Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Packer found - Computer very slow [Solved]


  • This topic is locked This topic is locked

#16
Racingal60

Racingal60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here you go:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-18 14:05:02
-----------------------------
14:05:02.812 OS Version: Windows 5.1.2600 Service Pack 3
14:05:02.812 Number of processors: 4 586 0xF0B
14:05:02.812 ComputerName: GINA1 UserName: Dawn
14:05:04.750 Initialize success
14:05:11.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:05:11.812 Disk 0 Vendor: ST3500620AS DE12 Size: 476940MB BusType: 3
14:05:11.875 Disk 0 MBR read successfully
14:05:11.875 Disk 0 MBR scan
14:05:11.875 Disk 0 Windows XP default MBR code found via API
14:05:11.875 Disk 0 unknown MBR code
14:05:11.875 Disk 0 MBR hidden
14:05:11.875 Disk 0 Partition 1 00 DE Dell Utility 47 MB offset 63
14:05:11.890 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS 476890 MB offset 96390
14:05:11.890 Disk 0 scanning sectors +976768065
14:05:11.921 Disk 0 MBR [possible unknown [email protected]] **ROOTKIT**
14:05:11.921 Scan finished successfully
14:05:42.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dawn\Desktop\MBR.dat"
14:05:42.375 The log file has been saved successfully to "C:\Documents and Settings\Dawn\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-22 12:02:50
-----------------------------
12:02:50.484 OS Version: Windows 5.1.2600 Service Pack 3
12:02:50.484 Number of processors: 4 586 0xF0B
12:02:50.484 ComputerName: GINA1 UserName: Dawn
12:02:52.343 Initialize success
12:25:21.343 AVAST engine defs: 13072201
13:28:12.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:28:12.718 Disk 0 Vendor: ST3500620AS DE12 Size: 476940MB BusType: 3
13:28:12.734 Disk 0 MBR read successfully
13:28:12.734 Disk 0 MBR scan
13:28:12.796 Disk 0 Windows XP default MBR code found via API
13:28:12.796 Disk 0 unknown MBR code
13:28:12.796 Disk 0 MBR hidden
13:28:12.796 Disk 0 Partition 1 00 DE Dell Utility 47 MB offset 63
13:28:12.812 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS 476890 MB offset 96390
13:28:12.828 Disk 0 scanning sectors +976768065
13:28:12.859 Disk 0 MBR [possible unknown [email protected]] **ROOTKIT**
13:28:12.859 Scan finished successfully
13:28:21.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dawn\Desktop\MBR.dat"
13:28:21.687 The log file has been saved successfully to "C:\Documents and Settings\Dawn\Desktop\aswMBR.txt"
  • 0

Advertisements


#17
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Roxie,

The aswMBR scan shows that the MBR infection is still there.


Step-1

Show Hidden Files and Folders
  • Click the Start Orb. Click Computer. The Computer screen will open.
  • At the top of the window, click Tools then click Folder Options.
  • On the Folder Options window click the View tab.
  • Under the Files and Folders section:
  • Make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.

    Posted Image
  • Also make sure that Hide protected system operating files(recommended) is un-checked.

    Posted Image
  • Also make sure the Hide extensions for known file types box is un-checked.

    Posted Image

    Posted Image

You can reverse these directions to hide files/folders when we are done.


Step-2.

Run MBRCheck

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#18
Racingal60

Racingal60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Show Hidden files was already checked, the other two boxes were not.

Here is the MBRCheck file:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0004000c

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 SDUPC.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xB9F08000 SDDToki.sys
0xBA0C8000 VolSnap.sys
0xB9EF0000 atapi.sys
0xB9E29000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E09000 fltmgr.sys
0xBA4C0000 PinFile.sys
0xB9DF7000 sr.sys
0xB9DCC000 SDDisk2K.sys
0xB9DBB000 SDDVD.sys
0xBA0F8000 PxHelp20.sys
0xB9DA4000 KSecDD.sys
0xB9D17000 Ntfs.sys
0xB9CEA000 NDIS.sys
0xB9CD0000 Mup.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB96E1000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB96CD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB968D000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA420000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9669000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9641000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA430000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA208000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA298000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA218000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB961E000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA72A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA228000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9C90000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9607000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA238000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA248000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA438000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB95F6000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA258000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA440000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA448000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB95C6000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA268000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA450000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA458000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5EA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9568000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C74000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA128000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5F6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA5102000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA50DE000 \SystemRoot\system32\drivers\portcls.sys
0xA77B8000 \SystemRoot\system32\drivers\drmk.sys
0xA55A9000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA041A000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xA4DA7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA280D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA31BE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA29FD000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xA75F3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA75DF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA0292000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130721.020\NAVEX15.SYS
0xA026D000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xA0258000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130721.020\NAVENG.SYS
0xA80C6000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xBA5E0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7EF000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D8000 \SystemRoot\System32\Drivers\Beep.SYS
0xA0D4C000 \SystemRoot\System32\drivers\vga.sys
0xBA5E8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA0D44000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA0D3C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA2681000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA0225000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA01CC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA01A6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA0179000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB9199000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA0151000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA574000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA012F000 \SystemRoot\System32\drivers\afd.sys
0xA880B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA00C5000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xA009A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA002A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA8106000 \SystemRoot\System32\Drivers\Fips.SYS
0x9FFCB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9FFAD000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA879B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9FF95000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5FA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA621C000 \SystemRoot\System32\drivers\Dxapi.sys
0xA78B3000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6D7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xBF48D000 \SystemRoot\System32\ATMFD.DLL
0x9FF65000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9FD78000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA178000 \SystemRoot\system32\drivers\sysaudio.sys
0x9FC0B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9FA23000 \SystemRoot\system32\DRIVERS\srv.sys
0x9F122000 \SystemRoot\System32\Drivers\HTTP.sys
0x9F1E3000 \??\C:\DOCUME~1\Dawn\LOCALS~1\Temp\aswMBR.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
656 C:\WINDOWS\system32\smss.exe
704 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
944 C:\WINDOWS\system32\svchost.exe
1016 svchost.exe
1112 C:\WINDOWS\system32\svchost.exe
1188 C:\Program Files\Symantec AntiVirus\Smc.exe
1380 svchost.exe
1468 svchost.exe
1548 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1896 C:\WINDOWS\system32\spoolsv.exe
1076 svchost.exe
1132 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1148 C:\WINDOWS\system32\svchost.exe
1364 C:\WINDOWS\system32\IPROSetMonitor.exe
1752 C:\WINDOWS\explorer.exe
2008 C:\Program Files\Java\jre7\bin\jqs.exe
268 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
1388 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
484 sqlbrowser.exe
516 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
556 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
1488 C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe
2220 C:\Program Files\Symantec AntiVirus\SmcGui.exe
2228 C:\WINDOWS\system32\searchindexer.exe
2360 C:\Program Files\Gillware Remote Backup\ArchiveService.exe
332 alg.exe
1344 C:\WINDOWS\system32\svchost.exe
2748 C:\WINDOWS\system32\searchprotocolhost.exe
3332 searchfilterhost.exe
3828 C:\Documents and Settings\Dawn\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: ST3500620AS, Rev: DE12

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 23E8E586CCCF6153C6756ED51E18F66000FA1D86


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#19
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The unknown MBR code is still there :angry: Let's see if MBRCheck can restore it.


Step-1.

Please delete the copy of ComboFix on the desktop and download a fresh copy here and save it to the desktop.


Step-2.

RE-run MBRCheck

Run MBRCheck.exe once again.
  • You will be presented with the following dialog:

    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:


    Type Y and press Enter.
  • The following dialog will be presented:

    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice:


    Type 2 and press Enter
  • The following dialog will be presented:

    Enter the physical disk number to fix (0-99, -1 to cancel):


    Type 0 (That's the number 0, NOT the letter O) and press Enter
  • The following dialog will be presented:

    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive:


    Type 0 (That's the number 0, NOT the letter O) and press Enter
  • The following dialog will be presented:

    Do you want to fix the MBR code? Type "YES" and hit ENTER to continue:


    Type YES and press Enter ( You Must type the full word, YES). You will be informed if it successfully wrote a new MBR code!
  • And last the following dialog will be presented:

    Done! Press ENTER to exit...


    Press Enter. A report will be produced on the desktop. Post that report in your next reply.

Step-3

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks.
  • Also allow the installation of the recovery console (XP only)

    Posted Image

    Posted Image

    NOTE: When the scan starts you will see a blue window telling you that it is scanning for infected files. The scan has 50 or more stages to go through. The scan can take a long time depending on how badly the machine is infected.
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Anti-Virus


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new MBRCheck log
2. The new comboFix.txt log
  • 0

#20
Racingal60

Racingal60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
OK - I deleted ComboFix and downloaded from where you instructed me. I re-ran MBRCheck and answered according to what you told me to. Here is that log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0004000c

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 SDUPC.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xB9F08000 SDDToki.sys
0xBA0C8000 VolSnap.sys
0xB9EF0000 atapi.sys
0xB9E29000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E09000 fltmgr.sys
0xBA4C0000 PinFile.sys
0xB9DF7000 sr.sys
0xB9DCC000 SDDisk2K.sys
0xB9DBB000 SDDVD.sys
0xBA0F8000 PxHelp20.sys
0xB9DA4000 KSecDD.sys
0xB9D17000 Ntfs.sys
0xB9CEA000 NDIS.sys
0xB9CD0000 Mup.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB96E1000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB96CD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB968D000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA420000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9669000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9641000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA430000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA208000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA298000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA218000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB961E000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA72A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA228000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9C90000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9607000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA238000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA248000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA438000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB95F6000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA258000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA440000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA448000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB95C6000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA268000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA450000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA458000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5EA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9568000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C74000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA128000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5F6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA5102000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA50DE000 \SystemRoot\system32\drivers\portcls.sys
0xA77B8000 \SystemRoot\system32\drivers\drmk.sys
0xA55A9000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA041A000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xA4DA7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA280D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA31BE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA29FD000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xA75F3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA75DF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA0292000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130721.020\NAVEX15.SYS
0xA026D000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xA0258000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130721.020\NAVENG.SYS
0xA80C6000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xBA5E0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7EF000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D8000 \SystemRoot\System32\Drivers\Beep.SYS
0xA0D4C000 \SystemRoot\System32\drivers\vga.sys
0xBA5E8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA0D44000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA0D3C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA2681000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA0225000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA01CC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA01A6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA0179000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB9199000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA0151000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA574000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA012F000 \SystemRoot\System32\drivers\afd.sys
0xA880B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA00C5000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xA009A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA002A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA8106000 \SystemRoot\System32\Drivers\Fips.SYS
0x9FFCB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9FFAD000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA879B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9FF95000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5FA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA621C000 \SystemRoot\System32\drivers\Dxapi.sys
0xA78B3000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6D7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xBF48D000 \SystemRoot\System32\ATMFD.DLL
0x9FF65000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9FD78000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA178000 \SystemRoot\system32\drivers\sysaudio.sys
0x9FC0B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9FA23000 \SystemRoot\system32\DRIVERS\srv.sys
0x9F122000 \SystemRoot\System32\Drivers\HTTP.sys
0x9F1E3000 \??\C:\DOCUME~1\Dawn\LOCALS~1\Temp\aswMBR.sys
0x9EB67000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
656 C:\WINDOWS\system32\smss.exe
704 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
944 C:\WINDOWS\system32\svchost.exe
1016 svchost.exe
1112 C:\WINDOWS\system32\svchost.exe
1188 C:\Program Files\Symantec AntiVirus\Smc.exe
1380 svchost.exe
1468 svchost.exe
1548 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1896 C:\WINDOWS\system32\spoolsv.exe
1076 svchost.exe
1132 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1148 C:\WINDOWS\system32\svchost.exe
1364 C:\WINDOWS\system32\IPROSetMonitor.exe
1752 C:\WINDOWS\explorer.exe
2008 C:\Program Files\Java\jre7\bin\jqs.exe
268 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
1388 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
484 sqlbrowser.exe
516 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
556 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
1488 C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe
2220 C:\Program Files\Symantec AntiVirus\SmcGui.exe
2228 C:\WINDOWS\system32\searchindexer.exe
2360 C:\Program Files\Gillware Remote Backup\ArchiveService.exe
332 alg.exe
1344 C:\WINDOWS\system32\svchost.exe
2060 C:\WINDOWS\system32\searchprotocolhost.exe
2040 searchfilterhost.exe
2648 C:\Documents and Settings\Dawn\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: ST3500620AS, Rev: DE12

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 23E8E586CCCF6153C6756ED51E18F66000FA1D86


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 0
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Could not write MBR code to disk!


Done!


Then I ran ComboFix as instructed and here is that log:

ComboFix 13-07-23.01 - Dawn 07/23/2013 16:28:10.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2568 [GMT -5:00]
Running from: c:\documents and settings\Dawn\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((( Files Created from 2013-06-23 to 2013-07-23 )))))))))))))))))))))))))))))))
.
.
2013-07-19 19:24 . 2013-07-22 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-19 19:11 . 2013-07-19 19:11 -------- d-----w- c:\documents and settings\Dawn\Local Settings\Application Data\CRE
2013-07-19 19:11 . 2013-07-19 19:11 -------- d-----w- c:\program files\Conduit
2013-07-19 19:11 . 2013-07-19 19:17 -------- d-----w- c:\documents and settings\Dawn\Local Settings\Application Data\Conduit
2013-07-19 19:11 . 2013-07-19 19:11 -------- d-----w- c:\documents and settings\Dawn\Application Data\SwvUpdater
2013-07-19 08:00 . 2013-07-19 08:03 -------- d-----w- c:\windows\system32\MRT
2013-07-17 18:43 . 2013-07-17 18:43 -------- d-----w- c:\program files\SystemRequirementsLab
2013-07-17 18:43 . 2013-07-17 18:43 -------- d-----w- c:\documents and settings\Dawn\Application Data\SystemRequirementsLab
2013-07-17 16:32 . 2013-07-18 16:00 -------- d-----w- c:\documents and settings\Dawn\Local Settings\Application Data\Deployment
2013-07-17 16:31 . 2013-07-17 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2013-07-17 13:11 . 2013-07-17 13:11 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-07-17 13:11 . 2013-07-17 13:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-07-17 13:11 . 2013-07-17 13:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-07-17 13:11 . 2013-07-17 13:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-07-17 13:11 . 2013-07-17 13:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-07-17 13:10 . 2013-07-17 16:32 -------- d-----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 19:13 . 2013-04-22 16:13 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-07-11 19:46 . 2012-05-08 18:27 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-11 19:46 . 2011-06-16 13:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 04:55 . 2004-08-11 23:00 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-11 23:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-11 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-11 23:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-11 23:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 05:28 . 2006-10-19 03:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:30 . 2004-08-11 23:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-04 04:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ArchiveArchived]
@="{214386AD-2590-496E-BEE0-F32E5861FA41}"
[HKEY_CLASSES_ROOT\CLSID\{214386AD-2590-496E-BEE0-F32E5861FA41}]
2013-01-11 22:16 62520 ----a-w- c:\program files\Gillware Remote Backup\Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ArchiveNeedsArchive]
@="{AAD7958E-F0B2-495f-94A5-0F9D4D8EA409}"
[HKEY_CLASSES_ROOT\CLSID\{AAD7958E-F0B2-495f-94A5-0F9D4D8EA409}]
2013-01-11 22:16 62520 ----a-w- c:\program files\Gillware Remote Backup\Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ArchiveNotArchived]
@="{EDACD936-4476-4ec3-A56E-780CE485877A}"
[HKEY_CLASSES_ROOT\CLSID\{EDACD936-4476-4ec3-A56E-780CE485877A}]
2013-01-11 22:16 62520 ----a-w- c:\program files\Gillware Remote Backup\Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WMAllKey]
@="{5028CECA-A6C3-4D9C-BA25-6C04D8C3ED80}"
[HKEY_CLASSES_ROOT\CLSID\{5028CECA-A6C3-4D9C-BA25-6C04D8C3ED80}]
2009-11-27 22:05 292352 ----a-w- c:\program files\WinMagic\SecureDoc-NT\SDContext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WMNoKey]
@="{2659CB3D-3D6E-42CE-AD9D-FE41C3617CC1}"
[HKEY_CLASSES_ROOT\CLSID\{2659CB3D-3D6E-42CE-AD9D-FE41C3617CC1}]
2009-11-27 22:05 292352 ----a-w- c:\program files\WinMagic\SecureDoc-NT\SDContext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WMNotTransformed]
@="{01DBDE7E-2D13-4495-BE04-12AA56CC2751}"
[HKEY_CLASSES_ROOT\CLSID\{01DBDE7E-2D13-4495-BE04-12AA56CC2751}]
2009-11-27 22:05 292352 ----a-w- c:\program files\WinMagic\SecureDoc-NT\SDContext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WMPartialKey]
@="{5133E633-CFED-4043-9971-38936512E6D4}"
[HKEY_CLASSES_ROOT\CLSID\{5133E633-CFED-4043-9971-38936512E6D4}]
2009-11-27 22:05 292352 ----a-w- c:\program files\WinMagic\SecureDoc-NT\SDContext.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-03-30 20:33 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OKI LPR Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OKI LPR Utility.lnk
backup=c:\windows\pss\OKI LPR Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-07-17 01:48 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 02:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2010-05-06 23:21 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2008-11-03 15:54 1745648 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FtpServer.exe]
2008-05-26 09:28 704512 ----a-w- c:\program files\SHARP\Sharpdesk\FTPServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-04-17 00:51 162584 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2008-02-11 19:48 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-04-17 00:51 142104 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexTray]
2008-05-27 21:56 106496 ----a-w- c:\program files\SHARP\Sharpdesk\IndexTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-04-17 00:51 138008 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 08:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-17 01:48 16132608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SharpTray]
2008-05-27 22:19 32768 ----a-w- c:\program files\SHARP\Sharpdesk\SharpTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartSecurDoc]
2009-11-27 22:05 2149888 ----a-w- c:\program files\WinMagic\SecureDoc-NT\SDPin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 19:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TypeRegChecker]
2008-05-27 21:58 57344 ----a-w- c:\program files\SHARP\Sharpdesk\TypeRegChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbeng9.exe"=
"c:\\Program Files\\SHARP\\Sharpdesk\\FTPServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec AntiVirus\\Smc.exe"=
"c:\\Program Files\\Symantec AntiVirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\WinMagic\\SecureDoc-NT\\SDPin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4363:UDP"= 4363:UDP:UDP 4363
"5711:TCP"= 5711:TCP:TCP 5711
.
R0 PinFile;PinFile;c:\windows\system32\drivers\PinFile.sys [9/28/2009 11:53 AM 20224]
R0 SDDisk2K;SDDisk2K;c:\windows\system32\drivers\SDDisk2K.sys [11/18/2009 4:07 PM 179200]
R0 SDDToki;SDDToki;c:\windows\system32\drivers\SDDToki.sys [9/25/2009 3:57 PM 117120]
R0 SDDVD;SDDVD;c:\windows\system32\drivers\SDDVD.sys [9/25/2009 3:57 PM 75520]
R0 SDUPC;SDUPC;c:\windows\system32\drivers\SDUPC.sys [3/5/2009 2:03 PM 16512]
R2 ArchiveService;Gillware Remote Backup;c:\program files\Gillware Remote Backup\ArchiveService.exe [1/11/2013 5:16 PM 530488]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [4/5/2013 3:53 AM 121600]
R2 WinMagic SecureDoc Service;WinMagic SecureDoc Service;c:\program files\WinMagic\SecureDoc-NT\SDService.exe [11/27/2009 5:05 PM 641024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/8/2013 8:48 AM 106656]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
S3 FoxAwdWINFLASH;FoxAwdWINFLASH;\??\c:\docume~1\GINADO~1\LOCALS~1\Temp\_B0E3.tmp\FoxAwdWINFLASH.sys --> c:\docume~1\GINADO~1\LOCALS~1\Temp\_B0E3.tmp\FoxAwdWINFLASH.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [7/22/2013 8:18 AM 35144]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-18 16:00 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 19:46]
.
2013-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-07-16 c:\windows\Tasks\Gillware Remote Backup - Audit.job
- c:\program files\Gillware Remote Backup\Scan.exe [2013-01-11 22:16]
.
2013-07-23 c:\windows\Tasks\Gillware Remote Backup - DefaultCritical.job
- c:\program files\Gillware Remote Backup\Scan.exe [2013-01-11 22:16]
.
2013-07-22 c:\windows\Tasks\Gillware Remote Backup - DefaultHigh.job
- c:\program files\Gillware Remote Backup\Scan.exe [2013-01-11 22:16]
.
2013-07-16 c:\windows\Tasks\Gillware Remote Backup - DefaultLow.job
- c:\program files\Gillware Remote Backup\Scan.exe [2013-01-11 22:16]
.
2013-07-22 c:\windows\Tasks\Gillware Remote Backup - DefaultMedium.job
- c:\program files\Gillware Remote Backup\Scan.exe [2013-01-11 22:16]
.
2013-07-23 c:\windows\Tasks\Gillware Remote Backup - Remote Backup Updater.job
- c:\program files\Gillware Remote Backup\Updater.exe [2013-01-11 22:16]
.
2013-07-23 c:\windows\Tasks\Gillware Remote Backup - Upload Event Log.job
- c:\program files\Gillware Remote Backup\Scan.exe [2013-01-11 22:16]
.
2013-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-18 16:00]
.
2013-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-18 16:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN12583309372988829&UM=2&ctid=CT3289847
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {123FE8C9-0BDC-4946-A854-DDBA7398CF64} - hxxps://www.fts.newyorklife.com/ftWebUpdate/installs/ftwebupdate.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-23 16:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500620AS rev.DE12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\SDocGina.dll
c:\windows\system32\sddisk.dll
c:\windows\system32\Sdd.dll
c:\windows\system32\SDXML.dll
c:\windows\system32\SDToki.dll
c:\windows\system32\sdck.dll
c:\windows\system32\SDDllRes.dll
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(3768)
c:\windows\system32\WININET.dll
c:\program files\Gillware Remote Backup\Overlays.dll
c:\program files\Gillware Remote Backup\CAB.dll
c:\program files\Gillware Remote Backup\Utils.dll
c:\program files\WinMagic\SecureDoc-NT\SDContext.dll
c:\windows\system32\sdd.dll
c:\windows\system32\SDXML.dll
c:\windows\system32\sddisk.dll
c:\windows\system32\SDToki.dll
c:\windows\system32\sdck.dll
c:\windows\system32\WMServiceHlper.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-07-23 16:36:48
ComboFix-quarantined-files.txt 2013-07-23 21:36
ComboFix2.txt 2013-07-19 20:24
.
Pre-Run: 343,177,953,280 bytes free
Post-Run: 343,338,205,184 bytes free
.
- - End Of File - - E442F89590681AF4CF235E3708B925B9
E1ED835465E42A176B4910C2CCA1E9A4

Did we get it this time??

Roxie
  • 0

#21
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I don't think so. MBRCheck could not write the new MBR code to the disk and ComboFix still shows a stealth rootkit. I want to try TDSSKiller again and then get a follow up aswMBR scan.


Step-1.

Posted Image TDSSKiller

Please read carefully and follow these steps.
  • Doubleclick on the TDSSKiller.exe file to run the application, then click on Change parameters. (See the image below)

    Posted Image
  • Check the box beside Loaded Modules and when the Reboot is required screen comes up click the Reboot now button.

    Posted Image
    • After the computer restarts, TDSSKiller will launch automatically. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • On the Ready to scan screen, click Change parameters
  • On the Settings screen, check all boxes then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Get the report by clicking Report

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-2.

Run aswMBR
  • Double click the aswMBR.exe file to run it.
  • If it asks you if you want to download the latest virus definitions, click "No"
    Posted Image
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The TDSSKiller log
2. The aswMBR log
  • 0

#22
Racingal60

Racingal60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
TDSSKiller found nothing, Log below:

07:50:20.0906 0232 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:50:21.0531 0232 ============================================================
07:50:21.0531 0232 Current date / time: 2013/07/24 07:50:21.0531
07:50:21.0531 0232 SystemInfo:
07:50:21.0531 0232
07:50:21.0531 0232 OS Version: 5.1.2600 ServicePack: 3.0
07:50:21.0531 0232 Product type: Workstation
07:50:21.0531 0232 ComputerName: GINA1
07:50:21.0531 0232 UserName: Dawn
07:50:21.0531 0232 Windows directory: C:\WINDOWS
07:50:21.0531 0232 System windows directory: C:\WINDOWS
07:50:21.0531 0232 Processor architecture: Intel x86
07:50:21.0531 0232 Number of processors: 4
07:50:21.0531 0232 Page size: 0x1000
07:50:21.0531 0232 Boot type: Normal boot
07:50:21.0531 0232 ============================================================
07:50:25.0281 0232 BG loaded
07:50:25.0656 0232 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:50:25.0796 0232 ============================================================
07:50:25.0796 0232 \Device\Harddisk0\DR0:
07:50:25.0796 0232 MBR partitions:
07:50:25.0796 0232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x3A36D3BB
07:50:25.0796 0232 ============================================================
07:50:25.0984 0232 Initialize success
07:50:25.0984 0232 ============================================================
07:50:39.0640 2808 ============================================================
07:50:39.0640 2808 Scan started
07:50:39.0640 2808 Mode: Manual; SigCheck; TDLFS;
07:50:39.0640 2808 ============================================================
07:50:40.0765 2808 ================ Scan system memory ========================
07:50:43.0625 2808 System memory - ok
07:50:43.0625 2808 ================ Scan services =============================
07:50:43.0625 2808 Abiosdsk - ok
07:50:43.0625 2808 abp480n5 - ok
07:50:43.0625 2808 ACPI - ok
07:50:43.0625 2808 ACPIEC - ok
07:50:43.0640 2808 AdobeFlashPlayerUpdateSvc - ok
07:50:43.0640 2808 adpu160m - ok
07:50:43.0640 2808 aec - ok
07:50:43.0640 2808 AFD - ok
07:50:43.0640 2808 agp440 - ok
07:50:43.0640 2808 agpCPQ - ok
07:50:43.0640 2808 Aha154x - ok
07:50:43.0640 2808 aic78u2 - ok
07:50:43.0656 2808 aic78xx - ok
07:50:43.0656 2808 Alerter - ok
07:50:43.0656 2808 ALG - ok
07:50:43.0656 2808 AliIde - ok
07:50:43.0656 2808 alim1541 - ok
07:50:43.0656 2808 amdagp - ok
07:50:43.0656 2808 amsint - ok
07:50:43.0656 2808 AppMgmt - ok
07:50:43.0656 2808 ArchiveService - ok
07:50:43.0656 2808 asc - ok
07:50:43.0671 2808 asc3350p - ok
07:50:43.0671 2808 asc3550 - ok
07:50:43.0671 2808 aspnet_state - ok
07:50:43.0671 2808 AsyncMac - ok
07:50:43.0671 2808 atapi - ok
07:50:43.0671 2808 Atdisk - ok
07:50:43.0671 2808 Atmarpc - ok
07:50:43.0687 2808 AudioSrv - ok
07:50:43.0687 2808 audstub - ok
07:50:43.0687 2808 BcmSqlStartupSvc - ok
07:50:43.0687 2808 Beep - ok
07:50:43.0687 2808 BITS - ok
07:50:43.0687 2808 Browser - ok
07:50:43.0687 2808 catchme - ok
07:50:43.0687 2808 cbidf - ok
07:50:43.0703 2808 cbidf2k - ok
07:50:43.0703 2808 ccEvtMgr - ok
07:50:43.0703 2808 ccSetMgr - ok
07:50:43.0703 2808 cd20xrnt - ok
07:50:43.0703 2808 Cdaudio - ok
07:50:43.0703 2808 Cdfs - ok
07:50:43.0703 2808 Cdrom - ok
07:50:43.0703 2808 Changer - ok
07:50:43.0703 2808 CiSvc - ok
07:50:43.0718 2808 ClipSrv - ok
07:50:43.0718 2808 clr_optimization_v2.0.50727_32 - ok
07:50:43.0718 2808 clr_optimization_v4.0.30319_32 - ok
07:50:43.0718 2808 CmdIde - ok
07:50:43.0718 2808 COMSysApp - ok
07:50:43.0718 2808 Cpqarray - ok
07:50:43.0718 2808 cpudrv - ok
07:50:43.0718 2808 CryptSvc - ok
07:50:43.0734 2808 dac2w2k - ok
07:50:43.0734 2808 dac960nt - ok
07:50:43.0734 2808 DcomLaunch - ok
07:50:43.0734 2808 Dhcp - ok
07:50:43.0734 2808 Disk - ok
07:50:43.0750 2808 dmadmin - ok
07:50:43.0750 2808 dmboot - ok
07:50:43.0750 2808 dmio - ok
07:50:43.0750 2808 dmload - ok
07:50:43.0765 2808 dmserver - ok
07:50:43.0765 2808 DMusic - ok
07:50:43.0765 2808 Dnscache - ok
07:50:43.0765 2808 Dot3svc - ok
07:50:43.0765 2808 dpti2o - ok
07:50:43.0765 2808 drmkaud - ok
07:50:43.0765 2808 E100B - ok
07:50:43.0765 2808 e1express - ok
07:50:43.0765 2808 EapHost - ok
07:50:43.0781 2808 eeCtrl - ok
07:50:43.0781 2808 EraserUtilRebootDrv - ok
07:50:43.0781 2808 ERSvc - ok
07:50:43.0812 2808 Eventlog - ok
07:50:43.0812 2808 EventSystem - ok
07:50:43.0812 2808 Fastfat - ok
07:50:43.0812 2808 FastUserSwitchingCompatibility - ok
07:50:43.0812 2808 Fax - ok
07:50:43.0812 2808 Fdc - ok
07:50:43.0812 2808 Fips - ok
07:50:43.0812 2808 Flpydisk - ok
07:50:43.0812 2808 FltMgr - ok
07:50:43.0828 2808 FontCache3.0.0.0 - ok
07:50:43.0828 2808 FoxAwdWINFLASH - ok
07:50:43.0828 2808 Fs_Rec - ok
07:50:43.0828 2808 Ftdisk - ok
07:50:43.0828 2808 GoToAssist - ok
07:50:43.0828 2808 Gpc - ok
07:50:43.0828 2808 gupdate - ok
07:50:43.0828 2808 gupdatem - ok
07:50:43.0828 2808 HDAudBus - ok
07:50:43.0843 2808 helpsvc - ok
07:50:43.0843 2808 HidServ - ok
07:50:43.0843 2808 HidUsb - ok
07:50:43.0843 2808 hkmsvc - ok
07:50:43.0843 2808 hpn - ok
07:50:43.0843 2808 HTTP - ok
07:50:43.0843 2808 HTTPFilter - ok
07:50:43.0843 2808 i2omgmt - ok
07:50:43.0843 2808 i2omp - ok
07:50:43.0859 2808 i8042prt - ok
07:50:43.0859 2808 ialm - ok
07:50:43.0859 2808 iaStor - ok
07:50:43.0859 2808 IDriverT - ok
07:50:43.0859 2808 idsvc - ok
07:50:43.0859 2808 Imapi - ok
07:50:43.0859 2808 ImapiService - ok
07:50:43.0859 2808 ini910u - ok
07:50:43.0875 2808 IntcAzAudAddService - ok
07:50:43.0875 2808 Intel® PROSet Monitoring Service - ok
07:50:43.0875 2808 IntelIde - ok
07:50:43.0875 2808 intelppm - ok
07:50:43.0875 2808 Ip6Fw - ok
07:50:43.0875 2808 IpFilterDriver - ok
07:50:43.0875 2808 IpInIp - ok
07:50:43.0875 2808 IpNat - ok
07:50:43.0875 2808 IPSec - ok
07:50:43.0890 2808 IRENUM - ok
07:50:43.0890 2808 isapnp - ok
07:50:43.0890 2808 JavaQuickStarterService - ok
07:50:43.0890 2808 Kbdclass - ok
07:50:43.0890 2808 kbdhid - ok
07:50:43.0890 2808 kmixer - ok
07:50:43.0890 2808 KSecDD - ok
07:50:43.0890 2808 lanmanserver - ok
07:50:43.0890 2808 lanmanworkstation - ok
07:50:43.0890 2808 Lbd - ok
07:50:43.0906 2808 lbrtfdc - ok
07:50:43.0906 2808 LiveUpdate - ok
07:50:43.0906 2808 LmHosts - ok
07:50:43.0906 2808 mbamchameleon - ok
07:50:43.0906 2808 MDM - ok
07:50:43.0906 2808 Messenger - ok
07:50:43.0906 2808 mnmdd - ok
07:50:43.0906 2808 mnmsrvc - ok
07:50:43.0921 2808 Modem - ok
07:50:43.0921 2808 Mouclass - ok
07:50:43.0921 2808 mouhid - ok
07:50:43.0921 2808 MountMgr - ok
07:50:43.0921 2808 mraid35x - ok
07:50:43.0921 2808 MRxDAV - ok
07:50:43.0921 2808 MRxSmb - ok
07:50:43.0921 2808 MSDTC - ok
07:50:43.0937 2808 Msfs - ok
07:50:43.0937 2808 MSIServer - ok
07:50:43.0937 2808 MSKSSRV - ok
07:50:43.0937 2808 MSPCLOCK - ok
07:50:43.0937 2808 MSPQM - ok
07:50:43.0937 2808 mssmbios - ok
07:50:43.0937 2808 MSSQL$MSSMLBIZ - ok
07:50:43.0937 2808 MSSQLServerADHelper - ok
07:50:43.0937 2808 Mup - ok
07:50:43.0953 2808 NAL - ok
07:50:43.0953 2808 napagent - ok
07:50:43.0953 2808 NAVENG - ok
07:50:43.0953 2808 NAVEX15 - ok
07:50:43.0953 2808 NDIS - ok
07:50:43.0953 2808 NdisTapi - ok
07:50:43.0953 2808 Ndisuio - ok
07:50:43.0953 2808 NdisWan - ok
07:50:43.0953 2808 NDProxy - ok
07:50:43.0968 2808 NetBIOS - ok
07:50:43.0968 2808 NetBT - ok
07:50:43.0968 2808 NetDDE - ok
07:50:43.0968 2808 NetDDEdsdm - ok
07:50:43.0968 2808 Netlogon - ok
07:50:43.0968 2808 Netman - ok
07:50:43.0968 2808 NetTcpPortSharing - ok
07:50:43.0968 2808 Nla - ok
07:50:43.0968 2808 Npfs - ok
07:50:43.0984 2808 Ntfs - ok
07:50:43.0984 2808 NtLmSsp - ok
07:50:43.0984 2808 NtmsSvc - ok
07:50:43.0984 2808 Null - ok
07:50:43.0984 2808 nv - ok
07:50:43.0984 2808 NwlnkFlt - ok
07:50:43.0984 2808 NwlnkFwd - ok
07:50:43.0984 2808 odserv - ok
07:50:43.0984 2808 ose - ok
07:50:44.0000 2808 Parport - ok
07:50:44.0000 2808 PartMgr - ok
07:50:44.0000 2808 ParVdm - ok
07:50:44.0000 2808 PCI - ok
07:50:44.0000 2808 PCIDump - ok
07:50:44.0000 2808 PCIIde - ok
07:50:44.0000 2808 Pcmcia - ok
07:50:44.0015 2808 PDCOMP - ok
07:50:44.0015 2808 PDFRAME - ok
07:50:44.0015 2808 PDRELI - ok
07:50:44.0015 2808 PDRFRAME - ok
07:50:44.0015 2808 perc2 - ok
07:50:44.0015 2808 perc2hib - ok
07:50:44.0015 2808 PinFile - ok
07:50:44.0031 2808 PlugPlay - ok
07:50:44.0031 2808 PolicyAgent - ok
07:50:44.0031 2808 PptpMiniport - ok
07:50:44.0031 2808 ProtectedStorage - ok
07:50:44.0031 2808 PSched - ok
07:50:44.0031 2808 Ptilink - ok
07:50:44.0031 2808 PxHelp20 - ok
07:50:44.0031 2808 ql1080 - ok
07:50:44.0031 2808 Ql10wnt - ok
07:50:44.0046 2808 ql12160 - ok
07:50:44.0046 2808 ql1240 - ok
07:50:44.0046 2808 ql1280 - ok
07:50:44.0046 2808 RasAcd - ok
07:50:44.0046 2808 RasAuto - ok
07:50:44.0046 2808 Rasl2tp - ok
07:50:44.0046 2808 RasMan - ok
07:50:44.0046 2808 RasPppoe - ok
07:50:44.0046 2808 Raspti - ok
07:50:44.0062 2808 Rdbss - ok
07:50:44.0062 2808 RDPCDD - ok
07:50:44.0062 2808 rdpdr - ok
07:50:44.0062 2808 RDPWD - ok
07:50:44.0062 2808 RDSessMgr - ok
07:50:44.0062 2808 redbook - ok
07:50:44.0062 2808 RemoteAccess - ok
07:50:44.0062 2808 RemoteRegistry - ok
07:50:44.0062 2808 RpcLocator - ok
07:50:44.0078 2808 RpcSs - ok
07:50:44.0078 2808 RSVP - ok
07:50:44.0078 2808 SamSs - ok
07:50:44.0078 2808 SBRE - ok
07:50:44.0078 2808 SCardSvr - ok
07:50:44.0078 2808 Schedule - ok
07:50:44.0078 2808 SDDisk2K - ok
07:50:44.0078 2808 SDDToki - ok
07:50:44.0093 2808 SDDVD - ok
07:50:44.0093 2808 SDUPC - ok
07:50:44.0093 2808 Secdrv - ok
07:50:44.0093 2808 seclogon - ok
07:50:44.0093 2808 SENS - ok
07:50:44.0093 2808 serenum - ok
07:50:44.0093 2808 Serial - ok
07:50:44.0109 2808 Sfloppy - ok
07:50:44.0109 2808 SharedAccess - ok
07:50:44.0109 2808 ShellHWDetection - ok
07:50:44.0109 2808 Simbad - ok
07:50:44.0109 2808 sisagp - ok
07:50:44.0109 2808 SmcService - ok
07:50:44.0109 2808 SNAC - ok
07:50:44.0125 2808 Sparrow - ok
07:50:44.0125 2808 SPBBCDrv - ok
07:50:44.0125 2808 splitter - ok
07:50:44.0125 2808 Spooler - ok
07:50:44.0125 2808 sprtsvc_DellSupportCenter - ok
07:50:44.0125 2808 SQLBrowser - ok
07:50:44.0125 2808 SQLWriter - ok
07:50:44.0125 2808 sr - ok
07:50:44.0125 2808 srservice - ok
07:50:44.0140 2808 SRTSP - ok
07:50:44.0140 2808 SRTSPL - ok
07:50:44.0140 2808 SRTSPX - ok
07:50:44.0140 2808 Srv - ok
07:50:44.0140 2808 SSDPSRV - ok
07:50:44.0140 2808 stisvc - ok
07:50:44.0140 2808 stllssvr - ok
07:50:44.0140 2808 swenum - ok
07:50:44.0140 2808 swmidi - ok
07:50:44.0156 2808 SwPrv - ok
07:50:44.0156 2808 Symantec AntiVirus - ok
07:50:44.0156 2808 symc810 - ok
07:50:44.0156 2808 symc8xx - ok
07:50:44.0156 2808 SymEvent - ok
07:50:44.0156 2808 SYMREDRV - ok
07:50:44.0156 2808 SYMTDI - ok
07:50:44.0156 2808 sym_hi - ok
07:50:44.0156 2808 sym_u3 - ok
07:50:44.0171 2808 sysaudio - ok
07:50:44.0171 2808 SysmonLog - ok
07:50:44.0171 2808 TapiSrv - ok
07:50:44.0171 2808 Tcpip - ok
07:50:44.0171 2808 TDPIPE - ok
07:50:44.0171 2808 TDTCP - ok
07:50:44.0171 2808 TermDD - ok
07:50:44.0171 2808 TermService - ok
07:50:44.0171 2808 Themes - ok
07:50:44.0187 2808 TlntSvr - ok
07:50:44.0187 2808 TosIde - ok
07:50:44.0187 2808 TrkWks - ok
07:50:44.0187 2808 Udfs - ok
07:50:44.0187 2808 ultra - ok
07:50:44.0187 2808 Update - ok
07:50:44.0187 2808 upnphost - ok
07:50:44.0203 2808 UPS - ok
07:50:44.0203 2808 usbccgp - ok
07:50:44.0203 2808 usbehci - ok
07:50:44.0203 2808 usbhub - ok
07:50:44.0203 2808 usbprint - ok
07:50:44.0203 2808 USBSTOR - ok
07:50:44.0203 2808 usbuhci - ok
07:50:44.0203 2808 VgaSave - ok
07:50:44.0203 2808 viaagp - ok
07:50:44.0218 2808 ViaIde - ok
07:50:44.0218 2808 VolSnap - ok
07:50:44.0218 2808 VSS - ok
07:50:44.0218 2808 w32time - ok
07:50:44.0218 2808 Wanarp - ok
07:50:44.0218 2808 WDICA - ok
07:50:44.0218 2808 wdmaud - ok
07:50:44.0218 2808 WebClient - ok
07:50:44.0234 2808 WinMagic SecureDoc Service - ok
07:50:44.0234 2808 winmgmt - ok
07:50:44.0234 2808 WmdmPmSN - ok
07:50:44.0234 2808 Wmi - ok
07:50:44.0234 2808 WmiApSrv - ok
07:50:44.0234 2808 WMPNetworkSvc - ok
07:50:44.0234 2808 WPFFontCache_v0400 - ok
07:50:44.0250 2808 WS2IFSL - ok
07:50:44.0250 2808 wscsvc - ok
07:50:44.0250 2808 WSearch - ok
07:50:44.0250 2808 wuauserv - ok
07:50:44.0250 2808 WudfPf - ok
07:50:44.0250 2808 WudfRd - ok
07:50:44.0250 2808 WudfSvc - ok
07:50:44.0250 2808 WZCSVC - ok
07:50:44.0265 2808 xmlprov - ok
07:50:44.0265 2808 ================ Scan global ===============================
07:50:44.0265 2808 [Global] - ok
07:50:44.0265 2808 ================ Scan MBR ==================================
07:50:44.0281 2808 [ E1ED835465E42A176B4910C2CCA1E9A4 ] \Device\Harddisk0\DR0
07:50:44.0281 2808 Suspicious mbr (Forged): \Device\Harddisk0\DR0
07:50:44.0515 2808 \Device\Harddisk0\DR0 - ok
07:50:44.0515 2808 ================ Scan VBR ==================================
07:50:44.0515 2808 [ E22F4FDC9CF7A873F47DD876419BD773 ] \Device\Harddisk0\DR0\Partition1
07:50:44.0515 2808 \Device\Harddisk0\DR0\Partition1 - ok
07:50:44.0515 2808 ================ Scan active images ========================
07:50:44.0515 2808 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
07:50:44.0515 2808 C:\WINDOWS\system32\drivers\intelppm.sys - ok
07:50:44.0515 2808 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
07:50:44.0515 2808 C:\WINDOWS\system32\drivers\videoprt.sys - ok
07:50:44.0515 2808 [ 28423512370705AEDA6A652FEDB25468 ] C:\WINDOWS\system32\drivers\igxpmp32.sys
07:50:44.0515 2808 C:\WINDOWS\system32\drivers\igxpmp32.sys - ok
07:50:44.0531 2808 [ D334D3052BDD61F8A5F0A59D31466BAC ] C:\WINDOWS\system32\drivers\e1e5132.sys
07:50:44.0531 2808 C:\WINDOWS\system32\drivers\e1e5132.sys - ok
07:50:44.0531 2808 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
07:50:44.0531 2808 C:\WINDOWS\system32\drivers\usbport.sys - ok
07:50:44.0531 2808 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
07:50:44.0531 2808 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
07:50:44.0531 2808 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
07:50:44.0531 2808 C:\WINDOWS\system32\drivers\cdrom.sys - ok
07:50:44.0531 2808 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
07:50:44.0531 2808 C:\WINDOWS\system32\drivers\fdc.sys - ok
07:50:44.0531 2808 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
07:50:44.0531 2808 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
07:50:44.0531 2808 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
07:50:44.0531 2808 C:\WINDOWS\system32\drivers\imapi.sys - ok
07:50:44.0531 2808 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
07:50:44.0531 2808 C:\WINDOWS\system32\drivers\usbehci.sys - ok
07:50:44.0531 2808 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
07:50:44.0531 2808 C:\WINDOWS\system32\drivers\ks.sys - ok
07:50:44.0546 2808 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
07:50:44.0546 2808 C:\WINDOWS\system32\drivers\redbook.sys - ok
07:50:44.0546 2808 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
07:50:44.0546 2808 C:\WINDOWS\system32\drivers\audstub.sys - ok
07:50:44.0546 2808 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
07:50:44.0546 2808 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
07:50:44.0546 2808 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
07:50:44.0546 2808 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
07:50:44.0546 2808 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
07:50:44.0546 2808 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
07:50:44.0546 2808 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
07:50:44.0546 2808 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
07:50:44.0546 2808 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
07:50:44.0546 2808 C:\WINDOWS\system32\drivers\tdi.sys - ok
07:50:44.0546 2808 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
07:50:44.0546 2808 C:\WINDOWS\system32\drivers\psched.sys - ok
07:50:44.0546 2808 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
07:50:44.0546 2808 C:\WINDOWS\system32\drivers\raspptp.sys - ok
07:50:44.0562 2808 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
07:50:44.0562 2808 C:\WINDOWS\system32\drivers\msgpc.sys - ok
07:50:44.0562 2808 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
07:50:44.0562 2808 C:\WINDOWS\system32\drivers\ptilink.sys - ok
07:50:44.0562 2808 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
07:50:44.0562 2808 C:\WINDOWS\system32\drivers\raspti.sys - ok
07:50:44.0562 2808 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
07:50:44.0562 2808 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
07:50:44.0562 2808 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
07:50:44.0562 2808 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
07:50:44.0562 2808 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
07:50:44.0562 2808 C:\WINDOWS\system32\drivers\mouclass.sys - ok
07:50:44.0562 2808 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
07:50:44.0562 2808 C:\WINDOWS\system32\drivers\swenum.sys - ok
07:50:44.0562 2808 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
07:50:44.0562 2808 C:\WINDOWS\system32\drivers\termdd.sys - ok
07:50:44.0562 2808 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
07:50:44.0562 2808 C:\WINDOWS\system32\drivers\update.sys - ok
07:50:44.0578 2808 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
07:50:44.0578 2808 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
07:50:44.0578 2808 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
07:50:44.0578 2808 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
07:50:44.0578 2808 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
07:50:44.0578 2808 C:\WINDOWS\system32\drivers\usbd.sys - ok
07:50:44.0578 2808 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
07:50:44.0578 2808 C:\WINDOWS\system32\drivers\usbhub.sys - ok
07:50:44.0578 2808 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
07:50:44.0578 2808 C:\WINDOWS\system32\drivers\drmk.sys - ok
07:50:44.0578 2808 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
07:50:44.0578 2808 C:\WINDOWS\system32\drivers\portcls.sys - ok
07:50:44.0578 2808 [ 17BBBABB21F86B650B2626045A9D016C ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:50:44.0578 2808 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
07:50:44.0578 2808 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
07:50:44.0578 2808 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
07:50:44.0578 2808 [ 9368670BD426EBEA5E8B18A62416EC28 ] C:\WINDOWS\system32\drivers\i2omgmt.sys
07:50:44.0578 2808 C:\WINDOWS\system32\drivers\i2omgmt.sys - ok
07:50:44.0593 2808 [ 5A293729E1F9FCE3A2106D1F5DC5E98A ] C:\WINDOWS\system32\drivers\srtsp.sys
07:50:44.0593 2808 C:\WINDOWS\system32\drivers\srtsp.sys - ok
07:50:44.0593 2808 [ 19CEB8F4EC8C800A53D0B67E658E0367 ] C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130721.020\NAVEX15.SYS
07:50:44.0593 2808 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130721.020\NAVEX15.SYS - ok
07:50:44.0593 2808 [ E42A34E6F5CA71A84D4C2DE620AAD13D ] C:\WINDOWS\system32\drivers\SYMEVENT.SYS
07:50:44.0593 2808 C:\WINDOWS\system32\drivers\SYMEVENT.SYS - ok
07:50:44.0593 2808 [ CE2156DF796D41614AB60E68D107D573 ] C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130721.020\NAVENG.SYS
07:50:44.0593 2808 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130721.020\NAVENG.SYS - ok
07:50:44.0593 2808 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
07:50:44.0593 2808 C:\WINDOWS\system32\drivers\hidparse.sys - ok
07:50:44.0593 2808 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
07:50:44.0593 2808 C:\WINDOWS\system32\drivers\hidclass.sys - ok
07:50:44.0593 2808 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
07:50:44.0593 2808 C:\WINDOWS\system32\drivers\hidusb.sys - ok
07:50:44.0593 2808 [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys
07:50:44.0593 2808 C:\WINDOWS\system32\drivers\usbprint.sys - ok
07:50:44.0593 2808 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
07:50:44.0593 2808 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
07:50:44.0609 2808 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
07:50:44.0609 2808 C:\WINDOWS\system32\drivers\mouhid.sys - ok
07:50:44.0609 2808 [ A99719DFB61B61AA5026341BBB733C0A ] C:\WINDOWS\system32\drivers\srtspx.sys
07:50:44.0609 2808 C:\WINDOWS\system32\drivers\srtspx.sys - ok
07:50:44.0609 2808 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
07:50:44.0609 2808 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
07:50:44.0609 2808 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
07:50:44.0609 2808 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
07:50:44.0609 2808 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
07:50:44.0609 2808 C:\WINDOWS\system32\drivers\null.sys - ok
07:50:44.0609 2808 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
07:50:44.0609 2808 C:\WINDOWS\system32\drivers\beep.sys - ok
07:50:44.0609 2808 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
07:50:44.0609 2808 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
07:50:44.0609 2808 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
07:50:44.0609 2808 C:\WINDOWS\system32\drivers\vga.sys - ok
07:50:44.0609 2808 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
07:50:44.0609 2808 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
07:50:44.0625 2808 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
07:50:44.0625 2808 C:\WINDOWS\system32\drivers\msfs.sys - ok
07:50:44.0625 2808 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
07:50:44.0625 2808 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
07:50:44.0625 2808 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
07:50:44.0625 2808 C:\WINDOWS\system32\drivers\npfs.sys - ok
07:50:44.0625 2808 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
07:50:44.0625 2808 C:\WINDOWS\system32\drivers\rasacd.sys - ok
07:50:44.0625 2808 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
07:50:44.0625 2808 C:\WINDOWS\system32\drivers\ipsec.sys - ok
07:50:44.0625 2808 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
07:50:44.0625 2808 C:\WINDOWS\system32\drivers\tcpip.sys - ok
07:50:44.0625 2808 [ D46676BB414C7531BDFFE637A33F5033 ] C:\WINDOWS\system32\drivers\symtdi.sys
07:50:44.0625 2808 C:\WINDOWS\system32\drivers\symtdi.sys - ok
07:50:44.0625 2808 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
07:50:44.0625 2808 C:\WINDOWS\system32\drivers\ipnat.sys - ok
07:50:44.0625 2808 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
07:50:44.0625 2808 C:\WINDOWS\system32\drivers\wanarp.sys - ok
07:50:44.0625 2808 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
07:50:44.0625 2808 C:\WINDOWS\system32\drivers\netbt.sys - ok
07:50:44.0640 2808 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
07:50:44.0640 2808 C:\WINDOWS\system32\drivers\afd.sys - ok
07:50:44.0640 2808 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
07:50:44.0640 2808 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
07:50:44.0640 2808 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
07:50:44.0640 2808 C:\WINDOWS\system32\drivers\netbios.sys - ok
07:50:44.0640 2808 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
07:50:44.0640 2808 C:\WINDOWS\system32\drivers\serial.sys - ok
07:50:44.0640 2808 [ E87CF104F12C92401C4D33C50A3D5DC8 ] C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
07:50:44.0640 2808 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys - ok
07:50:44.0640 2808 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
07:50:44.0640 2808 C:\WINDOWS\system32\drivers\rdbss.sys - ok
07:50:44.0640 2808 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
07:50:44.0640 2808 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
07:50:44.0640 2808 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
07:50:44.0640 2808 C:\WINDOWS\system32\drivers\fips.sys - ok
07:50:44.0640 2808 [ 85B8B4032A895A746D46A288A9B30DED ] C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
07:50:44.0640 2808 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - ok
07:50:44.0656 2808 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:50:44.0656 2808 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok
07:50:44.0656 2808 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
07:50:44.0656 2808 C:\WINDOWS\system32\ntdll.dll - ok
07:50:44.0656 2808 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
07:50:44.0656 2808 C:\WINDOWS\system32\smss.exe - ok
07:50:44.0656 2808 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
07:50:44.0656 2808 C:\WINDOWS\system32\autochk.exe - ok
07:50:44.0656 2808 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
07:50:44.0656 2808 C:\WINDOWS\system32\sfcfiles.dll - ok
07:50:44.0656 2808 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
07:50:44.0656 2808 C:\WINDOWS\system32\drivers\cdfs.sys - ok
07:50:44.0656 2808 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
07:50:44.0656 2808 C:\WINDOWS\system32\drivers\wmilib.sys - ok
07:50:44.0656 2808 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
07:50:44.0656 2808 C:\WINDOWS\system32\drivers\atapi.sys - ok
07:50:44.0656 2808 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
07:50:44.0656 2808 C:\WINDOWS\system32\drivers\dxapi.sys - ok
07:50:44.0671 2808 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
07:50:44.0671 2808 C:\WINDOWS\system32\watchdog.sys - ok
07:50:44.0671 2808 [ A1886BEBC12536FE2FA8464B7FA6F0FC ] C:\WINDOWS\system32\win32k.sys
07:50:44.0671 2808 C:\WINDOWS\system32\win32k.sys - ok
07:50:44.0671 2808 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
07:50:44.0671 2808 C:\WINDOWS\system32\csrsrv.dll - ok
07:50:44.0671 2808 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
07:50:44.0671 2808 C:\WINDOWS\system32\csrss.exe - ok
07:50:44.0671 2808 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
07:50:44.0671 2808 C:\WINDOWS\system32\basesrv.dll - ok
07:50:44.0671 2808 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
07:50:44.0671 2808 C:\WINDOWS\system32\winsrv.dll - ok
07:50:44.0671 2808 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
07:50:44.0671 2808 C:\WINDOWS\system32\gdi32.dll - ok
07:50:44.0671 2808 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
07:50:44.0671 2808 C:\WINDOWS\system32\kernel32.dll - ok
07:50:44.0671 2808 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
07:50:44.0671 2808 C:\WINDOWS\system32\user32.dll - ok
07:50:44.0671 2808 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
07:50:44.0671 2808 C:\WINDOWS\system32\drivers\dxg.sys - ok
07:50:44.0687 2808 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
07:50:44.0687 2808 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
07:50:44.0687 2808 [ BE32F42CA4FA7ED43665514ADF268575 ] C:\WINDOWS\system32\igxprd32.dll
07:50:44.0687 2808 C:\WINDOWS\system32\igxprd32.dll - ok
07:50:44.0687 2808 [ 49DAD1C2DFDE9D3B13138DC12D4D9AC4 ] C:\WINDOWS\system32\igxpgd32.dll
07:50:44.0687 2808 C:\WINDOWS\system32\igxpgd32.dll - ok
07:50:44.0687 2808 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
07:50:44.0687 2808 C:\WINDOWS\system32\vga.dll - ok
07:50:44.0687 2808 [ 4214464B38469F1AD82DC03593D4AF11 ] C:\WINDOWS\system32\igxpdv32.dll
07:50:44.0687 2808 C:\WINDOWS\system32\igxpdv32.dll - ok
07:50:44.0687 2808 [ 66A2FCA8A8BA4C4E9731E0733698B488 ] C:\WINDOWS\system32\igxpdx32.dll
07:50:44.0687 2808 C:\WINDOWS\system32\igxpdx32.dll - ok
07:50:44.0687 2808 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
07:50:44.0687 2808 C:\WINDOWS\system32\advapi32.dll - ok
07:50:44.0687 2808 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
07:50:44.0687 2808 C:\WINDOWS\system32\winlogon.exe - ok
07:50:44.0687 2808 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
07:50:44.0687 2808 C:\WINDOWS\system32\rpcrt4.dll - ok
07:50:44.0703 2808 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
07:50:44.0703 2808 C:\WINDOWS\system32\authz.dll - ok
07:50:44.0703 2808 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
07:50:44.0703 2808 C:\WINDOWS\system32\msvcrt.dll - ok
07:50:44.0703 2808 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
07:50:44.0703 2808 C:\WINDOWS\system32\secur32.dll - ok
07:50:44.0703 2808 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
07:50:44.0703 2808 C:\WINDOWS\system32\crypt32.dll - ok
07:50:44.0703 2808 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
07:50:44.0703 2808 C:\WINDOWS\system32\msasn1.dll - ok
07:50:44.0703 2808 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
07:50:44.0703 2808 C:\WINDOWS\system32\nddeapi.dll - ok
07:50:44.0703 2808 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
07:50:44.0703 2808 C:\WINDOWS\system32\netapi32.dll - ok
07:50:44.0703 2808 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
07:50:44.0703 2808 C:\WINDOWS\system32\profmap.dll - ok
07:50:44.0703 2808 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
07:50:44.0703 2808 C:\WINDOWS\system32\userenv.dll - ok
07:50:44.0718 2808 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
07:50:44.0718 2808 C:\WINDOWS\system32\psapi.dll - ok
07:50:44.0718 2808 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
07:50:44.0718 2808 C:\WINDOWS\system32\regapi.dll - ok
07:50:44.0718 2808 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
07:50:44.0718 2808 C:\WINDOWS\system32\setupapi.dll - ok
07:50:44.0718 2808 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
07:50:44.0718 2808 C:\WINDOWS\system32\version.dll - ok
07:50:44.0718 2808 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
07:50:44.0718 2808 C:\WINDOWS\system32\winsta.dll - ok
07:50:44.0718 2808 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
07:50:44.0718 2808 C:\WINDOWS\system32\imagehlp.dll - ok
07:50:44.0718 2808 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
07:50:44.0718 2808 C:\WINDOWS\system32\imm32.dll - ok
07:50:44.0718 2808 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
07:50:44.0718 2808 C:\WINDOWS\system32\wintrust.dll - ok
07:50:44.0718 2808 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
07:50:44.0718 2808 C:\WINDOWS\system32\ws2help.dll - ok
07:50:44.0734 2808 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
07:50:44.0734 2808 C:\WINDOWS\system32\ws2_32.dll - ok
07:50:44.0734 2808 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
07:50:44.0734 2808 C:\WINDOWS\system32\kbdus.dll - ok
07:50:44.0734 2808 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
07:50:44.0734 2808 C:\WINDOWS\system32\msgina.dll - ok
07:50:44.0734 2808 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
07:50:44.0734 2808 C:\WINDOWS\system32\comctl32.dll - ok
07:50:44.0734 2808 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
07:50:44.0734 2808 C:\WINDOWS\system32\comdlg32.dll - ok
07:50:44.0734 2808 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
07:50:44.0734 2808 C:\WINDOWS\system32\odbc32.dll - ok
07:50:44.0734 2808 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
07:50:44.0734 2808 C:\WINDOWS\system32\shell32.dll - ok
07:50:44.0734 2808 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
07:50:44.0734 2808 C:\WINDOWS\system32\shlwapi.dll - ok
07:50:44.0734 2808 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
07:50:44.0734 2808 C:\WINDOWS\system32\sxs.dll - ok
07:50:44.0734 2808 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
07:50:44.0734 2808 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
07:50:44.0750 2808 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
07:50:44.0750 2808 C:\WINDOWS\system32\odbcint.dll - ok
07:50:44.0750 2808 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
07:50:44.0750 2808 C:\WINDOWS\system32\shsvcs.dll - ok
07:50:44.0750 2808 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
07:50:44.0750 2808 C:\WINDOWS\system32\sfc.dll - ok
07:50:44.0750 2808 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
07:50:44.0750 2808 C:\WINDOWS\system32\sfc_os.dll - ok
07:50:44.0750 2808 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
07:50:44.0750 2808 C:\WINDOWS\system32\ole32.dll - ok
07:50:44.0750 2808 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
07:50:44.0750 2808 C:\WINDOWS\system32\apphelp.dll - ok
07:50:44.0750 2808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
07:50:44.0750 2808 C:\WINDOWS\system32\lsass.exe - ok
07:50:44.0750 2808 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
07:50:44.0750 2808 C:\WINDOWS\system32\ncobjapi.dll - ok
07:50:44.0750 2808 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
07:50:44.0750 2808 C:\WINDOWS\system32\services.exe - ok
07:50:44.0765 2808 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
07:50:44.0765 2808 C:\WINDOWS\system32\lsasrv.dll - ok
07:50:44.0765 2808 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
07:50:44.0765 2808 C:\WINDOWS\system32\msvcp60.dll - ok
07:50:44.0765 2808 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
07:50:44.0765 2808 C:\WINDOWS\system32\scesrv.dll - ok
07:50:44.0765 2808 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
07:50:44.0765 2808 C:\WINDOWS\system32\dnsapi.dll - ok
07:50:44.0765 2808 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
07:50:44.0765 2808 C:\WINDOWS\system32\mpr.dll - ok
07:50:44.0765 2808 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
07:50:44.0765 2808 C:\WINDOWS\system32\ntdsapi.dll - ok
07:50:44.0765 2808 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
07:50:44.0765 2808 C:\WINDOWS\system32\samlib.dll - ok
07:50:44.0765 2808 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
07:50:44.0765 2808 C:\WINDOWS\system32\umpnpmgr.dll - ok
07:50:44.0765 2808 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
07:50:44.0765 2808 C:\WINDOWS\system32\wldap32.dll - ok
07:50:44.0781 2808 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
07:50:44.0781 2808 C:\WINDOWS\AppPatch\acadproc.dll - ok
07:50:44.0781 2808 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
07:50:44.0781 2808 C:\WINDOWS\system32\samsrv.dll - ok
07:50:44.0781 2808 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
07:50:44.0781 2808 C:\WINDOWS\system32\shimeng.dll - ok
07:50:44.0781 2808 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
07:50:44.0781 2808 C:\WINDOWS\AppPatch\acgenral.dll - ok
07:50:44.0781 2808 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
07:50:44.0781 2808 C:\WINDOWS\system32\cryptdll.dll - ok
07:50:44.0781 2808 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
07:50:44.0781 2808 C:\WINDOWS\system32\msacm32.dll - ok
07:50:44.0781 2808 [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
07:50:44.0781 2808 C:\WINDOWS\system32\oleaut32.dll - ok
07:50:44.0781 2808 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
07:50:44.0781 2808 C:\WINDOWS\system32\uxtheme.dll - ok
07:50:44.0781 2808 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
07:50:44.0781 2808 C:\WINDOWS\system32\winmm.dll - ok
07:50:44.0796 2808 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
07:50:44.0796 2808 C:\WINDOWS\system32\digest.dll - ok
07:50:44.0796 2808 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
07:50:44.0796 2808 C:\WINDOWS\system32\msapsspc.dll - ok
07:50:44.0796 2808 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
07:50:44.0796 2808 C:\WINDOWS\system32\msvcrt40.dll - ok
07:50:44.0796 2808 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
07:50:44.0796 2808 C:\WINDOWS\system32\schannel.dll - ok
07:50:44.0796 2808 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
07:50:44.0796 2808 C:\WINDOWS\system32\msctfime.ime - ok
07:50:44.0796 2808 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
07:50:44.0796 2808 C:\WINDOWS\system32\msnsspc.dll - ok
07:50:44.0796 2808 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
07:50:44.0796 2808 C:\WINDOWS\system32\kerberos.dll - ok
07:50:44.0796 2808 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
07:50:44.0796 2808 C:\WINDOWS\system32\msprivs.dll - ok
07:50:44.0812 2808 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
07:50:44.0812 2808 C:\WINDOWS\system32\msv1_0.dll - ok
07:50:44.0812 2808 [ B6E35DEA12D3CF70373EC222D4AA426A ] C:\WINDOWS\system32\SDocGina.dll
07:50:44.0812 2808 C:\WINDOWS\system32\SDocGina.dll - ok
07:50:44.0812 2808 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
07:50:44.0812 2808 C:\WINDOWS\system32\iphlpapi.dll - ok
07:50:44.0812 2808 [ 85516335092F6AB1E11739C06AC424B7 ] C:\WINDOWS\system32\SDDisk.dll
07:50:44.0812 2808 C:\WINDOWS\system32\SDDisk.dll - ok
07:50:44.0812 2808 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
07:50:44.0812 2808 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
07:50:44.0812 2808 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
07:50:44.0812 2808 C:\WINDOWS\system32\netlogon.dll - ok
07:50:44.0812 2808 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
07:50:44.0812 2808 C:\WINDOWS\system32\atmfd.dll - ok
07:50:44.0812 2808 [ 8921A7F98212FAA5D9897A26D6C11EAA ] C:\WINDOWS\system32\sdd.dll
07:50:44.0812 2808 C:\WINDOWS\system32\sdd.dll - ok
07:50:44.0812 2808 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
07:50:44.0812 2808 C:\WINDOWS\system32\w32time.dll - ok
07:50:44.0812 2808 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
07:50:44.0812 2808 C:\WINDOWS\system32\wdigest.dll - ok
07:50:44.0828 2808 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
07:50:44.0828 2808 C:\WINDOWS\system32\rsaenh.dll - ok
07:50:44.0828 2808 [ FF2E2C0204BB4CE249C35CB4A2B29477 ] C:\WINDOWS\system32\SDXML.dll
07:50:44.0828 2808 C:\WINDOWS\system32\SDXML.dll - ok
07:50:44.0828 2808 [ C93856C78805B317B7B411FACEB455DE ] C:\WINDOWS\system32\SDToki.dll
07:50:44.0828 2808 C:\WINDOWS\system32\SDToki.dll - ok
07:50:44.0828 2808 [ B957538B154CE7E1433448058D43B578 ] C:\WINDOWS\system32\sdck.dll
07:50:44.0828 2808 C:\WINDOWS\system32\sdck.dll - ok
07:50:44.0828 2808 [ FEC70D19347A49368BCD214EC3A2795A ] C:\WINDOWS\system32\SDDllRes.dll
07:50:44.0828 2808 C:\WINDOWS\system32\SDDllRes.dll - ok
07:50:44.0828 2808 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
07:50:44.0828 2808 C:\WINDOWS\system32\scecli.dll - ok
07:50:44.0828 2808 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
07:50:44.0828 2808 C:\WINDOWS\system32\svchost.exe - ok
07:50:44.0828 2808 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
07:50:44.0828 2808 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll - ok
07:50:44.0828 2808 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
07:50:44.0828 2808 C:\WINDOWS\system32\ntmarta.dll - ok
07:50:44.0843 2808 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
07:50:44.0843 2808 C:\WINDOWS\system32\rpcss.dll - ok
07:50:44.0843 2808 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
07:50:44.0843 2808 C:\WINDOWS\system32\xpsp2res.dll - ok
07:50:44.0843 2808 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
07:50:44.0843 2808 C:\WINDOWS\system32\eventlog.dll - ok
07:50:44.0843 2808 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
07:50:44.0843 2808 C:\WINDOWS\system32\msimg32.dll - ok
07:50:44.0843 2808 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
07:50:44.0843 2808 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll - ok
07:50:44.0843 2808 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
07:50:44.0843 2808 C:\WINDOWS\system32\winscard.dll - ok
07:50:44.0843 2808 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
07:50:44.0843 2808 C:\WINDOWS\system32\wtsapi32.dll - ok
07:50:44.0843 2808 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
07:50:44.0843 2808 C:\WINDOWS\system32\mswsock.dll - ok
07:50:44.0843 2808 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
07:50:44.0843 2808 C:\WINDOWS\system32\hnetcfg.dll - ok
07:50:44.0859 2808 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
07:50:44.0859 2808 C:\WINDOWS\system32\rasadhlp.dll - ok
07:50:44.0859 2808 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
07:50:44.0859 2808 C:\WINDOWS\system32\winrnr.dll - ok
07:50:44.0859 2808 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
07:50:44.0859 2808 C:\WINDOWS\system32\wshtcpip.dll - ok
07:50:44.0859 2808 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
07:50:44.0859 2808 C:\WINDOWS\system32\es.dll - ok
07:50:44.0859 2808 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
07:50:44.0859 2808 C:\WINDOWS\system32\comres.dll - ok
07:50:44.0859 2808 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
07:50:44.0859 2808 C:\WINDOWS\system32\clbcatq.dll - ok
07:50:44.0859 2808 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
07:50:44.0859 2808 C:\WINDOWS\system32\sens.dll - ok
07:50:44.0859 2808 [ A651BEA60428FDD94FE21E2F5C0BBCAC ] C:\Program Files\Symantec AntiVirus\Smc.exe
07:50:44.0859 2808 C:\Program Files\Symantec AntiVirus\Smc.exe - ok
07:50:44.0859 2808 [ 4EAABFFD48173E84B7DD8A18FC47E2A1 ] C:\Program Files\Symantec AntiVirus\trident.dll
07:50:44.0859 2808 C:\Program Files\Symantec AntiVirus\trident.dll - ok
07:50:44.0859 2808 [ 72E68FF2991D461E3CFC28BDE63976DD ] C:\Program Files\Symantec AntiVirus\deuParser.dll
07:50:44.0859 2808 C:\Program Files\Symantec AntiVirus\deuParser.dll - ok
07:50:44.0875 2808 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
07:50:44.0875 2808 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
07:50:44.0875 2808 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
07:50:44.0875 2808 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
07:50:44.0875 2808 [ 02CD341071862498B32F234FC00B1F06 ] C:\Program Files\Symantec AntiVirus\tseConfig.dll
07:50:44.0875 2808 C:\Program Files\Symantec AntiVirus\tseConfig.dll - ok
07:50:44.0875 2808 [ A524179563BC23272EF85D927FECC6E8 ] C:\Program Files\Symantec AntiVirus\SpNet.dll
07:50:44.0875 2808 C:\Program Files\Symantec AntiVirus\SpNet.dll - ok
07:50:44.0875 2808 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
07:50:44.0875 2808 C:\WINDOWS\system32\cscdll.dll - ok
07:50:44.0875 2808 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
07:50:44.0875 2808 C:\WINDOWS\system32\dimsntfy.dll - ok
07:50:44.0875 2808 [ 3DD46C3BEFE7A8D522FEFE24FBDC7AFC ] C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll
07:50:44.0875 2808 C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll - ok
07:50:44.0875 2808 [ F2D81D58E9FC7F2A93AE3068DB505A1A ] C:\Program Files\Citrix\GoToAssist\615\g2aprocessfactory.exe
07:50:44.0875 2808 C:\Program Files\Citrix\GoToAssist\615\g2aprocessfactory.exe - ok
07:50:44.0875 2808 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
07:50:44.0875 2808 C:\WINDOWS\system32\wlnotify.dll - ok
07:50:44.0890 2808 [ F95CAA0758729BE2919934C836024757 ] C:\Program Files\Symantec AntiVirus\SyLog.dll
07:50:44.0890 2808 C:\Program Files\Symantec AntiVirus\SyLog.dll - ok
07:50:44.0890 2808 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
07:50:44.0890 2808 C:\WINDOWS\system32\winspool.drv - ok
07:50:44.0890 2808 [ F826A1D619190DDB920D79B36F22618E ] C:\Program Files\Symantec AntiVirus\NacManager.plg
07:50:44.0890 2808 C:\Program Files\Symantec AntiVirus\NacManager.plg - ok
07:50:44.0890 2808 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
07:50:44.0890 2808 C:\WINDOWS\system32\WgaLogon.dll - ok
07:50:44.0890 2808 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
07:50:44.0890 2808 C:\WINDOWS\system32\msxml3.dll - ok
07:50:44.0890 2808 [ 1B7524806D0270B81360C63A2FA047CB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
07:50:44.0890 2808 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll - ok
07:50:44.0890 2808 [ 41A37D78FE9C41372CE43FC0499F28F5 ] C:\Program Files\Symantec AntiVirus\SyLink.dll
07:50:44.0890 2808 C:\Program Files\Symantec AntiVirus\SyLink.dll - ok
07:50:44.0890 2808 [ FF82F417954C171B2C90A7B5AB8F8608 ] C:\Program Files\Symantec AntiVirus\DataMan.dll
07:50:44.0890 2808 C:\Program Files\Symantec AntiVirus\DataMan.dll - ok
07:50:44.0890 2808 [ C087CC88D7CD554409CBB5EBC29E8E38 ] C:\WINDOWS\system32\wininet.dll
07:50:44.0890 2808 C:\WINDOWS\system32\wininet.dll - ok
07:50:44.0906 2808 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
07:50:44.0906 2808 C:\WINDOWS\system32\wsock32.dll - ok
07:50:44.0906 2808 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
07:50:44.0906 2808 C:\WINDOWS\system32\normaliz.dll - ok
07:50:44.0906 2808 [ 28F73A450AA227894E2E6288F8681E79 ] C:\WINDOWS\system32\urlmon.dll
07:50:44.0906 2808 C:\WINDOWS\system32\urlmon.dll - ok
07:50:44.0906 2808 [ 81FAEFC42D0B236C62C3401558867FAA ] C:\WINDOWS\system32\iertutil.dll
07:50:44.0906 2808 C:\WINDOWS\system32\iertutil.dll - ok
07:50:44.0906 2808 [ 054F8865792F47F98EA3869B203A6A54 ] C:\Program Files\Symantec AntiVirus\tse.dll
07:50:44.0906 2808 C:\Program Files\Symantec AntiVirus\tse.dll - ok
07:50:44.0906 2808 [ 15F0BE0A9DAF6C4339992252B85C5CAC ] C:\Program Files\Symantec AntiVirus\PSSensor.dll
07:50:44.0906 2808 C:\Program Files\Symantec AntiVirus\PSSensor.dll - ok
07:50:44.0906 2808 [ FBA2A625F50C101A8C5650DE3CED2846 ] C:\Program Files\Symantec AntiVirus\SSSensor.dll
07:50:44.0906 2808 C:\Program Files\Symantec AntiVirus\SSSensor.dll - ok
07:50:44.0906 2808 [ F4721D588C03555AC74F3214D699F959 ] C:\Program Files\Symantec AntiVirus\idstrafficpipe.dll
07:50:44.0906 2808 C:\Program Files\Symantec AntiVirus\idstrafficpipe.dll - ok
07:50:44.0906 2808 [ 42E7233DB2138B9E37F7918FE87E2D48 ] C:\Program Files\Symantec AntiVirus\wpsman.dll
07:50:44.0906 2808 C:\Program Files\Symantec AntiVirus\wpsman.dll - ok
07:50:44.0906 2808 [ 041C0EFFA2E6EE7BCEED513443F8BE35 ] C:\Program Files\Symantec AntiVirus\TFMAN.DLL
07:50:44.0906 2808 C:\Program Files\Symantec AntiVirus\TFMAN.DLL - ok
07:50:44.0921 2808 [ 3DADD1E58720076732753E29F8D20FF2 ] C:\Program Files\Symantec AntiVirus\SgHI.dll
07:50:44.0921 2808 C:\Program Files\Symantec AntiVirus\SgHI.dll - ok
07:50:44.0921 2808 [ AC90F092535B8244BD8A17E4798C16B7 ] C:\Program Files\Symantec AntiVirus\sfConfig.dll
07:50:44.0921 2808 C:\Program Files\Symantec AntiVirus\sfConfig.dll - ok
07:50:44.0921 2808 [ 24AD05C45EF8D880F031CE292969BBEB ] C:\Program Files\Symantec AntiVirus\sgConfig.dll
07:50:44.0921 2808 C:\Program Files\Symantec AntiVirus\sgConfig.dll - ok
07:50:44.0921 2808 [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
07:50:44.0921 2808 C:\WINDOWS\system32\snmpapi.dll - ok
07:50:44.0921 2808 [ 1F29EE51087D054D8B29A5461FCDE861 ] C:\Program Files\Symantec AntiVirus\Netport.dll
07:50:44.0921 2808 C:\Program Files\Symantec AntiVirus\Netport.dll - ok
07:50:44.0921 2808 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
07:50:44.0921 2808 C:\WINDOWS\system32\msi.dll - ok
07:50:44.0921 2808 [ 9090454E6772F7CFBCE240BF4DC5F7E8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
07:50:44.0921 2808 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll - ok
07:50:44.0921 2808 [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe
07:50:44.0921 2808 C:\WINDOWS\system32\mpnotify.exe - ok
07:50:44.0921 2808 [ DC3D00545AFA649D5A18F6955E9A06C2 ] C:\Program Files\Symantec AntiVirus\SnacNp.dll
07:50:44.0921 2808 C:\Program Files\Symantec AntiVirus\SnacNp.dll - ok
07:50:44.0937 2808 [ F23BB88B47C0B7A9999E7EE79CA99B1E ] C:\Program Files\Common Files\Symantec Shared\ccL608.dll
07:50:44.0937 2808 C:\Program Files\Common Files\Symantec Shared\ccL608.dll - ok
07:50:44.0937 2808 [ 05C8EA6E65C58B71A735F1A6F9E9CCE7 ] C:\Program Files\Symantec AntiVirus\res\1033\SmcRes.dll
07:50:44.0937 2808 C:\Program Files\Symantec AntiVirus\res\1033\SmcRes.dll - ok
07:50:44.0937 2808 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
07:50:44.0937 2808 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
07:50:44.0937 2808 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
07:50:44.0937 2808 C:\WINDOWS\system32\dhcpcsvc.dll - ok
07:50:44.0937 2808 [ 412682035046DCCB20D82465E54D1179 ] C:\Program Files\Symantec AntiVirus\res\1033\TseConfigRes.dll
07:50:44.0937 2808 C:\Program Files\Symantec AntiVirus\res\1033\TseConfigRes.dll - ok
07:50:44.0937 2808 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
07:50:44.0937 2808 C:\WINDOWS\system32\dnsrslvr.dll - ok
07:50:44.0937 2808 [ ADC03EA34D3F64025F88FF880E475EF4 ] C:\Program Files\Symantec AntiVirus\AVMan.plg
07:50:44.0937 2808 C:\Program Files\Symantec AntiVirus\AVMan.plg - ok
07:50:44.0937 2808 [ F078835AB17647E1E0B05285A7164B03 ] C:\Program Files\Symantec AntiVirus\GUProxy.plg
07:50:44.0937 2808 C:\Program Files\Symantec AntiVirus\GUProxy.plg - ok
07:50:44.0937 2808 [ FA92824BB1A3793280EB8C885E7E93FA ] C:\Program Files\Symantec AntiVirus\LuMan.plg
07:50:44.0937 2808 C:\Program Files\Symantec AntiVirus\LuMan.plg - ok
07:50:44.0953 2808 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
07:50:44.0953 2808 C:\WINDOWS\system32\lmhsvc.dll - ok
07:50:44.0953 2808 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
07:50:44.0953 2808 C:\WINDOWS\system32\mprapi.dll - ok
07:50:44.0953 2808 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
07:50:44.0953 2808 C:\WINDOWS\system32\wzcsvc.dll - ok
07:50:44.0953 2808 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
07:50:44.0953 2808 C:\WINDOWS\system32\activeds.dll - ok
07:50:44.0953 2808 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
07:50:44.0953 2808 C:\WINDOWS\system32\adsldpc.dll - ok
07:50:44.0953 2808 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
07:50:44.0953 2808 C:\WINDOWS\system32\rtutils.dll - ok
07:50:44.0953 2808 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
07:50:44.0953 2808 C:\WINDOWS\system32\atl.dll - ok
07:50:44.0953 2808 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
07:50:44.0953 2808 C:\WINDOWS\system32\eapolqec.dll - ok
07:50:44.0953 2808 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
07:50:44.0953 2808 C:\WINDOWS\system32\wmi.dll - ok
07:50:44.0968 2808 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
07:50:44.0968 2808 C:\WINDOWS\system32\qutil.dll - ok
07:50:44.0968 2808 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
07:50:44.0968 2808 C:\WINDOWS\system32\dot3api.dll - ok
07:50:44.0968 2808 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
07:50:44.0968 2808 C:\WINDOWS\system32\esent.dll - ok
07:50:44.0968 2808 [ 9EEFE69139FDBB4A3C327630F8EB993A ] C:\WINDOWS\system32\wlanapi.dll
07:50:44.0968 2808 C:\WINDOWS\system32\wlanapi.dll - ok
07:50:44.0968 2808 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
07:50:44.0968 2808 C:\WINDOWS\system32\wzcsapi.dll - ok
07:50:44.0968 2808 [ 7AEFEBD8C713B97F14A216B4181F725D ] C:\Program Files\Symantec AntiVirus\res\1033\AVManRes.dll
07:50:44.0968 2808 C:\Program Files\Symantec AntiVirus\res\1033\AVManRes.dll - ok
07:50:44.0968 2808 [ 2B264B0F9ED2CB2B66434A7F0726E905 ] C:\Program Files\Symantec AntiVirus\AvPluginImpl.dll
07:50:44.0968 2808 C:\Program Files\Symantec AntiVirus\AvPluginImpl.dll - ok
07:50:44.0968 2808 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
07:50:44.0968 2808 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll - ok
07:50:44.0968 2808 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
07:50:44.0968 2808 C:\WINDOWS\system32\rasapi32.dll - ok
07:50:44.0984 2808 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
07:50:44.0984 2808 C:\WINDOWS\system32\rasman.dll - ok
07:50:44.0984 2808 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
07:50:44.0984 2808 C:\WINDOWS\system32\tapi32.dll - ok
07:50:44.0984 2808 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
07:50:44.0984 2808 C:\WINDOWS\system32\shfolder.dll - ok
07:50:44.0984 2808 [ F187AD5FC510F671E23245309AAFCAAF ] C:\Program Files\Symantec AntiVirus\res\1033\GUProxyRes.dll
07:50:44.0984 2808 C:\Program Files\Symantec AntiVirus\res\1033\GUProxyRes.dll - ok
07:50:44.0984 2808 [ B2CD077F51ECCC89D3D2550F3841D6F3 ] C:\Program Files\Symantec AntiVirus\res\1033\LUManRes.dll
07:50:44.0984 2808 C:\Program Files\Symantec AntiVirus\res\1033\LUManRes.dll - ok
07:50:44.0984 2808 [ 64E3F5AEC324AF31E88A4B6846571156 ] C:\Program Files\Symantec AntiVirus\SescLU.exe
07:50:44.0984 2808 C:\Program Files\Symantec AntiVirus\SescLU.exe - ok
07:50:44.0984 2808 [ E518F62496F73A1F2CD1A07AACC031D0 ] C:\Program Files\Symantec AntiVirus\SescLUPS.dll
07:50:44.0984 2808 C:\Program Files\Symantec AntiVirus\SescLUPS.dll - ok
07:50:44.0984 2808 [ 735EA9D17CC07BD309E56A41C876736B ] C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
07:50:44.0984 2808 C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll - ok
07:50:44.0984 2808 [ A94DC60A90EFD7A35C36D971E3EE7470 ] C:\WINDOWS\system32\MSVCP71.DLL
07:50:44.0984 2808 C:\WINDOWS\system32\MSVCP71.DLL - ok
07:50:44.0984 2808 [ CA2F560921B7B8BE1CF555A5A18D54C3 ] C:\WINDOWS\system32\MSVCR71.DLL
07:50:44.0984 2808 C:\WINDOWS\system32\MSVCR71.DLL - ok
07:50:45.0000 2808 [ 490C8C13B836FF98CBEC7639C4D61E4A ] C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
07:50:45.0000 2808 C:\Program Files\Common Files\Symantec Shared\ccL60U.dll - ok
07:50:45.0000 2808 [ 002DC0CDD664FDE2622A7282E2E4276B ] C:\Program Files\Symantec AntiVirus\SymRasMan.dll
07:50:45.0000 2808 C:\Program Files\Symantec AntiVirus\SymRasMan.dll - ok
07:50:45.0000 2808 [ 5E68928BA2412E60FF1C61441313CF8D ] C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
07:50:45.0000 2808 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - ok
07:50:45.0000 2808 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
07:50:45.0000 2808 C:\WINDOWS\system32\cryptui.dll - ok
07:50:45.0000 2808 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
07:50:45.0000 2808 C:\WINDOWS\system32\dbghelp.dll - ok
07:50:45.0000 2808 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
07:50:45.0000 2808 C:\WINDOWS\system32\rastls.dll - ok
07:50:45.0000 2808 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
07:50:45.0000 2808 C:\WINDOWS\system32\riched20.dll - ok
07:50:45.0000 2808 [ EEF2AC3990BB04850E5F2382E388B674 ] C:\WINDOWS\system32\SymNeti.dll
07:50:45.0000 2808 C:\WINDOWS\system32\SymNeti.dll - ok
07:50:45.0015 2808 [ 8BE57576F22EB824F966E984BDD09D94 ] C:\Program Files\Symantec AntiVirus\RasSymEap.dll
07:50:45.0015 2808 C:\Program Files\Symantec AntiVirus\RasSymEap.dll - ok
07:50:45.0015 2808 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
07:50:45.0015 2808 C:\WINDOWS\system32\raschap.dll - ok
07:50:45.0015 2808 [ DD95B87673F9BD32493F3E0AB035726B ] C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll
07:50:45.0015 2808 C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll - ok
07:50:45.0015 2808 [ 3A54C47B4E43BC4170ABAB7D12FEE4F8 ] C:\Program Files\Common Files\Symantec Shared\ccSet.dll
07:50:45.0015 2808 C:\Program Files\Common Files\Symantec Shared\ccSet.dll - ok
07:50:45.0015 2808 [ 329749BFE9AE1EBF8C06E85266FF9FA0 ] C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
07:50:45.0015 2808 C:\Program Files\Common Files\Symantec Shared\ccSvc.dll - ok
07:50:45.0015 2808 [ F2863317585E2E597B3AF25EB18703DF ] C:\Program Files\Common Files\Symantec Shared\ccSetPlg.dll
07:50:45.0015 2808 C:\Program Files\Common Files\Symantec Shared\ccSetPlg.dll - ok
07:50:45.0015 2808 [ 8EDFF847243A37A6229C1AEF64D29AE7 ] C:\Program Files\Common Files\Symantec Shared\SAVSubmissionEngine\SUBENG.dll
07:50:45.0015 2808 C:\Program Files\Common Files\Symantec Shared\SAVSubmissionEngine\SUBENG.dll - ok
07:50:45.0015 2808 [ 945814E6A9A4F7B2043F01714DFB7FB3 ] C:\Program Files\Symantec AntiVirus\res\1033\SUBRES.loc
07:50:45.0015 2808 C:\Program Files\Symantec AntiVirus\res\1033\SUBRES.loc - ok
07:50:45.0015 2808 [ 56BB1A98E1B71D913439AC1ABBA87E5D ] C:\Program Files\Common Files\Symantec Shared\SNDSvc.dll
07:50:45.0015 2808 C:\Program Files\Common Files\Symantec Shared\SNDSvc.dll - ok
07:50:45.0031 2808 [ 009BD8B4BFE5B99683AA2BE8A3DC0346 ] C:\Program Files\Common Files\Symantec Shared\ccL60.dll
07:50:45.0031 2808 C:\Program Files\Common Files\Symantec Shared\ccL60.dll - ok
07:50:45.0031 2808 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
07:50:45.0031 2808 C:\WINDOWS\system32\netman.dll - ok
07:50:45.0031 2808 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
07:50:45.0031 2808 C:\WINDOWS\system32\netshell.dll - ok
07:50:45.0031 2808 [ 59A7A606B158D4B9A2F966FA179ED0C4 ] C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130721.020\CCERASER.DLL
07:50:45.0031 2808 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130721.020\CCERASER.DLL - ok
07:50:45.0031 2808 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
07:50:45.0031 2808 C:\WINDOWS\system32\credui.dll - ok
07:50:45.0031 2808 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
07:50:45.0031 2808 C:\WINDOWS\system32\dot3dlg.dll - ok
07:50:45.0031 2808 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
07:50:45.0031 2808 C:\WINDOWS\system32\eappcfg.dll - ok
07:50:45.0031 2808 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
07:50:45.0031 2808 C:\WINDOWS\system32\onex.dll - ok
07:50:45.0031 2808 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
07:50:45.0031 2808 C:\WINDOWS\system32\eappprxy.dll - ok
07:50:45.0031 2808 [ 8D742B1233A9D7706A908374FA087AC3 ] C:\Program Files\Common Files\Symantec Shared\ccEvtPlg.dll
07:50:45.0031 2808 C:\Program Files\Common Files\Symantec Shared\ccEvtPlg.dll - ok
07:50:45.0046 2808 [ E43C60ED58B8E97EBA5241F0042F6666 ] C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll
07:50:45.0046 2808 C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll - ok
07:50:45.0046 2808 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
07:50:45.0046 2808 C:\WINDOWS\system32\schedsvc.dll - ok
07:50:45.0046 2808 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
07:50:45.0046 2808 C:\WINDOWS\system32\msidle.dll - ok
07:50:45.0046 2808 [ ABF355FF90416C601076B8F5AD9968CA ] C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll
07:50:45.0046 2808 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll - ok
07:50:45.0046 2808 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
07:50:45.0046 2808 C:\WINDOWS\system32\spoolsv.exe - ok
07:50:45.0046 2808 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
07:50:45.0046 2808 C:\WINDOWS\system32\audiosrv.dll - ok
07:50:45.0046 2808 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
07:50:45.0046 2808 C:\WINDOWS\system32\wkssvc.dll - ok
07:50:45.0046 2808 [ 0E6DACCCB9001053E1041BD943ED00F0 ] C:\Program Files\Common Files\Symantec Shared\SRTSP\Srtsp32.dll
07:50:45.0046 2808 C:\Program Files\Common Files\Symantec Shared\SRTSP\Srtsp32.dll - ok
07:50:45.0046 2808 [ CD8504A609F33DA68731797B444CA00F ] C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
07:50:45.0046 2808 C:\Program Files\Common Files\Symantec Shared\ccProSub.dll - ok
07:50:45.0062 2808 [ 63E8D944AFBEEBB243F25C4ED07E74C5 ] C:\WINDOWS\system32\inetmib1.dll
07:50:45.0062 2808 C:\WINDOWS\system32\inetmib1.dll - ok
07:50:45.0062 2808 [ 1FF73971B5ADBFAC9BBBA4316BDFF247 ] C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
07:50:45.0062 2808 C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll - ok
07:50:45.0062 2808 [ 2FBA4A621002F76AEA782B94E0DB1405 ] C:\Program Files\Symantec AntiVirus\res\1033\SgHIRes.dll
07:50:45.0062 2808 C:\Program Files\Symantec AntiVirus\res\1033\SgHIRes.dll - ok
07:50:45.0062 2808 [ 1F1D608ABCC34CA2A5369C95B47605F0 ] C:\WINDOWS\system32\atl71.dll
07:50:45.0062 2808 C:\WINDOWS\system32\atl71.dll - ok
07:50:45.0062 2808 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
07:50:45.0062 2808 C:\WINDOWS\system32\netcfgx.dll - ok
07:50:45.0062 2808 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
07:50:45.0062 2808 C:\WINDOWS\system32\clusapi.dll - ok
07:50:45.0062 2808 [ 0DFA4D5E8205614EDA53394E637812E4 ] C:\WINDOWS\system32\vdmdbg.dll
07:50:45.0062 2808 C:\WINDOWS\system32\vdmdbg.dll - ok
07:50:45.0062 2808 [ 8146BC28E499EC5935AA2154F1B56717 ] C:\Program Files\Symantec AntiVirus\res\1033\SpNetRes.dll
07:50:45.0062 2808 C:\Program Files\Symantec AntiVirus\res\1033\SpNetRes.dll - ok
07:50:45.0078 2808 [ 686CDD701602EF868589987F810DEEDD ] C:\Program Files\Symantec AntiVirus\res\1033\tseRes.dll
07:50:45.0078 2808 C:\Program Files\Symantec AntiVirus\res\1033\tseRes.dll - ok
07:50:45.0078 2808 [ F412B069CB5D337110F65169CC425A2B ] C:\Program Files\Symantec\LiveUpdate\ProductRegCom_3_3.DLL
07:50:45.0078 2808 C:\Program Files\Symantec\LiveUpdate\ProductRegCom_3_3.DLL - ok
07:50:45.0078 2808 [ FB9D14F015A7989069F1247C6D0350D7 ] C:\Program Files\Symantec\LiveUpdate\NetDetectController_3_3.DLL
07:50:45.0078 2808 C:\Program Files\Symantec\LiveUpdate\NetDetectController_3_3.DLL - ok
07:50:45.0078 2808 [ 4B1BC262B76232056F3B247C37F26940 ] C:\Program Files\Symantec\LiveUpdate\MFC71.DLL
07:50:45.0078 2808 C:\Program Files\Symantec\LiveUpdate\MFC71.DLL - ok
07:50:45.0078 2808 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
07:50:45.0078 2808 C:\WINDOWS\system32\cscui.dll - ok
07:50:45.0078 2808 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
07:50:45.0078 2808 C:\WINDOWS\system32\powrprof.dll - ok
07:50:45.0078 2808 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
07:50:45.0078 2808 C:\WINDOWS\system32\wdmaud.drv - ok
07:50:45.0078 2808 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
07:50:45.0078 2808 C:\WINDOWS\system32\dpcdll.dll - ok
07:50:45.0078 2808 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
07:50:45.0078 2808 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
07:50:45.0078 2808 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
07:50:45.0078 2808 C:\WINDOWS\system32\drprov.dll - ok
07:50:45.0093 2808 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
07:50:45.0093 2808 C:\WINDOWS\system32\ntlanman.dll - ok
07:50:45.0093 2808 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
07:50:45.0093 2808 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
07:50:45.0093 2808 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
07:50:45.0093 2808 C:\WINDOWS\system32\netui0.dll - ok
07:50:45.0093 2808 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
07:50:45.0093 2808 C:\WINDOWS\system32\netui1.dll - ok
07:50:45.0093 2808 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
07:50:45.0093 2808 C:\WINDOWS\system32\netrap.dll - ok
07:50:45.0093 2808 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
07:50:45.0093 2808 C:\WINDOWS\system32\davclnt.dll - ok
07:50:45.0093 2808 [ 69A5ADF546505F4C69EF3046BF798B49 ] C:\WINDOWS\system32\mprui.dll
07:50:45.0093 2808 C:\WINDOWS\system32\mprui.dll - ok
07:50:45.0093 2808 [ 1414E666316CA7D9823DBD2D4ADA5971 ] C:\WINDOWS\system32\netui2.dll
07:50:45.0093 2808 C:\WINDOWS\system32\netui2.dll - ok
07:50:45.0093 2808 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
07:50:45.0093 2808 C:\WINDOWS\system32\netmsg.dll - ok
07:50:45.0109 2808 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
07:50:45.0109 2808 C:\WINDOWS\system32\drivers\splitter.sys - ok
07:50:45.0109 2808 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
07:50:45.0109 2808 C:\WINDOWS\system32\drivers\aec.sys - ok
07:50:45.0109 2808 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
07:50:45.0109 2808 C:\WINDOWS\system32\drivers\swmidi.sys - ok
07:50:45.0109 2808 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
07:50:45.0109 2808 C:\WINDOWS\system32\drivers\dmusic.sys - ok
07:50:45.0109 2808 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
07:50:45.0109 2808 C:\WINDOWS\system32\drivers\kmixer.sys - ok
07:50:45.0109 2808 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
07:50:45.0109 2808 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
07:50:45.0109 2808 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
07:50:45.0109 2808 C:\WINDOWS\system32\midimap.dll - ok
07:50:45.0109 2808 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
07:50:45.0109 2808 C:\WINDOWS\system32\msacm32.drv - ok
07:50:45.0109 2808 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
07:50:45.0109 2808 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
07:50:45.0125 2808 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
07:50:45.0125 2808 C:\WINDOWS\system32\webclnt.dll - ok
07:50:45.0125 2808 [ 6163664C7E9CD110AF70180C126C3FDC ] C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
07:50:45.0125 2808 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe - ok
07:50:45.0125 2808 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:50:45.0125 2808 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
07:50:45.0125 2808 [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
07:50:45.0125 2808 C:\WINDOWS\system32\qmgr.dll - ok
07:50:45.0125 2808 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
07:50:45.0125 2808 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
07:50:45.0125 2808 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
07:50:45.0125 2808 C:\WINDOWS\system32\winhttp.dll - ok
07:50:45.0125 2808 [ B04DB1F0B2652FCBCCC5FD0C46579F0F ] C:\WINDOWS\system32\mscoree.dll
07:50:45.0125 2808 C:\WINDOWS\system32\mscoree.dll - ok
07:50:45.0125 2808 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
07:50:45.0125 2808 C:\WINDOWS\system32\cryptsvc.dll - ok
07:50:45.0125 2808 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
07:50:45.0125 2808 C:\WINDOWS\system32\certcli.dll - ok
07:50:45.0140 2808 [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe
07:50:45.0140 2808 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
07:50:45.0140 2808 [ FF60B8C5BBE73B0790B3332783B6FD81 ] C:\Program Files\Google\Update\1.3.21.153\goopdate.dll
07:50:45.0140 2808 C:\Program Files\Google\Update\1.3.21.153\goopdate.dll - ok
07:50:45.0140 2808 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
07:50:45.0140 2808 C:\WINDOWS\system32\dmserver.dll - ok
07:50:45.0140 2808 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
07:50:45.0140 2808 C:\WINDOWS\system32\ersvc.dll - ok
07:50:45.0140 2808 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
07:50:45.0140 2808 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
07:50:45.0140 2808 [ 994AD0D8550B8B26990A6E3AA0791502 ] C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
07:50:45.0140 2808 C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll - ok
07:50:45.0140 2808 [ 5559AFA146673F4C34D1B8AC1297F0AB ] C:\WINDOWS\system32\IPROSetMonitor.exe
07:50:45.0140 2808 C:\WINDOWS\system32\IPROSetMonitor.exe - ok
07:50:45.0140 2808 [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll
07:50:45.0140 2808 C:\WINDOWS\system32\msvcp100.dll - ok
07:50:45.0140 2808 [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll
07:50:45.0140 2808 C:\WINDOWS\system32\msvcr100.dll - ok
07:50:45.0140 2808 [ 8726802EA4FBFFA3FD54FD2449BF51D4 ] C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
07:50:45.0140 2808 C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe - ok
07:50:45.0156 2808 [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
07:50:45.0156 2808 C:\WINDOWS\system32\mstask.dll - ok
07:50:45.0156 2808 [ A1509BA3A5FDC5366146E92B3D130EB5 ] C:\Program Files\Java\jre7\bin\jqs.exe
07:50:45.0156 2808 C:\Program Files\Java\jre7\bin\jqs.exe - ok
07:50:45.0156 2808 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
07:50:45.0156 2808 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
07:50:45.0156 2808 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
07:50:45.0156 2808 C:\WINDOWS\system32\hid.dll - ok
07:50:45.0156 2808 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
07:50:45.0156 2808 C:\WINDOWS\system32\hidserv.dll - ok
07:50:45.0156 2808 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
07:50:45.0156 2808 C:\WINDOWS\system32\odbcbcp.dll - ok
07:50:45.0156 2808 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
07:50:45.0156 2808 C:\WINDOWS\system32\pdh.dll - ok
07:50:45.0156 2808 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
07:50:45.0156 2808 C:\WINDOWS\system32\srvsvc.dll - ok
07:50:45.0156 2808 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
07:50:45.0156 2808 C:\WINDOWS\system32\drivers\srv.sys - ok
07:50:45.0171 2808 [ 7CF1B716372B89568AE4C0FE769F5869 ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
07:50:45.0171 2808 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe - ok
07:50:45.0171 2808 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
07:50:45.0171 2808 C:\WINDOWS\system32\userinit.exe - ok
07:50:45.0171 2808 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
07:50:45.0171 2808 C:\WINDOWS\system32\spoolss.dll - ok
07:50:45.0171 2808 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
07:50:45.0171 2808 C:\WINDOWS\system32\ipsecsvc.dll - ok
07:50:45.0171 2808 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
07:50:45.0171 2808 C:\WINDOWS\system32\localspl.dll - ok
07:50:45.0171 2808 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
07:50:45.0171 2808 C:\WINDOWS\system32\regsvc.dll - ok
07:50:45.0171 2808 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
07:50:45.0171 2808 C:\WINDOWS\system32\seclogon.dll - ok
07:50:45.0171 2808 [ 777115C9CC675BD98127660712D2F784 ] C:\Program Files\Dell Support Center\bin\sprtsvc.exe
07:50:45.0171 2808 C:\Program Files\Dell Support Center\bin\sprtsvc.exe - ok
07:50:45.0171 2808 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
07:50:45.0171 2808 C:\WINDOWS\system32\oakley.dll - ok
07:50:45.0171 2808 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
07:50:45.0171 2808 C:\WINDOWS\system32\cnbjmon.dll - ok
07:50:45.0187 2808 [ 2009DCC4DD49AD3FF5F74D675C98428B ] C:\WINDOWS\system32\dtmon.dll
07:50:45.0187 2808 C:\WINDOWS\system32\dtmon.dll - ok
07:50:45.0187 2808 [ 59EDCE79FBD09E7B3F493B8DF3FC21F5 ] C:\WINDOWS\system32\HP2030LM.DLL
07:50:45.0187 2808 C:\WINDOWS\system32\HP2030LM.DLL - ok
07:50:45.0187 2808 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
07:50:45.0187 2808 C:\WINDOWS\system32\winipsec.dll - ok
07:50:45.0187 2808 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
07:50:45.0187 2808 C:\WINDOWS\system32\WgaTray.exe - ok
07:50:45.0187 2808 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
07:50:45.0187 2808 C:\WINDOWS\system32\psbase.dll - ok
07:50:45.0187 2808 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
07:50:45.0187 2808 C:\WINDOWS\system32\pstorsvc.dll - ok
07:50:45.0187 2808 [ 95647F820CBC025676D7B407E2BCFBE6 ] C:\WINDOWS\system32\mdimon.dll
07:50:45.0187 2808 C:\WINDOWS\system32\mdimon.dll - ok
07:50:45.0187 2808 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
07:50:45.0187 2808 C:\WINDOWS\explorer.exe - ok
07:50:45.0187 2808 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
07:50:45.0187 2808 C:\WINDOWS\system32\dssenh.dll - ok
07:50:45.0203 2808 [ CC6292CA575E851E5B74BF8883AB967A ] C:\WINDOWS\system32\fxsmon.dll
07:50:45.0203 2808 C:\WINDOWS\system32\fxsmon.dll - ok
07:50:45.0203 2808 [ BDB83C844EDEC9BD01A94750D2C38DDF ] C:\WINDOWS\system32\fxsevent.dll
07:50:45.0203 2808 C:\WINDOWS\system32\fxsevent.dll - ok
07:50:45.0203 2808 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
07:50:45.0203 2808 C:\WINDOWS\system32\perfos.dll - ok
07:50:45.0203 2808 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:50:45.0203 2808 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe - ok
07:50:45.0203 2808 [ E877A06B49B9619E6F38E00EE27C9CC7 ] C:\WINDOWS\system32\OPSTDMON.DLL
07:50:45.0203 2808 C:\WINDOWS\system32\OPSTDMON.DLL - ok
07:50:45.0203 2808 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
07:50:45.0203 2808 C:\WINDOWS\system32\perfdisk.dll - ok
07:50:45.0203 2808 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
07:50:45.0203 2808 C:\WINDOWS\system32\pjlmon.dll - ok
07:50:45.0203 2808 [ 9F17FF83D13C84C1E6E370D66CD2A75A ] C:\WINDOWS\system32\ricA5Hlm.dll
07:50:45.0203 2808 C:\WINDOWS\system32\ricA5Hlm.dll - ok
07:50:45.0203 2808 [ 9F17FF83D13C84C1E6E370D66CD2A75A ] C:\WINDOWS\system32\rc4mon.dll
07:50:45.0203 2808 C:\WINDOWS\system32\rc4mon.dll - ok
07:50:45.0218 2808 [ 178F4C0BA4C8A7E57A844E37F6E109E2 ] C:\WINDOWS\system32\scnwpm.dll
07:50:45.0218 2808 C:\WINDOWS\system32\scnwpm.dll - ok
07:50:45.0218 2808 [ 8E8D1251C52DE0256C076CAAA79AF327 ] C:\Program Files\Dell Support Center\bin\sprtsched.dll
07:50:45.0218 2808 C:\Program Files\Dell Support Center\bin\sprtsched.dll - ok
07:50:45.0218 2808 [ 7B193BA3F0245D5867B71AD1CF631474 ] C:\Program Files\Microsoft SQL Server\90\Shared\instapi.dll
07:50:45.0218 2808 C:\Program Files\Microsoft SQL Server\90\Shared\instapi.dll - ok
07:50:45.0218 2808 [ D89083C4EB02DACA8F944B0E05E57F9D ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:50:45.0218 2808 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe - ok
07:50:45.0218 2808 [ 60B2312B7E3E7C401C62D01C19CA9430 ] C:\WINDOWS\system32\scnwpmr.dll
07:50:45.0218 2808 C:\WINDOWS\system32\scnwpmr.dll - ok
07:50:45.0218 2808 [ D43856DCBB8CD9BE0D6DC3575C7D6857 ] C:\WINDOWS\system32\SH2DLMON.dll
07:50:45.0218 2808 C:\WINDOWS\system32\SH2DLMON.dll - ok
07:50:45.0218 2808 [ 5E01A557F93DA2A2103CAFB2E4A53B6E ] C:\WINDOWS\system32\SN0ELMON.dll
07:50:45.0218 2808 C:\WINDOWS\system32\SN0ELMON.dll - ok
07:50:45.0218 2808 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
07:50:45.0218 2808 C:\WINDOWS\system32\tcpmon.dll - ok
07:50:45.0218 2808 [ D1E2786D29A34009A54868B6B0449296 ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss_xp.dll
07:50:45.0218 2808 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss_xp.dll - ok
07:50:45.0234 2808 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
07:50:45.0234 2808 C:\WINDOWS\system32\srsvc.dll - ok
07:50:45.0234 2808 [ D880FBD65B6F4885AC89628225B91398 ] C:\Program Files\Symantec AntiVirus\Rtvscan.exe
07:50:45.0234 2808 C:\Program Files\Symantec AntiVirus\Rtvscan.exe - ok
07:50:45.0234 2808 [ 8357809E111E09393633039769D96281 ] C:\WINDOWS\system32\tcpmib.dll
07:50:45.0234 2808 C:\WINDOWS\system32\tcpmib.dll - ok
07:50:45.0234 2808 [ 1E744353BD534405187A404667DA3DC3 ] C:\WINDOWS\system32\mgmtapi.dll
07:50:45.0234 2808 C:\WINDOWS\system32\mgmtapi.dll - ok
07:50:45.0234 2808 [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll
07:50:45.0234 2808 C:\WINDOWS\system32\wsnmp32.dll - ok
07:50:45.0234 2808 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
07:50:45.0234 2808 C:\WINDOWS\system32\usbmon.dll - ok
07:50:45.0234 2808 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
07:50:45.0234 2808 C:\WINDOWS\system32\vssapi.dll - ok
07:50:45.0234 2808 [ 3727C16C0E41315846DD8642A0102FBE ] C:\Program Files\Symantec AntiVirus\I2ldvp3.dll
07:50:45.0234 2808 C:\Program Files\Symantec AntiVirus\I2ldvp3.dll - ok
07:50:45.0234 2808 [ 48740FD1EB10216CC598196A59F755A5 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\crprproc.dll
07:50:45.0234 2808 C:\WINDOWS\system32\spool\prtprocs\w32x86\crprproc.dll - ok
07:50:45.0250 2808 [ A9FFEEF6D8B8F1D8992409D40E11C477 ] C:\Program Files\Symantec AntiVirus\res\1033\ActaRes.dll
07:50:45.0250 2808 C:\Program Files\Symantec AntiVirus\res\1033\ActaRes.dll - ok
07:50:45.0250 2808 [ 0AB6629467D8F073B762FCA1D416BF2D ] C:\Program Files\Dell Support Center\bin\sprtfod.dll
07:50:45.0250 2808 C:\Program Files\Dell Support Center\bin\sprtfod.dll - ok
07:50:45.0250 2808 [ 4424AE65F7AF8181AC99FE46BC2700C9 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
07:50:45.0250 2808 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
07:50:45.0250 2808 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
07:50:45.0250 2808 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
07:50:45.0250 2808 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
07:50:45.0250 2808 C:\WINDOWS\system32\cryptnet.dll - ok
07:50:45.0250 2808 [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
07:50:45.0250 2808 C:\WINDOWS\system32\LegitCheckControl.dll - ok
07:50:45.0250 2808 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
07:50:45.0250 2808 C:\WINDOWS\system32\sensapi.dll - ok
07:50:45.0250 2808 [ 1E770753C8B2A9E7E46B8DBAE2835C48 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\OPLAPP3.DLL
07:50:45.0250 2808 C:\WINDOWS\system32\spool\prtprocs\w32x86\OPLAPP3.DLL - ok
07:50:45.0250 2808 [ CDD90FA1AF84F483C37CA60FB56DE5D2 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\zimfprnt.dll
07:50:45.0250 2808 C:\WINDOWS\system32\spool\prtprocs\w32x86\zimfprnt.dll - ok
07:50:45.0265 2808 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
07:50:45.0265 2808 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
07:50:45.0265 2808 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
07:50:45.0265 2808 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
07:50:45.0265 2808 [ 0CC7DA54F5FED71160C3FC13E9F972FC ] C:\WINDOWS\system32\ZIMF.DLL
07:50:45.0265 2808 C:\WINDOWS\system32\ZIMF.DLL - ok
07:50:45.0265 2808 [ 26CB061D38512FE493EE8E7D4272A8B3 ] C:\WINDOWS\system32\ztag.dll
07:50:45.0265 2808 C:\WINDOWS\system32\ztag.dll - ok
07:50:45.0265 2808 [ 067239789BD7591F5EAA24DAB63D261A ] C:\WINDOWS\system32\zspool.dll
07:50:45.0265 2808 C:\WINDOWS\system32\zspool.dll - ok
07:50:45.0265 2808 [ 68EBF2AD5DE1DFBEC9C3A47D19609C06 ] C:\Program Files\Symantec AntiVirus\res\1033\PScanRes.dll
07:50:45.0265 2808 C:\Program Files\Symantec AntiVirus\res\1033\PScanRes.dll - ok
07:50:45.0265 2808 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
07:50:45.0265 2808 C:\WINDOWS\system32\tapisrv.dll - ok
07:50:45.0265 2808 [ DBF92622D6BF9178DFB77A311B9A18FC ] C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe
07:50:45.0265 2808 C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe - ok
07:50:45.0265 2808 [ 5C5209B04B1942A534259C2AB7BB1EEA ] C:\Program Files\Dell Support Center\bin\libeay32.dll
07:50:45.0265 2808 C:\Program Files\Dell Support Center\bin\libeay32.dll - ok
07:50:45.0265 2808 [ 3660FD39641C1A6BDF3913420751D8F8 ] C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL
07:50:45.0265 2808 C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL - ok
07:50:45.0281 2808 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
07:50:45.0281 2808 C:\WINDOWS\system32\trkwks.dll - ok
07:50:45.0281 2808 [ 3F6EB659EAFE787A0D51BDDE010D868C ] C:\WINDOWS\system32\CDFltInst.dll
07:50:45.0281 2808 C:\WINDOWS\system32\CDFltInst.dll - ok
07:50:45.0281 2808 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
07:50:45.0281 2808 C:\WINDOWS\system32\win32spl.dll - ok
07:50:45.0281 2808 [ 27DF2E313052DB2270972AD7CB15C8DB ] C:\Program Files\Dell Support Center\bin\sprtsync.dll
07:50:45.0281 2808 C:\Program Files\Dell Support Center\bin\sprtsync.dll - ok
07:50:45.0281 2808 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
07:50:45.0281 2808 C:\WINDOWS\system32\inetpp.dll - ok
07:50:45.0281 2808 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
07:50:45.0281 2808 C:\WINDOWS\system32\icaapi.dll - ok
07:50:45.0281 2808 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
07:50:45.0281 2808 C:\WINDOWS\system32\termsrv.dll - ok
07:50:45.0281 2808 [ F136C9D0CABDE744AC9CD0B1023CF3BE ] C:\WINDOWS\system32\WMServiceHlper.dll
07:50:45.0281 2808 C:\WINDOWS\system32\WMServiceHlper.dll - ok
07:50:45.0281 2808 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
07:50:45.0281 2808 C:\WINDOWS\system32\mstlsapi.dll - ok
07:50:45.0296 2808 [ E4D3F600CFF1E76950ABB0D790F2A1EF ] C:\Program Files\Dell Support Center\bin\sprtupdate.dll
07:50:45.0296 2808 C:\Program Files\Dell Support Center\bin\sprtupdate.dll - ok
07:50:45.0296 2808 [ F1DAC7969C1337AF790BD1D981AA780C ] C:\WINDOWS\system32\qmgrprxy.dll
07:50:45.0296 2808 C:\WINDOWS\system32\qmgrprxy.dll - ok
07:50:45.0296 2808 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
07:50:45.0296 2808 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
07:50:45.0296 2808 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
07:50:45.0296 2808 C:\WINDOWS\system32\comsvcs.dll - ok
07:50:45.0296 2808 [ 7778BDFA3F6F6FBA0E75B9594098F737 ] C:\WINDOWS\system32\searchindexer.exe
07:50:45.0296 2808 C:\WINDOWS\system32\searchindexer.exe - ok
07:50:45.0296 2808 [ 0CBD1906F74BEB539FCEF6493095B933 ] C:\WINDOWS\system32\tquery.dll
07:50:45.0296 2808 C:\WINDOWS\system32\tquery.dll - ok
07:50:45.0296 2808 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
07:50:45.0296 2808 C:\WINDOWS\system32\colbact.dll - ok
07:50:45.0296 2808 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
07:50:45.0296 2808 C:\WINDOWS\system32\mtxclu.dll - ok
07:50:45.0296 2808 [ 89D74683C859B7982056D15938BACA3E ] C:\WINDOWS\system32\propsys.dll
07:50:45.0296 2808 C:\WINDOWS\system32\propsys.dll - ok
07:50:45.0312 2808 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
07:50:45.0312 2808 C:\WINDOWS\system32\resutils.dll - ok
07:50:45.0312 2808 [ E65C5F612400B39D7AA83E7057D798C2 ] C:\WINDOWS\system32\mssrch.dll
07:50:45.0312 2808 C:\WINDOWS\system32\mssrch.dll - ok
07:50:45.0312 2808 [ AD4B4C5386052C31A3BE8C173C791D84 ] C:\Program Files\Symantec AntiVirus\SmcGui.exe
07:50:45.0312 2808 C:\Program Files\Symantec AntiVirus\SmcGui.exe - ok
07:50:45.0312 2808 [ 443DF529A6BA446287A912B2ACDB38DF ] C:\Program Files\Gillware Remote Backup\ArchiveService.exe
07:50:45.0312 2808 C:\Program Files\Gillware Remote Backup\ArchiveService.exe - ok
07:50:45.0312 2808 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
07:50:45.0312 2808 C:\WINDOWS\system32\wuaueng.dll - ok
07:50:45.0312 2808 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
07:50:45.0312 2808 C:\WINDOWS\system32\wuauserv.dll - ok
07:50:45.0312 2808 [ 43E4758953F454090CAD65C303796ED5 ] C:\WINDOWS\system32\query.dll
07:50:45.0312 2808 C:\WINDOWS\system32\query.dll - ok
07:50:45.0312 2808 [ 667E5C4C13DCD8CF4057388199A9308F ] C:\Program Files\Gillware Remote Backup\Scanner.dll
07:50:45.0312 2808 C:\Program Files\Gillware Remote Backup\Scanner.dll - ok
07:50:45.0312 2808 [ FA3354D1E4A2148BE96F2F7785906E63 ] C:\Program Files\Gillware Remote Backup\Delta.dll
07:50:45.0312 2808 C:\Program Files\Gillware Remote Backup\Delta.dll - ok
07:50:45.0328 2808 [ 4EEAB3A42A642C150CE7D911A841655E ] C:\Program Files\Gillware Remote Backup\zlib_gw.dll
07:50:45.0328 2808 C:\Program Files\Gillware Remote Backup\zlib_gw.dll - ok
07:50:45.0328 2808 [ 9374D0352B4B72209E4FE09F3470E866 ] C:\Program Files\Gillware Remote Backup\CAB.dll
07:50:45.0328 2808 C:\Program Files\Gillware Remote Backup\CAB.dll - ok
07:50:45.0328 2808 [ 16A3A3204B678DD1467642824BC4571D ] C:\WINDOWS\system32\xmllite.dll
07:50:45.0328 2808 C:\WINDOWS\system32\xmllite.dll - ok
07:50:45.0328 2808 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
07:50:45.0328 2808 C:\WINDOWS\system32\cabinet.dll - ok
07:50:45.0328 2808 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
07:50:45.0328 2808 C:\WINDOWS\system32\mspatcha.dll - ok
07:50:45.0328 2808 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
07:50:45.0328 2808 C:\WINDOWS\system32\wups.dll - ok
07:50:45.0328 2808 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
07:50:45.0328 2808 C:\WINDOWS\system32\wups2.dll - ok
07:50:45.0328 2808 [ 563998E6FA1001AF482B2DD72D6B4B92 ] C:\Program Files\Gillware Remote Backup\Utils.dll
07:50:45.0328 2808 C:\Program Files\Gillware Remote Backup\Utils.dll - ok
07:50:45.0328 2808 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
07:50:45.0328 2808 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
07:50:45.0328 2808 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
07:50:45.0328 2808 C:\WINDOWS\system32\wuauclt.exe - ok
07:50:45.0343 2808 [ FFB3115AA757ABEFBA7FBA90BAD5DD0A ] C:\WINDOWS\system32\en-US\tquery.dll.mui
07:50:45.0343 2808 C:\WINDOWS\system32\en-US\tquery.dll.mui - ok
07:50:45.0343 2808 [ ACBBC920CEF00B32B640EF6967C12271 ] C:\Program Files\Gillware Remote Backup\LocalStorage.dll
07:50:45.0343 2808 C:\Program Files\Gillware Remote Backup\LocalStorage.dll - ok
07:50:45.0343 2808 [ BB505D147B8107341E1DB14AD676F7A8 ] C:\Program Files\Gillware Remote Backup\DB.dll
07:50:45.0343 2808 C:\Program Files\Gillware Remote Backup\DB.dll - ok
07:50:45.0343 2808 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
07:50:45.0343 2808 C:\WINDOWS\system32\browser.dll - ok
07:50:45.0343 2808 [ 6841AA06A86EB9DE093F924982E26E1B ] C:\Program Files\Gillware Remote Backup\ArchiveTypesPS.dll
07:50:45.0343 2808 C:\Program Files\Gillware Remote Backup\ArchiveTypesPS.dll - ok
07:50:45.0343 2808 [ 8F580BCC5296ECC9DC8A649D75BE6BA5 ] C:\WINDOWS\system32\msscb.dll
07:50:45.0343 2808 C:\WINDOWS\system32\msscb.dll - ok
07:50:45.0343 2808 [ E97D6A8684466DF94FF3BC24FB787A07 ] C:\WINDOWS\system32\fxssvc.exe
07:50:45.0343 2808 C:\WINDOWS\system32\fxssvc.exe - ok
07:50:45.0343 2808 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
07:50:45.0343 2808 C:\WINDOWS\system32\browseui.dll - ok
07:50:45.0343 2808 [ 130FD16EC199DC6B7FE684B593FF3F64 ] C:\WINDOWS\system32\sdc.dll
07:50:45.0343 2808 C:\WINDOWS\system32\sdc.dll - ok
07:50:45.0359 2808 [ 29ECDA17BA5E6D98430F698587569ACC ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll
07:50:45.0359 2808 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll - ok
07:50:45.0359 2808 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
07:50:45.0359 2808 C:\WINDOWS\system32\shdocvw.dll - ok
07:50:45.0359 2808 [ B2F3E3F91DA85EF70EEB6C1D24321A77 ] C:\WINDOWS\system32\sduser.dll
07:50:45.0359 2808 C:\WINDOWS\system32\sduser.dll - ok
07:50:45.0359 2808 [ EE664500DA2E7BB0A8461E64973A3157 ] C:\Program Files\Symantec AntiVirus\res\1033\smcGuiRes.dll
07:50:45.0359 2808 C:\Program Files\Symantec AntiVirus\res\1033\smcGuiRes.dll - ok
07:50:45.0359 2808 [ 52F8BAFF9F3C0A03C239783A422FAAFE ] C:\Program Files\Gillware Remote Backup\Overlays.dll
07:50:45.0359 2808 C:\Program Files\Gillware Remote Backup\Overlays.dll - ok
07:50:45.0359 2808 [ 57D1ADC249C51FA0E57013F4F3A25F84 ] C:\Program Files\WinMagic\SecureDoc-NT\SDContext.dll
07:50:45.0359 2808 C:\Program Files\WinMagic\SecureDoc-NT\SDContext.dll - ok
07:50:45.0359 2808 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
07:50:45.0359 2808 C:\WINDOWS\system32\desk.cpl - ok
07:50:45.0359 2808 [ 58F238B3D193D76F4BB3F4FF775A2D62 ] C:\Program Files\WinMagic\SecureDoc-NT\FDEBMODL.dll
07:50:45.0359 2808 C:\Program Files\WinMagic\SecureDoc-NT\FDEBMODL.dll - ok
07:50:45.0359 2808 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
07:50:45.0359 2808 C:\WINDOWS\system32\themeui.dll - ok
07:50:45.0375 2808 [ D4931277DF5393E84A48B27DF40914E3 ] C:\WINDOWS\system32\riched32.dll
07:50:45.0375 2808 C:\WINDOWS\system32\riched32.dll - ok
07:50:45.0375 2808 [ 538EE560FEB4CAB7CCE5C22E7A201D86 ] C:\Program Files\Symantec AntiVirus\RTVScanPS.dll
07:50:45.0375 2808 C:\Program Files\Symantec AntiVirus\RTVScanPS.dll - ok
07:50:45.0375 2808 [ A7F361875622AA5829AA39BA248F68E9 ] C:\WINDOWS\system32\adsldp.dll
07:50:45.0375 2808 C:\WINDOWS\system32\adsldp.dll - ok
07:50:45.0375 2808 [ 4BF8C1915ABF7AAE4BF86D8962F71D92 ] C:\Program Files\Common Files\Symantec Shared\ccAlert.dll
07:50:45.0375 2808 C:\Program Files\Common Files\Symantec Shared\ccAlert.dll - ok
07:50:45.0375 2808 [ 38D387297F3EBEAF7348060F30A806B9 ] C:\Program Files\Symantec AntiVirus\ProtectionUtil.dll
07:50:45.0375 2808 C:\Program Files\Symantec AntiVirus\ProtectionUtil.dll - ok
07:50:45.0375 2808 [ CCC2E312486AE6B80970211DA472268B ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
07:50:45.0375 2808 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll - ok
07:50:45.0375 2808 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
07:50:45.0375 2808 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
07:50:45.0375 2808 [ 1144EF6B4BB72E33B41912AE1AE4F97A ] C:\WINDOWS\system32\fxstiff.dll
07:50:45.0375 2808 C:\WINDOWS\system32\fxstiff.dll - ok
07:50:45.0375 2808 [ 132A8BC80EDE2A11AD576D08C3C77FC2 ] C:\Program Files\Common Files\Symantec Shared\ccL60U8.dll
07:50:45.0375 2808 C:\Program Files\Common Files\Symantec Shared\ccL60U8.dll - ok
07:50:45.0390 2808 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
07:50:45.0390 2808 C:\WINDOWS\system32\wbem\esscli.dll - ok
07:50:45.0390 2808 [ 0329D0A4F230094B669A87BB3B85606E ] C:\WINDOWS\system32\fxsapi.dll
07:50:45.0390 2808 C:\WINDOWS\system32\fxsapi.dll - ok
07:50:45.0390 2808 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
07:50:45.0390 2808 C:\WINDOWS\system32\wbem\fastprox.dll - ok
07:50:45.0390 2808 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
07:50:45.0390 2808 C:\WINDOWS\system32\actxprxy.dll - ok
07:50:45.0390 2808 [ 228EDA9B1D8ACA4D06C230E728C73ED6 ] C:\Program Files\Symantec AntiVirus\DoScan.exe
07:50:45.0390 2808 C:\Program Files\Symantec AntiVirus\DoScan.exe - ok
07:50:45.0390 2808 [ C0E86E2A1F64D849B862E5551D3F4D2C ] C:\Program Files\Symantec AntiVirus\res\1033\ProtectionUtilRes.dll
07:50:45.0390 2808 C:\Program Files\Symantec AntiVirus\res\1033\ProtectionUtilRes.dll - ok
07:50:45.0390 2808 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
07:50:45.0390 2808 C:\WINDOWS\system32\ipnathlp.dll - ok
07:50:45.0390 2808 [ F4F50912444AF3031C5DE004C38C3F98 ] C:\Program Files\Symantec AntiVirus\ProtectionProviderPS.dll
07:50:45.0390 2808 C:\Program Files\Symantec AntiVirus\ProtectionProviderPS.dll - ok
07:50:45.0390 2808 [ 0CE5F8AE9C371A965D17E3F2ED134809 ] C:\WINDOWS\system32\fxst30.dll
07:50:45.0390 2808 C:\WINDOWS\system32\fxst30.dll - ok
07:50:45.0406 2808 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
07:50:45.0406 2808 C:\WINDOWS\system32\wscsvc.dll - ok
07:50:45.0406 2808 [ 60968F4296E6CA1D5825B87487F4E44D ] C:\Program Files\Symantec AntiVirus\Cliproxy.dll
07:50:45.0406 2808 C:\Program Files\Symantec AntiVirus\Cliproxy.dll - ok
07:50:45.0406 2808 [ 4BC0ECFAC325AAB9F80C5484007220EE ] C:\Program Files\Symantec AntiVirus\res\1033\DoScanRes.dll
07:50:45.0406 2808 C:\Program Files\Symantec AntiVirus\res\1033\DoScanRes.dll - ok
07:50:45.0406 2808 [ C86EB8A1C8ABCF9DAA5130C9B0A22A43 ] C:\Program Files\Symantec AntiVirus\SavMainUI.dll
07:50:45.0406 2808 C:\Program Files\Symantec AntiVirus\SavMainUI.dll - ok
07:50:45.0406 2808 [ FC487857745F7FF9A672B7AF363627E3 ] C:\Program Files\Symantec AntiVirus\res\1033\SavMainUIRes.dll
07:50:45.0406 2808 C:\Program Files\Symantec AntiVirus\res\1033\SavMainUIRes.dll - ok
07:50:45.0406 2808 [ 2D583E2844FDD592D1629EB6B10E5702 ] C:\WINDOWS\system32\fxsroute.dll
07:50:45.0406 2808 C:\WINDOWS\system32\fxsroute.dll - ok
07:50:45.0406 2808 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
07:50:45.0406 2808 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
07:50:45.0406 2808 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
07:50:45.0406 2808 C:\WINDOWS\system32\unimdm.tsp - ok
07:50:45.0406 2808 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
07:50:45.0406 2808 C:\WINDOWS\system32\uniplat.dll - ok
07:50:45.0421 2808 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
07:50:45.0421 2808 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
07:50:45.0421 2808 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
07:50:45.0421 2808 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
07:50:45.0421 2808 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
07:50:45.0421 2808 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
07:50:45.0421 2808 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
07:50:45.0421 2808 C:\WINDOWS\system32\cmd.exe - ok
07:50:45.0421 2808 [ 35EA674E7239B527AD98AFD1DBC1EFD6 ] C:\WINDOWS\system32\ieframe.dll
07:50:45.0421 2808 C:\WINDOWS\system32\ieframe.dll - ok
07:50:45.0421 2808 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
07:50:45.0421 2808 C:\WINDOWS\system32\kmddsp.tsp - ok
07:50:45.0421 2808 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
07:50:45.0421 2808 C:\WINDOWS\system32\wbem\wbemess.dll - ok
07:50:45.0421 2808 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
07:50:45.0421 2808 C:\WINDOWS\system32\ndptsp.tsp - ok
07:50:45.0421 2808 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
07:50:45.0421 2808 C:\WINDOWS\system32\ipconf.tsp - ok
07:50:45.0437 2808 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
07:50:45.0437 2808 C:\WINDOWS\system32\h323.tsp - ok
07:50:45.0437 2808 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
07:50:45.0437 2808 C:\WINDOWS\system32\hidphone.tsp - ok
07:50:45.0437 2808 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
07:50:45.0437 2808 C:\WINDOWS\system32\wuapi.dll - ok
07:50:45.0437 2808 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
07:50:45.0437 2808 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
07:50:45.0437 2808 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
07:50:45.0437 2808 C:\WINDOWS\system32\wbem\ncprov.dll - ok
07:50:45.0437 2808 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
07:50:45.0437 2808 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
07:50:45.0437 2808 [ 713C03A259EE66219E2DAD1DB08484A6 ] C:\WINDOWS\system32\wbem\cimwin32.dll
07:50:45.0437 2808 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
07:50:45.0437 2808 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
07:50:45.0437 2808 C:\WINDOWS\system32\wbem\framedyn.dll - ok
07:50:45.0437 2808 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
07:50:45.0437 2808 C:\WINDOWS\system32\cfgmgr32.dll - ok
07:50:45.0453 2808 [ 1793CC660605F63B14FB96C7707F75BA ] C:\WINDOWS\system32\perfproc.dll
07:50:45.0453 2808 C:\WINDOWS\system32\perfproc.dll - ok
07:50:45.0453 2808 [ 960F6D3CD9A1BA6435D7AADD102B297F ] C:\WINDOWS\system32\wbem\wmiprov.dll
07:50:45.0453 2808 C:\WINDOWS\system32\wbem\wmiprov.dll - ok
07:50:45.0453 2808 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
07:50:45.0453 2808 C:\WINDOWS\system32\rasmans.dll - ok
07:50:45.0453 2808 [ 8BEAF2B4BCDE405AF7EC46A9E03B2D65 ] C:\WINDOWS\system32\mssprxy.dll
07:50:45.0453 2808 C:\WINDOWS\system32\mssprxy.dll - ok
07:50:45.0453 2808 [ 682D83CA2AA54995E9DC77EA1C17D09A ] C:\Program Files\Common Files\Symantec Shared\Global Exceptions\GEDataStore.dll
07:50:45.0453 2808 C:\Program Files\Common Files\Symantec Shared\Global Exceptions\GEDataStore.dll - ok
07:50:45.0453 2808 [ 0837F5D8956F532CA9D38A41A7F11108 ] C:\Program Files\Common Files\Symantec Shared\dec_abi.dll
07:50:45.0453 2808 C:\Program Files\Common Files\Symantec Shared\dec_abi.dll - ok
07:50:45.0453 2808 [ BD1D49218861726DBBFCB9E4AE35951A ] C:\Program Files\Common Files\Symantec Shared\ccScanW.dll
07:50:45.0453 2808 C:\Program Files\Common Files\Symantec Shared\ccScanW.dll - ok
07:50:45.0453 2808 [ 2B7DADA6C88991A67E35884841018C6C ] C:\WINDOWS\temp\INSTB32.SYS
07:50:45.0453 2808 C:\WINDOWS\temp\INSTB32.SYS - ok
07:50:45.0453 2808 [ 25D7A040A493AB91052F9170D4DB80D4 ] C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
07:50:45.0453 2808 C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL - ok
07:50:45.0468 2808 [ 6105B28F5D03C4AFFA7197B228768849 ] C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
07:50:45.0468 2808 C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE - ok
07:50:45.0468 2808 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
07:50:45.0468 2808 C:\WINDOWS\system32\licwmi.dll - ok
07:50:45.0468 2808 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
07:50:45.0468 2808 C:\WINDOWS\system32\rastapi.dll - ok
07:50:45.0468 2808 [ F2764F73240C4EE4843122EB5D022D59 ] C:\PROGRA~1\Symantec\LIVEUP~1\UNRAR.DLL
07:50:45.0468 2808 C:\PROGRA~1\Symantec\LIVEUP~1\UNRAR.DLL - ok
07:50:45.0468 2808 [ A94DC60A90EFD7A35C36D971E3EE7470 ] C:\PROGRA~1\Symantec\LIVEUP~1\MSVCP71.DLL
07:50:45.0468 2808 C:\PROGRA~1\Symantec\LIVEUP~1\MSVCP71.DLL - ok
07:50:45.0468 2808 [ CA2F560921B7B8BE1CF555A5A18D54C3 ] C:\PROGRA~1\Symantec\LIVEUP~1\MSVCR71.DLL
07:50:45.0468 2808 C:\PROGRA~1\Symantec\LIVEUP~1\MSVCR71.DLL - ok
07:50:45.0468 2808 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
07:50:45.0468 2808 C:\WINDOWS\system32\licdll.dll - ok
07:50:45.0468 2808 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
07:50:45.0468 2808 C:\WINDOWS\system32\rasppp.dll - ok
07:50:45.0468 2808 [ 7BCAA7FB2E60214FA3C935D2E1A3C49F ] C:\Program Files\Symantec\LiveUpdate\ResLuComServer_3_3.DLL
07:50:45.0468 2808 C:\Program Files\Symantec\LiveUpdate\ResLuComServer_3_3.DLL - ok
07:50:45.0468 2808 [ 3C0F29F9832BD9F9D0FB85FE3BD5DCF6 ] C:\Program Files\Symantec\LiveUpdate\PSLuComServer_3_3.DLL
07:50:45.0468 2808 C:\Program Files\Symantec\LiveUpdate\PSLuComServer_3_3.DLL - ok
07:50:45.0484 2808 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
07:50:45.0484 2808 C:\WINDOWS\system32\ntlsapi.dll - ok
07:50:45.0484 2808 [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
07:50:45.0484 2808 C:\WINDOWS\system32\msxml6.dll - ok
07:50:45.0484 2808 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
07:50:45.0484 2808 C:\WINDOWS\system32\alg.exe - ok
07:50:45.0484 2808 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
07:50:45.0484 2808 C:\WINDOWS\system32\rasqec.dll - ok
07:50:45.0484 2808 [ 2E9CC8FF782FD7FA1EFC0915524DA495 ] C:\Program Files\Symantec AntiVirus\IMail.dll
07:50:45.0484 2808 C:\Program Files\Symantec AntiVirus\IMail.dll - ok
07:50:45.0484 2808 [ 207E1D2C8E58D067825AA6FB4C7BC0AB ] C:\Program Files\Symantec AntiVirus\res\1033\IMailRes.dll
07:50:45.0484 2808 C:\Program Files\Symantec AntiVirus\res\1033\IMailRes.dll - ok
07:50:45.0484 2808 [ 1A338B8A9A0F023FEB4C1A4E55DA56BC ] C:\Program Files\Common Files\Symantec Shared\vpmsece.dll
07:50:45.0484 2808 C:\Program Files\Common Files\Symantec Shared\vpmsece.dll - ok
07:50:45.0484 2808 [ 7AC05BA3BFA0E7179BF3A698056CCE19 ] C:\Program Files\Symantec AntiVirus\res\1033\vpmseceRes.dll
07:50:45.0484 2808 C:\Program Files\Symantec AntiVirus\res\1033\vpmseceRes.dll - ok
07:50:45.0484 2808 [ EA7997675377FFB7C505A521F88CC111 ] C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll
07:50:45.0484 2808 C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll - ok
07:50:45.0500 2808 [ 567D46179E7A673711CD9FEA512C5364 ] C:\Program Files\Java\jre7\bin\awt.dll
07:50:45.0500 2808 C:\Program Files\Java\jre7\bin\awt.dll - ok
07:50:45.0500 2808 [ 84E2A7194C6771AEC66AD86DC63C1E2F ] C:\Program Files\Java\jre7\bin\client\jvm.dll
07:50:45.0500 2808 C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
07:50:45.0500 2808 [ 71418CC50746FC2CB3F517CB3F5A022E ] C:\Program Files\Java\jre7\bin\dcpr.dll
07:50:45.0500 2808 C:\Program Files\Java\jre7\bin\dcpr.dll - ok
07:50:45.0500 2808 [ A958D75082496FBD6D27D290C41F1231 ] C:\Program Files\Java\jre7\bin\deploy.dll
07:50:45.0500 2808 C:\Program Files\Java\jre7\bin\deploy.dll - ok
07:50:45.0500 2808 [ 81E5FA9746A38DC190698F917ED821E7 ] C:\Program Files\Java\jre7\bin\fontmanager.dll
07:50:45.0500 2808 C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
07:50:45.0500 2808 [ 003B1DEC8FC93671E793C24E06907DD3 ] C:\Program Files\Java\jre7\bin\java.dll
07:50:45.0500 2808 C:\Program Files\Java\jre7\bin\java.dll - ok
07:50:45.0500 2808 [ BADA7311D82CFA73A7DB1D1EEC9214E1 ] C:\Program Files\Java\jre7\bin\javaw.exe
07:50:45.0500 2808 C:\Program Files\Java\jre7\bin\javaw.exe - ok
07:50:45.0500 2808 [ 955C10E1BF9C814FCCA6E1DC7E25C0F6 ] C:\Program Files\Java\jre7\bin\jp2native.dll
07:50:45.0500 2808 C:\Program Files\Java\jre7\bin\jp2native.dll - ok
07:50:45.0500 2808 [ 7FF6E93568EF6B6401E254B407051750 ] C:\Program Files\Java\jre7\bin\jpeg.dll
07:50:45.0500 2808 C:\Program Files\Java\jre7\bin\jpeg.dll - ok
07:50:45.0515 2808 [ 91F7D4D415B0F0BD77D229D6D6F7EB52 ] C:\Program Files\Java\jre7\bin\net.dll
07:50:45.0515 2808 C:\Program Files\Java\jre7\bin\net.dll - ok
07:50:45.0515 2808 [ A20DA288DCDC0E1396FDC61F2AA656CE ] C:\Program Files\Java\jre7\bin\nio.dll
07:50:45.0515 2808 C:\Program Files\Java\jre7\bin\nio.dll - ok
07:50:45.0515 2808 [ D474AACD8E14692450E98B258D30B6CE ] C:\Program Files\Java\jre7\bin\verify.dll
07:50:45.0515 2808 C:\Program Files\Java\jre7\bin\verify.dll - ok
07:50:45.0515 2808 [ 66A841AFCC52DA7B6AF694E79E1326E2 ] C:\Program Files\Java\jre7\bin\zip.dll
07:50:45.0515 2808 C:\Program Files\Java\jre7\bin\zip.dll - ok
07:50:45.0515 2808 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
07:50:45.0515 2808 C:\WINDOWS\system32\security.dll - ok
07:50:45.0515 2808 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
07:50:45.0515 2808 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
07:50:45.0515 2808 [ 2D3E1EEA2E635AFE91EA4A8A16C72AAA ] C:\Program Files\Symantec AntiVirus\ManagedUnloader.dll
07:50:45.0515 2808 C:\Program Files\Symantec AntiVirus\ManagedUnloader.dll - ok
07:50:45.0515 2808 [ 8FED1E0A491D4990853D23F21C59C730 ] C:\WINDOWS\system32\advpack.dll
07:50:45.0515 2808 C:\WINDOWS\system32\advpack.dll - ok
07:50:45.0515 2808 [ C4894B3B448B647BEDC9E916D181BDBE ] C:\WINDOWS\system32\searchprotocolhost.exe
07:50:45.0515 2808 C:\WINDOWS\system32\searchprotocolhost.exe - ok
07:50:45.0531 2808 [ 4774D83BE60B7F47C612E25D6FE0F010 ] C:\WINDOWS\system32\msshooks.dll
07:50:45.0531 2808 C:\WINDOWS\system32\msshooks.dll - ok
07:50:45.0531 2808 [ 6E914EEDD145C5ACCE56F4D5F3D606FC ] C:\WINDOWS\system32\mssph.dll
07:50:45.0531 2808 C:\WINDOWS\system32\mssph.dll - ok
07:50:45.0531 2808 [ E81BBE78A8EF85ACD490B3E64EF63A7C ] C:\WINDOWS\system32\mapi32.dll
07:50:45.0531 2808 C:\WINDOWS\system32\mapi32.dll - ok
07:50:45.0531 2808 [ D59A7119054D70FC745A1BF9C06DCC65 ] C:\WINDOWS\system32\oeph.dll
07:50:45.0531 2808 C:\WINDOWS\system32\oeph.dll - ok
07:50:45.0531 2808 [ 79ED352549EB6D5B1A454916C37D2E85 ] C:\WINDOWS\system32\UncPH.dll
07:50:45.0531 2808 C:\WINDOWS\system32\UncPH.dll - ok
07:50:45.0531 2808 [ A0399282AF30B3A41C25EFD371A0EAE7 ] C:\WINDOWS\system32\msfeeds.dll
07:50:45.0531 2808 C:\WINDOWS\system32\msfeeds.dll - ok
07:50:45.0531 2808 [ 87889A983C015080FA813D7E32910D1E ] C:\WINDOWS\system32\searchfilterhost.exe
07:50:45.0531 2808 C:\WINDOWS\system32\searchfilterhost.exe - ok
07:50:45.0531 2808 [ 20FA028CB6506591A99C51432A3C0174 ] C:\WINDOWS\system32\langwrbk.dll
07:50:45.0531 2808 C:\WINDOWS\system32\langwrbk.dll - ok
07:50:45.0531 2808 [ B6932761058DC21BEAA7A1245B1B20E6 ] C:\WINDOWS\system32\infosoft.dll
07:50:45.0531 2808 C:\WINDOWS\system32\infosoft.dll - ok
07:50:45.0546 2808 [ 2C0033EA0853E27C8E30603642D9FA84 ] C:\WINDOWS\system32\ss3dfo.scr
07:50:45.0546 2808 C:\WINDOWS\system32\ss3dfo.scr - ok
07:50:45.0546 2808 [ F099B129022170F2DF9E1C0185C9BCFB ] C:\WINDOWS\system32\d3d8.dll
07:50:45.0546 2808 C:\WINDOWS\system32\d3d8.dll - ok
07:50:45.0546 2808 [ 31B067C412FA1A9BAD3CA2A63D7DA440 ] C:\WINDOWS\system32\d3d8thk.dll
07:50:45.0546 2808 C:\WINDOWS\system32\d3d8thk.dll - ok
07:50:45.0546 2808 [ DD3BD78C0D883C0ACDA42802C508F7D4 ] C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll
07:50:45.0546 2808 C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll - ok
07:50:45.0546 2808 [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\Dawn\LOCALS~1\temp\8FA81B48-4524-45A6-B579-A99336B7C1CF.exe
07:50:45.0546 2808 C:\DOCUME~1\Dawn\LOCALS~1\temp\8FA81B48-4524-45A6-B579-A99336B7C1CF.exe - ok
07:50:45.0546 2808 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
07:50:45.0546 2808 C:\WINDOWS\system32\linkinfo.dll - ok
07:50:45.0546 2808 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
07:50:45.0546 2808 C:\WINDOWS\system32\ntshrui.dll - ok
07:50:45.0546 2808 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
07:50:45.0546 2808 C:\WINDOWS\system32\verclsid.exe - ok
07:50:45.0546 2808 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\99452211.sys
07:50:45.0546 2808 C:\WINDOWS\system32\drivers\99452211.sys - ok
07:50:45.0546 2808 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
07:50:45.0546 2808 C:\WINDOWS\system32\upnp.dll - ok
07:50:45.0562 2808 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
07:50:45.0562 2808 C:\WINDOWS\system32\ssdpapi.dll - ok
07:50:45.0562 2808 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
07:50:45.0562 2808 C:\WINDOWS\system32\drivers\http.sys - ok
07:50:45.0562 2808 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
07:50:45.0562 2808 C:\WINDOWS\system32\webcheck.dll - ok
07:50:45.0562 2808 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
07:50:45.0562 2808 C:\WINDOWS\system32\mlang.dll - ok
07:50:45.0562 2808 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
07:50:45.0562 2808 C:\WINDOWS\system32\ssdpsrv.dll - ok
07:50:45.0562 2808 [ 5A4B93F78473F397C332A0BF6B8F093F ] C:\WINDOWS\system32\wbem\mofd.dll
07:50:45.0562 2808 C:\WINDOWS\system32\wbem\mofd.dll - ok
07:50:45.0562 2808 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
07:50:45.0562 2808 C:\WINDOWS\system32\imapi.exe - ok
07:50:45.0562 2808 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
07:50:45.0562 2808 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
07:50:45.0562 2808 [ 5D999BF519415D1C8EE0B97FF6A254DB ] C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
07:50:45.0562 2808 C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL - ok
07:50:45.0578 2808 [ B7C7FA3BEDE83AC5F1DE03B30D494CC1 ] C:\WINDOWS\system32\httpapi.dll
07:50:45.0578 2808 C:\WINDOWS\system32\httpapi.dll - ok
07:50:45.0578 2808 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
07:50:45.0578 2808 C:\WINDOWS\system32\stobject.dll - ok
07:50:45.0578 2808 [ 6100A808600F44D999CEBDEF8841C7A3 ] C:\WINDOWS\system32\w3ssl.dll
07:50:45.0578 2808 C:\WINDOWS\system32\w3ssl.dll - ok
07:50:45.0578 2808 [ 4A93B65CFB514F2EA76B59568D5F39CE ] C:\WINDOWS\system32\strmfilt.dll
07:50:45.0578 2808 C:\WINDOWS\system32\strmfilt.dll - ok
07:50:45.0578 2808 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
07:50:45.0578 2808 C:\WINDOWS\system32\batmeter.dll - ok
07:50:45.0578 2808 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
07:50:45.0578 2808 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
07:50:45.0578 2808 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
07:50:45.0578 2808 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
07:50:45.0578 2808 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
07:50:45.0578 2808 C:\WINDOWS\system32\rasdlg.dll - ok
07:50:45.0578 2808 ============================================================
07:50:45.0578 2808 Scan finished
07:50:45.0578 2808 ============================================================
07:50:45.0593 2876 Detected object count: 0
07:50:45.0593 2876 Actual detected object count: 0
07:51:59.0375 2956 Deinitialize success

aswMBR log below:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-18 14:05:02
-----------------------------
14:05:02.812 OS Version: Windows 5.1.2600 Service Pack 3
14:05:02.812 Number of processors: 4 586 0xF0B
14:05:02.812 ComputerName: GINA1 UserName: Dawn
14:05:04.750 Initialize success
14:05:11.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:05:11.812 Disk 0 Vendor: ST3500620AS DE12 Size: 476940MB BusType: 3
14:05:11.875 Disk 0 MBR read successfully
14:05:11.875 Disk 0 MBR scan
14:05:11.875 Disk 0 Windows XP default MBR code found via API
14:05:11.875 Disk 0 unknown MBR code
14:05:11.875 Disk 0 MBR hidden
14:05:11.875 Disk 0 Partition 1 00 DE Dell Utility 47 MB offset 63
14:05:11.890 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS 476890 MB offset 96390
14:05:11.890 Disk 0 scanning sectors +976768065
14:05:11.921 Disk 0 MBR [possible unknown [email protected]] **ROOTKIT**
14:05:11.921 Scan finished successfully
14:05:42.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dawn\Desktop\MBR.dat"
14:05:42.375 The log file has been saved successfully to "C:\Documents and Settings\Dawn\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-22 12:02:50
-----------------------------
12:02:50.484 OS Version: Windows 5.1.2600 Service Pack 3
12:02:50.484 Number of processors: 4 586 0xF0B
12:02:50.484 ComputerName: GINA1 UserName: Dawn
12:02:52.343 Initialize success
12:25:21.343 AVAST engine defs: 13072201
13:28:12.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:28:12.718 Disk 0 Vendor: ST3500620AS DE12 Size: 476940MB BusType: 3
13:28:12.734 Disk 0 MBR read successfully
13:28:12.734 Disk 0 MBR scan
13:28:12.796 Disk 0 Windows XP default MBR code found via API
13:28:12.796 Disk 0 unknown MBR code
13:28:12.796 Disk 0 MBR hidden
13:28:12.796 Disk 0 Partition 1 00 DE Dell Utility 47 MB offset 63
13:28:12.812 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS 476890 MB offset 96390
13:28:12.828 Disk 0 scanning sectors +976768065
13:28:12.859 Disk 0 MBR [possible unknown [email protected]] **ROOTKIT**
13:28:12.859 Scan finished successfully
13:28:21.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dawn\Desktop\MBR.dat"
13:28:21.687 The log file has been saved successfully to "C:\Documents and Settings\Dawn\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-24 07:52:00
-----------------------------
07:52:00.406 OS Version: Windows 5.1.2600 Service Pack 3
07:52:00.406 Number of processors: 4 586 0xF0B
07:52:00.406 ComputerName: GINA1 UserName: Dawn
07:52:02.187 Initialize success
07:52:08.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:52:08.671 Disk 0 Vendor: ST3500620AS DE12 Size: 476940MB BusType: 3
07:52:08.703 Disk 0 MBR read successfully
07:52:08.703 Disk 0 MBR scan
07:52:08.703 Disk 0 Windows XP default MBR code found via API
07:52:08.703 Disk 0 unknown MBR code
07:52:08.703 Disk 0 MBR hidden
07:52:08.703 Disk 0 Partition 1 00 DE Dell Utility 47 MB offset 63
07:52:08.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS 476890 MB offset 96390
07:52:08.703 Disk 0 scanning sectors +976768065
07:52:08.734 Disk 0 MBR [possible unknown [email protected]] **ROOTKIT**
07:52:08.734 Scan finished successfully
07:52:22.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dawn\Desktop\MBR.dat"
07:52:22.078 The log file has been saved successfully to "C:\Documents and Settings\Dawn\Desktop\aswMBR.txt"


Sorry - looks like it is still there! :(
Roxie
  • 0

#23
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

I am researching this and discussing it with colleagues. Please be patient and I'll return shortly.

Thanks
  • 0

#24
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello again,

It's possible that the WinMagic disk encryption software that you have is causing the tools to see a suspect MBR. Let's get a look at the information in the MBR and make sure.

Run MbrScan

Please download MbrScan and save it to the desktop.

  • Double click the MbrScan icon on the desktop to run it.
  • On the MBRScan window, click the Report button.
  • When the scan has completed successfully, a log file MbrScan.log will open and can be found in the same location as MbrScan.exe. Please copy and paste its contents in your next reply.

  • 0

#25
Racingal60

Racingal60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here you go...

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 6 Model 15 Stepping 11, GenuineIntel
BOOT           : Normal Boot
DATE           : 2013/07/25 (ISO 8601) at 13:29:31
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST3500620AS (DE12)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	465.8 Go  [Fixed] ==> Unknown MBR Code...

MBR_MD5   : 7F50E826C0EF0A2FF3CE6105DD7FB502
MBR_SHA1  : 9C810595A6040DCABCB8D42001DDBC09AB71E1D7

Device\Harddisk0\Partition1	47.03 Mo  	0xDE Dell Utility 
Device\Harddisk0\Partition2	465.7 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x9FD52000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xBA5FC000
SIZE    : 8.0 Ko

DRIVER  : C:\DOCUME~1\Dawn\LOCALS~1\Temp\aswMBR.sys => Invisible on the disk
ADDRESS : 0x9EFD8000
SIZE    : 48.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_____FAKED   \Device\Harddisk0\DR0  

0x00000000   EB 00 90 33 C0 FA 8E D0 BC 00 10 0E 1F BB E0 7C   ..3.м....|
0x00000010   66 8B 47 0C 66 0B 47 10 74 36 BE 00 78 C6 04 10   f.G.f.G.t6.x..
0x00000020   C6 44 01 00 8A 47 05 32 E4 89 44 02 66 8B 47 0C   D...G.2.D.f.G.
0x00000030   66 89 44 08 66 8B 47 10 66 89 44 0C 66 C7 44 04   f.D.f.G.f.D.fD.
0x00000040   00 00 60 8D B4 42 B2 80 CD 13 72 04 0A E4 74 5A   ..`.B..r..tZ
0x00000050   BB E0 7C 8B 07 3D FF 03 72 0F E8 BB 00 E7 C4 C1   |..=..r..
0x00000060   85 C4 C1 C1 D7 C0 D6 D6 A5 68 60 8D 07 8B 4F 02   .֥h`...O.
0x00000070   E3 E8 80 E1 3F 8B 07 C0 E4 06 0A CC 8A E8 8A 77   .?......w
0x00000080   04 B2 80 8A 47 05 B4 02 BF 05 00 33 DB 57 CD 13   ...G....3W.
0x00000090   5F 73 17 4F 74 05 B8 01 02 EB F2 E8 7A 00 F7 C0   _s.Ot...z.
0x000000A0   C4 C1 85 C3 C4 CC C9 C0 C1 A5 68 60 8D 07 33 DB   .h`..3
0x000000B0   B9 FA 01 8B F3 66 33 D2 66 33 C0 06 1F AC 66 03   ..f3f3..f.
0x000000C0   D0 E2 FA 66 42 66 3B 14 75 36 06 51 CB 00 00 00   fBf;.u6.Q...
0x000000D0   00 00 00 00 00 00 00 00 00 00 4F 74 4E 32 E4 8A   ..........OtN2.
0x000000E0   80 ED 16 00 A4 06 00 00 3A 28 4B 00 F1 35 38 3A   ......:(K.58:
0x000000F0   00 00 00 00 04 09 57 4D 53 44 00 00 00 00 55 AA   ......WMSD....U
0x00000100   0E 1F E8 13 00 F6 C0 C6 E6 CA C1 C0 85 CB CA D1   .....
0x00000110   85 C3 CA D0 CB C1 84 A5 5E 46 4E AC 34 A5 0A C0   ..^FN4.
0x00000120   74 F8 B4 0E BB 07 00 CD 10 EB F0 00 00 00 00 00   t.........
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 16 23 AB 41 00 00 00 01   .........#A....
0x000001C0   01 00 DE FE 3F 05 3F 00 00 00 47 78 01 00 80 00   ..?.?...Gx....
0x000001D0   01 06 07 FE FF FF 86 78 01 00 BB D3 36 3A 00 00   ......x..6:..
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............U

__ORIGINAL   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3.м.|P.P..|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ..PW.˽..
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u.....
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   ..It.8,t....
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   <.t.....
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.F.s*F..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t...u.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..!.s...
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   .>}Ut..~..t.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ...W.˿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   ...r#.$?...
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C..ֱ.B9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s....|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V..sQOtN2.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V...V.`UA
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.Uu0.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.B..aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2.V..aInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 16 23 AB 41 00 00 00 01   .....,Dc.#A....
0x000001C0   01 00 DE FE 3F 05 3F 00 00 00 47 78 01 00 80 00   ..?.?...Gx....
0x000001D0   01 06 07 FE FF FF 86 78 01 00 BB D3 36 3A 00 00   ......x..6:..
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............U


Let me know if you need anything else. If you want me to check with the NYL tech support people I could ask them if it shows up as a suspect MBR.

Roxie
  • 0

Advertisements


#26
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Roxie,

There isn't any need to contact the tech support people. You have the WinMagic disk encryption program on the computer. The MBRCheck scan verified that the suspect MBR that the tools found was just the normal WinMagic SecureDoc boot loader. I know that we spent a lot of time making sure the MBR is ok, but it is very important. Since the MBR is the first thing that loads every time the computer is booted up, if the MBR is infected it must be repaired or it will reinfect the computer every time it is turned on. Some full disk encryption programs, like WinMagic, modify the MBR and then hide the modifications. When our tools run they pick up the unknown MBR, but since the MBR is not really infected they have nothing to repair.

I want to get a fresh, more in-depth, OTL scan and then we can kill the whitesmoke toolbar and any other nasties we find :thumbsup:


Step-1.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • XP users: Double click on the OTL icon.
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL.txt log
  • 0

#27
Racingal60

Racingal60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thank you for your prompt response! Here you go:

OTL Log:

OTL logfile created on: 7/26/2013 7:50:50 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dawn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 74.63% Memory free
6.32 Gb Paging File | 5.69 Gb Available in Paging File | 89.99% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.71 Gb Total Space | 319.26 Gb Free Space | 68.55% Space Free | Partition Type: NTFS
Drive S: | 465.72 Gb Total Space | 431.67 Gb Free Space | 92.69% Space Free | Partition Type: NTFS

Computer Name: GINA1 | User Name: Dawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/19 08:40:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dawn\Desktop\OTL (1).exe
PRC - [2013/04/05 03:53:30 | 000,121,600 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2013/01/11 17:16:44 | 000,530,488 | ---- | M] (Gillware Data Services, LLC) -- C:\Program Files\Gillware Remote Backup\ArchiveService.exe
PRC - [2013/01/02 12:21:37 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2010/08/05 20:11:44 | 001,885,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
PRC - [2010/08/05 20:05:52 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
PRC - [2010/07/01 18:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2010/05/06 18:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/11/27 17:05:30 | 000,641,024 | ---- | M] (WinMagic Inc.) -- C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe
PRC - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/11 17:16:44 | 000,057,400 | ---- | M] () -- C:\Program Files\Gillware Remote Backup\zlib_gw.dll
MOD - [2013/01/11 17:16:34 | 000,031,800 | ---- | M] () -- C:\Program Files\Gillware Remote Backup\ArchiveTypesPS.dll
MOD - [2009/11/27 17:05:12 | 000,018,432 | ---- | M] () -- C:\WINDOWS\system32\SDXML.dll
MOD - [2009/11/27 17:05:02 | 000,527,360 | ---- | M] () -- C:\WINDOWS\system32\sdck.dll


========== Services (SafeList) ==========

SRV - [2013/07/11 14:46:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/05 03:53:30 | 000,121,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel®
SRV - [2013/01/11 17:16:44 | 000,530,488 | ---- | M] (Gillware Data Services, LLC) [Auto | Running] -- C:\Program Files\Gillware Remote Backup\ArchiveService.exe -- (ArchiveService)
SRV - [2013/01/02 12:21:37 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/10/31 09:55:49 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/05 20:11:44 | 001,885,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2010/07/01 18:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/07/01 17:24:02 | 000,357,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2010/05/06 18:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/05/06 18:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/02/17 11:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/11/27 17:05:30 | 000,641,024 | ---- | M] (WinMagic Inc.) [Auto | Running] -- C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe -- (WinMagic SecureDoc Service)
SRV - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\GINADO~1\LOCALS~1\Temp\_B0E3.tmp\FoxAwdWINFLASH.sys -- (FoxAwdWINFLASH)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dawn\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Dawn\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/07/22 08:18:01 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/06/17 03:00:00 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130721.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/06/17 03:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130721.020\NAVENG.SYS -- (NAVENG)
DRV - [2013/04/05 05:11:04 | 000,031,048 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2012/08/15 03:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/10 03:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/02/21 10:09:38 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/08 13:59:14 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/03/08 13:59:14 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/03/08 13:59:14 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/12/18 16:42:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/11/18 16:07:12 | 000,179,200 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SDDisk2K.sys -- (SDDisk2K)
DRV - [2009/09/28 11:53:00 | 000,020,224 | ---- | M] (WinMagic, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PinFile.sys -- (PinFile)
DRV - [2009/09/25 15:57:24 | 000,117,120 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SDDToki.sys -- (SDDToki)
DRV - [2009/09/25 15:57:24 | 000,075,520 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SDDVD.sys -- (SDDVD)
DRV - [2009/09/03 17:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009/09/03 17:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009/03/05 14:03:34 | 000,016,512 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SDUPC.sys -- (SDUPC)
DRV - [2007/07/16 20:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081208
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081208
IE - HKLM\..\SearchScopes,DefaultScope = {526F73A0-67F1-47F1-B5F8-3E521DA68890}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081208
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081208
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3289847
IE - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\..\SearchScopes,DefaultScope = {526F73A0-67F1-47F1-B5F8-3E521DA68890}
IE - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\..\SearchScopes\{526F73A0-67F1-47F1-B5F8-3E521DA68890}: "URL" = http://search.condui...9372988829&UM=2
IE - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.excite.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Wajam (Enabled) = C:\Documents and Settings\Dawn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Dawn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Dawn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Dawn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/07/19 15:22:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {123FE8C9-0BDC-4946-A854-DDBA7398CF64} https://www.fts.newy...ftwebupdate.cab (Reg Error: Key error.)
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} Reg Error: Key error. (ERPageAddin Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4D662B4-C5C2-4337-8824-C04913A6029F}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\SHARP\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (SDocGina.dll) - C:\WINDOWS\System32\SDocGina.dll (Winmagic Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/07/25 13:28:24 | 000,147,456 | ---- | C] (Eric_71) -- C:\Documents and Settings\Dawn\Desktop\MbrScan.exe
[2013/07/24 12:35:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/23 18:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2013/07/23 16:21:55 | 005,092,552 | R--- | C] (Swearware) -- C:\Documents and Settings\Dawn\Desktop\ComboFix.exe
[2013/07/22 11:57:48 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dawn\Desktop\aswMBR.exe
[2013/07/19 15:14:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/07/19 15:11:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/07/19 15:11:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/07/19 15:11:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/07/19 15:11:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/07/19 14:56:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/19 14:56:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dawn\Start Menu\Programs\Administrative Tools
[2013/07/19 14:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/07/19 14:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dawn\Local Settings\Application Data\CRE
[2013/07/19 14:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/07/19 14:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dawn\Local Settings\Application Data\Conduit
[2013/07/19 14:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dawn\Application Data\SwvUpdater
[2013/07/19 08:40:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dawn\Desktop\OTL (1).exe
[2013/07/19 08:21:52 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dawn\Desktop\tdsskiller.exe
[2013/07/19 03:00:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/07/18 13:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dawn\Desktop\RK_Quarantine
[2013/07/18 11:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/07/18 08:36:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dawn\Recent
[2013/07/17 13:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2013/07/17 13:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dawn\Application Data\SystemRequirementsLab
[2013/07/17 11:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dawn\Local Settings\Application Data\Deployment
[2013/07/17 11:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/07/17 11:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/07/17 11:30:45 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/07/17 08:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/07/16 13:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dawn\My Documents\temp
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/26 07:34:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/26 07:05:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/26 02:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\Gillware Remote Backup - DefaultCritical.job
[2013/07/25 23:04:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Gillware Remote Backup - Audit.job
[2013/07/25 18:30:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\Gillware Remote Backup - DefaultHigh.job
[2013/07/25 15:13:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\Gillware Remote Backup - Remote Backup Updater.job
[2013/07/25 15:04:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Gillware Remote Backup - Upload Event Log.job
[2013/07/25 13:29:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\Dump_Hdd0_DR0.old
[2013/07/25 13:29:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\Dump_Hdd0_DR0.mbr
[2013/07/25 13:28:25 | 000,147,456 | ---- | M] (Eric_71) -- C:\Documents and Settings\Dawn\Desktop\MbrScan.exe
[2013/07/25 13:27:45 | 000,005,031 | ---- | M] () -- C:\WINDOWS\wcds.ini
[2013/07/25 11:05:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/24 18:15:01 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\Gillware Remote Backup - DefaultMedium.job
[2013/07/24 14:55:04 | 000,000,120 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2013/07/24 14:11:38 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\Microsoft Office Excel 2007.lnk
[2013/07/24 08:55:23 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\Microsoft Office Word 2007.lnk
[2013/07/24 07:52:22 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\MBR.dat
[2013/07/24 07:47:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/24 07:46:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/24 07:46:26 | 3478,274,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/23 18:49:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/07/23 18:45:03 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\Gillware Remote Backup - DefaultLow.job
[2013/07/23 16:23:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\MBRCheck_MBR_Backup_07-23-13_16-23-58.bak
[2013/07/23 16:22:02 | 005,092,552 | R--- | M] (Swearware) -- C:\Documents and Settings\Dawn\Desktop\ComboFix.exe
[2013/07/23 11:44:20 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\MBRCheck.exe
[2013/07/22 12:02:35 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dawn\Desktop\aswMBR.exe
[2013/07/22 08:56:16 | 000,666,633 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\adwcleaner.exe
[2013/07/22 08:18:01 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/07/19 15:22:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/07/19 15:14:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/07/19 14:13:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/07/19 14:12:11 | 013,399,154 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\mbar-1.06.0.1004.zip
[2013/07/19 08:40:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dawn\Desktop\OTL (1).exe
[2013/07/19 08:35:32 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/19 08:21:58 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dawn\Desktop\tdsskiller.exe
[2013/07/18 13:51:01 | 000,915,968 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\RogueKiller (1).exe
[2013/07/18 11:01:15 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/07/18 10:28:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/07/18 08:29:02 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/17 08:10:40 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/07/12 09:28:24 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\Microsoft Office PowerPoint 2007.lnk
[2013/07/11 14:46:33 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/07/11 14:46:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/11 07:54:37 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/10 16:55:05 | 000,599,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/10 16:55:05 | 000,121,790 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/10 14:57:02 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/07/10 14:57:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\Windows Media Player.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/25 13:28:48 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dawn\Desktop\Dump_Hdd0_DR0.old
[2013/07/25 13:28:48 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dawn\Desktop\Dump_Hdd0_DR0.mbr
[2013/07/23 16:23:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dawn\Desktop\MBRCheck_MBR_Backup_07-23-13_16-23-58.bak
[2013/07/23 11:44:20 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Dawn\Desktop\MBRCheck.exe
[2013/07/22 13:28:21 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dawn\Desktop\MBR.dat
[2013/07/22 08:56:15 | 000,666,633 | ---- | C] () -- C:\Documents and Settings\Dawn\Desktop\adwcleaner.exe
[2013/07/22 08:18:01 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/07/19 15:14:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/07/19 15:14:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/19 15:11:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/07/19 15:11:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/07/19 15:11:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/07/19 15:11:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/07/19 15:11:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/19 14:12:06 | 013,399,154 | ---- | C] () -- C:\Documents and Settings\Dawn\Desktop\mbar-1.06.0.1004.zip
[2013/07/18 13:51:00 | 000,915,968 | ---- | C] () -- C:\Documents and Settings\Dawn\Desktop\RogueKiller (1).exe
[2013/07/18 11:01:15 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/07/18 11:00:16 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/18 11:00:15 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/17 13:46:34 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2013/07/17 08:10:40 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/07/10 14:57:02 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/04/03 12:52:36 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Dawn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/27 08:01:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BackupServiceFormView.INI
[2013/03/25 08:59:52 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2012/10/10 12:17:07 | 000,000,027 | ---- | C] () -- C:\WINDOWS\FTSL.INI
[2012/02/15 19:05:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/22 16:28:01 | 000,000,049 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2011/09/15 12:52:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/06 11:56:26 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

========== ZeroAccess Check ==========

[2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/01/21 15:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\New York Life
[2009/03/10 17:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2013/06/04 12:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/11 07:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2009/01/21 15:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\New York Life
[2008/12/07 22:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2008/12/07 22:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2013/02/13 13:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RICOH
[2010/01/14 12:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sharp
[2010/01/14 12:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sharpdesk
[2008/12/07 22:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/12/07 22:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/09/21 12:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/07/16 07:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dawn\Application Data\Enpiqu
[2009/01/21 15:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dawn\Application Data\New York Life
[2013/07/19 14:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dawn\Application Data\SwvUpdater
[2013/07/17 13:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dawn\Application Data\SystemRequirementsLab
[2013/04/01 11:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dawn\Application Data\Windows Search
[2009/01/21 15:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\New York Life
[2011/12/08 11:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina Dorr\Application Data\Catalina Marketing Corp
[2009/02/17 14:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina Dorr\Application Data\Centra
[2009/07/31 11:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina Dorr\Application Data\eRoom
[2009/01/21 15:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina Dorr\Application Data\New York Life
[2010/10/08 09:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina Dorr\Application Data\Saba
[2009/01/22 16:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina Dorr\Application Data\Sharpdesk
[2009/01/21 13:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina Dorr\Application Data\Windows Desktop Search
[2009/01/21 13:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gina Dorr\Application Data\Windows Search
[2012/06/04 09:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2009/01/21 15:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\New York Life
[2009/01/21 15:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\New York Life

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 19:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[1999/06/25 10:55:30 | 000,149,504 | ---- | M] () -- C:\UNWISE.EXE
[2009/07/17 12:15:13 | 004,523,520 | ---- | M] () -- C:\WDSync_v7_1_020.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\i386\services
[2004/08/04 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2013/05/10 02:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CSS >
[2011/09/16 19:47:38 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css
[2011/09/16 19:47:38 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Documents and Settings\Dawn May 2012 Restore\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\services.exe

< MD5 for: SERVICES.INI >
[2011/09/16 19:47:38 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini
[2011/09/16 19:47:38 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Documents and Settings\Dawn May 2012 Restore\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini

< MD5 for: SERVICES.LNK >
[2009/04/02 18:15:46 | 000,001,602 | ---- | M] () MD5=53C6322711BF72BA10A1FAD83567C3AF -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
[2004/08/11 18:15:06 | 000,001,506 | ---- | M] () MD5=C04255E822F6017251E30CE1481EB38E -- C:\Documents and Settings\Dawn May 2012 Restore\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/01/13 14:29:04 | 000,000,351 | ---- | M] () MD5=4DF5734FFC8C89FB609F70719934A943 -- C:\Documents and Settings\Dawn May 2012 Restore\My Documents\Application Data\Macromedia\Flash Player\#SharedObjects\7HY3SE2W\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MSC >
[2004/08/04 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\i386\services.msc
[2004/08/04 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\userinit.exe
[2011/11/15 13:28:33 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2011/11/15 13:28:33 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2004/08/04 06:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\i386\winsock.dll
[2004/08/04 06:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is A42C-9027
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
07/10/2013 04:48 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
07/10/2013 04:48 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
07/10/2013 04:55 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
01/12/2013 04:21 AM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 342,760,386,560 bytes free

< End of report >
  • 0

#28
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the fresh log. Now let's kill the nasties. Please let me know if the Whitesmoke search engine is gone after this round of fixes.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
IE - HKLM\..\SearchScopes,DefaultScope = {526F73A0-67F1-47F1-B5F8-3E521DA68890}
IE - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3289847
IE - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\..\SearchScopes\{526F73A0-67F1-47F1-B5F8-3E521DA68890}: "URL" = http://search.condui...9372988829&UM=2
O3 - HKU\S-1-5-21-866049194-2568044671-1873219407-1011\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: {123FE8C9-0BDC-4946-A854-DDBA7398CF64} https://www.fts.newy...ftwebupdate.cab (Reg Error: Key error.)
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} Reg Error: Key error. (ERPageAddin Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

:Files
ipconfig /flushdns /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Double click the adwcleaner.exe file to run AdwCleaner.
  • Click the Delete button and wait for the scan.
    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S2].txt

Step-3.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Doube-click the JRT.exe file to launch the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-4.

Reset/Delete a Search engine in Chrome

Open the Chrome browser

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Select Settings and find the "Search" section.
  • Click Manage search engines.
    • Remove a search engine: Select the Whitesmoke search engine and click the x that appears at the end of the row.
  • Close the browser


Set your default search engine


  • Click the Chrome menu Posted Image on the browser toolbar.
  • Select Settings and find the Search section.
  • Select the search engine you want to use from the menu (like Google). If the search engine you want to use doesn't appear in the menu, click Manage search engines.
  • In the Search Engines dialog that appears, select the search engine that you'd like to use from the list.
  • Click the Make default button that appears at the end of the row. Dont see the button? You may need to edit its URL. See details below on setting up a search engine.
If the search engine you want to use isn't on this list, see the steps below to add it as a new search engine option.


Step-5

Disable/Uninstall Chrome Plug-ins

  • Open the Chrome browser.
  • In the Address bar or Omni bar, type the following:

    chrome://plugins
  • On the Plug-ins page, find the Wajam plug-in. There should be an option to Disable or Uninstall the plug-in. If the Uninstall option is available, choose it. Otherwise Disable the plug-in.

IF you can't find the plug-in that way:

  • Click the tools menu icon on the browser toolbar.

    Posted Image
  • Click Settings
  • Click Show advanced settings
  • In the Privacy section, click the Content Settings button.
  • Click Plug-ins
  • Click Disable individual plug-ins
  • Find the plug-in listed above and Disable it.

Step-6.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\DOCUME~1\Dawn\LOCALS~1\Temp\WKT7A99\/JTi.exe.
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply

Step-7.

Please run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-8.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The VirusTotal url link
2. The OTL fixes log
3. The AdwCleamer[S2].txt log
4. The JRT.txt log
5. The new OTL.txt log
6. How is the computer running now?
  • 0

#29
Racingal60

Racingal60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
OK - didn't go as well as I had hoped.

copy and pasted the information into OTL and then "run fix" It asked me to reboot, which I did - but when it got to the point that it should come back up it hung up. I left it that way for about 10 minutes and finally pressed the power button to shut down and booted it back up that way. It rebooted fine then.

OTL Log below:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service SBRE stopped successfully!
Service SBRE deleted successfully!
File C:\WINDOWS\system32\drivers\SBREdrv.sys not found.
Service Lbd stopped successfully!
Service Lbd deleted successfully!
File system32\DRIVERS\Lbd.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-866049194-2568044671-1873219407-1011\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-866049194-2568044671-1873219407-1011\Software\Microsoft\Internet Explorer\SearchScopes\{526F73A0-67F1-47F1-B5F8-3E521DA68890}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{526F73A0-67F1-47F1-B5F8-3E521DA68890}\ not found.
Registry value HKEY_USERS\S-1-5-21-866049194-2568044671-1873219407-1011\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {123FE8C9-0BDC-4946-A854-DDBA7398CF64}
C:\WINDOWS\Downloaded Program Files\ftwebupdate.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{123FE8C9-0BDC-4946-A854-DDBA7398CF64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{123FE8C9-0BDC-4946-A854-DDBA7398CF64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{123FE8C9-0BDC-4946-A854-DDBA7398CF64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{123FE8C9-0BDC-4946-A854-DDBA7398CF64}\ not found.
Starting removal of ActiveX control {6E2510E6-BF2D-4C78-9F28-2F5C8760F124}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E2510E6-BF2D-4C78-9F28-2F5C8760F124}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E2510E6-BF2D-4C78-9F28-2F5C8760F124}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6E2510E6-BF2D-4C78-9F28-2F5C8760F124}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E2510E6-BF2D-4C78-9F28-2F5C8760F124}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Dawn\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dawn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Dawn
->Temp folder emptied: 2456564 bytes
->Temporary Internet Files folder emptied: 7204087 bytes
->Google Chrome cache emptied: 361197767 bytes
->Flash cache emptied: 869 bytes

User: Dawn May 2012 Restore

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Gina Dorr
->Temp folder emptied: 430103778 bytes
->Temporary Internet Files folder emptied: 30368891 bytes
->Java cache emptied: 2623575 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2519 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 127576 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 699985 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3295998 bytes

Total Files Cleaned = 799.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07262013_121959

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Then I re-ran the AdwCleaner and this is that scan log:

# AdwCleaner v2.306 - Logfile created 07/26/2013 at 12:34:12
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dawn - GINA1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dawn\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Dawn\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\Dawn\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Documents and Settings\Gina Dorr\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Dawn\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.3108] : urls_to_restore_on_startup = [ "hxxp://www.excite.com/", "hxxp://mysearch.avg.com/?cid={E220B[...]

*************************

AdwCleaner[R1].txt - [2076 octets] - [18/07/2013 14:02:12]
AdwCleaner[R2].txt - [2136 octets] - [19/07/2013 08:27:36]
AdwCleaner[R3].txt - [2196 octets] - [19/07/2013 08:29:31]
AdwCleaner[R4].txt - [2256 octets] - [19/07/2013 08:30:56]
AdwCleaner[R5].txt - [2316 octets] - [19/07/2013 08:32:13]
AdwCleaner[R6].txt - [2369 octets] - [22/07/2013 08:56:42]
AdwCleaner[S1].txt - [2404 octets] - [19/07/2013 08:32:34]
AdwCleaner[S2].txt - [1914 octets] - [26/07/2013 12:34:12]

########## EOF - C:\AdwCleaner[S2].txt - [1974 octets] ##########


Then I ran the Junkware Removal Tool and that log is below:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.3 (07.25.2013:1)
OS: Microsoft Windows XP x86
Ran by Dawn on Fri 07/26/2013 at 12:41:34.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/26/2013 at 12:43:53.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

That part was all good.

Then I got to step 4 and everything went downhill from there. :(

First, there was nothing in the Manage search engines place (besides google). Whitesmoke was not there.

I then went into disable/uninstall chrome plug-ins and there were 13 plug-ins but Wajam was not there. I looked the other way also and that wasn't there either.

I opened Virustotal File Upload and copy and pasted you file in - and it could not find it. :( SO...since the last 3 steps hadn't worked - I did not rerun OTL. If you want me to do so, I will but thought I'd better ask you first.

Let me know.

Thanks again for your help so far. Oh - and when I open Chrome up - I still get the AVG and the Whitesmoke tabs. :(

Roxie

Edited by Racingal60, 26 July 2013 - 12:07 PM.

  • 0

#30
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Yes, please run the OTL scan.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP