:\WINDOWS\system32\wiaservc.dll
11:07:29.0671 1096 E:\WINDOWS\system32\wiaservc.dll - ok
11:07:29.0687 1096 [ F56F0E24E35FD91F74A5319E7081A0DB ] E:\Program Files\Rogers Backup Manager\VaultClientSRV.exe
11:07:29.0687 1096 E:\Program Files\Rogers Backup Manager\VaultClientSRV.exe - ok
11:07:29.0687 1096 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] E:\WINDOWS\system32\mscms.dll
11:07:29.0687 1096 E:\WINDOWS\system32\mscms.dll - ok
11:07:29.0703 1096 [ CF3B0AD3091B2997A1E5D4B6BE87EC07 ] E:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe
11:07:29.0703 1096 E:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe - ok
11:07:29.0703 1096 [ 8BCD11D38FCE43A519246A91CC40DE6A ] E:\WINDOWS\system32\security.dll
11:07:29.0703 1096 E:\WINDOWS\system32\security.dll - ok
11:07:29.0718 1096 [ 70B029A0E50BBB1C95497B75D6626FA7 ] E:\Program Files\Rogers Backup Manager\VaultClientCOM.dll
11:07:29.0718 1096 E:\Program Files\Rogers Backup Manager\VaultClientCOM.dll - ok
11:07:29.0718 1096 [ 2D0E4ED081963804CCC196A0929275B5 ] E:\WINDOWS\system32\wbem\wmisvc.dll
11:07:29.0718 1096 E:\WINDOWS\system32\wbem\wmisvc.dll - ok
11:07:29.0734 1096 [ ACACB8B14E66109B8ACD6644B5574B9A ] E:\WINDOWS\system32\vssapi.dll
11:07:29.0734 1096 E:\WINDOWS\system32\vssapi.dll - ok
11:07:29.0734 1096 [ CFD4E51402DA9838B5A04AE680AF54A0 ] E:\WINDOWS\system32\browser.dll
11:07:29.0734 1096 E:\WINDOWS\system32\browser.dll - ok
11:07:29.0750 1096 [ 83F41D0D89645D7235C051AB1D9523AC ] E:\WINDOWS\system32\ipnathlp.dll
11:07:29.0750 1096 E:\WINDOWS\system32\ipnathlp.dll - ok
11:07:29.0765 1096 [ D1B01B7933F26211E80EAC667A909E1B ] E:\Program Files\Ad-Aware Antivirus\Definitions\patchw32.dll
11:07:29.0765 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\patchw32.dll - ok
11:07:29.0765 1096 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] E:\WINDOWS\system32\comsvcs.dll
11:07:29.0765 1096 E:\WINDOWS\system32\comsvcs.dll - ok
11:07:29.0781 1096 [ 690D97864735E8ECD87F55777E266690 ] E:\WINDOWS\system32\colbact.dll
11:07:29.0781 1096 E:\WINDOWS\system32\colbact.dll - ok
11:07:29.0781 1096 [ 36795A645EAA47FE31D2A8F136A2C69B ] E:\WINDOWS\system32\mtxclu.dll
11:07:29.0781 1096 E:\WINDOWS\system32\mtxclu.dll - ok
11:07:29.0796 1096 [ DF82E222578DBE59FCBBD69A02E4C806 ] E:\WINDOWS\system32\clusapi.dll
11:07:29.0796 1096 E:\WINDOWS\system32\clusapi.dll - ok
11:07:29.0796 1096 [ F51EBB6FC536A6B2D588FD668D3A8249 ] E:\WINDOWS\system32\resutils.dll
11:07:29.0796 1096 E:\WINDOWS\system32\resutils.dll - ok
11:07:29.0812 1096 [ 3E8FE7E72E4C269771BC25FDAF9184C6 ] E:\Program Files\Ad-Aware Antivirus\Definitions\lgpl.dll
11:07:29.0812 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\lgpl.dll - ok
11:07:29.0812 1096 [ 7DC7D177B59D55B1A09F3A8E14FDFB58 ] E:\Program Files\Ad-Aware Antivirus\Definitions\lib7zip.dll
11:07:29.0812 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\lib7zip.dll - ok
11:07:29.0828 1096 [ 50BC994B5BD8A2F905A69F601FC3DC1D ] E:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
11:07:29.0828 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll - ok
11:07:29.0843 1096 [ 0EFC248A61B604DC84C89F400CA1C1F0 ] E:\Program Files\Ad-Aware Antivirus\Definitions\libCHM.dll
11:07:29.0843 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\libCHM.dll - ok
11:07:29.0843 1096 [ C8EA2E332EC6884D08CE2D5EEFCB8440 ] E:\Program Files\Ad-Aware Antivirus\Definitions\libEmail.dll
11:07:29.0843 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\libEmail.dll - ok
11:07:29.0859 1096 [ BF47C9A5372E4DF8F435AB2F03BE3C32 ] E:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
11:07:29.0859 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll - ok
11:07:29.0875 1096 [ 28188263A5D451261ECBFA6303D4D702 ] E:\Program Files\Ad-Aware Antivirus\Definitions\libMsCab.dll
11:07:29.0875 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\libMsCab.dll - ok
11:07:29.0890 1096 [ 3225B53B1C53672E97295861947ED3DE ] E:\Program Files\Ad-Aware Antivirus\Definitions\libMsi.dll
11:07:29.0890 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\libMsi.dll - ok
11:07:29.0906 1096 [ 5798D98B64240F18A012AA76F632734A ] E:\Program Files\Ad-Aware Antivirus\Definitions\libNSIS.dll
11:07:29.0906 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\libNSIS.dll - ok
11:07:29.0921 1096 [ 1F8A4BE6C00F689A6FE3A678B5C2B603 ] E:\Program Files\Ad-Aware Antivirus\Definitions\libOleA.dll
11:07:29.0921 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\libOleA.dll - ok
11:07:29.0921 1096 [ FB5C1ED6BBA79291FDA664CF142EEA4D ] E:\Program Files\Ad-Aware Antivirus\Definitions\libRar.dll
11:07:29.0921 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\libRar.dll - ok
11:07:29.0937 1096 [ 56DD7D9679A86EFC4C31A03A92C3237D ] E:\Program Files\Ad-Aware Antivirus\Definitions\libRTF.dll
11:07:29.0937 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\libRTF.dll - ok
11:07:29.0953 1096 [ 5D2638498DEA94F0D65136D49625A8DC ] E:\Program Files\Ad-Aware Antivirus\Definitions\libtd.dll
11:07:29.0953 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\libtd.dll - ok
11:07:29.0953 1096 [ 477E3D0DF9DC60957CB9E0C0D8B47019 ] E:\Program Files\Ad-Aware Antivirus\Definitions\libVvs.dll
11:07:29.0953 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\libVvs.dll - ok
11:07:29.0968 1096 [ 0E47902C881A09DC64D5DEBA611B370A ] E:\Program Files\Ad-Aware Antivirus\Definitions\libZip.dll
11:07:29.0968 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\libZip.dll - ok
11:07:29.0968 1096 [ A7B312D8E3AAA89190D210E66B819DCD ] E:\Program Files\Ad-Aware Antivirus\SBRE.dll
11:07:29.0968 1096 E:\Program Files\Ad-Aware Antivirus\SBRE.dll - ok
11:07:29.0984 1096 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] E:\WINDOWS\system32\fltlib.dll
11:07:29.0984 1096 E:\WINDOWS\system32\fltlib.dll - ok
11:07:29.0984 1096 [ 0DFA4D5E8205614EDA53394E637812E4 ] E:\WINDOWS\system32\vdmdbg.dll
11:07:29.0984 1096 E:\WINDOWS\system32\vdmdbg.dll - ok
11:07:30.0000 1096 [ 7E8C932C1F984A7EB9168FD401886D28 ] E:\Program Files\Ad-Aware Antivirus\SBAMTray.exe
11:07:30.0000 1096 E:\Program Files\Ad-Aware Antivirus\SBAMTray.exe - ok
11:07:30.0000 1096 [ FF3477C03BE7201C294C35F684B3479F ] E:\WINDOWS\system32\termsrv.dll
11:07:30.0000 1096 E:\WINDOWS\system32\termsrv.dll - ok
11:07:30.0015 1096 [ DF6551E4C4C46655A0C76194F1FCEA5D ] E:\WINDOWS\system32\icaapi.dll
11:07:30.0015 1096 E:\WINDOWS\system32\icaapi.dll - ok
11:07:30.0015 1096 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] E:\WINDOWS\system32\mstlsapi.dll
11:07:30.0015 1096 E:\WINDOWS\system32\mstlsapi.dll - ok
11:07:30.0031 1096 [ 3CB78C17BB664637787C9A1C98F79C38 ] E:\WINDOWS\system32\tapisrv.dll
11:07:30.0031 1096 E:\WINDOWS\system32\tapisrv.dll - ok
11:07:30.0031 1096 [ F0BF811622F2DD6C8E26EE4600D83731 ] E:\WINDOWS\system32\wbem\wbemcore.dll
11:07:30.0031 1096 E:\WINDOWS\system32\wbem\wbemcore.dll - ok
11:07:30.0046 1096 [ E4616430709F440CF1809D88DC2366EA ] E:\WINDOWS\system32\wbem\esscli.dll
11:07:30.0046 1096 E:\WINDOWS\system32\wbem\esscli.dll - ok
11:07:30.0062 1096 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] E:\WINDOWS\system32\wbem\fastprox.dll
11:07:30.0062 1096 E:\WINDOWS\system32\wbem\fastprox.dll - ok
11:07:30.0062 1096 [ 010472D0AE758227C6F6E6933549C219 ] E:\WINDOWS\system32\wbem\wbemsvc.dll
11:07:30.0062 1096 E:\WINDOWS\system32\wbem\wbemsvc.dll - ok
11:07:30.0078 1096 [ D90A33660D328A9F587580F0B38C85DE ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys
11:07:30.0078 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys - ok
11:07:30.0078 1096 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] E:\WINDOWS\system32\rasmans.dll
11:07:30.0078 1096 E:\WINDOWS\system32\rasmans.dll - ok
11:07:30.0093 1096 [ B16D66A71DE03285E14E9F165B59EDA4 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys
11:07:30.0093 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys - ok
11:07:30.0093 1096 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] E:\WINDOWS\system32\drivers\ntfs.sys
11:07:30.0093 1096 E:\WINDOWS\system32\drivers\ntfs.sys - ok
11:07:30.0109 1096 [ 37A62C6092AADD2EFDE0468DD8818E99 ] E:\WINDOWS\system32\netcfgx.dll
11:07:30.0109 1096 E:\WINDOWS\system32\netcfgx.dll - ok
11:07:30.0109 1096 [ 3273D1565BF30225C115B480A3BB2C9D ] E:\WINDOWS\system32\wbem\wmiutils.dll
11:07:30.0125 1096 E:\WINDOWS\system32\wbem\wmiutils.dll - ok
11:07:30.0125 1096 [ 942A17D2901A31EA68627CBFFCD268CC ] E:\WINDOWS\system32\wbem\repdrvfs.dll
11:07:30.0125 1096 E:\WINDOWS\system32\wbem\repdrvfs.dll - ok
11:07:30.0140 1096 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] E:\WINDOWS\system32\rastapi.dll
11:07:30.0140 1096 E:\WINDOWS\system32\rastapi.dll - ok
11:07:30.0140 1096 [ AACE07FE34FADDDF973CE068A6424957 ] E:\WINDOWS\system32\unimdm.tsp
11:07:30.0140 1096 E:\WINDOWS\system32\unimdm.tsp - ok
11:07:30.0156 1096 [ 995252FCC4692B5B97EE17D596C9386E ] E:\WINDOWS\system32\uniplat.dll
11:07:30.0156 1096 E:\WINDOWS\system32\uniplat.dll - ok
11:07:30.0156 1096 [ 071143F687B4F887E21461CA6CC7EB29 ] E:\WINDOWS\system32\wbem\wmiprvsd.dll
11:07:30.0156 1096 E:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
11:07:30.0171 1096 [ 26D881D27CBE51D3614E68D7313EA026 ] E:\WINDOWS\system32\wbem\wbemess.dll
11:07:30.0171 1096 E:\WINDOWS\system32\wbem\wbemess.dll - ok
11:07:30.0171 1096 [ 19AE6CBA05B9005698A6DEDCC88F202E ] E:\WINDOWS\system32\unimdmat.dll
11:07:30.0171 1096 E:\WINDOWS\system32\unimdmat.dll - ok
11:07:30.0187 1096 [ FE4A73CDBC882A19D070F1C01586E81A ] E:\WINDOWS\system32\modemui.dll
11:07:30.0187 1096 E:\WINDOWS\system32\modemui.dll - ok
11:07:30.0187 1096 [ 76EC97C5068D3D9FAA7774B0F659D31A ] E:\WINDOWS\system32\kmddsp.tsp
11:07:30.0187 1096 E:\WINDOWS\system32\kmddsp.tsp - ok
11:07:30.0203 1096 [ 4589963D84F2984FA5949A72162BA4F4 ] E:\WINDOWS\system32\ndptsp.tsp
11:07:30.0203 1096 E:\WINDOWS\system32\ndptsp.tsp - ok
11:07:30.0203 1096 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] E:\WINDOWS\system32\ipconf.tsp
11:07:30.0203 1096 E:\WINDOWS\system32\ipconf.tsp - ok
11:07:30.0218 1096 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] E:\WINDOWS\system32\h323.tsp
11:07:30.0218 1096 E:\WINDOWS\system32\h323.tsp - ok
11:07:30.0218 1096 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] E:\WINDOWS\system32\hidphone.tsp
11:07:30.0218 1096 E:\WINDOWS\system32\hidphone.tsp - ok
11:07:30.0234 1096 [ 8973122796E3B5D6B5900FC186E55FEA ] E:\WINDOWS\system32\hid.dll
11:07:30.0234 1096 E:\WINDOWS\system32\hid.dll - ok
11:07:30.0234 1096 [ 38D332A6D56AF32635675F132548343E ] E:\WINDOWS\system32\drivers\fastfat.sys
11:07:30.0234 1096 E:\WINDOWS\system32\drivers\fastfat.sys - ok
11:07:30.0250 1096 [ D0545A010ED2259A740C8414899A938F ] E:\WINDOWS\system32\rasppp.dll
11:07:30.0250 1096 E:\WINDOWS\system32\rasppp.dll - ok
11:07:30.0265 1096 [ B464BD425D5D09ABE4192234D1577B22 ] E:\WINDOWS\system32\ntlsapi.dll
11:07:30.0265 1096 E:\WINDOWS\system32\ntlsapi.dll - ok
11:07:30.0265 1096 [ 716C833FDD8B3C3814CAD55503A60BD9 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\bdfltlib.dll
11:07:30.0265 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\bdfltlib.dll - ok
11:07:30.0281 1096 [ A655C88AA555BB8EF8957BD29408827F ] E:\WINDOWS\system32\rasqec.dll
11:07:30.0281 1096 E:\WINDOWS\system32\rasqec.dll - ok
11:07:30.0281 1096 [ 798A9E6828997EEF4517ADA8A2259831 ] E:\WINDOWS\system32\wbem\wmiprvse.exe
11:07:30.0281 1096 E:\WINDOWS\system32\wbem\wmiprvse.exe - ok
11:07:30.0296 1096 [ 86EC240D05066B075569E39CDB245941 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\smartscn.dll
11:07:30.0296 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\smartscn.dll - ok
11:07:30.0296 1096 [ 8C515081584A38AA007909CD02020B3D ] E:\WINDOWS\system32\alg.exe
11:07:30.0296 1096 E:\WINDOWS\system32\alg.exe - ok
11:07:30.0312 1096 [ 860FAD57B4668A9F5F350A9D5444AE89 ] E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
11:07:30.0312 1096 E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
11:07:30.0328 1096 [ 1755023407FDE00D9916505A557569D5 ] E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\BDCoreEngines\BDCoreSet1\bdcore.dll
11:07:30.0328 1096 E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\BDCoreEngines\BDCoreSet1\bdcore.dll - ok
11:07:30.0328 1096 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\E7D46BEC-0FEC-4D8F-8CC2-8A31C4D8D63B.exe
11:07:30.0328 1096 E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\E7D46BEC-0FEC-4D8F-8CC2-8A31C4D8D63B.exe - ok
11:07:30.0343 1096 [ 17AA58A54C00F1746B8654C050491F43 ] E:\WINDOWS\system32\msutb.dll
11:07:30.0343 1096 E:\WINDOWS\system32\msutb.dll - ok
11:07:30.0343 1096 [ E40FCF943127DDC8FD60554B722D762B ] E:\WINDOWS\system32\msctf.dll
11:07:30.0343 1096 E:\WINDOWS\system32\msctf.dll - ok
11:07:30.0359 1096 [ D26451B540720A7313A9BCBE794DAF62 ] E:\WINDOWS\system32\wbem\ncprov.dll
11:07:30.0359 1096 E:\WINDOWS\system32\wbem\ncprov.dll - ok
11:07:30.0375 1096 [ 91790D6749EBED90E2C40479C0A91879 ] E:\WINDOWS\system32\verclsid.exe
11:07:30.0375 1096 E:\WINDOWS\system32\verclsid.exe - ok
11:07:30.0375 1096 [ 2DE1190196EE9555DB548A57622022EB ] E:\WINDOWS\system32\drprov.dll
11:07:30.0375 1096 E:\WINDOWS\system32\drprov.dll - ok
11:07:30.0390 1096 [ 36468087E22C57A83DF758B3F90DF73F ] E:\WINDOWS\system32\ntlanman.dll
11:07:30.0390 1096 E:\WINDOWS\system32\ntlanman.dll - ok
11:07:30.0390 1096 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] E:\WINDOWS\system32\netui0.dll
11:07:30.0390 1096 E:\WINDOWS\system32\netui0.dll - ok
11:07:30.0406 1096 [ 6404807ABC7AF52FA3792697AE638B50 ] E:\WINDOWS\system32\wbem\wbemcons.dll
11:07:30.0406 1096 E:\WINDOWS\system32\wbem\wbemcons.dll - ok
11:07:30.0406 1096 [ ED5A816D8E11E03F1937AC3C56826EE4 ] E:\WINDOWS\system32\netui1.dll
11:07:30.0406 1096 E:\WINDOWS\system32\netui1.dll - ok
11:07:30.0421 1096 [ FB8F8EEC8D9C2157789472DD61CDC78B ] E:\WINDOWS\system32\davclnt.dll
11:07:30.0421 1096 E:\WINDOWS\system32\davclnt.dll - ok
11:07:30.0421 1096 [ 2A8681AEA24003040CA7D677BE9F1702 ] E:\WINDOWS\system32\drivers\30861408.sys
11:07:30.0421 1096 E:\WINDOWS\system32\drivers\30861408.sys - ok
11:07:30.0437 1096 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] E:\WINDOWS\system32\webcheck.dll
11:07:30.0437 1096 E:\WINDOWS\system32\webcheck.dll - ok
11:07:30.0437 1096 [ 50512FC9B7878E3C2C147BC17326A7DB ] E:\WINDOWS\system32\stobject.dll
11:07:30.0437 1096 E:\WINDOWS\system32\stobject.dll - ok
11:07:30.0453 1096 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] E:\WINDOWS\system32\batmeter.dll
11:07:30.0453 1096 E:\WINDOWS\system32\batmeter.dll - ok
11:07:30.0453 1096 [ 7BBE4CF421AECC7F0226EDD75F12079F ] E:\WINDOWS\ime\IMJP8_1\imjpmig.exe
11:07:30.0453 1096 E:\WINDOWS\ime\IMJP8_1\imjpmig.exe - ok
11:07:30.0468 1096 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] E:\WINDOWS\system32\licwmi.dll
11:07:30.0468 1096 E:\WINDOWS\system32\licwmi.dll - ok
11:07:30.0468 1096 [ 4306FA2F1099D7C606139255FDB62B19 ] E:\WINDOWS\system32\wbem\framedyn.dll
11:07:30.0468 1096 E:\WINDOWS\system32\wbem\framedyn.dll - ok
11:07:30.0484 1096 [ 024DC0F68DF5FD6AE9DD82DFBAF479D6 ] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
11:07:30.0484 1096 E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE - ok
11:07:30.0500 1096 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] E:\WINDOWS\system32\upnp.dll
11:07:30.0500 1096 E:\WINDOWS\system32\upnp.dll - ok
11:07:30.0500 1096 [ AB89479B0B34F2145FF96A348D71A2C2 ] E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
11:07:30.0500 1096 E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe - ok
11:07:30.0515 1096 [ 80776884E7A05D6DA5040926F82B0273 ] E:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
11:07:30.0515 1096 E:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
11:07:30.0531 1096 [ B63E5C7807334A3A8F731062F15462CC ] E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11:07:30.0531 1096 E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
11:07:30.0531 1096 [ 3D075865DCC26931972F6476AD0497BE ] E:\WINDOWS\system32\ssdpapi.dll
11:07:30.0531 1096 E:\WINDOWS\system32\ssdpapi.dll - ok
11:07:30.0546 1096 [ 5110C1C1FB6F35490D04A01E29F07959 ] E:\Program Files\PowerISO\PWRISOVM.EXE
11:07:30.0546 1096 E:\Program Files\PowerISO\PWRISOVM.EXE - ok
11:07:30.0546 1096 [ C26B09276755E0698B31CF0BAE0BF182 ] E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
11:07:30.0546 1096 E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
11:07:30.0562 1096 [ A693A49A67673F2C8D76797EA9A628D0 ] E:\WINDOWS\system32\licdll.dll
11:07:30.0562 1096 E:\WINDOWS\system32\licdll.dll - ok
11:07:30.0562 1096 [ 8E16BF5600797E678EA97051CF93E6BF ] E:\WINDOWS\system32\dumprep.exe
11:07:30.0562 1096 E:\WINDOWS\system32\dumprep.exe - ok
11:07:30.0578 1096 [ F80A415EF82CD06FFAF0D971528EAD38 ] E:\WINDOWS\system32\drivers\http.sys
11:07:30.0578 1096 E:\WINDOWS\system32\drivers\http.sys - ok
11:07:30.0578 1096 [ E4401CF27225C1D6E664E86195978562 ] H:\Program files\ITunes\iTunesHelper.exe
11:07:30.0578 1096 H:\Program files\ITunes\iTunesHelper.exe - ok
11:07:30.0593 1096 [ 5112FBD9885D79A9FC73BDE9B1EF9334 ] E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
11:07:30.0593 1096 E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
11:07:30.0609 1096 [ 0A5679B3714EDAB99E357057EE88FCA6 ] E:\WINDOWS\system32\ssdpsrv.dll
11:07:30.0609 1096 E:\WINDOWS\system32\ssdpsrv.dll - ok
11:07:30.0609 1096 [ C85ECCBAA179719E658FFDBF99221E1E ] H:\Program files\ITunes\iTunesHelper.dll
11:07:30.0609 1096 H:\Program files\ITunes\iTunesHelper.dll - ok
11:07:30.0625 1096 [ 48E6868781B4E8BF4B77DBEC7694BCE8 ] E:\Program Files\Real\RealPlayer\Update\realsched.exe
11:07:30.0625 1096 E:\Program Files\Real\RealPlayer\Update\realsched.exe - ok
11:07:30.0625 1096 [ FD9BB1596433AE242DEF9320E4645BDC ] E:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe
11:07:30.0625 1096 E:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe - ok
11:07:30.0640 1096 [ 317C54DCAB9EE29CD4B9F55D197A90D1 ] E:\WINDOWS\system32\msisip.dll
11:07:30.0640 1096 E:\WINDOWS\system32\msisip.dll - ok
11:07:30.0640 1096 [ 3A6D465F379E5C815F4AD565391E654C ] E:\WINDOWS\system32\wshext.dll
11:07:30.0640 1096 E:\WINDOWS\system32\wshext.dll - ok
11:07:30.0656 1096 [ 76A3A30B58405C2C6D833895253A51A9 ] E:\Program Files\QuickTime\qttask.exe
11:07:30.0656 1096 E:\Program Files\QuickTime\qttask.exe - ok
11:07:30.0656 1096 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] E:\WINDOWS\system32\ctfmon.exe
11:07:30.0656 1096 E:\WINDOWS\system32\ctfmon.exe - ok
11:07:30.0671 1096 [ 0099D24356585743B0B35C222092FD8F ] E:\WINDOWS\system32\faultrep.dll
11:07:30.0671 1096 E:\WINDOWS\system32\faultrep.dll - ok
11:07:30.0687 1096 [ 9DF319F1C2D4B80D8CE8214EA4899ADF ] H:\Program files\ITunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
11:07:30.0687 1096 H:\Program files\ITunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
11:07:30.0687 1096 [ 814A169C40B55178BD8E1F79D1ADA649 ] H:\Program files\ITunes\iTunesHelper.Resources\iTunesHelper.dll
11:07:30.0687 1096 H:\Program files\ITunes\iTunesHelper.Resources\iTunesHelper.dll - ok
11:07:30.0703 1096 [ 3E930C641079443D4DE036167A69CAA2 ] E:\Program Files\Messenger\msmsgs.exe
11:07:30.0703 1096 E:\Program Files\Messenger\msmsgs.exe - ok
11:07:30.0703 1096 [ 6D9E1356A9C1B5F36698FAFF9205E34A ] E:\Program Files\Xvid\CheckUpdate.exe
11:07:30.0703 1096 E:\Program Files\Xvid\CheckUpdate.exe - ok
11:07:30.0718 1096 [ EC29322A4CD02C7D3B06D274A4CEBBC8 ] H:\system c backup\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
11:07:30.0718 1096 H:\system c backup\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe - ok
11:07:30.0718 1096 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] E:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
11:07:30.0718 1096 E:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
11:07:30.0734 1096 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] E:\WINDOWS\ime\sptip.dll
11:07:30.0734 1096 E:\WINDOWS\ime\sptip.dll - ok
11:07:30.0750 1096 [ C826F7BA9C7BF0860CBF1F650E2EDC1B ] E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\Windows7Features.dll
11:07:30.0750 1096 E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\Windows7Features.dll - ok
11:07:30.0750 1096 [ AC5516C7BFCA4096215D524401F188B8 ] H:\system c backup\Program Files\Uniblue\RegistryBooster\update.dll
11:07:30.0750 1096 H:\system c backup\Program Files\Uniblue\RegistryBooster\update.dll - ok
11:07:30.0765 1096 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] E:\WINDOWS\system32\oledlg.dll
11:07:30.0765 1096 E:\WINDOWS\system32\oledlg.dll - ok
11:07:30.0765 1096 [ AB781C0E4C09E08F464081D17C0F6184 ] E:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
11:07:30.0765 1096 E:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
11:07:30.0781 1096 [ 7FACB452456EF5C053AF3EE4B228FE0D ] E:\WINDOWS\system32\xpob2res.dll
11:07:30.0781 1096 E:\WINDOWS\system32\xpob2res.dll - ok
11:07:30.0796 1096 [ DFB1F3063B7D686996C14F8E6F1AA92E ] E:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe
11:07:30.0796 1096 E:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe - ok
11:07:30.0796 1096 [ 4E912078BB8CFB4D2E1F113E26D405F6 ] H:\system c backup\Program Files\Uniblue\RegistryBooster\RegistryBooster.dll
11:07:30.0796 1096 H:\system c backup\Program Files\Uniblue\RegistryBooster\RegistryBooster.dll - ok
11:07:30.0812 1096 [ 3C6FA2F4D58611579B21798E0568F548 ] E:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
11:07:30.0812 1096 E:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
11:07:30.0812 1096 [ C2FF17734176CD15221C10044EF0BA1A ] E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
11:07:30.0812 1096 E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - ok
11:07:30.0828 1096 [ B7C7FA3BEDE83AC5F1DE03B30D494CC1 ] E:\WINDOWS\system32\httpapi.dll
11:07:30.0828 1096 E:\WINDOWS\system32\httpapi.dll - ok
11:07:30.0843 1096 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] E:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
11:07:30.0843 1096 E:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
11:07:30.0859 1096 [ 401A8C0BE0BAA7D7A470F0942244152D ] E:\WINDOWS\system32\rasdlg.dll
11:07:30.0859 1096 E:\WINDOWS\system32\rasdlg.dll - ok
11:07:30.0875 1096 [ 506299776872829EC72D9AA5E4FD192E ] E:\Program Files\Webshots\3.1.5.7619\Launcher.exe
11:07:30.0875 1096 E:\Program Files\Webshots\3.1.5.7619\Launcher.exe - ok
11:07:30.0875 1096 [ 2AA8E49B8788B9CE6A0DD8B5887751D9 ] H:\system c backup\Program Files\Uniblue\RegistryBooster\XceedZip.dll
11:07:30.0875 1096 H:\system c backup\Program Files\Uniblue\RegistryBooster\XceedZip.dll - ok
11:07:30.0890 1096 [ EE5B38DD8B8EBBE8868B9EF00B815585 ] E:\Program Files\Real\RealPlayer\Update\setu3270.dll
11:07:30.0890 1096 E:\Program Files\Real\RealPlayer\Update\setu3270.dll - ok
11:07:30.0906 1096 [ 9504E8881FA7AC254097D01D57E5D077 ] H:\system c backup\Program Files\Uniblue\RegistryBooster\UBVarRB.dll
11:07:30.0906 1096 H:\system c backup\Program Files\Uniblue\RegistryBooster\UBVarRB.dll - ok
11:07:30.0921 1096 [ C2A66596D0EFC391D22683160BB3710A ] E:\Program Files\Webshots\3.1.5.7619\Webshots.scr
11:07:30.0921 1096 E:\Program Files\Webshots\3.1.5.7619\Webshots.scr - ok
11:07:30.0921 1096 [ 3CAEAE7608F1BD7BA873A3B02895B106 ] E:\WINDOWS\system32\sti.dll
11:07:30.0921 1096 E:\WINDOWS\system32\sti.dll - ok
11:07:30.0937 1096 [ B9B5C142C75E7E2A95E7E958CF6EAB3A ] E:\Program Files\Xvid\autoupdate-windows.exe
11:07:30.0937 1096 E:\Program Files\Xvid\autoupdate-windows.exe - ok
11:07:30.0937 1096 [ 76848CB1AA5818DB47D5F5986E0A7485 ] E:\WINDOWS\system32\mfc42.dll
11:07:30.0937 1096 E:\WINDOWS\system32\mfc42.dll - ok
11:07:30.0953 1096 [ 63E8D944AFBEEBB243F25C4ED07E74C5 ] E:\WINDOWS\system32\inetmib1.dll
11:07:30.0953 1096 E:\WINDOWS\system32\inetmib1.dll - ok
11:07:30.0953 1096 [ 5C1F0537E61F87B435F56E00B4F20EE8 ] E:\WINDOWS\system32\snmpapi.dll
11:07:30.0953 1096 E:\WINDOWS\system32\snmpapi.dll - ok
11:07:30.0968 1096 [ 6100A808600F44D999CEBDEF8841C7A3 ] E:\WINDOWS\system32\w3ssl.dll
11:07:30.0968 1096 E:\WINDOWS\system32\w3ssl.dll - ok
11:07:30.0968 1096 [ 4A93B65CFB514F2EA76B59568D5F39CE ] E:\WINDOWS\system32\strmfilt.dll
11:07:30.0968 1096 E:\WINDOWS\system32\strmfilt.dll - ok
11:07:30.0984 1096 [ E8A39D41474BE42FD8830CED32932D6C ] E:\Program Files\iPod\bin\iPodService.exe
11:07:30.0984 1096 E:\Program Files\iPod\bin\iPodService.exe - ok
11:07:31.0000 1096 [ 5E57EAB47E565BF754BCF99A410C3354 ] E:\PROGRA~1\AD-AWA~1\AdAware.exe
11:07:31.0000 1096 E:\PROGRA~1\AD-AWA~1\AdAware.exe - ok
11:07:31.0000 1096 [ E837FDBB92E9873E538395B623F45462 ] E:\WINDOWS\system32\wbem\cimwin32.dll
11:07:31.0000 1096 E:\WINDOWS\system32\wbem\cimwin32.dll - ok
11:07:31.0015 1096 [ 01243FA89FBEC041E873DE8386138440 ] E:\Program Files\Real\RealPlayer\realplay.exe
11:07:31.0015 1096 E:\Program Files\Real\RealPlayer\realplay.exe - ok
11:07:31.0015 1096 [ 65A9495A436F5402BC1C467E1B926C27 ] E:\WINDOWS\winhlp32.exe
11:07:31.0015 1096 E:\WINDOWS\winhlp32.exe - ok
11:07:31.0031 1096 [ 020D5F7ABD814935C1BBD55D97F11DB8 ] E:\Program Files\Real\RealPlayer\rpwa3260.dll
11:07:31.0031 1096 E:\Program Files\Real\RealPlayer\rpwa3260.dll - ok
11:07:31.0031 1096 [ 09EFB6439C76E94059C5E22409926B48 ] E:\Documents and Settings\Chantal Lalonde\Local Settings\Temp\BR8.tmp
11:07:31.0031 1096 E:\Documents and Settings\Chantal Lalonde\Local Settings\Temp\BR8.tmp - ok
11:07:31.0046 1096 [ 7DF0DECD3006B8BA450AEC714086FF3C ] E:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
11:07:31.0046 1096 E:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
11:07:31.0062 1096 [ 280013E1CA1A648A6B896D884CC46601 ] E:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
11:07:31.0062 1096 E:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
11:07:31.0062 1096 [ 0689622E6484934EB6E5F4D3A96311F9 ] E:\WINDOWS\system32\jscript.dll
11:07:31.0062 1096 E:\WINDOWS\system32\jscript.dll - ok
11:07:31.0078 1096 [ 08AD4CD2A940379F1DCDBDB9884A1375 ] E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\BRA.tmp
11:07:31.0078 1096 E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\BRA.tmp - ok
11:07:31.0078 1096 [ E35514FC402F6268333529384CFD7B20 ] E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\BRB.tmp
11:07:31.0078 1096 E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\BRB.tmp - ok
11:07:31.0093 1096 [ B651A7B4BF84E7B14FB827D4D674891E ] E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RpSpaWshComAgent.dll
11:07:31.0093 1096 E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RpSpaWshComAgent.dll - ok
11:07:31.0109 1096 [ 027491B39A7B16B116E780F55ABC288E ] E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\BRC.tmp
11:07:31.0109 1096 E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\BRC.tmp - ok
11:07:31.0109 1096 [ 880F7ED2DF24DB14AF96C6D797958796 ] E:\WINDOWS\system32\wbem\wbemdisp.dll
11:07:31.0109 1096 E:\WINDOWS\system32\wbem\wbemdisp.dll - ok
11:07:31.0125 1096 [ A210F1AC135E5331C314CE5F394FB5A5 ] E:\Documents and Settings\Chantal Lalonde\Local Settings\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
11:07:31.0125 1096 E:\Documents and Settings\Chantal Lalonde\Local Settings\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll - ok
11:07:31.0140 1096 [ A4E87B2BD2F7A31DBC8DE7C11F3CEE17 ] E:\PROGRA~1\AD-AWA~1\htmlayout.dll
11:07:31.0140 1096 E:\PROGRA~1\AD-AWA~1\htmlayout.dll - ok
11:07:31.0140 1096 [ 63D151A73679BB5BD7CF98BDA1AE5F5B ] E:\WINDOWS\system32\wbem\stdprov.dll
11:07:31.0140 1096 E:\WINDOWS\system32\wbem\stdprov.dll - ok
11:07:31.0156 1096 [ 72FAB2C90296330ECA3787DC4093E208 ] E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\BRE.tmp
11:07:31.0156 1096 E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\BRE.tmp - ok
11:07:31.0156 1096 [ F0A0EBF086597E645BC14B0D98F8BA58 ] E:\WINDOWS\system32\scrrun.dll
11:07:31.0156 1096 E:\WINDOWS\system32\scrrun.dll - ok
11:07:31.0171 1096 [ 6472932F2B6084EA1FB3F7F9493AC640 ] E:\WINDOWS\system32\wshom.ocx
11:07:31.0171 1096 E:\WINDOWS\system32\wshom.ocx - ok
11:07:31.0171 1096 [ EEC60879217702E58459102350EE87DF ] E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
11:07:31.0171 1096 E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe - ok
11:07:31.0187 1096 [ 9C46E5C82F94D9AEDD2CE798F0DF1158 ] E:\WINDOWS\system32\mshtml.dll
11:07:31.0187 1096 E:\WINDOWS\system32\mshtml.dll - ok
11:07:31.0187 1096 [ 8C09244CEBE28CEA96D6715E81427D9A ] E:\PROGRA~1\AD-AWA~1\lavalicense.dll
11:07:31.0203 1096 E:\PROGRA~1\AD-AWA~1\lavalicense.dll - ok
11:07:31.0203 1096 [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] E:\WINDOWS\system32\msls31.dll
11:07:31.0203 1096 E:\WINDOWS\system32\msls31.dll - ok
11:07:31.0218 1096 [ B4EB1E7438DC099078CE8FE6E5A2C99D ] E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\BRF.tmp
11:07:31.0218 1096 E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\BRF.tmp - ok
11:07:31.0218 1096 [ B24BF80927D3D0A391CB8426F7CB290D ] E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\BR10.tmp
11:07:31.0218 1096 E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\BR10.tmp - ok
11:07:31.0234 1096 [ 77D6AB8B4F27F1577BB11D77C87DD6AA ] E:\Program Files\Ad-Aware Antivirus\SBAMSvcPS.dll
11:07:31.0234 1096 E:\Program Files\Ad-Aware Antivirus\SBAMSvcPS.dll - ok
11:07:31.0234 1096 [ E11457C66FDD966EE415FBBC6D9BE643 ] E:\WINDOWS\system32\msimtf.dll
11:07:31.0234 1096 E:\WINDOWS\system32\msimtf.dll - ok
11:07:31.0250 1096 [ 5FA9B930E89B8CBBB51C4DAACC002207 ] E:\Program Files\Ad-Aware Antivirus\oehook.dll
11:07:31.0250 1096 E:\Program Files\Ad-Aware Antivirus\oehook.dll - ok
11:07:31.0265 1096 [ 2A769418ED33AA3E702C7327A6699E17 ] E:\Program Files\Ad-Aware Antivirus\oecom.dll
11:07:31.0265 1096 E:\Program Files\Ad-Aware Antivirus\oecom.dll - ok
11:07:31.0265 1096 [ BF67AC2C1F41BE892B98E9B8E91C0CB8 ] E:\WINDOWS\system32\wiashext.dll
11:07:31.0265 1096 E:\WINDOWS\system32\wiashext.dll - ok
11:07:31.0281 1096 [ 5744FFF8E72D105C138DAE9E17BB29FE ] E:\Program Files\Mozilla Firefox\firefox.exe
11:07:31.0281 1096 E:\Program Files\Mozilla Firefox\firefox.exe - ok
11:07:31.0281 1096 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] E:\Program Files\Mozilla Firefox\msvcr100.dll
11:07:31.0281 1096 E:\Program Files\Mozilla Firefox\msvcr100.dll - ok
11:07:31.0296 1096 [ C2EFE31691B0220BA2D366F6ECD9EEBC ] E:\Program Files\Mozilla Firefox\mozglue.dll
11:07:31.0296 1096 E:\Program Files\Mozilla Firefox\mozglue.dll - ok
11:07:31.0296 1096 [ 4D8CAE21D3617DBC539F0A7ACEB66FAD ] E:\Program Files\Mozilla Firefox\nspr4.dll
11:07:31.0296 1096 E:\Program Files\Mozilla Firefox\nspr4.dll - ok
11:07:31.0312 1096 [ 03E9314004F504A14A61C3D364B62F66 ] E:\Program Files\Mozilla Firefox\msvcp100.dll
11:07:31.0312 1096 E:\Program Files\Mozilla Firefox\msvcp100.dll - ok
11:07:31.0312 1096 [ 2D64A5315260AAD1D6BEEE65D2681DB3 ] E:\Program Files\Mozilla Firefox\mozjs.dll
11:07:31.0312 1096 E:\Program Files\Mozilla Firefox\mozjs.dll - ok
11:07:31.0328 1096 [ 6F255F96534FCF5FF4B611B52C1AB813 ] E:\Program Files\Mozilla Firefox\plc4.dll
11:07:31.0328 1096 E:\Program Files\Mozilla Firefox\plc4.dll - ok
11:07:31.0328 1096 [ 6B85D6ADEF244F9077BD7874610574A9 ] E:\Program Files\Mozilla Firefox\plds4.dll
11:07:31.0328 1096 E:\Program Files\Mozilla Firefox\plds4.dll - ok
11:07:31.0343 1096 [ 0206166F245BE09DC9C1550AFB2C0B8D ] E:\Program Files\Mozilla Firefox\nss3.dll
11:07:31.0343 1096 E:\Program Files\Mozilla Firefox\nss3.dll - ok
11:07:31.0359 1096 [ 15A9691C1F00631BC5475CEEF9A6EA62 ] E:\Program Files\Mozilla Firefox\nssutil3.dll
11:07:31.0359 1096 E:\Program Files\Mozilla Firefox\nssutil3.dll - ok
11:07:31.0359 1096 [ 3D2706E87D3E4433DB929B86207CA928 ] E:\Program Files\Mozilla Firefox\mozsqlite3.dll
11:07:31.0359 1096 E:\Program Files\Mozilla Firefox\mozsqlite3.dll - ok
11:07:31.0375 1096 [ 9F135327116E63D522BFEF39F37CB2E6 ] E:\Program Files\Mozilla Firefox\smime3.dll
11:07:31.0375 1096 E:\Program Files\Mozilla Firefox\smime3.dll - ok
11:07:31.0375 1096 [ F5720ED4EEA3D62A3C9AF0950F2B7D23 ] E:\Program Files\Mozilla Firefox\ssl3.dll
11:07:31.0375 1096 E:\Program Files\Mozilla Firefox\ssl3.dll - ok
11:07:31.0390 1096 [ A38B82A306CDDA0BB141225F92FC9F85 ] E:\Program Files\Mozilla Firefox\gkmedias.dll
11:07:31.0390 1096 E:\Program Files\Mozilla Firefox\gkmedias.dll - ok
11:07:31.0390 1096 [ 52652560BCE03F232CE6AF381D82CE5F ] E:\Program Files\Mozilla Firefox\mozalloc.dll
11:07:31.0390 1096 E:\Program Files\Mozilla Firefox\mozalloc.dll - ok
11:07:31.0406 1096 [ 4C44A99BB7584D6B70507987BE786259 ] E:\Program Files\Mozilla Firefox\xul.dll
11:07:31.0406 1096 E:\Program Files\Mozilla Firefox\xul.dll - ok
11:07:31.0406 1096 [ 9179B5903E3329827F5D8A45CEFA1C08 ] E:\Program Files\Ad-Aware Antivirus\Definitions\Staging\updater.dll
11:07:31.0406 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\Staging\updater.dll - ok
11:07:31.0421 1096 [ D1B01B7933F26211E80EAC667A909E1B ] E:\Program Files\Ad-Aware Antivirus\Definitions\Staging\patchw32.dll
11:07:31.0421 1096 E:\Program Files\Ad-Aware Antivirus\Definitions\Staging\patchw32.dll - ok
11:07:31.0437 1096 [ 4D774B94671141D491CFCB4CA3650EBF ] E:\Program Files\Mozilla Firefox\xpcom.dll
11:07:31.0437 1096 E:\Program Files\Mozilla Firefox\xpcom.dll - ok
11:07:31.0437 1096 [ 520B9EF148145FDE39E4FB77E0C7FC48 ] E:\Program Files\Mozilla Firefox\components\browsercomps.dll
11:07:31.0437 1096 E:\Program Files\Mozilla Firefox\components\browsercomps.dll - ok
11:07:31.0453 1096 [ D0049860B63DD87A73A5D165C829C65F ] E:\WINDOWS\system32\t2embed.dll
11:07:31.0453 1096 E:\WINDOWS\system32\t2embed.dll - ok
11:07:31.0453 1096 [ C3200506FB212A0F4FB736A80E646C40 ] E:\WINDOWS\system32\lz32.dll
11:07:31.0453 1096 E:\WINDOWS\system32\lz32.dll - ok
11:07:31.0468 1096 [ 9662E514A77389EB6F7E846DB8B44C4D ] E:\Program Files\Mozilla Firefox\softokn3.dll
11:07:31.0468 1096 E:\Program Files\Mozilla Firefox\softokn3.dll - ok
11:07:31.0468 1096 [ CF7C83513AD0F22070B6795590F6BA68 ] E:\Program Files\Mozilla Firefox\nssdbm3.dll
11:07:31.0468 1096 E:\Program Files\Mozilla Firefox\nssdbm3.dll - ok
11:07:31.0484 1096 [ D9FA57CBA32ABA63D5C30B854F660F07 ] E:\Program Files\Mozilla Firefox\freebl3.dll
11:07:31.0484 1096 E:\Program Files\Mozilla Firefox\freebl3.dll - ok
11:07:31.0484 1096 [ 2944201BCD2BCC92897551A95757DDBE ] E:\Program Files\Mozilla Firefox\nssckbi.dll
11:07:31.0484 1096 E:\Program Files\Mozilla Firefox\nssckbi.dll - ok
11:07:31.0500 1096 [ 303A63F4B913AA5D8998161CB77A8CE7 ] E:\WINDOWS\system32\feclient.dll
11:07:31.0500 1096 E:\WINDOWS\system32\feclient.dll - ok
11:07:31.0500 1096 [ 15805123F863DC8E550155279E40FB77 ] E:\Program Files\Java\jre6\bin\awt.dll
11:07:31.0500 1096 E:\Program Files\Java\jre6\bin\awt.dll - ok
11:07:31.0515 1096 [ D1D05E408030CE682392662933BCA671 ] E:\Program Files\Java\jre6\bin\client\jvm.dll
11:07:31.0515 1096 E:\Program Files\Java\jre6\bin\client\jvm.dll - ok
11:07:31.0515 1096 [ AAC3E45B573A9199C6D2E4CA6D5980CE ] E:\Program Files\Java\jre6\bin\dcpr.dll
11:07:31.0515 1096 E:\Program Files\Java\jre6\bin\dcpr.dll - ok
11:07:31.0531 1096 [ 20BBDEC22713040AF3A8D6DFE61CFA54 ] E:\Program Files\Java\jre6\bin\deploy.dll
11:07:31.0531 1096 E:\Program Files\Java\jre6\bin\deploy.dll - ok
11:07:31.0546 1096 [ 52B53CD458AE8424CDD4B587623680E1 ] E:\Program Files\Java\jre6\bin\fontmanager.dll
11:07:31.0546 1096 E:\Program Files\Java\jre6\bin\fontmanager.dll - ok
11:07:31.0546 1096 [ 350D38B367D413F65EE0BABD3966D9BC ] E:\Program Files\Java\jre6\bin\hpi.dll
11:07:31.0546 1096 E:\Program Files\Java\jre6\bin\hpi.dll - ok
11:07:31.0562 1096 [ 6651729ABEC42DAB2280392019AB2A77 ] E:\Program Files\Java\jre6\bin\java.dll
11:07:31.0562 1096 E:\Program Files\Java\jre6\bin\java.dll - ok
11:07:31.0562 1096 [ A109C40C04D7EE2D78DFC2268D4ED57F ] E:\Program Files\Java\jre6\bin\javaw.exe
11:07:31.0562 1096 E:\Program Files\Java\jre6\bin\javaw.exe - ok
11:07:31.0578 1096 [ B9EAE52AD69546EFDBA1EA3E00C7288B ] E:\Program Files\Java\jre6\bin\jp2native.dll
11:07:31.0578 1096 E:\Program Files\Java\jre6\bin\jp2native.dll - ok
11:07:31.0593 1096 [ EE7C6F2BDE716518C67FCD8651C144AA ] E:\Program Files\Java\jre6\bin\jpeg.dll
11:07:31.0593 1096 E:\Program Files\Java\jre6\bin\jpeg.dll - ok
11:07:31.0593 1096 [ 3202371F4C4E74DFFA17D34FC48AE0CF ] E:\Program Files\Java\jre6\bin\net.dll
11:07:31.0593 1096 E:\Program Files\Java\jre6\bin\net.dll - ok
11:07:31.0609 1096 [ 6B65A0FC01857D928054906AC6699269 ] E:\Program Files\Java\jre6\bin\nio.dll
11:07:31.0609 1096 E:\Program Files\Java\jre6\bin\nio.dll - ok
11:07:31.0609 1096 [ 7940B8E971752702169B3C7916A2405B ] E:\Program Files\Java\jre6\bin\regutils.dll
11:07:31.0609 1096 E:\Program Files\Java\jre6\bin\regutils.dll - ok
11:07:31.0625 1096 [ 1EFA97F590F0DC0726146B4AB81C9339 ] E:\Program Files\Java\jre6\bin\verify.dll
11:07:31.0625 1096 E:\Program Files\Java\jre6\bin\verify.dll - ok
11:07:31.0625 1096 [ C9A8F1F08D8CA4E538CFA937B13423F7 ] E:\Program Files\Java\jre6\bin\zip.dll
11:07:31.0625 1096 E:\Program Files\Java\jre6\bin\zip.dll - ok
11:07:31.0640 1096 ============================================================
11:07:31.0640 1096 Scan finished
11:07:31.0640 1096 ============================================================
11:07:31.0750 3772 Detected object count: 6
11:07:31.0765 3772 Actual detected object count: 6
11:09:19.0125 3772 AGCoreService ( UnsignedFile.Multi.Generic ) - skipped by user
11:09:19.0125 3772 AGCoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:09:19.0171 3772 E:\WINDOWS\system32\DRIVERS\cdrom.sys - copied to quarantine
11:09:20.0578 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\@ - copied to quarantine
11:09:20.0578 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\Desktop.ini - copied to quarantine
11:09:20.0578 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\L\00000004.@ - copied to quarantine
11:09:20.0609 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\L\201d3dde - copied to quarantine
11:09:20.0609 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\L\kjijdmdh - copied to quarantine
11:09:20.0640 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\00000004.@ - copied to quarantine
11:09:20.0656 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\00000008.@ - copied to quarantine
11:09:20.0671 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\000000cb.@ - copied to quarantine
11:09:20.0671 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\80000000.@ - copied to quarantine
11:09:20.0796 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\80000032.@ - copied to quarantine
11:09:21.0140 3772 Backup copy found, using it..
11:09:21.0156 3772 E:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot
11:09:21.0265 3772 E:\WINDOWS\$NtUninstallKB40641$\1748115354 - will be deleted on reboot
11:09:21.0265 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\@ - will be deleted on reboot
11:09:21.0265 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\Desktop.ini - will be deleted on reboot
11:09:21.0296 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\00000004.@ - will be deleted on reboot
11:09:21.0296 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\00000008.@ - will be deleted on reboot
11:09:21.0296 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\000000cb.@ - will be deleted on reboot
11:09:21.0296 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\80000000.@ - will be deleted on reboot
11:09:21.0296 3772 E:\WINDOWS\$NtUninstallKB40641$\2150964980\U\80000032.@ - will be deleted on reboot
11:09:21.0328 3772 Cdrom ( Virus.Win32.ZAccess.aml ) - User select action: Cure
11:09:21.0328 3772 Profos ( UnsignedFile.Multi.Generic ) - skipped by user
11:09:21.0328 3772 Profos ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:09:21.0328 3772 scan ( UnsignedFile.Multi.Generic ) - skipped by user
11:09:21.0328 3772 scan ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:09:21.0328 3772 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
11:09:21.0328 3772 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:09:21.0343 3772 Trufos ( UnsignedFile.Multi.Generic ) - skipped by user
11:09:21.0343 3772 Trufos ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:09:48.0250 3632 Deinitialize success
  • 0

#9
shannibutterfly
Posted 05 January 2013 - 10:55 AM

shannibutterfly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 13-01-05.01 - Chantal Lalonde 05/01/2013 11:36:30.1.2 - x86
Running from: e:\documents and settings\Chantal Lalonde\Desktop\ComboFix.exe
AV: Rogers Online Protection Anti-Virus *Disabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Rogers Online Protection Firewall *Disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\All Users\Application Data\TEMP
e:\documents and settings\Chantal Lalonde\WINDOWS
e:\windows\system32\SET417.tmp
e:\windows\system32\SET418.tmp
e:\windows\system32\SET419.tmp
e:\windows\system32\SET41D.tmp
e:\windows\system32\SET41E.tmp
e:\windows\system32\SET41F.tmp
e:\windows\system32\SET423.tmp
e:\windows\system32\SET425.tmp
H:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))
.
.
2013-01-05 19:36 . 2013-01-05 19:36 12568 -c--a-w- e:\windows\system32\drivers\PROCEXP113.SYS
2013-01-05 19:23 . 2013-01-05 19:23 -------- dc----w- e:\documents and settings\All Users\Application Data\GFI Software
2013-01-05 19:09 . 2013-01-05 19:09 -------- dc----w- E:\TDSSKiller_Quarantine
2013-01-04 05:39 . 2013-01-04 05:40 1409 -c--a-w- e:\windows\QTFont.for
2013-01-04 05:37 . 2013-01-04 05:37 -------- dc----w- e:\documents and settings\All Users\Application Data\QuickTime
2013-01-04 05:36 . 2013-01-04 05:38 -------- dc----w- e:\program files\BADMOJO
2013-01-03 06:24 . 2013-01-03 06:24 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\Malwarebytes
2013-01-03 06:24 . 2013-01-03 06:24 -------- dc----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2013-01-03 04:21 . 2013-01-03 04:21 -------- dc----w- e:\program files\Windows Live SkyDrive
2013-01-03 04:21 . 2013-01-03 04:21 -------- dc----w- e:\program files\Windows Live
2013-01-03 04:21 . 2013-01-03 04:21 141399376 -c--a-w- e:\program files\Common Files\Windows Live\.cache\wlc1A.tmp
2013-01-01 08:13 . 2013-01-01 08:13 -------- dc----w- e:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2013-01-01 08:05 . 2013-01-01 08:05 -------- dc----w- e:\documents and settings\Chantal Lalonde\Local Settings\Application Data\Downloaded Installations
2013-01-01 08:05 . 2013-01-01 08:05 -------- dc----w- e:\documents and settings\All Users\Application Data\Search Protection
2013-01-01 08:05 . 2013-01-01 08:05 -------- dc----w- e:\documents and settings\Chantal Lalonde\Local Settings\Application Data\adawarebp
2013-01-01 08:05 . 2013-01-01 08:05 -------- dc----w- e:\documents and settings\All Users\Application Data\blekko toolbars
2013-01-01 08:05 . 2013-01-01 08:05 -------- dc----w- e:\program files\Toolbar Cleaner
2013-01-01 08:05 . 2013-01-01 08:05 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\blekko
2013-01-01 08:05 . 2013-01-01 08:05 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\adawaretb
2013-01-01 08:05 . 2013-01-01 08:05 -------- dc----w- e:\program files\adawaretb
2013-01-01 07:54 . 2013-01-01 07:54 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\DriverCure
2013-01-01 07:54 . 2013-01-01 07:54 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\PC Utility Kit
2013-01-01 07:53 . 2013-01-01 08:04 -------- dc----w- e:\documents and settings\All Users\Application Data\PC Utility Kit
2013-01-01 00:51 . 2012-11-29 08:27 73696 -c--a-w- e:\program files\Mozilla Firefox\breakpadinjector.dll
2012-12-29 19:28 . 2012-12-29 19:29 -------- dc----w- e:\documents and settings\Chantal Lalonde\Local Settings\Application Data\Deployment
2012-12-26 14:01 . 2012-12-26 14:01 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\AlawarEntertainment
2012-12-25 11:14 . 2012-12-25 11:14 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\Top Evidence
2012-12-25 11:14 . 2012-12-25 11:14 -------- dc----w- e:\documents and settings\All Users\Application Data\Top Evidence
2012-12-25 11:11 . 2012-12-25 11:11 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\The Curse of the Werewolves
2012-12-25 10:59 . 2012-12-25 10:59 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\Freeze Tag
2012-12-25 08:47 . 2012-12-25 08:47 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\Frogwares
2012-12-22 19:28 . 2013-01-01 20:42 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\ERS Game Studios
2012-12-22 19:09 . 2012-12-22 19:09 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\Atari
2012-12-22 19:07 . 2012-12-22 19:07 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\Leadertech
2012-12-22 19:02 . 2012-12-22 19:02 331908 -c--a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-12-22 19:02 . 2012-12-22 19:02 200836 -c--a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-12-22 19:02 . 2005-04-04 07:02 753664 -c--a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-12-22 19:02 . 2005-04-04 07:02 69714 -c--a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-12-22 19:02 . 2005-04-04 07:01 274432 -c--a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-12-22 19:02 . 2005-04-04 07:00 184320 -c--a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-12-22 19:02 . 2005-04-04 06:59 5632 -c--a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-12-22 19:02 . 2005-04-04 06:57 32768 -c--a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-12-22 18:47 . 2012-12-22 18:47 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\Big Fish Games
2012-12-22 13:33 . 2012-12-22 13:33 -------- dc----w- e:\program files\Common Files\Wise Installation Wizard
2012-12-22 12:46 . 1996-08-27 10:12 93504 -c--a-r- e:\windows\QTW16DEL.EXE
2012-12-22 12:46 . 1996-08-27 10:12 2037248 -c--a-r- e:\windows\QTINSTAL.EXE
2012-12-22 12:34 . 1996-11-06 00:13 299008 -c--a-w- e:\windows\uninst.exe
2012-12-22 12:26 . 2012-12-22 12:26 -------- dc----w- e:\windows\BBSTORE
2012-12-22 12:22 . 1996-02-08 17:54 284160 -c--a-w- e:\windows\unin040c.exe
2012-12-22 11:24 . 2012-12-22 11:24 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\HTML Executable
2012-12-22 11:24 . 2012-12-22 11:24 -------- dc----w- e:\program files\Common Files\HTML Executable Viewer
2012-12-18 19:07 . 2012-12-18 19:07 -------- dc----w- e:\program files\iPod
2012-12-18 19:07 . 2012-12-18 19:08 -------- dc----w- e:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-09 20:01 . 2012-12-09 20:01 -------- dc----w- e:\documents and settings\Chantal Lalonde\Application Data\MSNInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-05 19:10 . 2004-08-04 02:59 62976 ----a-w- e:\windows\system32\drivers\cdrom.sys
2013-01-01 00:39 . 2011-09-02 04:54 499712 -c--a-w- e:\windows\system32\msvcp71.dll
2013-01-01 00:39 . 2011-09-02 04:54 348160 -c--a-w- e:\windows\system32\msvcr71.dll
2012-12-16 12:23 . 2004-08-04 04:56 290560 -c--a-w- e:\windows\system32\atmfd.dll
2012-12-12 04:21 . 2012-12-06 06:02 697272 -c--a-w- e:\windows\system32\FlashPlayerApp.exe
2012-12-12 04:21 . 2011-06-29 15:21 73656 -c--a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-27 16:31 . 2012-11-27 16:31 73728 -c--a-w- e:\windows\system32\javacpl.cpl
2012-11-27 16:31 . 2012-11-27 16:31 477168 -c--a-w- e:\windows\system32\npdeployJava1.dll
2012-11-27 16:31 . 2011-07-07 05:55 473072 -c--a-w- e:\windows\system32\deployJava1.dll
2012-11-13 01:25 . 2004-08-04 03:17 1866368 -c--a-w- e:\windows\system32\win32k.sys
2012-11-02 02:02 . 2004-08-04 04:56 375296 -c--a-w- e:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 04:56 1469440 -c----w- e:\windows\system32\inetcpl.cpl
2012-11-01 12:17 . 2004-08-04 04:56 916992 -c--a-w- e:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 04:56 43520 -c----w- e:\windows\system32\licmgr10.dll
2012-11-01 00:35 . 2004-08-04 02:59 385024 -c----w- e:\windows\system32\html.iec
2012-11-29 08:27 . 2012-12-05 23:27 262112 -c--a-w- e:\program files\mozilla firefox\components\browsercomps.dll
2009-12-06 09:18 26624 -csh--w- e:\windows\bfcs2.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 08:07 297808 ----a-w- e:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]
@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"
[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]
2010-06-07 17:46 344064 ----a-w- e:\program files\Rogers Backup Manager\VaultClientMenu.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="e:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Uniblue RegistryBooster 2009"="h:\system c backup\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="e:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="e:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="e:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RogersServicepointAgent.exe"="e:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2011-01-04 4318520]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PWRISOVM.EXE"="e:\program files\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"APSDaemon"="e:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="h:\program files\ITunes\iTunesHelper.exe" [2012-12-12 152544]
"TkBellExe"="e:\program files\real\realplayer\update\realsched.exe" [2013-01-01 295072]
"SearchProtection"="e:\documents and settings\All Users\Application Data\Search Protection\_run.bat" [2013-01-01 210]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2013-01-04 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
e:\documents and settings\Chantal Lalonde\Start Menu\Programs\Startup\
Webshots.lnk - e:\program files\Webshots\3.1.5.7619\Launcher.exe [2011-7-3 157088]
.
e:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-7-12 113664]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *SBBD.exe /d \Device\HarddiskVolume3\Program Files\Ad-Aware Antivirus\Definitions
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\BitComet\\BitComet.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10131:TCP"= 10131:TCP:BitComet 10131 TCP
"10131:UDP"= 10131:UDP:BitComet 10131 UDP
.
R0 RadialpointIDSEH;RadialpointIDSEH;e:\windows\system32\drivers\AVGIDSEH.sys [10/07/2011 4:25 PM 25608]
R2 AGCoreService;AG Core Services;e:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [03/07/2011 9:02 PM 20480]
R2 Radialpoint Security Services;Rogers Online Protection;e:\program files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [07/06/2010 2:10 PM 166944]
R2 RadialpointIDSAgent;RadialpointIDSAgent;e:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [10/07/2011 4:25 PM 5832712]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;e:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [29/11/2012 8:31 PM 38608]
R2 ServicepointService;ServicepointService;e:\program files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe [10/07/2011 4:01 PM 689464]
R2 VaultClientSRV;Rogers Backup Manager Service;e:\program files\Rogers Backup Manager\VaultClientSRV.exe [07/06/2010 9:46 AM 1053936]
R2 VaultClientUpgrade;Rogers Backup Manager Upgrade Service;e:\program files\Rogers Backup Manager\VaultClientUpgrade.exe [07/06/2010 9:46 AM 120048]
R3 RadialpointIDSDriver;RadialpointIDSDriver;e:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [10/07/2011 4:25 PM 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;e:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [10/07/2011 4:25 PM 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;e:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [10/07/2011 4:25 PM 25736]
S1 SBRE;SBRE;\??\e:\windows\system32\drivers\SBREdrv.sys --> e:\windows\system32\drivers\SBREdrv.sys [?]
S3 cpuz134;cpuz134;\??\e:\docume~1\CHANTA~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> e:\docume~1\CHANTA~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 785A63B6
*NewlyCreated* - 7F21AFB9
*NewlyCreated* - ACAE78C2
*NewlyCreated* - WUAUSERV
*Deregistered* - 785a63b6
*Deregistered* - 7f21afb9
*Deregistered* - acae78c2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-05 e:\windows\Tasks\Adobe Flash Player Updater.job
- e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-06 04:21]
.
2012-12-29 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-01-05 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2013-01-01 00:32]
.
2013-01-05 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2013-01-01 00:32]
.
2013-01-05 e:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-789336058-1177238915-839522115-1003.job
- e:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2013-01-05 e:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-789336058-1177238915-839522115-1003.job
- e:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=___userid___
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - e:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - e:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 64.71.255.198
FF - ProfilePath - e:\documents and settings\Chantal Lalonde\Application Data\Mozilla\Firefox\Profiles\j9vneut3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=___userid___
FF - prefs.js: browser.search.selectedEngine - blekko
FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=___userid___
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc26d51fd-e77b-43d0-80b5-6941ae56c9c2%7D&mid=&ds=gm011&v=11.0.0.9&lang=en&pr=sa&d=2012-05-14%2023%3A01%3A04&sap=ku&q=
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2012-11-27 08:31; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-31 16:35; {34712C68-7391-4c47-94F3-8F88D49AD632}; e:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
SafeBoot-15785096.sys
SafeBoot-27218471.sys
AddRemove-RealPlayer 16.0 - e:\program files\real\realplayer\Update\r1puninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-05 11:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-1177238915-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:04,06,be,7f,b9,0b,4d,4b,f1,a9,48,f4,9e,9e,25,d7,89,ce,ee,49,63,
5f,b8,19,5d,15,60,f1,d2,9a,b6,d6,66,95,05,61,3d,0b,bf,8c,20,df,46,63,73,8b,\
"rkeysecu"=hex:cf,29,cc,01,79,7c,23,4c,e4,8f,2b,b0,80,a4,6e,a3
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1a8558a5-dcbd-41e8-93b1-70e334c3e7a2}]
@Denied: (Full) (Everyone)
"Model"=dword:0000011a
"Therad"=dword:00000012
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):74,0f,94,67,af,62,fc,c1,62,77,df,dd,1c,67,c0,07,ec,0c,dd,81,b4,
be,52,91,9b,93,04,40,63,01,c9,75,84,2e,c4,dc,1c,ba,3a,51,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
e:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-01-05 11:50:21
ComboFix-quarantined-files.txt 2013-01-05 19:50
.
Pre-Run: 19,172,421,632 bytes free
Post-Run: 19,787,730,944 bytes free
.
- - End Of File - - B5AC79D80B79E340723B7CBF2A7DB22B
  • 0

#10
maliprog
Posted 05 January 2013 - 03:11 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. We still have work do to but tell me how is your system now? Any improvements?

Step 1

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • Malwarebytes log
  • New OTL scan log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

Advertisements

#11
shannibutterfly
Posted 05 January 2013 - 10:21 PM

shannibutterfly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yes! My computer is faster now, and I can sign into my Hotmail, Gmail, Twitter and Ebay!

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Chantal Lalonde :: CHANTAL-886CCFB [administrator]

05/01/2013 11:02:21 PM
mbam-log-2013-01-05 (23-02-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195580
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#12
shannibutterfly
Posted 05 January 2013 - 10:22 PM

shannibutterfly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 05/01/2013 11:09:01 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Documents and Settings\Chantal Lalonde\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 78.91% Memory free
5.09 Gb Paging File | 4.47 Gb Available in Paging File | 87.80% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 9.77 Gb Total Space | 4.65 Gb Free Space | 47.62% Space Free | Partition Type: NTFS
Drive D: | 27.49 Gb Total Space | 27.32 Gb Free Space | 99.38% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 17.08 Gb Free Space | 45.85% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 599.94 Gb Free Space | 64.40% Space Free | Partition Type: NTFS
Drive Z: | 671.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHANTAL-886CCFB | User Name: Chantal Lalonde | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/04 18:57:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Chantal Lalonde\Desktop\OTL.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- E:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2011/01/04 15:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
PRC - [2010/06/29 07:04:18 | 000,020,480 | ---- | M] (AG Interactive) -- E:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
PRC - [2010/06/07 14:10:06 | 000,166,944 | ---- | M] (Rogers) -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
PRC - [2010/06/07 14:09:06 | 000,382,208 | ---- | M] (Rogers) -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
PRC - [2010/06/07 09:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) -- E:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe
PRC - [2010/06/07 09:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) -- E:\Program Files\Rogers Backup Manager\VaultClientSRV.exe
PRC - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- E:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/11/14 20:05:51 | 000,141,312 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\0049820f680f609298f91b15f455a86d\System.Configuration.Install.ni.dll
MOD - [2012/11/14 20:05:50 | 000,212,992 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/14 20:04:56 | 000,627,712 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MOD - [2012/11/14 19:51:48 | 005,450,752 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/14 19:51:10 | 000,971,264 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/14 19:50:44 | 007,977,472 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/14 19:49:19 | 011,492,352 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- E:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- E:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/07 09:40:44 | 000,147,456 | ---- | M] () -- E:\Program Files\Rogers Backup Manager\libexpat.dll
MOD - [2009/11/06 11:53:08 | 000,202,752 | ---- | M] () -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\smartscn.dll
MOD - [2009/11/02 15:26:48 | 000,077,824 | ---- | M] () -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll
MOD - [2009/11/02 15:26:48 | 000,057,344 | ---- | M] () -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll
MOD - [2009/10/23 13:25:54 | 000,225,280 | ---- | M] () -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\bdfltlib.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/11 20:21:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/05 15:27:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- E:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/07/10 17:00:03 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\scan.dll -- (scan)
SRV - [2011/01/04 15:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2010/06/29 07:04:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- E:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe -- (AGCoreService)
SRV - [2010/06/07 14:10:06 | 000,166,944 | ---- | M] (Rogers) [Auto | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/06/07 14:09:06 | 000,382,208 | ---- | M] (Rogers) [Auto | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe -- (RP_FWS)
SRV - [2010/06/07 09:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- E:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe -- (VaultClientUpgrade)
SRV - [2010/06/07 09:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- E:\Program Files\Rogers Backup Manager\VaultClientSRV.exe -- (VaultClientSRV)
SRV - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | System | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | System | Stopped] -- E:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LVCM.sys -- (QCMerced)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Unknown] -- E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- E:\DOCUME~1\CHANTA~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/07/10 16:24:29 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT)
DRV - [2011/06/15 00:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/11/26 09:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys -- (Trufos)
DRV - [2009/11/26 09:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys -- (Profos)
DRV - [2009/11/02 15:27:02 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 15:27:02 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 15:27:02 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- E:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
DRV - [2009/11/02 15:27:02 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)
DRV - [2009/10/23 13:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- E:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/06/08 09:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- E:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2007/07/28 10:30:26 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/10 14:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/09 20:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\tpm.sys -- (TPM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.l...&u=___userid___
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.l...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-05-14 23:01:04&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8BawnE6K&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://safesearchr.l...u=___userid___"
FF - prefs.js..browser.search.selectedEngine: "blekko"
FF - prefs.js..browser.startup.homepage: "http://safesearchr.l...u=___userid___"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://isearch.avg.c...1:04&sap=ku&q="
FF - prefs.js..network.proxy.autoconfig_url: "99.241.215.227"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program files\ITunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: E:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll (Rogers)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: e:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: e:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/31 16:35:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2013/01/03 21:38:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2013/01/03 21:38:08 | 000,000,000 | ---D | M]

[2011/06/28 17:03:14 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Chantal Lalonde\Application Data\Mozilla\Extensions
[2013/01/01 12:38:38 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Chantal Lalonde\Application Data\Mozilla\Firefox\Profiles\j9vneut3.default\extensions
[2011/09/11 18:50:13 | 000,550,833 | ---- | M] () (No name found) -- E:\Documents and Settings\Chantal Lalonde\Application Data\Mozilla\Firefox\Profiles\j9vneut3.default\extensions\[email protected]
[2011/07/03 20:12:19 | 000,002,055 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Mozilla\Firefox\Profiles\j9vneut3.default\searchplugins\daemon-search.xml
[2012/12/31 16:51:23 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2012/12/05 15:27:30 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/11/29 00:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/08 20:49:04 | 001,037,112 | ---- | M] (BitComet) -- E:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2012/12/31 16:39:52 | 000,124,056 | ---- | M] (RealPlayer) -- E:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2013/01/01 00:05:34 | 000,000,584 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/05/14 22:00:54 | 000,003,676 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/11/29 00:27:12 | 000,002,465 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 00:27:12 | 000,002,058 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://safesearchr.l...&u=___userid___
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://safesearchr.l...&u=___userid___
CHR - plugin: Shockwave Flash (Enabled) = E:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = E:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = E:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = E:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = E:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = E:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = E:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft® DRM (Enabled) = E:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = E:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = E:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Update (Enabled) = E:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = E:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Rogers Servicepoint Agent (Enabled) = E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = H:\Program files\ITunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealDownloader = E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Gmail = E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/05 11:47:19 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] E:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] E:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RogersServicepointAgent.exe] E:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKLM..\Run: [SearchProtection] E:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat ()
O4 - HKLM..\Run: [TkBellExe] E:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] H:\system c backup\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe (Uniblue Software)
O4 - HKCU..\Run: [Xvid] E:\Program Files\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: E:\Documents and Settings\Chantal Lalonde\Start Menu\Programs\Startup\Webshots.lnk = E:\Program Files\Webshots\3.1.5.7619\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - E:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - E:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1357184255734 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4ED053E-A1D0-47A0-B69E-11643D96DAD1}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/18 10:55:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/19 01:27:15 | 000,000,000 | R--D | M] - H:\autorun -- [ NTFS ]
O32 - AutoRun File - [2004/09/20 23:00:00 | 000,000,027 | R--- | M] () - Z:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume3\Program Files\Ad-Aware Antivirus\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/05 23:01:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/05 23:01:27 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2013/01/05 23:01:27 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2013/01/05 23:00:48 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- E:\Documents and Settings\Chantal Lalonde\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/05 17:26:35 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2013/01/05 17:26:35 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\DieselPuppet
[2013/01/05 17:26:09 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Start Menu\Programs\Weird Park - Broken Tune Collectors Edition
[2013/01/05 17:23:49 | 000,000,000 | ---D | C] -- E:\Program Files\Weird Park - Broken Tune Collectors Edition
[2013/01/05 11:36:34 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- E:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2013/01/05 11:24:57 | 000,518,144 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWREG.exe
[2013/01/05 11:24:57 | 000,406,528 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWSC.exe
[2013/01/05 11:24:57 | 000,212,480 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWXCACLS.exe
[2013/01/05 11:24:57 | 000,060,416 | ---- | C] (NirSoft) -- E:\WINDOWS\NIRCMD.exe
[2013/01/05 11:24:41 | 000,000,000 | ---D | C] -- E:\Qoobox
[2013/01/05 11:24:22 | 000,000,000 | ---D | C] -- E:\WINDOWS\erdnt
[2013/01/05 11:23:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\GFI Software
[2013/01/05 11:18:22 | 005,019,547 | R--- | C] (Swearware) -- E:\Documents and Settings\Chantal Lalonde\Desktop\ComboFix.exe
[2013/01/05 11:09:19 | 000,000,000 | ---D | C] -- E:\TDSSKiller_Quarantine
[2013/01/05 10:53:28 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- E:\Documents and Settings\Chantal Lalonde\Desktop\tdsskiller.exe
[2013/01/04 18:57:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Chantal Lalonde\Desktop\OTL.exe
[2013/01/03 21:38:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Start Menu\Programs\Pulse Entertainment
[2013/01/03 21:38:10 | 000,086,016 | ---- | C] (MindVision) -- E:\WINDOWS\unvise32qt.exe
[2013/01/03 21:37:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/01/03 21:37:32 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\QuickTime
[2013/01/03 21:37:32 | 000,000,000 | ---D | C] -- E:\Program Files\QuickTime
[2013/01/03 21:37:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\QuickTime
[2013/01/03 21:36:53 | 000,000,000 | ---D | C] -- E:\Program Files\BADMOJO
[2013/01/02 22:24:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Malwarebytes
[2013/01/02 22:24:07 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/02 20:22:13 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2013/01/02 20:21:52 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Live SkyDrive
[2013/01/02 20:21:46 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Live
[2013/01/01 00:13:50 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2013/01/01 00:05:49 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Downloaded Installations
[2013/01/01 00:05:43 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Search Protection
[2013/01/01 00:05:42 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\blekko toolbars
[2013/01/01 00:05:42 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\adawarebp
[2013/01/01 00:05:36 | 000,000,000 | ---D | C] -- E:\Program Files\Toolbar Cleaner
[2013/01/01 00:05:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\blekko
[2013/01/01 00:05:33 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\adawaretb
[2013/01/01 00:05:32 | 000,000,000 | ---D | C] -- E:\Program Files\adawaretb
[2012/12/31 23:54:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\DriverCure
[2012/12/31 23:54:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\PC Utility Kit
[2012/12/31 23:53:51 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/12/31 16:40:22 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\xing shared
[2012/12/31 16:39:47 | 000,272,896 | ---- | C] (Progressive Networks) -- E:\WINDOWS\System32\pncrt.dll
[2012/12/31 16:35:49 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\RealNetworks
[2012/12/31 16:35:41 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Real
[2012/12/31 16:35:02 | 000,000,000 | ---D | C] -- E:\Program Files\RealNetworks
[2012/12/31 16:34:57 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\RealNetworks
[2012/12/31 16:34:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/12/31 16:33:54 | 000,000,000 | ---D | C] -- E:\Program Files\Real
[2012/12/31 16:33:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Real
[2012/12/31 16:33:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/12/31 16:32:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Google
[2012/12/31 16:32:05 | 000,000,000 | ---D | C] -- E:\Program Files\Google
[2012/12/31 16:31:27 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Real
[2012/12/29 12:05:42 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\Chantal Lalonde\Recent
[2012/12/29 11:28:29 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Deployment
[2012/12/26 06:01:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\AlawarEntertainment
[2012/12/25 03:14:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Top Evidence
[2012/12/25 03:14:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Top Evidence
[2012/12/25 03:11:31 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\The Curse of the Werewolves
[2012/12/25 02:59:43 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Freeze Tag
[2012/12/25 00:47:15 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Frogwares
[2012/12/25 00:03:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Application Data\Sun
[2012/12/24 13:02:13 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/12/24 13:02:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Application Data\Adobe
[2012/12/22 11:28:40 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\ERS Game Studios
[2012/12/22 11:09:37 | 000,000,000 | R--D | C] -- E:\Documents and Settings\Chantal Lalonde\My Documents\My Videos
[2012/12/22 11:09:37 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Atari
[2012/12/22 11:07:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Leadertech
[2012/12/22 11:07:18 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\My Documents\RCT3
[2012/12/22 11:07:17 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Atari
[2012/12/22 10:47:50 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Big Fish Games
[2012/12/22 05:33:09 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Wise Installation Wizard
[2012/12/22 04:34:17 | 000,299,008 | ---- | C] (InstallShield Corporation, Inc.) -- E:\WINDOWS\uninst.exe
[2012/12/22 04:26:02 | 000,000,000 | ---D | C] -- E:\WINDOWS\BBSTORE
[2012/12/22 03:24:32 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\HTML Executable
[2012/12/22 03:24:31 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\HTML Executable Viewer
[2012/12/18 11:08:14 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/12/18 11:07:35 | 000,000,000 | ---D | C] -- E:\Program Files\iPod
[2012/12/18 11:07:27 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/09 12:01:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Chantal Lalonde\Application Data\MSNInstaller
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/05 23:01:29 | 000,000,784 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/05 23:00:49 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- E:\Documents and Settings\Chantal Lalonde\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/05 22:42:00 | 000,000,904 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/05 22:21:00 | 000,000,830 | ---- | M] () -- E:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/05 17:26:09 | 000,001,961 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Desktop\Weird Park - Broken Tune Collectors Edition.lnk
[2013/01/05 16:42:00 | 000,000,900 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/05 11:50:22 | 000,000,298 | ---- | M] () -- E:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-789336058-1177238915-839522115-1003.job
[2013/01/05 11:47:19 | 000,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts
[2013/01/05 11:36:34 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- E:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2013/01/05 11:35:35 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2013/01/05 11:34:22 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2013/01/05 11:18:23 | 005,019,547 | R--- | M] (Swearware) -- E:\Documents and Settings\Chantal Lalonde\Desktop\ComboFix.exe
[2013/01/05 11:12:22 | 000,000,306 | ---- | M] () -- E:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-789336058-1177238915-839522115-1003.job
[2013/01/05 10:59:16 | 000,000,664 | ---- | M] () -- E:\WINDOWS\System32\d3d9caps.dat
[2013/01/05 10:53:38 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- E:\Documents and Settings\Chantal Lalonde\Desktop\tdsskiller.exe
[2013/01/04 18:57:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Chantal Lalonde\Desktop\OTL.exe
[2013/01/03 21:40:40 | 000,054,156 | -H-- | M] () -- E:\WINDOWS\QTFont.qfn
[2013/01/03 21:40:40 | 000,001,409 | ---- | M] () -- E:\WINDOWS\QTFont.for
[2013/01/03 21:39:37 | 000,000,575 | ---- | M] () -- E:\WINDOWS\BADMOJO.INI
[2013/01/03 21:37:42 | 000,000,742 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2013/01/01 11:54:50 | 000,002,881 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\My Documents\Sharedaccess.reg
[2012/12/31 23:57:34 | 000,000,878 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.1.3.lnk
[2012/12/31 16:51:25 | 000,000,742 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/31 16:51:25 | 000,000,724 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/12/31 16:43:12 | 000,001,813 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/12/31 16:39:47 | 000,272,896 | ---- | M] (Progressive Networks) -- E:\WINDOWS\System32\pncrt.dll
[2012/12/31 16:33:06 | 000,001,791 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/29 12:07:37 | 000,070,518 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\My Documents\cc_20121229_120720.reg
[2012/12/29 09:41:01 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/12/25 02:59:31 | 000,063,488 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/22 11:08:07 | 000,000,595 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
[2012/12/22 11:07:46 | 000,316,640 | ---- | M] () -- E:\WINDOWS\WMSysPr9.prx
[2012/12/22 11:07:45 | 000,687,354 | ---- | M] () -- E:\WINDOWS\System32\drivers\Cat.DB
[2012/12/22 04:46:29 | 000,000,060 | ---- | M] () -- E:\WINDOWS\RESULT.QTW
[2012/12/22 04:46:12 | 000,000,126 | ---- | M] () -- E:\WINDOWS\QTW.INI
[2012/12/21 09:17:52 | 000,000,804 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/12/21 09:17:51 | 000,023,392 | ---- | M] () -- E:\WINDOWS\System32\nscompat.tlb
[2012/12/21 09:17:51 | 000,016,832 | ---- | M] () -- E:\WINDOWS\System32\amcompat.tlb
[2012/12/21 03:19:18 | 000,147,608 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/19 11:01:15 | 000,000,777 | ---- | M] () -- E:\Documents and Settings\Chantal Lalonde\Start Menu\Programs\Startup\Webshots.lnk
[2012/12/18 11:08:14 | 000,001,452 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2012/12/09 20:14:40 | 000,030,540 | -H-- | M] () -- E:\WINDOWS\System32\mlfcache.dat
[2012/12/09 12:39:15 | 000,000,986 | ---- | M] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/05 23:01:29 | 000,000,784 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/05 17:26:09 | 000,001,961 | ---- | C] () -- E:\Documents and Settings\Chantal Lalonde\Desktop\Weird Park - Broken Tune Collectors Edition.lnk
[2013/01/05 11:24:57 | 000,256,000 | ---- | C] () -- E:\WINDOWS\PEV.exe
[2013/01/05 11:24:57 | 000,208,896 | ---- | C] () -- E:\WINDOWS\MBR.exe
[2013/01/05 11:24:57 | 000,098,816 | ---- | C] () -- E:\WINDOWS\sed.exe
[2013/01/05 11:24:57 | 000,080,412 | ---- | C] () -- E:\WINDOWS\grep.exe
[2013/01/05 11:24:57 | 000,068,096 | ---- | C] () -- E:\WINDOWS\zip.exe
[2013/01/03 21:39:38 | 000,054,156 | -H-- | C] () -- E:\WINDOWS\QTFont.qfn
[2013/01/03 21:39:38 | 000,001,409 | ---- | C] () -- E:\WINDOWS\QTFont.for
[2013/01/03 21:38:24 | 000,000,575 | ---- | C] () -- E:\WINDOWS\BADMOJO.INI
[2013/01/03 21:37:42 | 000,000,742 | ---- | C] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2013/01/01 11:54:50 | 000,002,881 | ---- | C] () -- E:\Documents and Settings\Chantal Lalonde\My Documents\Sharedaccess.reg
[2012/12/31 16:35:50 | 000,000,298 | ---- | C] () -- E:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-789336058-1177238915-839522115-1003.job
[2012/12/31 16:35:49 | 000,000,306 | ---- | C] () -- E:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-789336058-1177238915-839522115-1003.job
[2012/12/31 16:33:06 | 000,001,813 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/12/31 16:33:06 | 000,001,791 | ---- | C] () -- E:\Documents and Settings\Chantal Lalonde\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/31 16:32:31 | 000,000,904 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/31 16:32:31 | 000,000,900 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/29 12:07:25 | 000,070,518 | ---- | C] () -- E:\Documents and Settings\Chantal Lalonde\My Documents\cc_20121229_120720.reg
[2012/12/24 13:03:23 | 000,000,664 | ---- | C] () -- E:\WINDOWS\System32\d3d9caps.dat
[2012/12/22 11:08:07 | 000,000,595 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
[2012/12/22 04:25:52 | 000,000,126 | ---- | C] () -- E:\WINDOWS\QTW.INI
[2012/12/22 04:24:59 | 000,000,060 | ---- | C] () -- E:\WINDOWS\RESULT.QTW
[2012/12/22 04:22:26 | 000,284,160 | ---- | C] () -- E:\WINDOWS\unin040c.exe
[2012/12/18 11:08:14 | 000,001,452 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/12/09 12:39:14 | 000,000,455 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2012/12/09 12:39:14 | 000,000,452 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2012/12/09 12:29:49 | 000,000,986 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/01/07 18:08:35 | 000,354,816 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
[2011/12/18 13:46:57 | 000,030,540 | -H-- | C] () -- E:\WINDOWS\System32\mlfcache.dat
[2011/09/11 18:53:01 | 000,645,632 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll
[2011/09/11 18:53:01 | 000,240,640 | ---- | C] () -- E:\WINDOWS\System32\xvidvfw.dll
[2011/07/26 20:31:33 | 000,010,240 | ---- | C] () -- E:\WINDOWS\System32\vidx16.dll
[2011/07/26 18:03:05 | 000,000,286 | ---- | C] () -- E:\WINDOWS\reimage.ini
[2011/07/23 12:19:46 | 000,000,185 | ---- | C] () -- E:\Program Files\^Just one Click to Get More Stuff.url
[2011/07/23 12:19:46 | 000,000,158 | ---- | C] () -- E:\Program Files\^ Enter Here.url
[2011/07/17 10:47:40 | 000,043,520 | ---- | C] () -- E:\WINDOWS\System32\CmdLineExt03.dll
[2011/07/16 22:25:55 | 000,000,239 | ---- | C] () -- E:\WINDOWS\WINCMD.INI
[2011/07/06 21:03:46 | 000,063,488 | ---- | C] () -- E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/28 17:03:02 | 000,000,000 | ---- | C] () -- E:\WINDOWS\nsreg.dat
[2011/06/27 20:50:58 | 000,972,072 | R--- | C] () -- E:\WINDOWS\System32\ativva6x.dat
[2011/06/27 20:50:55 | 003,107,788 | R--- | C] () -- E:\WINDOWS\System32\ativva5x.dat
[2011/06/27 20:50:53 | 003,107,788 | R--- | C] () -- E:\WINDOWS\System32\ativvaxx.dat
[2011/06/27 20:50:53 | 000,151,367 | R--- | C] () -- E:\WINDOWS\System32\atiicdxx.dat
[2011/06/26 14:08:04 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat
[2011/06/26 14:03:11 | 000,021,640 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat
[2011/06/26 07:08:41 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
[2011/06/26 07:06:26 | 000,147,608 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/12/25 00:05:03 | 000,000,000 | ---D | M] -- E:\WINDOWS\$NtUninstallKB40641$\2150964980\L
[2013/01/05 11:10:53 | 000,000,000 | ---D | M] -- E:\WINDOWS\$NtUninstallKB40641$\2150964980\U
[2013/01/05 11:01:03 | 000,000,804 | ---- | M] () -- E:\WINDOWS\$NtUninstallKB40641$\2150964980\L\00000004.@
[2011/07/03 17:48:06 | 000,000,227 | RHS- | M] () -- E:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 08:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/18 11:08:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/07/03 21:02:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\agi
[2012/02/28 20:40:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Big Fish Games
[2013/01/01 00:05:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\blekko toolbars
[2011/07/11 18:38:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/07/03 20:11:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/01/01 20:23:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\EA Core
[2011/07/03 18:08:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Electronic Arts
[2013/01/05 11:23:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\GFI Software
[2011/11/16 21:32:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Inbit
[2012/08/05 10:24:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\InstallMate
[2012/02/28 21:07:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MumboJumbo
[2012/10/31 19:06:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Origin
[2013/01/01 00:04:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/08/05 10:24:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Premium
[2012/11/17 23:56:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Radialpoint
[2012/12/05 19:36:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\REVOLT
[2011/07/10 16:23:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Rogers Online Protection
[2013/01/01 00:05:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Search Protection
[2013/01/05 17:26:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/25 03:14:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Top Evidence
[2011/07/26 18:33:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/07/11 06:40:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/26 18:33:47 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2013/01/01 00:05:33 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\adawaretb
[2011/07/20 20:36:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\AGI
[2012/12/26 06:01:30 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\AlawarEntertainment
[2012/12/22 11:09:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Atari
[2012/12/22 10:47:50 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Big Fish Games
[2013/01/05 00:03:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\BitComet
[2013/01/01 00:05:34 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\blekko
[2012/04/22 16:34:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\DAEMON Tools Lite
[2013/01/05 17:26:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\DieselPuppet
[2012/11/22 20:16:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\DMCache
[2012/12/31 23:54:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\DriverCure
[2012/02/28 20:47:20 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\ERS G-Studio
[2013/01/01 12:42:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\ERS Game Studios
[2012/12/25 02:59:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Freeze Tag
[2012/12/25 00:47:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Frogwares
[2012/12/22 03:24:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\HTML Executable
[2011/11/16 21:32:33 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Inbit
[2012/12/22 11:07:48 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Leadertech
[2012/12/09 12:01:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\MSNInstaller
[2012/08/31 19:56:49 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Origin
[2012/12/31 23:54:05 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\PC Utility Kit
[2012/11/04 13:09:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Peter L Jones
[2011/07/10 16:41:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Rogers Online Protection
[2012/08/05 10:24:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\SendSpace
[2012/12/25 03:11:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\The Curse of the Werewolves
[2012/12/25 03:14:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Top Evidence
[2011/07/26 18:34:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Uniblue
[2011/07/03 21:04:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Chantal Lalonde\Application Data\Webshots

========== Purity Check ==========



< End of report >
  • 0

#13
shannibutterfly
Posted 06 January 2013 - 07:19 PM

shannibutterfly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Is everything done? :unsure:
Thank you so much for helping me! I tried to buy you two cups of coffee but it did not work... :blush:
  • 0

#14
maliprog
Posted 07 January 2013 - 12:08 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We still have some files to remove from your system.

Step 1

Download the adwCleaner

  • Run the Tool
    (Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8BawnE6K&i=26
    FF - prefs.js..network.proxy.autoconfig_url: "99.241.215.227"
    FF - prefs.js..network.proxy.type: 2
    O4 - HKLM..\Run: [SearchProtection] E:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat ()
    [2012/12/25 00:05:03 | 000,000,000 | ---D | M] -- E:\WINDOWS\$NtUninstallKB40641$\2150964980\L
    [2013/01/05 11:10:53 | 000,000,000 | ---D | M] -- E:\WINDOWS\$NtUninstallKB40641$\2150964980\U

    :Files
    E:\WINDOWS\$NtUninstallKB40641$\2150964980\L
    E:\WINDOWS\$NtUninstallKB40641$\2150964980\U
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 4

Please don't forget to include these items in your reply:

  • adwCleaner log
  • OTL fix log
  • VRT log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#15
shannibutterfly
Posted 08 January 2013 - 05:41 PM

shannibutterfly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
# AdwCleaner v2.104 - Logfile created 01/07/2013 at 19:52:24
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Chantal Lalonde - CHANTAL-886CCFB
# Boot Mode : Normal
# Running from : E:\Documents and Settings\Chantal Lalonde\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : E:\Program Files\AGI
File Deleted : E:\Documents and Settings\Chantal Lalonde\Application Data\Mozilla\Firefox\Profiles\j9vneut3.default\searchplugins\daemon-search.xml
File Deleted : E:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
File Deleted : E:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : E:\Documents and Settings\All Users\Application Data\AGI
Folder Deleted : E:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : E:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : E:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : E:\Documents and Settings\All Users\Application Data\search protection
Folder Deleted : E:\Documents and Settings\Chantal Lalonde\Application Data\adawaretb
Folder Deleted : E:\Documents and Settings\Chantal Lalonde\Application Data\AGI
Folder Deleted : E:\Documents and Settings\Chantal Lalonde\Application Data\Mozilla\Firefox\Profiles\j9vneut3.default\adawaretb
Folder Deleted : E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\AskToolbar
Folder Deleted : E:\Program Files\adawaretb

***** [Registry] *****

Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : E:\Documents and Settings\Chantal Lalonde\Application Data\Mozilla\Firefox\Profiles\j9vneut3.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "blekko");
Deleted : user_pref("extensions.50ad941fe4c4f.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7BCAFEEFAC-0016-0000-0037[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bc26d51fd-e77b-43d0-80b5-6941ae56c9c2%[...]

-\\ Google Chrome v23.0.1271.97

File : E:\Documents and Settings\Chantal Lalonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5072 octets] - [07/01/2013 19:52:24]

########## EOF - E:\AdwCleaner[S1].txt - [5132 octets] ##########
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP