Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

who is real and who isnt?


  • Please log in to reply

#1
islandcat802

islandcat802

    Member

  • Member
  • PipPip
  • 20 posts
K have ran with your help so many programs to clean up computer. My yahoo email was hacked. Finally found phone number for yahoo and has them to into my computer remotely. They said I am attacked up to 10 times a day from foreign sites, total to date 2241 hacks. Thats why I am locked out of my email and doesnt matter how many times I have changed my email, passwords etc. or anyone else who uses this computer they can get at anything they want including my bank account. So he suggested I let them work on my computer as there is a lot to be done and every minute I wait the more attacks. oh and lots of trojans. I thought we cleaned this up so well. To an end this is what they suggested:

1 remove all the hackers connection from your computer
2 remove all the trojen/spyware/keyloggers
3 update your windows
4 update your ip address
5 dfragg
6 put your all account on the secure server

one time fix 149.99 dollars

So then I asked him how do I know he is real, he said you called me but it is not yahoos fault.

I said I might as well just throw the computer out and buy a new cheap one, get a new one every six months lol. He said I will still get attacked. Also to get rid of free Avast, useless.
Any idea what I should do? Start a clean up through here again? I guess this guy is real but now I dont feel so sure.
Thanks Lynda
Oh and he said my cell phone will be infected too. Geez
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Don't know where you got the number. As far as I know Yahoo doesn't know anything about malware or how to remove it. Perhaps you were talking to the guy who hacked into your computer?

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
islandcat802

islandcat802

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you.

OTL

Attached File  OTL.Txt   72.49KB   74 downloads

Custom scanAttached File  OTL.Txt   72.49KB   74 downloads

OTL logfile created on: 20/04/2013 7:30:40 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.46 Gb Available Physical Memory | 23.11% Memory free
3.85 Gb Paging File | 2.46 Gb Available in Paging File | 64.06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 268.56 Gb Free Space | 90.10% Space Free | Partition Type: NTFS

Computer Name: DISCOVERY_OEM | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/10 13:02:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/21 03:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/08/21 03:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/20 13:58:35 | 002,083,840 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13042001\algo.dll
MOD - [2013/04/20 03:05:58 | 002,083,840 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13042000\algo.dll
MOD - [2013/04/07 20:27:56 | 003,043,664 | -HS- | M] () -- \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\PlayReady\Cache\S-1-5-21-1645522239-583907252-725345543-1003\MSPRindiv01.key
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/26 01:12:26 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/13 12:25:53 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/21 03:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/20 14:58:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/21 03:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 03:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 03:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 03:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 03:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 03:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 03:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/30 12:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/04/01 14:33:16 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/12/17 18:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/11/23 18:11:40 | 004,025,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/09/30 13:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/30 13:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2004/08/14 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://downloads.php....php?rvs=hompag
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9FFEF30A-D2AE-4A93-9577-1203BF3B86E1}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKLM\..\SearchScopes\{BB9BA413-7F43-4233-AC85-6D2632555A72}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKLM\..\SearchScopes\{FB5DFC86-1DF5-4D58-B0D3-EB973EB80897}: "URL" = http://downloads.php....php?rvs=hompag

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.ca/http://www.g [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 23 AC EC 2C 2F CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {2E9C6C0B-B9F1-4F2E-8D54-93EE5B642145}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1CB2E03F-BA9F-42D8-A834-F833E39622AC}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{2E9C6C0B-B9F1-4F2E-8D54-93EE5B642145}: "URL" = http://ca.search.yah...f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9FFEF30A-D2AE-4A93-9577-1203BF3B86E1}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKCU\..\SearchScopes\{BB9BA413-7F43-4233-AC85-6D2632555A72}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKCU\..\SearchScopes\{FB5DFC86-1DF5-4D58-B0D3-EB973EB80897}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/12/02 18:37:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2013/01/30 21:02:23 | 000,000,000 | ---D | M]

[2012/11/17 17:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2012/11/17 17:05:54 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/03/18 18:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions
[2013/03/20 16:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\extensions
[2013/01/30 11:27:42 | 000,205,094 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/12/13 13:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/01/26 18:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://ca.search.yah...r=spigot-yhp-ch
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhpigdnmefdjeemeldnnmbckmpogpbji\1.0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2013/03/21 12:20:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.photolab....veX_Control.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{275653CB-8F3C-4F52-8A8C-C937D8E1DEFE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/01 01:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/20 14:58:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/20 14:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2013/04/16 19:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/16 19:34:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/16 19:29:08 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/16 11:47:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/04/14 18:44:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/10 13:02:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/04/01 16:54:18 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\malware.exe
[2013/04/01 15:45:29 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx
[2013/04/01 15:45:29 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2013/04/01 15:45:29 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2013/04/01 15:45:29 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2013/04/01 15:45:29 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2013/04/01 15:45:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2013/04/01 15:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TFP
[2013/04/01 15:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\AppData
[2013/03/23 16:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2013/03/21 22:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/03/21 20:45:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER

========== Files - Modified Within 30 Days ==========

[2013/04/20 19:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/20 18:56:06 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6EE35779-6B64-4A9A-955D-9B8C948635F2}.job
[2013/04/20 16:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/20 14:58:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/20 12:50:24 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/04/20 12:49:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/20 12:49:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/16 19:36:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/16 19:33:31 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/12 21:30:09 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 21:30:09 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/04/12 21:30:00 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/10 13:02:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/04/09 22:38:56 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2013/04/09 21:56:11 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/01 17:29:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/01 16:54:18 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\malware.exe
[2013/03/23 14:44:20 | 000,130,929 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\544250_10151368897547730_1019577790_n[1].jpg

========== Files Created - No Company Name ==========

[2013/04/16 19:34:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/09 22:38:56 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2013/03/23 14:44:48 | 000,130,929 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\544250_10151368897547730_1019577790_n[1].jpg
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/01/22 13:21:46 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/11/07 12:22:10 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Owner\Webmail.URL

========== ZeroAccess Check ==========

[2013/01/26 18:42:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#4
islandcat802

islandcat802

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I did run malawarebytes and got this.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.18.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: DISCOVERY_OEM [administrator]

20/04/2013 2:59:18 PM
MBAM-log-2013-04-20 (19-43-24).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303145
Time elapsed: 27 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{F353097F-A2C8-40D7-BBB4-5A675A7D4DE8}\RP860\A0193754.exe (PUP.BundleInstaller.OI) -> No action taken.

(end)
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Extras Log? Doesn't look like you did OTL right since I don't see any of the custom scan entries.

I'm not seeing anything but we can run some more scans. The thing with Yahoo is that it is apparently very easy to use a computer to guess passwords on an email account. Lots of people are getting hacked. Yahoo has started offering a two step authentication which you should probably sign up for after changing the password. When you change the password use a password at least 10 characters long.

Right click on the Avast ball and select About Avast. What Version does it say you have?

Uninstall Java. It appears you have a very vulnerable version.


Download aswMBR.exe to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.




Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

  • 0

#6
islandcat802

islandcat802

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks.
1. Avast version - 7.0.1466

Log aswMBR

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-21 13:45:35
-----------------------------
13:45:35.796 OS Version: Windows 5.1.2600 Service Pack 3
13:45:35.796 Number of processors: 2 586 0x4B02
13:45:35.812 ComputerName: DISCOVERY_OEM UserName: Owner
13:45:36.718 Initialize success
13:45:39.718 AVAST engine defs: 13042100
13:46:08.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
13:46:08.093 Disk 0 Vendor: ST3320620AS 3.AAJ Size: 305245MB BusType: 3
13:46:08.234 Disk 0 MBR read successfully
13:46:08.234 Disk 0 MBR scan
13:46:08.234 Disk 0 Windows XP default MBR code
13:46:08.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
13:46:08.234 Disk 0 scanning sectors +625121280
13:46:08.265 Disk 0 scanning C:\WINDOWS\system32\drivers
13:46:15.015 Service scanning
13:46:24.515 Modules scanning
13:46:29.703 AVAST engine scan C:\WINDOWS
13:46:32.890 AVAST engine scan C:\WINDOWS\system32
13:47:59.171 AVAST engine scan C:\WINDOWS\system32\drivers
13:48:12.671 AVAST engine scan C:\Documents and Settings\Owner
13:58:40.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
13:58:40.578 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

I ran combofix as directed but cannot find the C:\Combofix.txt report

TDSSkiller scan and scan again

OTL logfile created on: 20/04/2013 7:30:40 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.46 Gb Available Physical Memory | 23.11% Memory free
3.85 Gb Paging File | 2.46 Gb Available in Paging File | 64.06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 268.56 Gb Free Space | 90.10% Space Free | Partition Type: NTFS

Computer Name: DISCOVERY_OEM | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/10 13:02:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/21 03:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/08/21 03:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/20 13:58:35 | 002,083,840 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13042001\algo.dll
MOD - [2013/04/20 03:05:58 | 002,083,840 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13042000\algo.dll
MOD - [2013/04/07 20:27:56 | 003,043,664 | -HS- | M] () -- \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\PlayReady\Cache\S-1-5-21-1645522239-583907252-725345543-1003\MSPRindiv01.key
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/26 01:12:26 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/13 12:25:53 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/21 03:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/20 14:58:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/21 03:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 03:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 03:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 03:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 03:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 03:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 03:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/30 12:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/04/01 14:33:16 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/12/17 18:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/11/23 18:11:40 | 004,025,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/09/30 13:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/30 13:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2004/08/14 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://downloads.php....php?rvs=hompag
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9FFEF30A-D2AE-4A93-9577-1203BF3B86E1}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKLM\..\SearchScopes\{BB9BA413-7F43-4233-AC85-6D2632555A72}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKLM\..\SearchScopes\{FB5DFC86-1DF5-4D58-B0D3-EB973EB80897}: "URL" = http://downloads.php....php?rvs=hompag

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.ca/http://www.g [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 23 AC EC 2C 2F CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {2E9C6C0B-B9F1-4F2E-8D54-93EE5B642145}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1CB2E03F-BA9F-42D8-A834-F833E39622AC}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{2E9C6C0B-B9F1-4F2E-8D54-93EE5B642145}: "URL" = http://ca.search.yah...f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9FFEF30A-D2AE-4A93-9577-1203BF3B86E1}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKCU\..\SearchScopes\{BB9BA413-7F43-4233-AC85-6D2632555A72}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKCU\..\SearchScopes\{FB5DFC86-1DF5-4D58-B0D3-EB973EB80897}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/12/02 18:37:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2013/01/30 21:02:23 | 000,000,000 | ---D | M]

[2012/11/17 17:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2012/11/17 17:05:54 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/03/18 18:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions
[2013/03/20 16:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\extensions
[2013/01/30 11:27:42 | 000,205,094 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/12/13 13:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/01/26 18:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://ca.search.yah...r=spigot-yhp-ch
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhpigdnmefdjeemeldnnmbckmpogpbji\1.0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2013/03/21 12:20:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.photolab....veX_Control.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{275653CB-8F3C-4F52-8A8C-C937D8E1DEFE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/01 01:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/20 14:58:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/20 14:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2013/04/16 19:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/16 19:34:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/16 19:29:08 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/16 11:47:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/04/14 18:44:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/10 13:02:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/04/01 16:54:18 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\malware.exe
[2013/04/01 15:45:29 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx
[2013/04/01 15:45:29 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2013/04/01 15:45:29 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2013/04/01 15:45:29 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2013/04/01 15:45:29 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2013/04/01 15:45:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2013/04/01 15:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TFP
[2013/04/01 15:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\AppData
[2013/03/23 16:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2013/03/21 22:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/03/21 20:45:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER

========== Files - Modified Within 30 Days ==========

[2013/04/20 19:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/20 18:56:06 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6EE35779-6B64-4A9A-955D-9B8C948635F2}.job
[2013/04/20 16:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/20 14:58:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/20 12:50:24 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/04/20 12:49:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/20 12:49:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/16 19:36:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/16 19:33:31 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/12 21:30:09 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 21:30:09 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/04/12 21:30:00 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/10 13:02:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/04/09 22:38:56 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2013/04/09 21:56:11 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/01 17:29:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/01 16:54:18 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\malware.exe
[2013/03/23 14:44:20 | 000,130,929 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\544250_10151368897547730_1019577790_n[1].jpg

========== Files Created - No Company Name ==========

[2013/04/16 19:34:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/09 22:38:56 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2013/03/23 14:44:48 | 000,130,929 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\544250_10151368897547730_1019577790_n[1].jpg
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/01/22 13:21:46 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/11/07 12:22:10 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Owner\Webmail.URL

========== ZeroAccess Check ==========

[2013/01/26 18:42:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Eventviewwe - Right clicked on system and cleared log. Repeated

Eventviewer - Output log

Vino's Event Viewer v01c run on Windows XP in English
Report run at 21/04/2013 2:23:08 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/04/2013 2:18:29 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk0\D during a paging operation.

adwCleaner

# AdwCleaner v2.200 - Logfile created 04/21/2013 at 14:24:54
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - DISCOVERY_OEM
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S3].txt - [850 octets] - [14/04/2013 14:04:28]
AdwCleaner[S4].txt - [782 octets] - [21/04/2013 14:24:54]

########## EOF - C:\AdwCleaner[S4].txt - [841 octets] ##########


During some of this process I did notice a couple of threats. I plan to delete my yahoo email will that stop the hacking?
  • 0

#7
islandcat802

islandcat802

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
by the way I have no idea why this is duplicating.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Can you post the TDSSKiller and Combofix logs and also the OTL Extras log?

Event: 51 Source: Disk
An error was detected on device \Device\Harddisk0\D during a paging operation.

Probably an error with your C: even tho it says D.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

So far no infections. I think it's just yahoo email.

You need to update Avast. It should be version 8. Since you are worried about hack attacks I would also install the free version of Online Armor. This is one of the better firewalls and will block most attacks.
  • 0

#9
islandcat802

islandcat802

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Please just bear with me. I had everything done and then got booted. To date I have upgraded Avast, got rid of Java and added Online Armor. I will try and give you all the reports again. I also noticed another duplication of one of my posts. I have no idea why this is happening.
  • 0

#10
islandcat802

islandcat802

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
21:17:18.0328 3872 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:17:19.0078 3872 ============================================================
21:17:19.0078 3872 Current date / time: 2013/04/22 21:17:19.0078
21:17:19.0078 3872 SystemInfo:
21:17:19.0078 3872
21:17:19.0078 3872 OS Version: 5.1.2600 ServicePack: 3.0
21:17:19.0078 3872 Product type: Workstation
21:17:19.0093 3872 ComputerName: DISCOVERY_OEM
21:17:19.0093 3872 UserName: Owner
21:17:19.0093 3872 Windows directory: C:\WINDOWS
21:17:19.0093 3872 System windows directory: C:\WINDOWS
21:17:19.0093 3872 Processor architecture: Intel x86
21:17:19.0093 3872 Number of processors: 2
21:17:19.0093 3872 Page size: 0x1000
21:17:19.0093 3872 Boot type: Normal boot
21:17:19.0093 3872 ============================================================
21:17:21.0062 3872 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:17:21.0062 3872 ============================================================
21:17:21.0062 3872 \Device\Harddisk0\DR0:
21:17:21.0062 3872 MBR partitions:
21:17:21.0062 3872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
21:17:21.0062 3872 ============================================================
21:17:21.0093 3872 C: <-> \Device\Harddisk0\DR0\Partition1
21:17:21.0093 3872 ============================================================
21:17:21.0109 3872 Initialize success
21:17:21.0109 3872 ============================================================
21:17:23.0781 2988 ============================================================
21:17:23.0781 2988 Scan started
21:17:23.0781 2988 Mode: Manual;
21:17:23.0781 2988 ============================================================
21:17:24.0218 2988 ================ Scan system memory ========================
21:17:24.0218 2988 System memory - ok
21:17:24.0218 2988 ================ Scan services =============================
21:17:24.0281 2988 Abiosdsk - ok
21:17:24.0281 2988 abp480n5 - ok
21:17:24.0328 2988 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:17:24.0328 2988 ACPI - ok
21:17:24.0359 2988 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:17:24.0359 2988 ACPIEC - ok
21:17:24.0421 2988 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:17:24.0421 2988 AdobeFlashPlayerUpdateSvc - ok
21:17:24.0421 2988 adpu160m - ok
21:17:24.0453 2988 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:17:24.0468 2988 aec - ok
21:17:24.0515 2988 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:17:24.0515 2988 AFD - ok
21:17:24.0515 2988 Aha154x - ok
21:17:24.0515 2988 aic78u2 - ok
21:17:24.0531 2988 aic78xx - ok
21:17:24.0640 2988 [ E1B23E1463ADCCA8637532D6B170CC32 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:17:24.0734 2988 ALCXWDM - ok
21:17:24.0796 2988 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:17:24.0796 2988 Alerter - ok
21:17:24.0812 2988 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:17:24.0812 2988 ALG - ok
21:17:24.0812 2988 AliIde - ok
21:17:24.0812 2988 amsint - ok
21:17:24.0937 2988 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:17:24.0937 2988 Apple Mobile Device - ok
21:17:24.0937 2988 AppMgmt - ok
21:17:24.0953 2988 asc - ok
21:17:24.0953 2988 asc3350p - ok
21:17:24.0953 2988 asc3550 - ok
21:17:25.0000 2988 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
21:17:25.0000 2988 AsIO - ok
21:17:25.0109 2988 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:17:25.0109 2988 aspnet_state - ok
21:17:25.0125 2988 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:17:25.0125 2988 aswFsBlk - ok
21:17:25.0140 2988 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
21:17:25.0140 2988 aswMonFlt - ok
21:17:25.0156 2988 [ C1A411B7CCD604554D96EFDAC2F83617 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
21:17:25.0171 2988 aswRdr - ok
21:17:25.0171 2988 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
21:17:25.0171 2988 aswRvrt - ok
21:17:25.0218 2988 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:17:25.0234 2988 aswSnx - ok
21:17:25.0250 2988 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:17:25.0265 2988 aswSP - ok
21:17:25.0281 2988 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:17:25.0281 2988 aswTdi - ok
21:17:25.0312 2988 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
21:17:25.0312 2988 aswVmm - ok
21:17:25.0343 2988 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:17:25.0343 2988 AsyncMac - ok
21:17:25.0390 2988 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:17:25.0390 2988 atapi - ok
21:17:25.0406 2988 Atdisk - ok
21:17:25.0421 2988 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:17:25.0421 2988 Atmarpc - ok
21:17:25.0453 2988 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:17:25.0453 2988 AudioSrv - ok
21:17:25.0500 2988 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:17:25.0500 2988 audstub - ok
21:17:25.0578 2988 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
21:17:25.0578 2988 avast! Antivirus - ok
21:17:25.0625 2988 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:17:25.0625 2988 Beep - ok
21:17:25.0671 2988 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:17:25.0687 2988 BITS - ok
21:17:25.0765 2988 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:17:25.0781 2988 Bonjour Service - ok
21:17:25.0812 2988 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:17:25.0812 2988 Browser - ok
21:17:25.0953 2988 catchme - ok
21:17:25.0984 2988 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:17:25.0984 2988 cbidf2k - ok
21:17:25.0984 2988 cd20xrnt - ok
21:17:25.0984 2988 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:17:26.0000 2988 Cdaudio - ok
21:17:26.0015 2988 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:17:26.0031 2988 Cdfs - ok
21:17:26.0046 2988 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:17:26.0046 2988 Cdrom - ok
21:17:26.0046 2988 Changer - ok
21:17:26.0062 2988 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:17:26.0078 2988 CiSvc - ok
21:17:26.0093 2988 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:17:26.0093 2988 ClipSrv - ok
21:17:26.0125 2988 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:17:26.0171 2988 clr_optimization_v2.0.50727_32 - ok
21:17:26.0218 2988 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:17:26.0281 2988 clr_optimization_v4.0.30319_32 - ok
21:17:26.0296 2988 CmdIde - ok
21:17:26.0296 2988 COMSysApp - ok
21:17:26.0312 2988 Cpqarray - ok
21:17:26.0328 2988 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:17:26.0328 2988 CryptSvc - ok
21:17:26.0343 2988 dac2w2k - ok
21:17:26.0343 2988 dac960nt - ok
21:17:26.0390 2988 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:17:26.0406 2988 DcomLaunch - ok
21:17:26.0453 2988 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:17:26.0453 2988 Dhcp - ok
21:17:26.0484 2988 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:17:26.0484 2988 Disk - ok
21:17:26.0500 2988 dmadmin - ok
21:17:26.0546 2988 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:17:26.0593 2988 dmboot - ok
21:17:26.0625 2988 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:17:26.0625 2988 dmio - ok
21:17:26.0640 2988 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:17:26.0640 2988 dmload - ok
21:17:26.0656 2988 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:17:26.0671 2988 dmserver - ok
21:17:26.0703 2988 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:17:26.0718 2988 DMusic - ok
21:17:26.0734 2988 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:17:26.0750 2988 Dnscache - ok
21:17:26.0765 2988 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:17:26.0781 2988 Dot3svc - ok
21:17:26.0781 2988 dpti2o - ok
21:17:26.0812 2988 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:17:26.0812 2988 drmkaud - ok
21:17:26.0828 2988 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:17:26.0828 2988 EapHost - ok
21:17:26.0859 2988 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:17:26.0875 2988 ERSvc - ok
21:17:26.0906 2988 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:17:26.0937 2988 Eventlog - ok
21:17:26.0953 2988 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:17:26.0968 2988 EventSystem - ok
21:17:26.0984 2988 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:17:27.0000 2988 Fastfat - ok
21:17:27.0031 2988 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:17:27.0046 2988 FastUserSwitchingCompatibility - ok
21:17:27.0093 2988 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:17:27.0093 2988 Fdc - ok
21:17:27.0125 2988 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:17:27.0140 2988 Fips - ok
21:17:27.0140 2988 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:17:27.0140 2988 Flpydisk - ok
21:17:27.0187 2988 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:17:27.0187 2988 FltMgr - ok
21:17:27.0218 2988 [ 8EFA9BFC940D9EB9348D9DAFB839FE25 ] FlyUsb C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
21:17:27.0218 2988 FlyUsb - ok
21:17:27.0281 2988 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:17:27.0281 2988 FontCache3.0.0.0 - ok
21:17:27.0296 2988 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:17:27.0312 2988 Fs_Rec - ok
21:17:27.0328 2988 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:17:27.0328 2988 Ftdisk - ok
21:17:27.0390 2988 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:17:27.0390 2988 GEARAspiWDM - ok
21:17:27.0406 2988 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:17:27.0406 2988 Gpc - ok
21:17:27.0453 2988 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:17:27.0468 2988 gupdate - ok
21:17:27.0468 2988 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:17:27.0468 2988 gupdatem - ok
21:17:27.0484 2988 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:17:27.0500 2988 gusvc - ok
21:17:27.0531 2988 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:17:27.0531 2988 HDAudBus - ok
21:17:27.0609 2988 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:17:27.0609 2988 helpsvc - ok
21:17:27.0625 2988 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:17:27.0625 2988 HidServ - ok
21:17:27.0656 2988 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:17:27.0656 2988 HidUsb - ok
21:17:27.0687 2988 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:17:27.0703 2988 hkmsvc - ok
21:17:27.0703 2988 hpn - ok
21:17:27.0750 2988 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:17:27.0750 2988 HTTP - ok
21:17:27.0781 2988 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:17:27.0796 2988 HTTPFilter - ok
21:17:27.0796 2988 i2omgmt - ok
21:17:27.0812 2988 i2omp - ok
21:17:27.0843 2988 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:17:27.0843 2988 i8042prt - ok
21:17:27.0906 2988 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:17:27.0937 2988 idsvc - ok
21:17:27.0968 2988 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:17:27.0968 2988 Imapi - ok
21:17:28.0015 2988 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:17:28.0015 2988 ImapiService - ok
21:17:28.0031 2988 ini910u - ok
21:17:28.0031 2988 IntelIde - ok
21:17:28.0062 2988 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:17:28.0062 2988 Ip6Fw - ok
21:17:28.0078 2988 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:17:28.0093 2988 IpFilterDriver - ok
21:17:28.0093 2988 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:17:28.0093 2988 IpInIp - ok
21:17:28.0125 2988 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:17:28.0125 2988 IpNat - ok
21:17:28.0140 2988 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:17:28.0140 2988 IPSec - ok
21:17:28.0156 2988 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:17:28.0171 2988 IRENUM - ok
21:17:28.0187 2988 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:17:28.0187 2988 isapnp - ok
21:17:28.0203 2988 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:17:28.0203 2988 Kbdclass - ok
21:17:28.0218 2988 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:17:28.0218 2988 kbdhid - ok
21:17:28.0250 2988 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:17:28.0265 2988 kmixer - ok
21:17:28.0281 2988 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:17:28.0296 2988 KSecDD - ok
21:17:28.0312 2988 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:17:28.0328 2988 lanmanserver - ok
21:17:28.0375 2988 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:17:28.0390 2988 lanmanworkstation - ok
21:17:28.0390 2988 lbrtfdc - ok
21:17:28.0421 2988 LeapFrog Connect Device Service - ok
21:17:28.0453 2988 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:17:28.0453 2988 LmHosts - ok
21:17:28.0484 2988 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:17:28.0484 2988 MBAMProtector - ok
21:17:28.0531 2988 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:17:28.0531 2988 MBAMScheduler - ok
21:17:28.0562 2988 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:17:28.0578 2988 MBAMService - ok
21:17:28.0609 2988 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:17:28.0625 2988 MBAMSwissArmy - ok
21:17:28.0640 2988 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:17:28.0671 2988 Messenger - ok
21:17:28.0687 2988 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:17:28.0703 2988 mnmdd - ok
21:17:28.0734 2988 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:17:28.0750 2988 mnmsrvc - ok
21:17:28.0765 2988 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:17:28.0781 2988 Modem - ok
21:17:28.0812 2988 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:17:28.0812 2988 Mouclass - ok
21:17:28.0843 2988 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:17:28.0859 2988 mouhid - ok
21:17:28.0859 2988 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:17:28.0859 2988 MountMgr - ok
21:17:28.0875 2988 mraid35x - ok
21:17:28.0875 2988 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:17:28.0875 2988 MRxDAV - ok
21:17:28.0921 2988 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:17:28.0937 2988 MRxSmb - ok
21:17:28.0953 2988 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:17:28.0968 2988 MSDTC - ok
21:17:28.0968 2988 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:17:28.0968 2988 Msfs - ok
21:17:28.0984 2988 MSIServer - ok
21:17:29.0000 2988 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:17:29.0000 2988 MSKSSRV - ok
21:17:29.0015 2988 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:17:29.0031 2988 MSPCLOCK - ok
21:17:29.0031 2988 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:17:29.0046 2988 MSPQM - ok
21:17:29.0046 2988 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:17:29.0046 2988 mssmbios - ok
21:17:29.0093 2988 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:17:29.0093 2988 MTsensor - ok
21:17:29.0125 2988 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:17:29.0125 2988 Mup - ok
21:17:29.0171 2988 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:17:29.0203 2988 napagent - ok
21:17:29.0234 2988 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:17:29.0234 2988 NDIS - ok
21:17:29.0265 2988 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:17:29.0265 2988 NdisTapi - ok
21:17:29.0296 2988 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:17:29.0296 2988 Ndisuio - ok
21:17:29.0312 2988 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:17:29.0312 2988 NdisWan - ok
21:17:29.0359 2988 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:17:29.0359 2988 NDProxy - ok
21:17:29.0359 2988 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:17:29.0375 2988 NetBIOS - ok
21:17:29.0375 2988 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:17:29.0375 2988 NetBT - ok
21:17:29.0406 2988 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:17:29.0421 2988 NetDDE - ok
21:17:29.0421 2988 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:17:29.0437 2988 NetDDEdsdm - ok
21:17:29.0468 2988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:17:29.0468 2988 Netlogon - ok
21:17:29.0515 2988 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:17:29.0531 2988 Netman - ok
21:17:29.0562 2988 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:17:29.0625 2988 NetTcpPortSharing - ok
21:17:29.0656 2988 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:17:29.0671 2988 Nla - ok
21:17:29.0687 2988 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:17:29.0687 2988 Npfs - ok
21:17:29.0703 2988 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:17:29.0718 2988 Ntfs - ok
21:17:29.0734 2988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:17:29.0734 2988 NtLmSsp - ok
21:17:29.0765 2988 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:17:29.0781 2988 NtmsSvc - ok
21:17:29.0828 2988 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:17:29.0828 2988 Null - ok
21:17:30.0171 2988 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:17:30.0500 2988 nv - ok
21:17:30.0546 2988 [ 0344AA9113DC16EEC379F4652020849D ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
21:17:30.0562 2988 nvata - ok
21:17:30.0578 2988 [ A545DF28F75BCB109A3AADBB07552B12 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:17:30.0578 2988 NVENETFD - ok
21:17:30.0593 2988 [ EA41F641420F3D8271804D287C1EF461 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:17:30.0609 2988 nvnetbus - ok
21:17:30.0656 2988 [ CC4F8220EAD1F6A38D51679708F435B9 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
21:17:30.0656 2988 nvsvc - ok
21:17:30.0687 2988 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:17:30.0687 2988 NwlnkFlt - ok
21:17:30.0703 2988 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:17:30.0703 2988 NwlnkFwd - ok
21:17:30.0828 2988 [ 1A008CBB313F7A6644B883AE1829393B ] OAcat C:\Program Files\Online Armor\OAcat.exe
21:17:30.0828 2988 OAcat - ok
21:17:30.0843 2988 [ C0BA927C3A1A62F2BF664F242D91C082 ] OADevice C:\WINDOWS\system32\drivers\OADriver.sys
21:17:30.0843 2988 OADevice - ok
21:17:30.0859 2988 [ C968369E2BC5F6A8426C1E7D78E33F1B ] oahlpXX C:\WINDOWS\system32\drivers\oahlp32.sys
21:17:30.0859 2988 oahlpXX - ok
21:17:30.0875 2988 [ 04E7E92CD91E61E0CC1BDF849032AD81 ] OAmon C:\WINDOWS\system32\drivers\OAmon.sys
21:17:30.0875 2988 OAmon - ok
21:17:30.0890 2988 [ F3250D94BEE44A0D00939F10830B3563 ] OAnet C:\WINDOWS\system32\drivers\OAnet.sys
21:17:30.0890 2988 OAnet - ok
21:17:30.0937 2988 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:17:30.0937 2988 Parport - ok
21:17:30.0937 2988 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:17:30.0953 2988 PartMgr - ok
21:17:30.0984 2988 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:17:30.0984 2988 ParVdm - ok
21:17:30.0984 2988 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:17:31.0000 2988 PCI - ok
21:17:31.0000 2988 PCIDump - ok
21:17:31.0015 2988 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:17:31.0015 2988 PCIIde - ok
21:17:31.0031 2988 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:17:31.0046 2988 Pcmcia - ok
21:17:31.0046 2988 PDCOMP - ok
21:17:31.0046 2988 PDFRAME - ok
21:17:31.0062 2988 PDRELI - ok
21:17:31.0062 2988 PDRFRAME - ok
21:17:31.0062 2988 perc2 - ok
21:17:31.0078 2988 perc2hib - ok
21:17:31.0109 2988 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:17:31.0125 2988 PlugPlay - ok
21:17:31.0125 2988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:17:31.0125 2988 PolicyAgent - ok
21:17:31.0140 2988 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:17:31.0140 2988 PptpMiniport - ok
21:17:31.0156 2988 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:17:31.0156 2988 Processor - ok
21:17:31.0156 2988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:17:31.0171 2988 ProtectedStorage - ok
21:17:31.0187 2988 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:17:31.0187 2988 Ptilink - ok
21:17:31.0203 2988 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:17:31.0203 2988 PxHelp20 - ok
21:17:31.0203 2988 ql1080 - ok
21:17:31.0218 2988 Ql10wnt - ok
21:17:31.0218 2988 ql12160 - ok
21:17:31.0234 2988 ql1240 - ok
21:17:31.0234 2988 ql1280 - ok
21:17:31.0250 2988 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:17:31.0250 2988 RasAcd - ok
21:17:31.0281 2988 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:17:31.0296 2988 RasAuto - ok
21:17:31.0312 2988 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:17:31.0328 2988 Rasl2tp - ok
21:17:31.0375 2988 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:17:31.0390 2988 RasMan - ok
21:17:31.0390 2988 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:17:31.0390 2988 RasPppoe - ok
21:17:31.0406 2988 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:17:31.0406 2988 Raspti - ok
21:17:31.0421 2988 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:17:31.0421 2988 Rdbss - ok
21:17:31.0421 2988 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:17:31.0437 2988 RDPCDD - ok
21:17:31.0468 2988 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:17:31.0484 2988 RDPWD - ok
21:17:31.0484 2988 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:17:31.0500 2988 RDSessMgr - ok
21:17:31.0531 2988 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:17:31.0531 2988 redbook - ok
21:17:31.0562 2988 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:17:31.0578 2988 RemoteAccess - ok
21:17:31.0593 2988 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
21:17:31.0609 2988 Revoflt - ok
21:17:31.0609 2988 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:17:31.0625 2988 RpcLocator - ok
21:17:31.0656 2988 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:17:31.0671 2988 RpcSs - ok
21:17:31.0703 2988 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:17:31.0734 2988 RSVP - ok
21:17:31.0765 2988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:17:31.0765 2988 SamSs - ok
21:17:31.0796 2988 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:17:31.0796 2988 SCardSvr - ok
21:17:31.0859 2988 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:17:31.0875 2988 Schedule - ok
21:17:31.0890 2988 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:17:31.0890 2988 Secdrv - ok
21:17:31.0890 2988 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:17:31.0906 2988 seclogon - ok
21:17:31.0921 2988 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:17:31.0937 2988 SENS - ok
21:17:31.0937 2988 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:17:31.0953 2988 serenum - ok
21:17:31.0953 2988 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:17:31.0953 2988 Serial - ok
21:17:31.0984 2988 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:17:31.0984 2988 Sfloppy - ok
21:17:32.0031 2988 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:17:32.0046 2988 SharedAccess - ok
21:17:32.0062 2988 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:17:32.0078 2988 ShellHWDetection - ok
21:17:32.0078 2988 Simbad - ok
21:17:32.0078 2988 Sparrow - ok
21:17:32.0125 2988 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:17:32.0125 2988 splitter - ok
21:17:32.0156 2988 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:17:32.0171 2988 Spooler - ok
21:17:32.0171 2988 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:17:32.0187 2988 sr - ok
21:17:32.0187 2988 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:17:32.0203 2988 srservice - ok
21:17:32.0234 2988 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:17:32.0250 2988 Srv - ok
21:17:32.0281 2988 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:17:32.0296 2988 SSDPSRV - ok
21:17:32.0312 2988 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:17:32.0343 2988 stisvc - ok
21:17:32.0453 2988 [ A54B4FBC24C4EDE34BEB5F8D8974752A ] SvcOnlineArmor C:\Program Files\Online Armor\oasrv.exe
21:17:32.0484 2988 SvcOnlineArmor - ok
21:17:32.0515 2988 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:17:32.0531 2988 swenum - ok
21:17:32.0531 2988 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:17:32.0531 2988 swmidi - ok
21:17:32.0546 2988 SwPrv - ok
21:17:32.0546 2988 symc810 - ok
21:17:32.0546 2988 symc8xx - ok
21:17:32.0562 2988 sym_hi - ok
21:17:32.0562 2988 sym_u3 - ok
21:17:32.0578 2988 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:17:32.0734 2988 sysaudio - ok
21:17:32.0781 2988 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:17:32.0796 2988 SysmonLog - ok
21:17:32.0828 2988 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:17:32.0859 2988 TapiSrv - ok
21:17:33.0031 2988 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:17:33.0046 2988 Tcpip - ok
21:17:33.0062 2988 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:17:33.0078 2988 TDPIPE - ok
21:17:33.0109 2988 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:17:33.0125 2988 TDTCP - ok
21:17:33.0140 2988 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:17:33.0140 2988 TermDD - ok
21:17:33.0250 2988 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:17:33.0421 2988 TermService - ok
21:17:33.0468 2988 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:17:33.0484 2988 Themes - ok
21:17:33.0484 2988 TosIde - ok
21:17:33.0515 2988 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:17:33.0531 2988 TrkWks - ok
21:17:33.0562 2988 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:17:33.0578 2988 Udfs - ok
21:17:33.0578 2988 ultra - ok
21:17:33.0703 2988 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:17:33.0875 2988 Update - ok
21:17:33.0921 2988 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:17:34.0031 2988 upnphost - ok
21:17:34.0046 2988 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:17:34.0046 2988 UPS - ok
21:17:34.0093 2988 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:17:34.0093 2988 USBAAPL - ok
21:17:34.0140 2988 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:17:34.0156 2988 usbccgp - ok
21:17:34.0187 2988 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:17:34.0218 2988 usbehci - ok
21:17:34.0250 2988 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:17:34.0265 2988 usbhub - ok
21:17:34.0296 2988 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:17:34.0312 2988 usbohci - ok
21:17:34.0359 2988 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:17:34.0375 2988 usbscan - ok
21:17:34.0390 2988 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:17:34.0406 2988 USBSTOR - ok
21:17:34.0437 2988 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:17:34.0437 2988 VgaSave - ok
21:17:34.0437 2988 ViaIde - ok
21:17:34.0468 2988 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:17:34.0500 2988 VolSnap - ok
21:17:34.0625 2988 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:17:34.0640 2988 VSS - ok
21:17:34.0703 2988 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:17:34.0718 2988 W32Time - ok
21:17:34.0765 2988 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:17:34.0796 2988 Wanarp - ok
21:17:34.0796 2988 WDICA - ok
21:17:34.0843 2988 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:17:34.0875 2988 wdmaud - ok
21:17:35.0046 2988 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:17:35.0062 2988 WebClient - ok
21:17:35.0265 2988 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:17:35.0328 2988 winmgmt - ok
21:17:35.0390 2988 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:17:35.0406 2988 WmdmPmSN - ok
21:17:35.0484 2988 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:17:35.0515 2988 WmiApSrv - ok
21:17:35.0750 2988 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:17:35.0968 2988 WMPNetworkSvc - ok
21:17:36.0000 2988 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:17:36.0015 2988 WpdUsb - ok
21:17:36.0171 2988 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:17:36.0328 2988 WPFFontCache_v0400 - ok
21:17:36.0375 2988 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:17:36.0390 2988 WS2IFSL - ok
21:17:36.0421 2988 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:17:36.0437 2988 wscsvc - ok
21:17:36.0468 2988 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:17:36.0500 2988 wuauserv - ok
21:17:36.0546 2988 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:17:36.0562 2988 WudfPf - ok
21:17:36.0578 2988 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:17:36.0609 2988 WudfRd - ok
21:17:36.0640 2988 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:17:36.0687 2988 WudfSvc - ok
21:17:36.0828 2988 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:17:36.0937 2988 WZCSVC - ok
21:17:36.0968 2988 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:17:36.0984 2988 xmlprov - ok
21:17:37.0109 2988 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:17:37.0109 2988 YahooAUService - ok
21:17:37.0125 2988 ================ Scan global ===============================
21:17:37.0171 2988 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:17:37.0250 2988 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:17:37.0343 2988 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:17:37.0375 2988 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:17:37.0390 2988 [Global] - ok
21:17:37.0390 2988 ================ Scan MBR ==================================
21:17:37.0406 2988 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:17:38.0000 2988 \Device\Harddisk0\DR0 - ok
21:17:38.0000 2988 ================ Scan VBR ==================================
21:17:38.0000 2988 [ 93A83DEB4B5699128379382F2A2FC396 ] \Device\Harddisk0\DR0\Partition1
21:17:38.0000 2988 \Device\Harddisk0\DR0\Partition1 - ok
21:17:38.0000 2988 ============================================================
21:17:38.0000 2988 Scan finished
21:17:38.0000 2988 ============================================================
21:17:38.0031 3028 Detected object count: 0
21:17:38.0031 3028 Actual detected object count: 0
21:18:50.0828 0876 ============================================================
21:18:50.0828 0876 Scan started
21:18:50.0828 0876 Mode: Manual; SigCheck; TDLFS;
21:18:50.0828 0876 ============================================================
21:18:50.0906 0876 ================ Scan system memory ========================
21:18:50.0906 0876 System memory - ok
21:18:50.0906 0876 ================ Scan services =============================
21:18:50.0968 0876 Abiosdsk - ok
21:18:50.0968 0876 abp480n5 - ok
21:18:51.0015 0876 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:18:52.0015 0876 ACPI - ok
21:18:52.0046 0876 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:18:52.0234 0876 ACPIEC - ok
21:18:52.0296 0876 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:18:52.0343 0876 AdobeFlashPlayerUpdateSvc - ok
21:18:52.0343 0876 adpu160m - ok
21:18:52.0375 0876 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:18:52.0546 0876 aec - ok
21:18:52.0578 0876 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:18:52.0625 0876 AFD - ok
21:18:52.0625 0876 Aha154x - ok
21:18:52.0640 0876 aic78u2 - ok
21:18:52.0640 0876 aic78xx - ok
21:18:52.0765 0876 [ E1B23E1463ADCCA8637532D6B170CC32 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:18:52.0953 0876 ALCXWDM - ok
21:18:53.0000 0876 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:18:53.0156 0876 Alerter - ok
21:18:53.0187 0876 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:18:53.0265 0876 ALG - ok
21:18:53.0281 0876 AliIde - ok
21:18:53.0281 0876 amsint - ok
21:18:53.0406 0876 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:18:53.0437 0876 Apple Mobile Device - ok
21:18:53.0437 0876 AppMgmt - ok
21:18:53.0437 0876 asc - ok
21:18:53.0453 0876 asc3350p - ok
21:18:53.0453 0876 asc3550 - ok
21:18:53.0500 0876 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
21:18:53.0578 0876 AsIO - ok
21:18:53.0671 0876 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:18:53.0703 0876 aspnet_state - ok
21:18:53.0718 0876 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:18:53.0750 0876 aswFsBlk - ok
21:18:53.0765 0876 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
21:18:53.0796 0876 aswMonFlt - ok
21:18:53.0812 0876 [ C1A411B7CCD604554D96EFDAC2F83617 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
21:18:53.0843 0876 aswRdr - ok
21:18:53.0859 0876 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
21:18:53.0890 0876 aswRvrt - ok
21:18:53.0937 0876 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:18:53.0984 0876 aswSnx - ok
21:18:54.0000 0876 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:18:54.0031 0876 aswSP - ok
21:18:54.0062 0876 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:18:54.0093 0876 aswTdi - ok
21:18:54.0109 0876 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
21:18:54.0140 0876 aswVmm - ok
21:18:54.0171 0876 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:18:54.0343 0876 AsyncMac - ok
21:18:54.0375 0876 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:18:54.0578 0876 atapi - ok
21:18:54.0578 0876 Atdisk - ok
21:18:54.0593 0876 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:18:54.0796 0876 Atmarpc - ok
21:18:54.0828 0876 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:18:55.0015 0876 AudioSrv - ok
21:18:55.0062 0876 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:18:55.0234 0876 audstub - ok
21:18:55.0312 0876 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
21:18:55.0343 0876 avast! Antivirus - ok
21:18:55.0375 0876 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:18:55.0593 0876 Beep - ok
21:18:55.0640 0876 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:18:55.0843 0876 BITS - ok
21:18:55.0937 0876 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:18:55.0968 0876 Bonjour Service - ok
21:18:56.0015 0876 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:18:56.0062 0876 Browser - ok
21:18:56.0218 0876 catchme - ok
21:18:56.0234 0876 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:18:56.0437 0876 cbidf2k - ok
21:18:56.0437 0876 cd20xrnt - ok
21:18:56.0468 0876 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:18:56.0687 0876 Cdaudio - ok
21:18:56.0734 0876 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:18:56.0906 0876 Cdfs - ok
21:18:56.0921 0876 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:18:57.0109 0876 Cdrom - ok
21:18:57.0109 0876 Changer - ok
21:18:57.0125 0876 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:18:57.0312 0876 CiSvc - ok
21:18:57.0328 0876 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:18:57.0546 0876 ClipSrv - ok
21:18:57.0593 0876 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:18:57.0625 0876 clr_optimization_v2.0.50727_32 - ok
21:18:57.0656 0876 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:18:57.0687 0876 clr_optimization_v4.0.30319_32 - ok
21:18:57.0703 0876 CmdIde - ok
21:18:57.0703 0876 COMSysApp - ok
21:18:57.0718 0876 Cpqarray - ok
21:18:57.0765 0876 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:18:57.0953 0876 CryptSvc - ok
21:18:57.0968 0876 dac2w2k - ok
21:18:57.0968 0876 dac960nt - ok
21:18:58.0015 0876 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:18:58.0062 0876 DcomLaunch - ok
21:18:58.0125 0876 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:18:58.0343 0876 Dhcp - ok
21:18:58.0390 0876 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:18:58.0562 0876 Disk - ok
21:18:58.0562 0876 dmadmin - ok
21:18:58.0609 0876 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:18:58.0812 0876 dmboot - ok
21:18:58.0843 0876 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:18:59.0031 0876 dmio - ok
21:18:59.0062 0876 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:18:59.0250 0876 dmload - ok
21:18:59.0296 0876 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:18:59.0500 0876 dmserver - ok
21:18:59.0546 0876 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:18:59.0734 0876 DMusic - ok
21:18:59.0781 0876 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:18:59.0828 0876 Dnscache - ok
21:18:59.0859 0876 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:19:00.0031 0876 Dot3svc - ok
21:19:00.0046 0876 dpti2o - ok
21:19:00.0078 0876 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:19:00.0265 0876 drmkaud - ok
21:19:00.0296 0876 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:19:00.0500 0876 EapHost - ok
21:19:00.0515 0876 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:19:00.0703 0876 ERSvc - ok
21:19:00.0750 0876 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:19:00.0812 0876 Eventlog - ok
21:19:00.0828 0876 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:19:00.0875 0876 EventSystem - ok
21:19:00.0890 0876 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:19:01.0046 0876 Fastfat - ok
21:19:01.0093 0876 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:19:01.0187 0876 FastUserSwitchingCompatibility - ok
21:19:01.0203 0876 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:19:01.0421 0876 Fdc - ok
21:19:01.0453 0876 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:19:01.0656 0876 Fips - ok
21:19:01.0671 0876 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:19:01.0843 0876 Flpydisk - ok
21:19:01.0890 0876 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:19:02.0093 0876 FltMgr - ok
21:19:02.0109 0876 [ 8EFA9BFC940D9EB9348D9DAFB839FE25 ] FlyUsb C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
21:19:02.0125 0876 FlyUsb ( UnsignedFile.Multi.Generic ) - warning
21:19:02.0125 0876 FlyUsb - detected UnsignedFile.Multi.Generic (1)
21:19:02.0203 0876 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:19:02.0234 0876 FontCache3.0.0.0 - ok
21:19:02.0250 0876 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:19:02.0437 0876 Fs_Rec - ok
21:19:02.0484 0876 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:19:02.0687 0876 Ftdisk - ok
21:19:02.0734 0876 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:19:02.0750 0876 GEARAspiWDM - ok
21:19:02.0796 0876 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:19:02.0968 0876 Gpc - ok
21:19:03.0031 0876 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:19:03.0062 0876 gupdate - ok
21:19:03.0062 0876 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:19:03.0093 0876 gupdatem - ok
21:19:03.0125 0876 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:19:03.0156 0876 gusvc - ok
21:19:03.0187 0876 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:19:03.0375 0876 HDAudBus - ok
21:19:03.0453 0876 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:19:03.0640 0876 helpsvc - ok
21:19:03.0671 0876 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:19:03.0843 0876 HidServ - ok
21:19:03.0875 0876 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:19:04.0062 0876 HidUsb - ok
21:19:04.0093 0876 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:19:04.0312 0876 hkmsvc - ok
21:19:04.0328 0876 hpn - ok
21:19:04.0359 0876 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:19:04.0406 0876 HTTP - ok
21:19:04.0421 0876 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:19:04.0640 0876 HTTPFilter - ok
21:19:04.0640 0876 i2omgmt - ok
21:19:04.0656 0876 i2omp - ok
21:19:04.0703 0876 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:19:04.0875 0876 i8042prt - ok
21:19:04.0937 0876 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:19:05.0000 0876 idsvc - ok
21:19:05.0015 0876 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:19:05.0203 0876 Imapi - ok
21:19:05.0234 0876 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:19:05.0437 0876 ImapiService - ok
21:19:05.0437 0876 ini910u - ok
21:19:05.0453 0876 IntelIde - ok
21:19:05.0484 0876 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:19:05.0703 0876 Ip6Fw - ok
21:19:05.0734 0876 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:19:05.0890 0876 IpFilterDriver - ok
21:19:05.0906 0876 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:19:06.0093 0876 IpInIp - ok
21:19:06.0109 0876 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:19:06.0281 0876 IpNat - ok
21:19:06.0312 0876 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:19:06.0531 0876 IPSec - ok
21:19:06.0546 0876 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:19:06.0640 0876 IRENUM - ok
21:19:06.0656 0876 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:19:06.0796 0876 isapnp - ok
21:19:06.0812 0876 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:19:07.0000 0876 Kbdclass - ok
21:19:07.0000 0876 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:19:07.0203 0876 kbdhid - ok
21:19:07.0234 0876 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:19:07.0406 0876 kmixer - ok
21:19:07.0437 0876 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:19:07.0484 0876 KSecDD - ok
21:19:07.0515 0876 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:19:07.0578 0876 lanmanserver - ok
21:19:07.0625 0876 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:19:07.0671 0876 lanmanworkstation - ok
21:19:07.0687 0876 lbrtfdc - ok
21:19:07.0703 0876 LeapFrog Connect Device Service - ok
21:19:07.0734 0876 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:19:07.0937 0876 LmHosts - ok
21:19:07.0968 0876 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:19:08.0015 0876 MBAMProtector - ok
21:19:08.0093 0876 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:19:08.0125 0876 MBAMScheduler - ok
21:19:08.0156 0876 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:19:08.0203 0876 MBAMService - ok
21:19:08.0250 0876 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:19:08.0281 0876 MBAMSwissArmy - ok
21:19:08.0296 0876 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:19:08.0484 0876 Messenger - ok
21:19:08.0531 0876 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:19:08.0703 0876 mnmdd - ok
21:19:08.0750 0876 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:19:08.0937 0876 mnmsrvc - ok
21:19:08.0968 0876 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:19:09.0156 0876 Modem - ok
21:19:09.0187 0876 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:19:09.0390 0876 Mouclass - ok
21:19:09.0421 0876 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:19:09.0578 0876 mouhid - ok
21:19:09.0593 0876 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:19:09.0765 0876 MountMgr - ok
21:19:09.0765 0876 mraid35x - ok
21:19:09.0781 0876 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:19:09.0937 0876 MRxDAV - ok
21:19:09.0968 0876 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:19:10.0000 0876 MRxSmb - ok
21:19:10.0046 0876 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:19:10.0234 0876 MSDTC - ok
21:19:10.0250 0876 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:19:10.0421 0876 Msfs - ok
21:19:10.0421 0876 MSIServer - ok
21:19:10.0468 0876 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:19:10.0640 0876 MSKSSRV - ok
21:19:10.0640 0876 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:19:10.0843 0876 MSPCLOCK - ok
21:19:10.0843 0876 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:19:11.0031 0876 MSPQM - ok
21:19:11.0046 0876 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:19:11.0250 0876 mssmbios - ok
21:19:11.0281 0876 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:19:11.0312 0876 MTsensor - ok
21:19:11.0359 0876 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:19:11.0390 0876 Mup - ok
21:19:11.0437 0876 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:19:11.0593 0876 napagent - ok
21:19:11.0609 0876 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:19:11.0781 0876 NDIS - ok
21:19:11.0828 0876 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:19:11.0859 0876 NdisTapi - ok
21:19:11.0906 0876 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:19:12.0062 0876 Ndisuio - ok
21:19:12.0062 0876 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:19:12.0265 0876 NdisWan - ok
21:19:12.0281 0876 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:19:12.0312 0876 NDProxy - ok
21:19:12.0359 0876 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:19:12.0515 0876 NetBIOS - ok
21:19:12.0515 0876 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:19:12.0703 0876 NetBT - ok
21:19:12.0734 0876 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:19:12.0921 0876 NetDDE - ok
21:19:12.0937 0876 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:19:13.0093 0876 NetDDEdsdm - ok
21:19:13.0140 0876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:19:13.0328 0876 Netlogon - ok
21:19:13.0375 0876 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:19:13.0531 0876 Netman - ok
21:19:13.0562 0876 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:19:13.0593 0876 NetTcpPortSharing - ok
21:19:13.0625 0876 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:19:13.0687 0876 Nla - ok
21:19:13.0734 0876 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:19:13.0906 0876 Npfs - ok
21:19:13.0921 0876 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:19:14.0125 0876 Ntfs - ok
21:19:14.0156 0876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:19:14.0312 0876 NtLmSsp - ok
21:19:14.0359 0876 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:19:14.0546 0876 NtmsSvc - ok
21:19:14.0593 0876 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:19:14.0765 0876 Null - ok
21:19:15.0109 0876 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:19:15.0531 0876 nv - ok
21:19:15.0562 0876 [ 0344AA9113DC16EEC379F4652020849D ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
21:19:15.0593 0876 nvata - ok
21:19:15.0625 0876 [ A545DF28F75BCB109A3AADBB07552B12 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:19:15.0671 0876 NVENETFD - ok
21:19:15.0703 0876 [ EA41F641420F3D8271804D287C1EF461 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:19:15.0750 0876 nvnetbus - ok
21:19:15.0796 0876 [ CC4F8220EAD1F6A38D51679708F435B9 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
21:19:15.0828 0876 nvsvc - ok
21:19:15.0875 0876 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:19:16.0031 0876 NwlnkFlt - ok
21:19:16.0062 0876 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:19:16.0265 0876 NwlnkFwd - ok
21:19:16.0375 0876 [ 1A008CBB313F7A6644B883AE1829393B ] OAcat C:\Program Files\Online Armor\OAcat.exe
21:19:16.0406 0876 OAcat - ok
21:19:16.0421 0876 [ C0BA927C3A1A62F2BF664F242D91C082 ] OADevice C:\WINDOWS\system32\drivers\OADriver.sys
21:19:16.0468 0876 OADevice - ok
21:19:16.0484 0876 [ C968369E2BC5F6A8426C1E7D78E33F1B ] oahlpXX C:\WINDOWS\system32\drivers\oahlp32.sys
21:19:16.0515 0876 oahlpXX - ok
21:19:16.0531 0876 [ 04E7E92CD91E61E0CC1BDF849032AD81 ] OAmon C:\WINDOWS\system32\drivers\OAmon.sys
21:19:16.0562 0876 OAmon - ok
21:19:16.0578 0876 [ F3250D94BEE44A0D00939F10830B3563 ] OAnet C:\WINDOWS\system32\drivers\OAnet.sys
21:19:16.0625 0876 OAnet - ok
21:19:16.0656 0876 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:19:16.0812 0876 Parport - ok
21:19:16.0828 0876 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:19:17.0015 0876 PartMgr - ok
21:19:17.0046 0876 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:19:17.0218 0876 ParVdm - ok
21:19:17.0218 0876 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:19:17.0390 0876 PCI - ok
21:19:17.0390 0876 PCIDump - ok
21:19:17.0421 0876 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:19:17.0593 0876 PCIIde - ok
21:19:17.0625 0876 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:19:17.0781 0876 Pcmcia - ok
21:19:17.0796 0876 PDCOMP - ok
21:19:17.0796 0876 PDFRAME - ok
21:19:17.0796 0876 PDRELI - ok
21:19:17.0812 0876 PDRFRAME - ok
21:19:17.0812 0876 perc2 - ok
21:19:17.0812 0876 perc2hib - ok
21:19:17.0843 0876 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:19:17.0890 0876 PlugPlay - ok
21:19:17.0890 0876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:19:18.0109 0876 PolicyAgent - ok
21:19:18.0140 0876 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:19:18.0312 0876 PptpMiniport - ok
21:19:18.0328 0876 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:19:18.0484 0876 Processor - ok
21:19:18.0500 0876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:19:18.0687 0876 ProtectedStorage - ok
21:19:18.0718 0876 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:19:18.0875 0876 Ptilink - ok
21:19:18.0921 0876 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:19:18.0953 0876 PxHelp20 - ok
21:19:18.0968 0876 ql1080 - ok
21:19:18.0968 0876 Ql10wnt - ok
21:19:18.0968 0876 ql12160 - ok
21:19:18.0984 0876 ql1240 - ok
21:19:18.0984 0876 ql1280 - ok
21:19:19.0015 0876 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:19:19.0171 0876 RasAcd - ok
21:19:19.0187 0876 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:19:19.0375 0876 RasAuto - ok
21:19:19.0390 0876 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:19:19.0578 0876 Rasl2tp - ok
21:19:19.0609 0876 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:19:19.0781 0876 RasMan - ok
21:19:19.0781 0876 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:19:19.0968 0876 RasPppoe - ok
21:19:19.0984 0876 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:19:20.0171 0876 Raspti - ok
21:19:20.0187 0876 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:19:20.0343 0876 Rdbss - ok
21:19:20.0375 0876 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:19:20.0531 0876 RDPCDD - ok
21:19:20.0562 0876 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:19:20.0609 0876 RDPWD - ok
21:19:20.0640 0876 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:19:20.0796 0876 RDSessMgr - ok
21:19:20.0828 0876 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:19:21.0031 0876 redbook - ok
21:19:21.0062 0876 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:19:21.0218 0876 RemoteAccess - ok
21:19:21.0265 0876 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
21:19:21.0296 0876 Revoflt - ok
21:19:21.0312 0876 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:19:21.0500 0876 RpcLocator - ok
21:19:21.0531 0876 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:19:21.0578 0876 RpcSs - ok
21:19:21.0625 0876 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:19:21.0796 0876 RSVP - ok
21:19:21.0812 0876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:19:21.0953 0876 SamSs - ok
21:19:22.0000 0876 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:19:22.0171 0876 SCardSvr - ok
21:19:22.0203 0876 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:19:22.0359 0876 Schedule - ok
21:19:22.0406 0876 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:19:22.0484 0876 Secdrv - ok
21:19:22.0515 0876 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:19:22.0734 0876 seclogon - ok
21:19:22.0781 0876 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:19:22.0937 0876 SENS - ok
21:19:22.0953 0876 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:19:23.0156 0876 serenum - ok
21:19:23.0171 0876 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:19:23.0312 0876 Serial - ok
21:19:23.0343 0876 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:19:23.0546 0876 Sfloppy - ok
21:19:23.0609 0876 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:19:23.0765 0876 SharedAccess - ok
21:19:23.0781 0876 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:19:23.0828 0876 ShellHWDetection - ok
21:19:23.0828 0876 Simbad - ok
21:19:23.0843 0876 Sparrow - ok
21:19:23.0875 0876 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:19:24.0062 0876 splitter - ok
21:19:24.0093 0876 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:19:24.0140 0876 Spooler - ok
21:19:24.0171 0876 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:19:24.0250 0876 sr - ok
21:19:24.0281 0876 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:19:24.0375 0876 srservice - ok
21:19:24.0406 0876 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:19:24.0437 0876 Srv - ok
21:19:24.0484 0876 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:19:24.0562 0876 SSDPSRV - ok
21:19:24.0609 0876 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:19:24.0765 0876 stisvc - ok
21:19:24.0859 0876 [ A54B4FBC24C4EDE34BEB5F8D8974752A ] SvcOnlineArmor C:\Program Files\Online Armor\oasrv.exe
21:19:25.0015 0876 SvcOnlineArmor - ok
21:19:25.0046 0876 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:19:25.0203 0876 swenum - ok
21:19:25.0218 0876 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:19:25.0390 0876 swmidi - ok
21:19:25.0390 0876 SwPrv - ok
21:19:25.0406 0876 symc810 - ok
21:19:25.0406 0876 symc8xx - ok
21:19:25.0406 0876 sym_hi - ok
21:19:25.0421 0876 sym_u3 - ok
21:19:25.0437 0876 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:19:25.0593 0876 sysaudio - ok
21:19:25.0625 0876 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:19:25.0781 0876 SysmonLog - ok
21:19:25.0812 0876 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:19:25.0984 0876 TapiSrv - ok
21:19:26.0031 0876 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:19:26.0078 0876 Tcpip - ok
21:19:26.0109 0876 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:19:26.0281 0876 TDPIPE - ok
21:19:26.0312 0876 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:19:26.0468 0876 TDTCP - ok
21:19:26.0500 0876 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:19:26.0671 0876 TermDD - ok
21:19:26.0718 0876 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:19:26.0875 0876 TermService - ok
21:19:26.0890 0876 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:19:26.0921 0876 Themes - ok
21:19:26.0937 0876 TosIde - ok
21:19:26.0968 0876 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:19:27.0125 0876 TrkWks - ok
21:19:27.0156 0876 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:19:27.0328 0876 Udfs - ok
21:19:27.0328 0876 ultra - ok
21:19:27.0375 0876 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:19:27.0593 0876 Update - ok
21:19:27.0625 0876 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:19:27.0734 0876 upnphost - ok
21:19:27.0765 0876 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:19:27.0968 0876 UPS - ok
21:19:28.0000 0876 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:19:28.0015 0876 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
21:19:28.0015 0876 USBAAPL - detected UnsignedFile.Multi.Generic (1)
21:19:28.0062 0876 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:19:28.0203 0876 usbccgp - ok
21:19:28.0234 0876 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:19:28.0421 0876 usbehci - ok
21:19:28.0453 0876 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:19:28.0625 0876 usbhub - ok
21:19:28.0656 0876 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:19:28.0812 0876 usbohci - ok
21:19:28.0843 0876 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:19:29.0015 0876 usbscan - ok
21:19:29.0031 0876 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:19:29.0218 0876 USBSTOR - ok
21:19:29.0234 0876 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:19:29.0390 0876 VgaSave - ok
21:19:29.0406 0876 ViaIde - ok
21:19:29.0437 0876 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:19:29.0609 0876 VolSnap - ok
21:19:29.0640 0876 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:19:29.0750 0876 VSS - ok
21:19:29.0796 0876 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:19:29.0953 0876 W32Time - ok
21:19:29.0968 0876 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:19:30.0125 0876 Wanarp - ok
21:19:30.0140 0876 WDICA - ok
21:19:30.0156 0876 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:19:30.0312 0876 wdmaud - ok
21:19:30.0359 0876 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:19:30.0515 0876 WebClient - ok
21:19:30.0593 0876 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:19:30.0750 0876 winmgmt - ok
21:19:30.0781 0876 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:19:30.0843 0876 WmdmPmSN - ok
21:19:30.0875 0876 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:19:31.0031 0876 WmiApSrv - ok
21:19:31.0109 0876 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:19:31.0156 0876 WMPNetworkSvc - ok
21:19:31.0187 0876 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:19:31.0218 0876 WpdUsb - ok
21:19:31.0281 0876 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:19:31.0343 0876 WPFFontCache_v0400 - ok
21:19:31.0375 0876 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:19:31.0531 0876 WS2IFSL - ok
21:19:31.0562 0876 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:19:31.0765 0876 wscsvc - ok
21:19:31.0796 0876 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:19:31.0968 0876 wuauserv - ok
21:19:32.0015 0876 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:19:32.0046 0876 WudfPf - ok
21:19:32.0078 0876 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:19:32.0109 0876 WudfRd - ok
21:19:32.0125 0876 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:19:32.0187 0876 WudfSvc - ok
21:19:32.0234 0876 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:19:32.0406 0876 WZCSVC - ok
21:19:32.0437 0876 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:19:32.0609 0876 xmlprov - ok
21:19:32.0640 0876 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:19:32.0687 0876 YahooAUService - ok
21:19:32.0687 0876 ================ Scan global ===============================
21:19:32.0734 0876 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:19:32.0796 0876 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:19:32.0828 0876 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:19:32.0843 0876 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:19:32.0859 0876 [Global] - ok
21:19:32.0859 0876 ================ Scan MBR ==================================
21:19:32.0875 0876 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:19:33.0031 0876 \Device\Harddisk0\DR0 - ok
21:19:33.0031 0876 ================ Scan VBR ==================================
21:19:33.0031 0876 [ 93A83DEB4B5699128379382F2A2FC396 ] \Device\Harddisk0\DR0\Partition1
21:19:33.0031 0876 \Device\Harddisk0\DR0\Partition1 - ok
21:19:33.0046 0876 ============================================================
21:19:33.0046 0876 Scan finished
21:19:33.0046 0876 ============================================================
21:19:33.0156 0972 Detected object count: 2
21:19:33.0156 0972 Actual detected object count: 2


ComboFix 13-04-22.01 - Owner 22/04/2013 15:31:06.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.2046.1496 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-22 to 2013-04-22 )))))))))))))))))))))))))))))))
.
.
2013-04-22 22:24 . 2013-04-22 22:24 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-22 21:26 . 2013-04-22 21:27 -------- d-----w- c:\program files\ERUNT
2013-04-22 04:23 . 2013-04-22 04:23 -------- d-----w- c:\program files\GUM27.tmp
2013-04-22 03:37 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-22 03:37 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-22 03:37 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-20 21:58 . 2013-04-20 21:58 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-20 21:29 . 2013-04-20 21:29 -------- d-----w- c:\documents and settings\Owner\Application Data\TeamViewer
2013-04-17 02:34 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-15 01:44 . 2013-04-15 01:44 -------- d-----w- C:\_OTL
2013-04-01 22:45 . 2013-04-01 22:45 -------- d-----w- c:\documents and settings\Owner\Application Data\TFP
2013-04-01 22:45 . 2012-05-11 22:47 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2013-04-01 22:45 . 2012-05-11 22:47 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2013-04-01 22:45 . 2012-05-11 22:47 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2013-04-01 22:45 . 2012-05-11 22:47 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2013-04-01 22:45 . 2012-05-11 22:47 1081616 ----a-w- c:\windows\system32\mscomctl.ocx
2013-04-01 22:45 . 2012-05-11 22:47 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2013-04-01 22:45 . 2013-04-01 22:45 -------- d-----w- c:\documents and settings\Owner\AppData
2013-03-23 23:35 . 2013-03-23 23:35 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-22 21:21 . 2012-08-02 16:58 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-22 21:21 . 2011-12-27 19:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2005-10-12 23:25 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2006-02-19 08:47 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 21:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 22:33 . 2011-06-30 16:55 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2010-11-28 21:41 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2010-11-28 21:41 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 22:33 . 2010-11-28 21:41 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2010-11-28 21:41 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2010-11-28 21:41 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2010-11-28 21:41 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-06 10:38 . 2012-11-19 02:59 770384 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-06 10:38 . 2011-06-11 09:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-03-02 02:06 . 2006-03-02 16:28 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2005-11-09 07:13 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2010-11-24 19:10 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2010-11-24 21:21 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2005-10-15 22:13 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 12:03 . 2010-11-24 21:06 19189760 ----a-w- c:\windows\system32\nvoglnt.dll
2013-02-08 12:03 . 2010-11-24 21:06 1010464 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-08 12:03 . 2010-11-24 21:06 4494336 ----a-w- c:\windows\system32\nv4_disp.dll
2013-02-08 12:02 . 2010-11-24 21:06 7536640 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-08 12:02 . 2010-11-24 21:06 2581792 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-08 12:02 . 2013-02-08 12:02 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-08 12:02 . 2010-11-24 21:06 2389504 ----a-w- c:\windows\system32\nvapi.dll
2013-02-08 12:02 . 2010-11-24 21:06 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-08 12:02 . 2010-11-24 21:06 12648960 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-02-08 12:02 . 2013-02-08 12:02 5967872 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-08 12:02 . 2010-11-24 21:06 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-01-26 03:55 . 2004-08-04 11:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2013-04-01 1500440]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-03-06 4767304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 13:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 19:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 19:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-08-26 08:12 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 13:42 577536 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [21/04/2013 8:37 PM 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30/06/2011 9:55 AM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/11/2010 2:41 PM 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/11/2010 2:41 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [21/04/2013 8:37 PM 66336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [16/04/2013 7:34 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/04/2013 7:34 PM 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/04/2013 7:34 PM 22856]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [21/04/2013 8:37 PM 164736]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [27/12/2010 10:13 AM 18560]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [20/04/2013 2:58 PM 40776]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [27/01/2013 9:30 PM 27064]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 20662920
*Deregistered* - 20662920
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-22 04:20 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 21:21]
.
2013-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-04-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-11-11 22:32]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-22 03:44]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-22 03:44]
.
2013-04-22 c:\windows\Tasks\User_Feed_Synchronization-{6EE35779-6B64-4A9A-955D-9B8C948635F2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-22 15:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-04-22 15:35:50
ComboFix-quarantined-files.txt 2013-04-22 22:35
.
Pre-Run: 288,202,534,912 bytes free
Post-Run: 288,259,346,432 bytes free
.
- - End Of File - - D523D02293636E8F44FB65E1008DF929

OTL logfile created on: 22/04/2013 3:39:00 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.64% Memory free
3.85 Gb Paging File | 3.35 Gb Available in Paging File | 86.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 268.49 Gb Free Space | 90.07% Space Free | Partition Type: NTFS

Computer Name: DISCOVERY_OEM | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/10 13:02:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/06 15:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/03/06 15:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/22 01:39:25 | 002,083,840 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13042201\algo.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/22 14:21:57 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/06 15:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/04/20 14:58:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/06 15:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/06 15:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/06 15:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/06 15:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/06 15:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/03/06 15:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/06 15:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/06 15:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/30 12:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/04/01 14:33:16 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/12/17 18:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/11/23 18:11:40 | 004,025,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/09/30 13:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/30 13:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2004/08/14 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://downloads.php....php?rvs=hompag
IE - HKLM\..\SearchScopes,DefaultScope = {9342F595-9210-474E-880B-F8646CF0F39B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9342F595-9210-474E-880B-F8646CF0F39B}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9FFEF30A-D2AE-4A93-9577-1203BF3B86E1}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKLM\..\SearchScopes\{BB9BA413-7F43-4233-AC85-6D2632555A72}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKLM\..\SearchScopes\{FB5DFC86-1DF5-4D58-B0D3-EB973EB80897}: "URL" = http://downloads.php....php?rvs=hompag

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 23 AC EC 2C 2F CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {2E9C6C0B-B9F1-4F2E-8D54-93EE5B642145}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1CB2E03F-BA9F-42D8-A834-F833E39622AC}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{2E9C6C0B-B9F1-4F2E-8D54-93EE5B642145}: "URL" = http://ca.search.yah...f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9342F595-9210-474E-880B-F8646CF0F39B}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9FFEF30A-D2AE-4A93-9577-1203BF3B86E1}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKCU\..\SearchScopes\{BB9BA413-7F43-4233-AC85-6D2632555A72}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKCU\..\SearchScopes\{FB5DFC86-1DF5-4D58-B0D3-EB973EB80897}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2012/11/17 17:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2012/11/17 17:05:54 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/03/18 18:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions
[2013/03/20 16:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\extensions
[2013/01/30 11:27:42 | 000,205,094 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/12/13 13:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/01/26 18:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/21 12:20:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.photolab....veX_Control.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{275653CB-8F3C-4F52-8A8C-C937D8E1DEFE}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/01 01:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/22 15:35:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/04/22 15:29:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/04/22 15:29:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/04/22 15:29:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/04/22 15:29:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/04/22 15:28:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/22 15:28:13 | 005,058,971 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/04/22 15:24:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/04/22 15:15:29 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2013/04/22 14:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/04/22 14:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/04/21 21:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/04/21 20:37:46 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/04/21 20:18:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/04/20 14:58:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/20 14:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2013/04/16 19:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/16 19:34:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/16 19:29:08 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/14 18:44:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/10 13:02:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/04/01 16:54:18 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\malware.exe
[2013/04/01 15:45:29 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx
[2013/04/01 15:45:29 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2013/04/01 15:45:29 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2013/04/01 15:45:29 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2013/04/01 15:45:29 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2013/04/01 15:45:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2013/04/01 15:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TFP
[2013/04/01 15:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\AppData
[2013/03/23 16:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/22 15:28:13 | 005,058,971 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/04/22 15:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/22 15:15:41 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2013/04/22 14:54:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/22 14:27:08 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/22 14:26:55 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2013/04/22 14:23:24 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6EE35779-6B64-4A9A-955D-9B8C948635F2}.job
[2013/04/22 14:21:57 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/04/22 14:21:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/04/22 12:54:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/22 12:23:20 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/22 12:23:18 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/04/22 12:21:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/21 20:37:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/04/21 14:23:46 | 000,613,083 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/04/21 14:18:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/20 16:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/20 14:58:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/16 19:36:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/16 19:33:31 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/12 21:30:09 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 21:30:09 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/04/12 21:30:00 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/10 13:02:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/04/09 22:38:56 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2013/04/09 21:56:11 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/01 17:29:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/01 16:54:18 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\malware.exe
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/22 15:29:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/04/22 15:29:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/04/22 15:29:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/04/22 15:29:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/04/22 15:29:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/04/22 14:27:08 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/22 14:26:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2013/04/21 20:44:10 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/21 20:44:09 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/21 20:37:46 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/04/21 20:37:46 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/04/21 14:23:43 | 000,613,083 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/04/16 19:34:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/09 22:38:56 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/01/22 13:21:46 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/11/07 12:22:10 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Owner\Webmail.URL

========== ZeroAccess Check ==========

[2013/01/26 18:42:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

OTL logfile created on: 22/04/2013 3:42:37 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 63.93% Memory free
3.85 Gb Paging File | 3.31 Gb Available in Paging File | 85.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 268.49 Gb Free Space | 90.07% Space Free | Partition Type: NTFS

Computer Name: DISCOVERY_OEM | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/10 13:02:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/06 15:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/03/06 15:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/22 01:39:25 | 002,083,840 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13042201\algo.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/22 14:21:57 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/06 15:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/04/20 14:58:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/06 15:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/06 15:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/06 15:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/06 15:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/06 15:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/03/06 15:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/06 15:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/06 15:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/30 12:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/04/01 14:33:16 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/12/17 18:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/11/23 18:11:40 | 004,025,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/09/30 13:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/30 13:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2004/08/14 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://downloads.php....php?rvs=hompag
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9342F595-9210-474E-880B-F8646CF0F39B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9342F595-9210-474E-880B-F8646CF0F39B}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9FFEF30A-D2AE-4A93-9577-1203BF3B86E1}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKLM\..\SearchScopes\{BB9BA413-7F43-4233-AC85-6D2632555A72}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKLM\..\SearchScopes\{FB5DFC86-1DF5-4D58-B0D3-EB973EB80897}: "URL" = http://downloads.php....php?rvs=hompag

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 23 AC EC 2C 2F CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {2E9C6C0B-B9F1-4F2E-8D54-93EE5B642145}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1CB2E03F-BA9F-42D8-A834-F833E39622AC}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{2E9C6C0B-B9F1-4F2E-8D54-93EE5B642145}: "URL" = http://ca.search.yah...f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9342F595-9210-474E-880B-F8646CF0F39B}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9FFEF30A-D2AE-4A93-9577-1203BF3B86E1}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKCU\..\SearchScopes\{BB9BA413-7F43-4233-AC85-6D2632555A72}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKCU\..\SearchScopes\{FB5DFC86-1DF5-4D58-B0D3-EB973EB80897}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2013/01/30 21:02:23 | 000,000,000 | ---D | M]

[2012/11/17 17:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2012/11/17 17:05:54 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/03/18 18:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions
[2013/03/20 16:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\extensions
[2013/01/30 11:27:42 | 000,205,094 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/12/13 13:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/01/26 18:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/21 12:20:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.photolab....veX_Control.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{275653CB-8F3C-4F52-8A8C-C937D8E1DEFE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/01 01:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/22 15:35:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/04/22 15:29:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/04/22 15:29:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/04/22 15:29:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/04/22 15:29:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/04/22 15:28:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/22 15:28:13 | 005,058,971 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/04/22 15:24:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/04/22 15:15:29 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2013/04/22 14:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/04/22 14:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/04/21 21:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/04/21 20:37:46 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/04/21 20:18:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/04/20 14:58:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/20 14:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2013/04/16 19:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/16 19:34:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/16 19:29:08 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/14 18:44:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/10 13:02:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/04/01 16:54:18 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\malware.exe
[2013/04/01 15:45:29 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx
[2013/04/01 15:45:29 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2013/04/01 15:45:29 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2013/04/01 15:45:29 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2013/04/01 15:45:29 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2013/04/01 15:45:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2013/04/01 15:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TFP
[2013/04/01 15:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\AppData
[2013/03/23 16:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/22 15:28:13 | 005,058,971 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/04/22 15:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/22 15:15:41 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2013/04/22 14:54:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/22 14:27:08 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/22 14:26:55 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2013/04/22 14:23:24 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6EE35779-6B64-4A9A-955D-9B8C948635F2}.job
[2013/04/22 14:21:57 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/04/22 14:21:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/04/22 12:54:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/22 12:23:20 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/22 12:23:18 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/04/22 12:21:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/21 20:37:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/04/21 14:23:46 | 000,613,083 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/04/21 14:18:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/20 16:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/20 14:58:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/16 19:36:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/16 19:33:31 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/12 21:30:09 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 21:30:09 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/04/12 21:30:00 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/10 13:02:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/04/09 22:38:56 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2013/04/09 21:56:11 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/01 17:29:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/01 16:54:18 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\malware.exe
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/22 15:29:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/04/22 15:29:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/04/22 15:29:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/04/22 15:29:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/04/22 15:29:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/04/22 14:27:08 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/22 14:26:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2013/04/21 20:44:10 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/21 20:44:09 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/21 20:37:46 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/04/21 20:37:46 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/04/21 14:23:43 | 000,613,083 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/04/16 19:34:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/09 22:38:56 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/01/22 13:21:46 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/11/07 12:22:10 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Owner\Webmail.URL

========== ZeroAccess Check ==========

[2013/01/26 18:42:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< 15:19:04.0812 3224 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 >

< 15:19:05.0453 3224 ============================================================ >

< 15:19:05.0453 3224 Current date / time: 2013/04/22 15:19:05.0453 >
Invalid Switch: 22 15:19:05.0453

< 15:19:05.0453 3224 SystemInfo: >

< 15:19:05.0453 3224 >

< 15:19:05.0453 3224 OS Version: 5.1.2600 ServicePack: 3.0 >

< 15:19:05.0453 3224 Product type: Workstation >

< 15:19:05.0453 3224 ComputerName: DISCOVERY_OEM >

< 15:19:05.0453 3224 UserName: Owner >

< 15:19:05.0453 3224 Windows directory: C:\WINDOWS >

< 15:19:05.0453 3224 System windows directory: C:\WINDOWS >

< 15:19:05.0453 3224 Processor architecture: Intel x86 >

< 15:19:05.0453 3224 Number of processors: 2 >

< 15:19:05.0453 3224 Page size: 0x1000 >

< 15:19:05.0453 3224 Boot type: Normal boot >

< 15:19:05.0453 3224 ============================================================ >

< 15:19:05.0765 3224 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 >

< 15:19:05.0765 3224 ============================================================ >

< 15:19:05.0765 3224 \Device\Harddisk0\DR0: >

< 15:19:05.0765 3224 MBR partitions: >

< 15:19:05.0765 3224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1 >

< 15:19:05.0765 3224 ============================================================ >

< 15:19:05.0796 3224 C: <-> \Device\Harddisk0\DR0\Partition1 >

< 15:19:05.0796 3224 ============================================================ >

< 15:19:05.0796 3224 Initialize success >

< 15:19:05.0796 3224 ============================================================ >

< 15:19:09.0531 3560 ============================================================ >

< 15:19:09.0531 3560 Scan started >

< 15:19:09.0531 3560 Mode: Manual; >

< 15:19:09.0531 3560 ============================================================ >

< 15:19:09.0859 3560 ================ Scan system memory ======================== >

< 15:19:09.0859 3560 System memory - ok >

< 15:19:09.0859 3560 ================ Scan services ============================= >

< 15:19:09.0921 3560 Abiosdsk - ok >

< 15:19:09.0921 3560 abp480n5 - ok >

< 15:19:09.0984 3560 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys >

< 15:19:09.0984 3560 ACPI - ok >

< 15:19:10.0015 3560 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys >

< 15:19:10.0015 3560 ACPIEC - ok >

< 15:19:10.0078 3560 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe >

< 15:19:10.0078 3560 AdobeFlashPlayerUpdateSvc - ok >

< 15:19:10.0078 3560 adpu160m - ok >

< 15:19:10.0125 3560 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys >

< 15:19:10.0125 3560 aec - ok >

< 15:19:10.0171 3560 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys >

< 15:19:10.0171 3560 AFD - ok >

< 15:19:10.0171 3560 Aha154x - ok >

< 15:19:10.0187 3560 aic78u2 - ok >

< 15:19:10.0187 3560 aic78xx - ok >

< 15:19:10.0296 3560 [ E1B23E1463ADCCA8637532D6B170CC32 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS >

< 15:19:10.0421 3560 ALCXWDM - ok >

< 15:19:10.0468 3560 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll >

< 15:19:10.0468 3560 Alerter - ok >

< 15:19:10.0468 3560 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe >

< 15:19:10.0484 3560 ALG - ok >

< 15:19:10.0484 3560 AliIde - ok >

< 15:19:10.0484 3560 amsint - ok >

< 15:19:10.0609 3560 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe >

< 15:19:10.0609 3560 Apple Mobile Device - ok >

< 15:19:10.0609 3560 AppMgmt - ok >

< 15:19:10.0609 3560 asc - ok >

< 15:19:10.0625 3560 asc3350p - ok >

< 15:19:10.0625 3560 asc3550 - ok >

< 15:19:10.0640 3560 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys >

< 15:19:10.0640 3560 AsIO - ok >

< 15:19:10.0750 3560 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe >

< 15:19:10.0750 3560 aspnet_state - ok >

< 15:19:10.0765 3560 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys >

< 15:19:10.0781 3560 aswFsBlk - ok >

< 15:19:10.0796 3560 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys >

< 15:19:10.0796 3560 aswMonFlt - ok >

< 15:19:10.0812 3560 [ C1A411B7CCD604554D96EFDAC2F83617 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys >

< 15:19:10.0812 3560 aswRdr - ok >

< 15:19:10.0828 3560 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys >

< 15:19:10.0828 3560 aswRvrt - ok >

< 15:19:10.0859 3560 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys >

< 15:19:10.0859 3560 aswSnx - ok >

< 15:19:10.0875 3560 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys >

< 15:19:10.0890 3560 aswSP - ok >

< 15:19:10.0906 3560 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys >

< 15:19:10.0906 3560 aswTdi - ok >

< 15:19:10.0921 3560 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys >

< 15:19:10.0921 3560 aswVmm - ok >

< 15:19:10.0953 3560 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys >

< 15:19:10.0953 3560 AsyncMac - ok >

< 15:19:10.0984 3560 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys >

< 15:19:10.0984 3560 atapi - ok >

< 15:19:11.0000 3560 Atdisk - ok >

< 15:19:11.0015 3560 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys >

< 15:19:11.0015 3560 Atmarpc - ok >

< 15:19:11.0046 3560 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll >

< 15:19:11.0046 3560 AudioSrv - ok >

< 15:19:11.0093 3560 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys >

< 15:19:11.0093 3560 audstub - ok >

< 15:19:11.0156 3560 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe >

< 15:19:11.0156 3560 avast! Antivirus - ok >

< 15:19:11.0187 3560 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys >

< 15:19:11.0187 3560 Beep - ok >

< 15:19:11.0234 3560 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll >

< 15:19:11.0250 3560 BITS - ok >

< 15:19:11.0343 3560 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe >

< 15:19:11.0343 3560 Bonjour Service - ok >

< 15:19:11.0390 3560 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll >

< 15:19:11.0390 3560 Browser - ok >

< 15:19:11.0421 3560 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys >

< 15:19:11.0421 3560 cbidf2k - ok >

< 15:19:11.0421 3560 cd20xrnt - ok >

< 15:19:11.0437 3560 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys >

< 15:19:11.0437 3560 Cdaudio - ok >

< 15:19:11.0468 3560 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys >

< 15:19:11.0468 3560 Cdfs - ok >

< 15:19:11.0484 3560 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys >

< 15:19:11.0484 3560 Cdrom - ok >

< 15:19:11.0500 3560 Changer - ok >

< 15:19:11.0515 3560 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe >

< 15:19:11.0515 3560 CiSvc - ok >

< 15:19:11.0546 3560 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe >

< 15:19:11.0546 3560 ClipSrv - ok >

< 15:19:11.0593 3560 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe >

< 15:19:11.0625 3560 clr_optimization_v2.0.50727_32 - ok >

< 15:19:11.0656 3560 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe >

< 15:19:11.0703 3560 clr_optimization_v4.0.30319_32 - ok >

< 15:19:11.0703 3560 CmdIde - ok >

< 15:19:11.0703 3560 COMSysApp - ok >

< 15:19:11.0718 3560 Cpqarray - ok >

< 15:19:11.0750 3560 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll >

< 15:19:11.0750 3560 CryptSvc - ok >

< 15:19:11.0750 3560 dac2w2k - ok >

< 15:19:11.0765 3560 dac960nt - ok >

< 15:19:11.0812 3560 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll >

< 15:19:11.0828 3560 DcomLaunch - ok >

< 15:19:11.0875 3560 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll >

< 15:19:11.0875 3560 Dhcp - ok >

< 15:19:11.0890 3560 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys >

< 15:19:11.0890 3560 Disk - ok >

< 15:19:11.0890 3560 dmadmin - ok >

< 15:19:11.0953 3560 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys >

< 15:19:11.0984 3560 dmboot - ok >

< 15:19:12.0000 3560 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys >

< 15:19:12.0015 3560 dmio - ok >

< 15:19:12.0046 3560 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys >

< 15:19:12.0046 3560 dmload - ok >

< 15:19:12.0062 3560 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll >

< 15:19:12.0062 3560 dmserver - ok >

< 15:19:12.0093 3560 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys >

< 15:19:12.0093 3560 DMusic - ok >

< 15:19:12.0109 3560 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll >

< 15:19:12.0109 3560 Dnscache - ok >

< 15:19:12.0156 3560 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll >

< 15:19:12.0156 3560 Dot3svc - ok >

< 15:19:12.0156 3560 dpti2o - ok >

< 15:19:12.0187 3560 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys >

< 15:19:12.0187 3560 drmkaud - ok >

< 15:19:12.0218 3560 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll >

< 15:19:12.0218 3560 EapHost - ok >

< 15:19:12.0250 3560 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll >

< 15:19:12.0250 3560 ERSvc - ok >

< 15:19:12.0296 3560 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe >

< 15:19:12.0312 3560 Eventlog - ok >

< 15:19:12.0328 3560 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll >

< 15:19:12.0328 3560 EventSystem - ok >

< 15:19:12.0359 3560 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys >

< 15:19:12.0359 3560 Fastfat - ok >

< 15:19:12.0390 3560 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll >

< 15:19:12.0406 3560 FastUserSwitchingCompatibility - ok >

< 15:19:12.0406 3560 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys >

< 15:19:12.0421 3560 Fdc - ok >

< 15:19:12.0453 3560 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys >

< 15:19:12.0453 3560 Fips - ok >

< 15:19:12.0468 3560 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys >

< 15:19:12.0468 3560 Flpydisk - ok >

< 15:19:12.0500 3560 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys >

< 15:19:12.0515 3560 FltMgr - ok >

< 15:19:12.0531 3560 [ 8EFA9BFC940D9EB9348D9DAFB839FE25 ] FlyUsb C:\WINDOWS\system32\DRIVERS\FlyUsb.sys >

< 15:19:12.0546 3560 FlyUsb - ok >

< 15:19:12.0593 3560 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe >

< 15:19:12.0593 3560 FontCache3.0.0.0 - ok >

< 15:19:12.0609 3560 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys >

< 15:19:12.0609 3560 Fs_Rec - ok >

< 15:19:12.0640 3560 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys >

< 15:19:12.0640 3560 Ftdisk - ok >

< 15:19:12.0671 3560 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys >

< 15:19:12.0687 3560 GEARAspiWDM - ok >

< 15:19:12.0687 3560 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys >

< 15:19:12.0687 3560 Gpc - ok >

< 15:19:12.0750 3560 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe >

< 15:19:12.0750 3560 gupdate - ok >

< 15:19:12.0750 3560 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe >

< 15:19:12.0750 3560 gupdatem - ok >

< 15:19:12.0781 3560 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe >

< 15:19:12.0781 3560 gusvc - ok >

< 15:19:12.0796 3560 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys >

< 15:19:12.0796 3560 HDAudBus - ok >

< 15:19:12.0859 3560 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll >

< 15:19:12.0859 3560 helpsvc - ok >

< 15:19:12.0875 3560 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll >

< 15:19:12.0875 3560 HidServ - ok >

< 15:19:12.0906 3560 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys >

< 15:19:12.0906 3560 HidUsb - ok >

< 15:19:12.0937 3560 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll >

< 15:19:12.0937 3560 hkmsvc - ok >

< 15:19:12.0953 3560 hpn - ok >

< 15:19:12.0984 3560 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys >

< 15:19:12.0984 3560 HTTP - ok >

< 15:19:13.0015 3560 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll >

< 15:19:13.0031 3560 HTTPFilter - ok >

< 15:19:13.0031 3560 i2omgmt - ok >

< 15:19:13.0031 3560 i2omp - ok >

< 15:19:13.0078 3560 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys >

< 15:19:13.0078 3560 i8042prt - ok >

< 15:19:13.0140 3560 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe >

< 15:19:13.0156 3560 idsvc - ok >

< 15:19:13.0187 3560 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys >

< 15:19:13.0187 3560 Imapi - ok >

< 15:19:13.0234 3560 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe >

< 15:19:13.0234 3560 ImapiService - ok >

< 15:19:13.0234 3560 ini910u - ok >

< 15:19:13.0250 3560 IntelIde - ok >

< 15:19:13.0265 3560 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys >

< 15:19:13.0281 3560 Ip6Fw - ok >

< 15:19:13.0312 3560 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys >

< 15:19:13.0312 3560 IpFilterDriver - ok >

< 15:19:13.0312 3560 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys >

< 15:19:13.0312 3560 IpInIp - ok >

< 15:19:13.0343 3560 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys >

< 15:19:13.0343 3560 IpNat - ok >

< 15:19:13.0359 3560 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys >

< 15:19:13.0359 3560 IPSec - ok >

< 15:19:13.0390 3560 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys >

< 15:19:13.0390 3560 IRENUM - ok >

< 15:19:13.0421 3560 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys >

< 15:19:13.0421 3560 isapnp - ok >

< 15:19:13.0437 3560 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys >

< 15:19:13.0437 3560 Kbdclass - ok >

< 15:19:13.0437 3560 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys >

< 15:19:13.0437 3560 kbdhid - ok >

< 15:19:13.0484 3560 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys >

< 15:19:13.0500 3560 kmixer - ok >

< 15:19:13.0515 3560 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys >

< 15:19:13.0515 3560 KSecDD - ok >

< 15:19:13.0562 3560 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll >

< 15:19:13.0578 3560 lanmanserver - ok >

< 15:19:13.0625 3560 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll >

< 15:19:13.0625 3560 lanmanworkstation - ok >

< 15:19:13.0640 3560 lbrtfdc - ok >

< 15:19:13.0656 3560 LeapFrog Connect Device Service - ok >

< 15:19:13.0687 3560 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll >

< 15:19:13.0687 3560 LmHosts - ok >

< 15:19:13.0703 3560 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys >

< 15:19:13.0718 3560 MBAMProtector - ok >

< 15:19:13.0796 3560 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe >

< 15:19:13.0812 3560 MBAMScheduler - ok >

< 15:19:13.0828 3560 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe >

< 15:19:13.0843 3560 MBAMService - ok >

< 15:19:13.0875 3560 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys >

< 15:19:13.0875 3560 MBAMSwissArmy - ok >

< 15:19:13.0906 3560 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll >

< 15:19:13.0906 3560 Messenger - ok >

< 15:19:13.0937 3560 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys >

< 15:19:13.0937 3560 mnmdd - ok >

< 15:19:13.0968 3560 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe >

< 15:19:13.0968 3560 mnmsrvc - ok >

< 15:19:14.0000 3560 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys >

< 15:19:14.0000 3560 Modem - ok >

< 15:19:14.0031 3560 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys >

< 15:19:14.0031 3560 Mouclass - ok >

< 15:19:14.0062 3560 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys >

< 15:19:14.0062 3560 mouhid - ok >

< 15:19:14.0078 3560 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys >

< 15:19:14.0078 3560 MountMgr - ok >

< 15:19:14.0078 3560 mraid35x - ok >

< 15:19:14.0125 3560 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys >

< 15:19:14.0125 3560 MRxDAV - ok >

< 15:19:14.0187 3560 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys >

< 15:19:14.0203 3560 MRxSmb - ok >

< 15:19:14.0218 3560 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe >

< 15:19:14.0234 3560 MSDTC - ok >

< 15:19:14.0234 3560 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys >

< 15:19:14.0234 3560 Msfs - ok >

< 15:19:14.0250 3560 MSIServer - ok >

< 15:19:14.0265 3560 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys >

< 15:19:14.0265 3560 MSKSSRV - ok >

< 15:19:14.0265 3560 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys >

< 15:19:14.0265 3560 MSPCLOCK - ok >

< 15:19:14.0281 3560 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys >

< 15:19:14.0281 3560 MSPQM - ok >

< 15:19:14.0312 3560 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys >

< 15:19:14.0312 3560 mssmbios - ok >

< 15:19:14.0343 3560 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys >

< 15:19:14.0343 3560 MTsensor - ok >

< 15:19:14.0359 3560 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys >

< 15:19:14.0375 3560 Mup - ok >

< 15:19:14.0406 3560 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll >

< 15:19:14.0421 3560 napagent - ok >

< 15:19:14.0453 3560 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys >

< 15:19:14.0453 3560 NDIS - ok >

< 15:19:14.0484 3560 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys >

< 15:19:14.0484 3560 NdisTapi - ok >

< 15:19:14.0500 3560 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys >

< 15:19:14.0500 3560 Ndisuio - ok >

< 15:19:14.0515 3560 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys >

< 15:19:14.0515 3560 NdisWan - ok >

< 15:19:14.0546 3560 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys >

< 15:19:14.0546 3560 NDProxy - ok >

< 15:19:14.0546 3560 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys >

< 15:19:14.0546 3560 NetBIOS - ok >

< 15:19:14.0578 3560 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys >

< 15:19:14.0578 3560 NetBT - ok >

< 15:19:14.0609 3560 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe >

< 15:19:14.0625 3560 NetDDE - ok >

< 15:19:14.0625 3560 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe >

< 15:19:14.0625 3560 NetDDEdsdm - ok >

< 15:19:14.0671 3560 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe >

< 15:19:14.0671 3560 Netlogon - ok >

< 15:19:14.0703 3560 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll >

< 15:19:14.0718 3560 Netman - ok >

< 15:19:14.0750 3560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe >

< 15:19:14.0781 3560 NetTcpPortSharing - ok >

< 15:19:14.0812 3560 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll >

< 15:19:14.0812 3560 Nla - ok >

< 15:19:14.0828 3560 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys >

< 15:19:14.0828 3560 Npfs - ok >

< 15:19:14.0859 3560 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys >

< 15:19:14.0875 3560 Ntfs - ok >

< 15:19:14.0890 3560 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe >

< 15:19:14.0890 3560 NtLmSsp - ok >

< 15:19:14.0906 3560 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll >

< 15:19:14.0921 3560 NtmsSvc - ok >

< 15:19:14.0953 3560 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys >

< 15:19:14.0953 3560 Null - ok >

< 15:19:15.0296 3560 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys >

< 15:19:15.0375 3560 nv - ok >

< 15:19:15.0593 3560 [ 0344AA9113DC16EEC379F4652020849D ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys >

< 15:19:15.0593 3560 nvata - ok >

< 15:19:15.0640 3560 [ A545DF28F75BCB109A3AADBB07552B12 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys >

< 15:19:15.0640 3560 NVENETFD - ok >

< 15:19:15.0671 3560 [ EA41F641420F3D8271804D287C1EF461 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys >

< 15:19:15.0671 3560 nvnetbus - ok >

< 15:19:15.0718 3560 [ CC4F8220EAD1F6A38D51679708F435B9 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe >

< 15:19:15.0734 3560 nvsvc - ok >

< 15:19:15.0765 3560 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys >

< 15:19:15.0765 3560 NwlnkFlt - ok >

< 15:19:15.0781 3560 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys >

< 15:19:15.0781 3560 NwlnkFwd - ok >

< 15:19:15.0859 3560 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys >

< 15:19:15.0859 3560 Parport - ok >

< 15:19:15.0859 3560 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys >

< 15:19:15.0875 3560 PartMgr - ok >

< 15:19:15.0906 3560 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys >

< 15:19:15.0906 3560 ParVdm - ok >

< 15:19:15.0906 3560 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys >

< 15:19:15.0906 3560 PCI - ok >

< 15:19:15.0906 3560 PCIDump - ok >

< 15:19:15.0937 3560 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys >

< 15:19:15.0937 3560 PCIIde - ok >

< 15:19:15.0953 3560 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys >

< 15:19:15.0953 3560 Pcmcia - ok >

< 15:19:15.0968 3560 PDCOMP - ok >

< 15:19:15.0968 3560 PDFRAME - ok >

< 15:19:15.0968 3560 PDRELI - ok >

< 15:19:15.0984 3560 PDRFRAME - ok >

< 15:19:15.0984 3560 perc2 - ok >

< 15:19:15.0984 3560 perc2hib - ok >

< 15:19:16.0031 3560 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe >

< 15:19:16.0031 3560 PlugPlay - ok >

< 15:19:16.0046 3560 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe >

< 15:19:16.0046 3560 PolicyAgent - ok >

< 15:19:16.0046 3560 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys >

< 15:19:16.0046 3560 PptpMiniport - ok >

< 15:19:16.0078 3560 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys >

< 15:19:16.0078 3560 Processor - ok >

< 15:19:16.0078 3560 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe >

< 15:19:16.0093 3560 ProtectedStorage - ok >

< 15:19:16.0093 3560 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys >

< 15:19:16.0093 3560 PSched - ok >

< 15:19:16.0109 3560 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys >

< 15:19:16.0109 3560 Ptilink - ok >

< 15:19:16.0125 3560 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys >

< 15:19:16.0125 3560 PxHelp20 - ok >

< 15:19:16.0125 3560 ql1080 - ok >

< 15:19:16.0140 3560 Ql10wnt - ok >

< 15:19:16.0140 3560 ql12160 - ok >

< 15:19:16.0140 3560 ql1240 - ok >

< 15:19:16.0156 3560 ql1280 - ok >

< 15:19:16.0156 3560 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys >

< 15:19:16.0171 3560 RasAcd - ok >

< 15:19:16.0203 3560 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll >

< 15:19:16.0218 3560 RasAuto - ok >

< 15:19:16.0218 3560 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys >

< 15:19:16.0218 3560 Rasl2tp - ok >

< 15:19:16.0281 3560 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll >

< 15:19:16.0281 3560 RasMan - ok >

< 15:19:16.0281 3560 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys >

< 15:19:16.0296 3560 RasPppoe - ok >

< 15:19:16.0296 3560 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys >

< 15:19:16.0296 3560 Raspti - ok >

< 15:19:16.0312 3560 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys >

< 15:19:16.0312 3560 Rdbss - ok >

< 15:19:16.0328 3560 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys >

< 15:19:16.0328 3560 RDPCDD - ok >

< 15:19:16.0359 3560 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys >

< 15:19:16.0359 3560 RDPWD - ok >

< 15:19:16.0375 3560 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe >

< 15:19:16.0390 3560 RDSessMgr - ok >

< 15:19:16.0406 3560 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys >

< 15:19:16.0406 3560 redbook - ok >

< 15:19:16.0453 3560 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll >

< 15:19:16.0453 3560 RemoteAccess - ok >

< 15:19:16.0484 3560 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys >

< 15:19:16.0484 3560 Revoflt - ok >

< 15:19:16.0500 3560 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe >

< 15:19:16.0500 3560 RpcLocator - ok >

< 15:19:16.0531 3560 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll >

< 15:19:16.0546 3560 RpcSs - ok >

< 15:19:16.0578 3560 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe >

< 15:19:16.0578 3560 RSVP - ok >

< 15:19:16.0609 3560 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe >

< 15:19:16.0609 3560 SamSs - ok >

< 15:19:16.0640 3560 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe >

< 15:19:16.0640 3560 SCardSvr - ok >

< 15:19:16.0671 3560 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll >

< 15:19:16.0671 3560 Schedule - ok >

< 15:19:16.0718 3560 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys >

< 15:19:16.0718 3560 Secdrv - ok >

< 15:19:16.0718 3560 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll >

< 15:19:16.0734 3560 seclogon - ok >

< 15:19:16.0734 3560 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll >

< 15:19:16.0750 3560 SENS - ok >

< 15:19:16.0765 3560 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys >

< 15:19:16.0765 3560 serenum - ok >

< 15:19:16.0781 3560 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys >

< 15:19:16.0781 3560 Serial - ok >

< 15:19:16.0812 3560 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys >

< 15:19:16.0828 3560 Sfloppy - ok >

< 15:19:16.0859 3560 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll >

< 15:19:16.0875 3560 SharedAccess - ok >

< 15:19:16.0906 3560 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll >

< 15:19:16.0921 3560 ShellHWDetection - ok >

< 15:19:16.0921 3560 Simbad - ok >

< 15:19:16.0937 3560 Sparrow - ok >

< 15:19:16.0968 3560 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys >

< 15:19:16.0968 3560 splitter - ok >

< 15:19:17.0000 3560 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe >

< 15:19:17.0000 3560 Spooler - ok >

< 15:19:17.0031 3560 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys >

< 15:19:17.0031 3560 sr - ok >

< 15:19:17.0046 3560 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll >

< 15:19:17.0046 3560 srservice - ok >

< 15:19:17.0093 3560 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys >

< 15:19:17.0109 3560 Srv - ok >

< 15:19:17.0140 3560 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll >

< 15:19:17.0156 3560 SSDPSRV - ok >

< 15:19:17.0187 3560 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll >

< 15:19:17.0187 3560 stisvc - ok >

< 15:19:17.0234 3560 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys >

< 15:19:17.0234 3560 swenum - ok >

< 15:19:17.0234 3560 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys >

< 15:19:17.0250 3560 swmidi - ok >

< 15:19:17.0250 3560 SwPrv - ok >

< 15:19:17.0250 3560 symc810 - ok >

< 15:19:17.0265 3560 symc8xx - ok >

< 15:19:17.0265 3560 sym_hi - ok >

< 15:19:17.0265 3560 sym_u3 - ok >

< 15:19:17.0296 3560 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys >

< 15:19:17.0296 3560 sysaudio - ok >

< 15:19:17.0312 3560 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe >

< 15:19:17.0328 3560 SysmonLog - ok >

< 15:19:17.0359 3560 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll >

< 15:19:17.0375 3560 TapiSrv - ok >

< 15:19:17.0421 3560 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys >

< 15:19:17.0437 3560 Tcpip - ok >

< 15:19:17.0468 3560 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys >

< 15:19:17.0468 3560 TDPIPE - ok >

< 15:19:17.0468 3560 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys >

< 15:19:17.0468 3560 TDTCP - ok >

< 15:19:17.0500 3560 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys >

[color=#A23BEC]< 15:19:17.0500 3560 TermDD - ok >[/color]

[color=#A23BEC]< 15:19:17.0515 3560 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll >[/color]

[color=#A23BEC]< 15:19:17.0531 3560 TermService - ok >[/color]

[color=#A23BEC]< 15:19:17.0578 3560 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll >[/color]

[color=#A23BEC]< 15:19:17.0578 3560 Themes - ok >[/color]

[color=#A23BEC]< 15:19:17.0578 3560 TosIde - ok >[/color]

[color=#A23BEC]< 15:19:17.0593 3560 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll >[/color]

[color=#A23BEC]< 15:19:17.0593 3560 TrkWks - ok >[/color]

[color=#A23BEC]< 15:19:17.0640 3560 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys >[/color]

[color=#A23BEC]< 15:19:17.0640 3560 Udfs - ok >[/color]

[color=#A23BEC]< 15:19:17.0656 3560 ultra - ok >[/color]

[color=#A23BEC]< 15:19:17.0687 3560 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys >[/color]

[color=#A23BEC]< 15:19:17.0703 3560 Update - ok >[/color]

[color=#A23BEC]< 15:19:17.0734 3560 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll >[/color]

[color=#A23BEC]< 15:19:17.0734 3560 upnphost - ok >[/color]

[color=#A23BEC]< 15:19:17.0765 3560 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe >[/color]

[color=#A23BEC]< 15:19:17.0765 3560 UPS - ok >[/color]

[color=#A23BEC]< 15:19:17.0796 3560 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys >[/color]

[color=#A23BEC]< 15:19:17.0796 3560 USBAAPL - ok >[/color]

[color=#A23BEC]< 15:19:17.0828 3560 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys >[/color]

[color=#A23BEC]< 15:19:17.0828 3560 usbccgp - ok >[/color]

[color=#A23BEC]< 15:19:17.0859 3560 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys >[/color]

[color=#A23BEC]< 15:19:17.0875 3560 usbehci - ok >[/color]

[color=#A23BEC]< 15:19:17.0875 3560 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys >[/color]

[color=#A23BEC]< 15:19:17.0875 3560 usbhub - ok >[/color]

[color=#A23BEC]< 15:19:17.0890 3560 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys >[/color]

[color=#A23BEC]< 15:19:17.0890 3560 usbohci - ok >[/color]

[color=#A23BEC]< 15:19:17.0921 3560 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys >[/color]

[color=#A23BEC]< 15:19:17.0921 3560 usbscan - ok >[/color]

[color=#A23BEC]< 15:19:17.0953 3560 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS >[/color]

[color=#A23BEC]< 15:19:17.0953 3560 USBSTOR - ok >[/color]

[color=#A23BEC]< 15:19:17.0953 3560 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys >[/color]

[color=#A23BEC]< 15:19:17.0968 3560 VgaSave - ok >[/color]

[color=#A23BEC]< 15:19:17.0968 3560 ViaIde - ok >[/color]

[color=#A23BEC]< 15:19:18.0000 3560 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys >[/color]

[color=#A23BEC]< 15:19:18.0000 3560 VolSnap - ok >[/color]

[color=#A23BEC]< 15:19:18.0031 3560 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe >[/color]

[color=#A23BEC]< 15:19:18.0046 3560 VSS - ok >[/color]

[color=#A23BEC]< 15:19:18.0078 3560 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll >[/color]

[color=#A23BEC]< 15:19:18.0078 3560 W32Time - ok >[/color]

[color=#A23BEC]< 15:19:18.0093 3560 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys >[/color]

[color=#A23BEC]< 15:19:18.0093 3560 Wanarp - ok >[/color]

[color=#A23BEC]< 15:19:18.0093 3560 WDICA - ok >[/color]

[color=#A23BEC]< 15:19:18.0140 3560 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys >[/color]

[color=#A23BEC]< 15:19:18.0156 3560 wdmaud - ok >[/color]

[color=#A23BEC]< 15:19:18.0156 3560 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll >[/color]

[color=#A23BEC]< 15:19:18.0171 3560 WebClient - ok >[/color]

[color=#A23BEC]< 15:19:18.0265 3560 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll >[/color]

[color=#A23BEC]< 15:19:18.0265 3560 winmgmt - ok >[/color]

[color=#A23BEC]< 15:19:18.0312 3560 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll >[/color]

[color=#A23BEC]< 15:19:18.0312 3560 WmdmPmSN - ok >[/color]

[color=#A23BEC]< 15:19:18.0343 3560 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe >[/color]

[color=#A23BEC]< 15:19:18.0343 3560 WmiApSrv - ok >[/color]

[color=#A23BEC]< 15:19:18.0406 3560 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe >[/color]

[color=#A23BEC]< 15:19:18.0453 3560 WMPNetworkSvc - ok >[/color]

[color=#A23BEC]< 15:19:18.0453 3560 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys >[/color]

[color=#A23BEC]< 15:19:18.0453 3560 WpdUsb - ok >[/color]

[color=#A23BEC]< 15:19:18.0515 3560 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe >[/color]

[color=#A23BEC]< 15:19:18.0562 3560 WPFFontCache_v0400 - ok >[/color]

[color=#A23BEC]< 15:19:18.0593 3560 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys >[/color]

[color=#A23BEC]< 15:19:18.0593 3560 WS2IFSL - ok >[/color]

[color=#A23BEC]< 15:19:18.0640 3560 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll >[/color]

[color=#A23BEC]< 15:19:18.0656 3560 wscsvc - ok >[/color]

[color=#A23BEC]< 15:19:18.0656 3560 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll >[/color]

[color=#A23BEC]< 15:19:18.0687 3560 wuauserv - ok >[/color]

[color=#A23BEC]< 15:19:18.0718 3560 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys >[/color]

[color=#A23BEC]< 15:19:18.0718 3560 WudfPf - ok >[/color]

[color=#A23BEC]< 15:19:18.0734 3560 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys >[/color]

[color=#A23BEC]< 15:19:18.0734 3560 WudfRd - ok >[/color]

[color=#A23BEC]< 15:19:18.0765 3560 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll >[/color]

[color=#A23BEC]< 15:19:18.0765 3560 WudfSvc - ok >[/color]

[color=#A23BEC]< 15:19:18.0828 3560 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll >[/color]

[color=#A23BEC]< 15:19:18.0843 3560 WZCSVC - ok >[/color]

[color=#A23BEC]< 15:19:18.0890 3560 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll >[/color]

[color=#A23BEC]< 15:19:18.0890 3560 xmlprov - ok >[/color]

[color=#A23BEC]< 15:19:18.0953 3560 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe >[/color]

[color=#A23BEC]< 15:19:18.0953 3560 YahooAUService - ok >[/color]

[color=#A23BEC]< 15:19:18.0953 3560 ================ Scan global =============================== >[/color]

[color=#A23BEC]< 15:19:18.0984 3560 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll >[/color]

[color=#A23BEC]< 15:19:19.0031 3560 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll >[/color]

[color=#A23BEC]< 15:19:19.0062 3560 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll >[/color]

[color=#A23BEC]< 15:19:19.0078 3560 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe >[/color]

[color=#A23BEC]< 15:19:19.0078 3560 [Global] - ok >[/color]

[color=#A23BEC]< 15:19:19.0078 3560 ================ Scan MBR ================================== >[/color]

[color=#A23BEC]< 15:19:19.0109 3560 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 >[/color]

[color=#A23BEC]< 15:19:19.0187 3560 \Device\Harddisk0\DR0 - ok >[/color]

[color=#A23BEC]< 15:19:19.0187 3560 ================ Scan VBR ================================== >[/color]

[color=#A23BEC]< 15:19:19.0187 3560 [ 93A83DEB4B5699128379382F2A2FC396 ] \Device\Harddisk0\DR0\Partition1 >[/color]

[color=#A23BEC]< 15:19:19.0187 3560 \Device\Harddisk0\DR0\Partition1 - ok >[/color]

[color=#A23BEC]< 15:19:19.0187 3560 ============================================================ >[/color]

[color=#A23BEC]< 15:19:19.0187 3560 Scan finished >[/color]

[color=#A23BEC]< 15:19:19.0187 3560 ============================================================ >[/color]

[color=#A23BEC]< 15:19:19.0203 1576 Detected object count: 0 >[/color]

[color=#A23BEC]< 15:19:19.0203 1576 Actual detected object count: 0 >[/color]

[color=#A23BEC]< 15:20:18.0062 3576 ============================================================ >[/color]

[color=#A23BEC]< 15:20:18.0062 3576 Scan started >[/color]

[color=#A23BEC]< 15:20:18.0062 3576 Mode: Manual; SigCheck; TDLFS; >[/color]

[color=#A23BEC]< 15:20:18.0062 3576 ============================================================ >[/color]

[color=#A23BEC]< 15:20:18.0187 3576 ================ Scan system memory ======================== >[/color]

[color=#A23BEC]< 15:20:18.0187 3576 System memory - ok >[/color]

[color=#A23BEC]< 15:20:18.0187 3576 ================ Scan services ============================= >[/color]

[color=#A23BEC]< 15:20:18.0218 3576 Abiosdsk - ok >[/color]

[color=#A23BEC]< 15:20:18.0234 3576 abp480n5 - ok >[/color]

[color=#A23BEC]< 15:20:18.0281 3576 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys >[/color]

[color=#A23BEC]< 15:20:18.0859 3576 ACPI - ok >[/color]

[color=#A23BEC]< 15:20:18.0890 3576 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys >[/color]

[color=#A23BEC]< 15:20:19.0046 3576 ACPIEC - ok >[/color]

[color=#A23BEC]< 15:20:19.0109 3576 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe >[/color]

[color=#A23BEC]< 15:20:19.0125 3576 AdobeFlashPlayerUpdateSvc - ok >[/color]

[color=#A23BEC]< 15:20:19.0125 3576 adpu160m - ok >[/color]

[color=#A23BEC]< 15:20:19.0171 3576 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys >[/color]

[color=#A23BEC]< 15:20:19.0312 3576 aec - ok >[/color]

[color=#A23BEC]< 15:20:19.0359 3576 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys >[/color]

[color=#A23BEC]< 15:20:19.0390 3576 AFD - ok >[/color]

[color=#A23BEC]< 15:20:19.0390 3576 Aha154x - ok >[/color]

[color=#A23BEC]< 15:20:19.0406 3576 aic78u2 - ok >[/color]

[color=#A23BEC]< 15:20:19.0406 3576 aic78xx - ok >[/color]

[color=#A23BEC]< 15:20:19.0531 3576 [ E1B23E1463ADCCA8637532D6B170CC32 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS >[/color]

[color=#A23BEC]< 15:20:19.0718 3576 ALCXWDM - ok >[/color]

[color=#A23BEC]< 15:20:19.0765 3576 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll >[/color]

[color=#A23BEC]< 15:20:19.0875 3576 Alerter - ok >[/color]

[color=#A23BEC]< 15:20:19.0890 3576 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe >[/color]

[color=#A23BEC]< 15:20:19.0937 3576 ALG - ok >[/color]

[color=#A23BEC]< 15:20:19.0953 3576 AliIde - ok >[/color]

[color=#A23BEC]< 15:20:19.0953 3576 amsint - ok >[/color]

[color=#A23BEC]< 15:20:20.0078 3576 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe >[/color]

[color=#A23BEC]< 15:20:20.0093 3576 Apple Mobile Device - ok >[/color]

[color=#A23BEC]< 15:20:20.0109 3576 AppMgmt - ok >[/color]

[color=#A23BEC]< 15:20:20.0109 3576 asc - ok >[/color]

[color=#A23BEC]< 15:20:20.0109 3576 asc3350p - ok >[/color]

[color=#A23BEC]< 15:20:20.0125 3576 asc3550 - ok >[/color]

[color=#A23BEC]< 15:20:20.0156 3576 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys >[/color]

[color=#A23BEC]< 15:20:20.0203 3576 AsIO - ok >[/color]

[color=#A23BEC]< 15:20:20.0312 3576 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe >[/color]

[color=#A23BEC]< 15:20:20.0328 3576 aspnet_state - ok >[/color]

[color=#A23BEC]< 15:20:20.0343 3576 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys >[/color]

[color=#A23BEC]< 15:20:20.0359 3576 aswFsBlk - ok >[/color]

[color=#A23BEC]< 15:20:20.0375 3576 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys >[/color]

[color=#A23BEC]< 15:20:20.0390 3576 aswMonFlt - ok >[/color]

[color=#A23BEC]< 15:20:20.0390 3576 [ C1A411B7CCD604554D96EFDAC2F83617 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys >[/color]

[color=#A23BEC]< 15:20:20.0406 3576 aswRdr - ok >[/color]

[color=#A23BEC]< 15:20:20.0421 3576 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys >[/color]

[color=#A23BEC]< 15:20:20.0437 3576 aswRvrt - ok >[/color]

[color=#A23BEC]< 15:20:20.0484 3576 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys >[/color]

[color=#A23BEC]< 15:20:20.0515 3576 aswSnx - ok >[/color]

[color=#A23BEC]< 15:20:20.0531 3576 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys >[/color]

[color=#A23BEC]< 15:20:20.0562 3576 aswSP - ok >[/color]

[color=#A23BEC]< 15:20:20.0578 3576 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys >[/color]

[color=#A23BEC]< 15:20:20.0593 3576 aswTdi - ok >[/color]

[color=#A23BEC]< 15:20:20.0609 3576 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys >[/color]

[color=#A23BEC]< 15:20:20.0625 3576 aswVmm - ok >[/color]

[color=#A23BEC]< 15:20:20.0640 3576 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys >[/color]

[color=#A23BEC]< 15:20:20.0796 3576 AsyncMac - ok >[/color]

[color=#A23BEC]< 15:20:20.0843 3576 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys >[/color]

[color=#A23BEC]< 15:20:20.0984 3576 atapi - ok >[/color]

[color=#A23BEC]< 15:20:20.0984 3576 Atdisk - ok >[/color]

[color=#A23BEC]< 15:20:21.0015 3576 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys >[/color]

[color=#A23BEC]< 15:20:21.0156 3576 Atmarpc - ok >[/color]

[color=#A23BEC]< 15:20:21.0203 3576 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll >[/color]

[color=#A23BEC]< 15:20:21.0359 3576 AudioSrv - ok >[/color]

[color=#A23BEC]< 15:20:21.0390 3576 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys >[/color]

[color=#A23BEC]< 15:20:21.0546 3576 audstub - ok >[/color]

[color=#A23BEC]< 15:20:21.0625 3576 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe >[/color]

[color=#A23BEC]< 15:20:21.0640 3576 avast! Antivirus - ok >[/color]

[color=#A23BEC]< 15:20:21.0671 3576 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys >[/color]

[color=#A23BEC]< 15:20:21.0843 3576 Beep - ok >[/color]

[color=#A23BEC]< 15:20:21.0890 3576 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll >[/color]

[color=#A23BEC]< 15:20:22.0078 3576 BITS - ok >[/color]

[color=#A23BEC]< 15:20:22.0156 3576 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe >[/color]

[color=#A23BEC]< 15:20:22.0171 3576 Bonjour Service - ok >[/color]

[color=#A23BEC]< 15:20:22.0218 3576 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll >[/color]

[color=#A23BEC]< 15:20:22.0234 3576 Browser - ok >[/color]

[color=#A23BEC]< 15:20:22.0265 3576 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys >[/color]

[color=#A23BEC]< 15:20:22.0453 3576 cbidf2k - ok >[/color]

[color=#A23BEC]< 15:20:22.0453 3576 cd20xrnt - ok >[/color]

[color=#A23BEC]< 15:20:22.0453 3576 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys >[/color]

[color=#A23BEC]< 15:20:22.0640 3576 Cdaudio - ok >[/color]

[color=#A23BEC]< 15:20:22.0671 3576 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys >[/color]

[color=#A23BEC]< 15:20:22.0828 3576 Cdfs - ok >[/color]

[color=#A23BEC]< 15:20:22.0843 3576 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys >[/color]

[color=#A23BEC]< 15:20:23.0015 3576 Cdrom - ok >[/color]

[color=#A23BEC]< 15:20:23.0015 3576 Changer - ok >[/color]

[color=#A23BEC]< 15:20:23.0046 3576 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe >[/color]

[color=#A23BEC]< 15:20:23.0218 3576 CiSvc - ok >[/color]

[color=#A23BEC]< 15:20:23.0250 3576 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe >[/color]

[color=#A23BEC]< 15:20:23.0406 3576 ClipSrv - ok >[/color]

[color=#A23BEC]< 15:20:23.0437 3576 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe >[/color]

[color=#A23BEC]< 15:20:23.0453 3576 clr_optimization_v2.0.50727_32 - ok >[/color]

[color=#A23BEC]< 15:20:23.0500 3576 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe >[/color]

[color=#A23BEC]< 15:20:23.0515 3576 clr_optimization_v4.0.30319_32 - ok >[/color]

[color=#A23BEC]< 15:20:23.0515 3576 CmdIde - ok >[/color]

[color=#A23BEC]< 15:20:23.0515 3576 COMSysApp - ok >[/color]

[color=#A23BEC]< 15:20:23.0531 3576 Cpqarray - ok >[/color]

[color=#A23BEC]< 15:20:23.0578 3576 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll >[/color]

[color=#A23BEC]< 15:20:23.0750 3576 CryptSvc - ok >[/color]

[color=#A23BEC]< 15:20:23.0765 3576 dac2w2k - ok >[/color]

[color=#A23BEC]< 15:20:23.0765 3576 dac960nt - ok >[/color]

[color=#A23BEC]< 15:20:23.0812 3576 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll >[/color]

[color=#A23BEC]< 15:20:23.0843 3576 DcomLaunch - ok >[/color]

[color=#A23BEC]< 15:20:23.0906 3576 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll >[/color]

[color=#A23BEC]< 15:20:24.0046 3576 Dhcp - ok >[/color]

[color=#A23BEC]< 15:20:24.0093 3576 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys >[/color]

[color=#A23BEC]< 15:20:24.0265 3576 Disk - ok >[/color]

[color=#A23BEC]< 15:20:24.0281 3576 dmadmin - ok >[/color]

[color=#A23BEC]< 15:20:24.0312 3576 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys >[/color]

[color=#A23BEC]< 15:20:24.0500 3576 dmboot - ok >[/color]

[color=#A23BEC]< 15:20:24.0531 3576 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys >[/color]

[color=#A23BEC]< 15:20:24.0687 3576 dmio - ok >[/color]

[color=#A23BEC]< 15:20:24.0718 3576 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys >[/color]

[color=#A23BEC]< 15:20:24.0890 3576 dmload - ok >[/color]

[color=#A23BEC]< 15:20:24.0921 3576 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll >[/color]

[color=#A23BEC]< 15:20:25.0093 3576 dmserver - ok >[/color]

[color=#A23BEC]< 15:20:25.0125 3576 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys >[/color]

[color=#A23BEC]< 15:20:25.0281 3576 DMusic - ok >[/color]

[color=#A23BEC]< 15:20:25.0328 3576 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll >[/color]

[color=#A23BEC]< 15:20:25.0343 3576 Dnscache - ok >[/color]

[color=#A23BEC]< 15:20:25.0375 3576 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll >[/color]

[color=#A23BEC]< 15:20:25.0515 3576 Dot3svc - ok >[/color]

[color=#A23BEC]< 15:20:25.0515 3576 dpti2o - ok >[/color]

[color=#A23BEC]< 15:20:25.0546 3576 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys >[/color]

[color=#A23BEC]< 15:20:25.0703 3576 drmkaud - ok >[/color]

[color=#A23BEC]< 15:20:25.0734 3576 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll >[/color]

[color=#A23BEC]< 15:20:25.0906 3576 EapHost - ok >[/color]

[color=#A23BEC]< 15:20:25.0953 3576 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll >[/color]

[color=#A23BEC]< 15:20:26.0109 3576 ERSvc - ok >[/color]

[color=#A23BEC]< 15:20:26.0156 3576 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe >[/color]

[color=#A23BEC]< 15:20:26.0187 3576 Eventlog - ok >[/color]

[color=#A23BEC]< 15:20:26.0203 3576 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll >[/color]

[color=#A23BEC]< 15:20:26.0234 3576 EventSystem - ok >[/color]

[color=#A23BEC]< 15:20:26.0250 3576 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys >[/color]

[color=#A23BEC]< 15:20:26.0375 3576 Fastfat - ok >[/color]

[color=#A23BEC]< 15:20:26.0421 3576 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll >[/color]

[color=#A23BEC]< 15:20:26.0437 3576 FastUserSwitchingCompatibility - ok >[/color]

[color=#A23BEC]< 15:20:26.0453 3576 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys >[/color]

[color=#A23BEC]< 15:20:26.0625 3576 Fdc - ok >[/color]

[color=#A23BEC]< 15:20:26.0656 3576 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys >[/color]

[color=#A23BEC]< 15:20:26.0812 3576 Fips - ok >[/color]

[color=#A23BEC]< 15:20:26.0812 3576 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys >[/color]

[color=#A23BEC]< 15:20:26.0953 3576 Flpydisk - ok >[/color]

[color=#A23BEC]< 15:20:27.0000 3576 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys >[/color]

[color=#A23BEC]< 15:20:27.0156 3576 FltMgr - ok >[/color]

[color=#A23BEC]< 15:20:27.0187 3576 [ 8EFA9BFC940D9EB9348D9DAFB839FE25 ] FlyUsb C:\WINDOWS\system32\DRIVERS\FlyUsb.sys >[/color]

[color=#A23BEC]< 15:20:27.0187 3576 FlyUsb ( UnsignedFile.Multi.Generic ) - warning >[/color]

[color=#A23BEC]< 15:20:27.0187 3576 FlyUsb - detected UnsignedFile.Multi.Generic (1) >[/color]

[color=#A23BEC]< 15:20:27.0265 3576 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe >[/color]

[color=#A23BEC]< 15:20:27.0281 3576 FontCache3.0.0.0 - ok >[/color]

[color=#A23BEC]< 15:20:27.0312 3576 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys >[/color]

[color=#A23BEC]< 15:20:27.0437 3576 Fs_Rec - ok >[/color]

[color=#A23BEC]< 15:20:27.0484 3576 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys >[/color]

[color=#A23BEC]< 15:20:27.0609 3576 Ftdisk - ok >[/color]

[color=#A23BEC]< 15:20:27.0656 3576 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys >[/color]

[color=#A23BEC]< 15:20:27.0671 3576 GEARAspiWDM - ok >[/color]

[color=#A23BEC]< 15:20:27.0703 3576 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys >[/color]

[color=#A23BEC]< 15:20:27.0875 3576 Gpc - ok >[/color]

[color=#A23BEC]< 15:20:27.0937 3576 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe >[/color]

[color=#A23BEC]< 15:20:27.0953 3576 gupdate - ok >[/color]

[color=#A23BEC]< 15:20:27.0953 3576 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe >[/color]

[color=#A23BEC]< 15:20:27.0968 3576 gupdatem - ok >[/color]

[color=#A23BEC]< 15:20:28.0000 3576 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe >[/color]

[color=#A23BEC]< 15:20:28.0015 3576 gusvc - ok >[/color]

[color=#A23BEC]< 15:20:28.0046 3576 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys >[/color]

[color=#A23BEC]< 15:20:28.0203 3576 HDAudBus - ok >[/color]

[color=#A23BEC]< 15:20:28.0281 3576 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll >[/color]

[color=#A23BEC]< 15:20:28.0437 3576 helpsvc - ok >[/color]

[color=#A23BEC]< 15:20:28.0453 3576 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll >[/color]

[color=#A23BEC]< 15:20:28.0593 3576 HidServ - ok >[/color]

[color=#A23BEC]< 15:20:28.0625 3576 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys >[/color]

[color=#A23BEC]< 15:20:28.0781 3576 HidUsb - ok >[/color]

[color=#A23BEC]< 15:20:28.0812 3576 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll >[/color]

[color=#A23BEC]< 15:20:28.0968 3576 hkmsvc - ok >[/color]

[color=#A23BEC]< 15:20:28.0968 3576 hpn - ok >[/color]

[color=#A23BEC]< 15:20:29.0015 3576 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys >[/color]

[color=#A23BEC]< 15:20:29.0031 3576 HTTP - ok >[/color]

[color=#A23BEC]< 15:20:29.0062 3576 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll >[/color]

[color=#A23BEC]< 15:20:29.0250 3576 HTTPFilter - ok >[/color]

[color=#A23BEC]< 15:20:29.0250 3576 i2omgmt - ok >[/color]

[color=#A23BEC]< 15:20:29.0250 3576 i2omp - ok >[/color]

[color=#A23BEC]< 15:20:29.0296 3576 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys >[/color]

[color=#A23BEC]< 15:20:29.0421 3576 i8042prt - ok >[/color]

[color=#A23BEC]< 15:20:29.0484 3576 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe >[/color]

[color=#A23BEC]< 15:20:29.0515 3576 idsvc - ok >[/color]

[color=#A23BEC]< 15:20:29.0546 3576 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys >[/color]

[color=#A23BEC]< 15:20:29.0703 3576 Imapi - ok >[/color]

[color=#A23BEC]< 15:20:29.0750 3576 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe >[/color]

[color=#A23BEC]< 15:20:29.0921 3576 ImapiService - ok >[/color]

[color=#A23BEC]< 15:20:29.0921 3576 ini910u - ok >[/color]

[color=#A23BEC]< 15:20:29.0937 3576 IntelIde - ok >[/color]

[color=#A23BEC]< 15:20:29.0968 3576 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys >[/color]

[color=#A23BEC]< 15:20:30.0109 3576 Ip6Fw - ok >[/color]

[color=#A23BEC]< 15:20:30.0140 3576 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys >[/color]

[color=#A23BEC]< 15:20:30.0281 3576 IpFilterDriver - ok >[/color]

[color=#A23BEC]< 15:20:30.0296 3576 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys >[/color]

[color=#A23BEC]< 15:20:30.0468 3576 IpInIp - ok >[/color]

[color=#A23BEC]< 15:20:30.0484 3576 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys >[/color]

[color=#A23BEC]< 15:20:30.0625 3576 IpNat - ok >[/color]

[color=#A23BEC]< 15:20:30.0656 3576 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys >[/color]

[color=#A23BEC]< 15:20:30.0812 3576 IPSec - ok >[/color]

[color=#A23BEC]< 15:20:30.0828 3576 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys >[/color]

[color=#A23BEC]< 15:20:30.0906 3576 IRENUM - ok >[/color]

[color=#A23BEC]< 15:20:30.0921 3576 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys >[/color]

[color=#A23BEC]< 15:20:31.0062 3576 isapnp - ok >[/color]

[color=#A23BEC]< 15:20:31.0078 3576 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys >[/color]

[color=#A23BEC]< 15:20:31.0218 3576 Kbdclass - ok >[/color]

[color=#A23BEC]< 15:20:31.0234 3576 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys >[/color]

[color=#A23BEC]< 15:20:31.0359 3576 kbdhid - ok >[/color]

[color=#A23BEC]< 15:20:31.0406 3576 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys >[/color]

[color=#A23BEC]< 15:20:31.0546 3576 kmixer - ok >[/color]

[color=#A23BEC]< 15:20:31.0593 3576 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys >[/color]

[color=#A23BEC]< 15:20:31.0609 3576 KSecDD - ok >[/color]

[color=#A23BEC]< 15:20:31.0656 3576 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll >[/color]

[color=#A23BEC]< 15:20:31.0687 3576 lanmanserver - ok >[/color]

[color=#A23BEC]< 15:20:31.0734 3576 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll >[/color]

[color=#A23BEC]< 15:20:31.0750 3576 lanmanworkstation - ok >[/color]

[color=#A23BEC]< 15:20:31.0750 3576 lbrtfdc - ok >[/color]

[color=#A23BEC]< 15:20:31.0781 3576 LeapFrog Connect Device Service - ok >[/color]

[color=#A23BEC]< 15:20:31.0812 3576 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll >[/color]

[color=#A23BEC]< 15:20:31.0953 3576 LmHosts - ok >[/color]

[color=#A23BEC]< 15:20:32.0000 3576 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys >[/color]

[color=#A23BEC]< 15:20:32.0015 3576 MBAMProtector - ok >[/color]

[color=#A23BEC]< 15:20:32.0093 3576 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe >[/color]

[color=#A23BEC]< 15:20:32.0125 3576 MBAMScheduler - ok >[/color]

[color=#A23BEC]< 15:20:32.0156 3576 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe >[/color]

[color=#A23BEC]< 15:20:32.0187 3576 MBAMService - ok >[/color]

[color=#A23BEC]< 15:20:32.0234 3576 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys >[/color]

[color=#A23BEC]< 15:20:32.0250 3576 MBAMSwissArmy - ok >[/color]

[color=#A23BEC]< 15:20:32.0281 3576 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll >[/color]

[color=#A23BEC]< 15:20:32.0453 3576 Messenger - ok >[/color]

[color=#A23BEC]< 15:20:32.0500 3576 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys >[/color]

[color=#A23BEC]< 15:20:32.0656 3576 mnmdd - ok >[/color]

[color=#A23BEC]< 15:20:32.0687 3576 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe >[/color]

[color=#A23BEC]< 15:20:32.0828 3576 mnmsrvc - ok >[/color]

[color=#A23BEC]< 15:20:32.0843 3576 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys >[/color]

[color=#A23BEC]< 15:20:33.0031 3576 Modem - ok >[/color]

[color=#A23BEC]< 15:20:33.0062 3576 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys >[/color]

[color=#A23BEC]< 15:20:33.0203 3576 Mouclass - ok >[/color]

[color=#A23BEC]< 15:20:33.0234 3576 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys >[/color]

[color=#A23BEC]< 15:20:33.0390 3576 mouhid - ok >[/color]

[color=#A23BEC]< 15:20:33.0421 3576 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys >[/color]

[color=#A23BEC]< 15:20:33.0546 3576 MountMgr - ok >[/color]

[color=#A23BEC]< 15:20:33.0546 3576 mraid35x - ok >[/color]

[color=#A23BEC]< 15:20:33.0546 3576 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys >[/color]

[color=#A23BEC]< 15:20:33.0703 3576 MRxDAV - ok >[/color]

[color=#A23BEC]< 15:20:33.0750 3576 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys >[/color]

[color=#A23BEC]< 15:20:33.0765 3576 MRxSmb - ok >[/color]

[color=#A23BEC]< 15:20:33.0796 3576 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe >[/color]

[color=#A23BEC]< 15:20:33.0921 3576 MSDTC - ok >[/color]

[color=#A23BEC]< 15:20:33.0937 3576 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys >[/color]

[color=#A23BEC]< 15:20:34.0093 3576 Msfs - ok >[/color]

[color=#A23BEC]< 15:20:34.0093 3576 MSIServer - ok >[/color]

[color=#A23BEC]< 15:20:34.0125 3576 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys >[/color]

[color=#A23BEC]< 15:20:34.0234 3576 MSKSSRV - ok >[/color]

[color=#A23BEC]< 15:20:34.0265 3576 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys >[/color]

[color=#A23BEC]< 15:20:34.0421 3576 MSPCLOCK - ok >[/color]

[color=#A23BEC]< 15:20:34.0421 3576 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys >[/color]

[color=#A23BEC]< 15:20:34.0562 3576 MSPQM - ok >[/color]

[color=#A23BEC]< 15:20:34.0578 3576 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys >[/color]

[color=#A23BEC]< 15:20:34.0687 3576 mssmbios - ok >[/color]

[color=#A23BEC]< 15:20:34.0734 3576 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys >[/color]

[color=#A23BEC]< 15:20:34.0734 3576 MTsensor - ok >[/color]

[color=#A23BEC]< 15:20:34.0781 3576 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys >[/color]

[color=#A23BEC]< 15:20:34.0812 3576 Mup - ok >[/color]

[color=#A23BEC]< 15:20:34.0843 3576 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll >[/color]

[color=#A23BEC]< 15:20:35.0000 3576 napagent - ok >[/color]

[color=#A23BEC]< 15:20:35.0015 3576 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys >[/color]

[color=#A23BEC]< 15:20:35.0156 3576 NDIS - ok >[/color]

[color=#A23BEC]< 15:20:35.0171 3576 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys >[/color]

[color=#A23BEC]< 15:20:35.0187 3576 NdisTapi - ok >[/color]

[color=#A23BEC]< 15:20:35.0234 3576 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys >[/color]

[color=#A23BEC]< 15:20:35.0359 3576 Ndisuio - ok >[/color]

[color=#A23BEC]< 15:20:35.0359 3576 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys >[/color]

[color=#A23BEC]< 15:20:35.0484 3576 NdisWan - ok >[/color]

[color=#A23BEC]< 15:20:35.0531 3576 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys >[/color]

[color=#A23BEC]< 15:20:35.0546 3576 NDProxy - ok >[/color]

[color=#A23BEC]< 15:20:35.0546 3576 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys >[/color]

[color=#A23BEC]< 15:20:35.0687 3576 NetBIOS - ok >[/color]

[color=#A23BEC]< 15:20:35.0703 3576 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys >[/color]

[color=#A23BEC]< 15:20:35.0828 3576 NetBT - ok >[/color]

[color=#A23BEC]< 15:20:35.0843 3576 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe >[/color]

[color=#A23BEC]< 15:20:35.0968 3576 NetDDE - ok >[/color]

[color=#A23BEC]< 15:20:35.0984 3576 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe >[/color]

[color=#A23BEC]< 15:20:36.0109 3576 NetDDEdsdm - ok >[/color]

[color=#A23BEC]< 15:20:36.0140 3576 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe >[/color]

[color=#A23BEC]< 15:20:36.0265 3576 Netlogon - ok >[/color]

[color=#A23BEC]< 15:20:36.0312 3576 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll >[/color]

[color=#A23BEC]< 15:20:36.0437 3576 Netman - ok >[/color]

[color=#A23BEC]< 15:20:36.0468 3576 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe >[/color]

[color=#A23BEC]< 15:20:36.0484 3576 NetTcpPortSharing - ok >[/color]

[color=#A23BEC]< 15:20:36.0515 3576 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll >[/color]

[color=#A23BEC]< 15:20:36.0546 3576 Nla - ok >[/color]

[color=#A23BEC]< 15:20:36.0578 3576 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys >[/color]

[color=#A23BEC]< 15:20:36.0765 3576 Npfs - ok >[/color]

[color=#A23BEC]< 15:20:36.0796 3576 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys >[/color]

[color=#A23BEC]< 15:20:36.0921 3576 Ntfs - ok >[/color]

[color=#A23BEC]< 15:20:36.0937 3576 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe >[/color]

[color=#A23BEC]< 15:20:37.0078 3576 NtLmSsp - ok >[/color]

[color=#A23BEC]< 15:20:37.0125 3576 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll >[/color]

[color=#A23BEC]< 15:20:37.0265 3576 NtmsSvc - ok >[/color]

[color=#A23BEC]< 15:20:37.0296 3576 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys >[/color]

[color=#A23BEC]< 15:20:37.0453 3576 Null - ok >[/color]

[color=#A23BEC]< 15:20:37.0796 3576 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys >[/color]

[color=#A23BEC]< 15:20:38.0171 3576 nv - ok >[/color]

[color=#A23BEC]< 15:20:38.0203 3576 [ 0344AA9113DC16EEC379F4652020849D ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys >[/color]

[color=#A23BEC]< 15:20:38.0234 3576 nvata - ok >[/color]

[color=#A23BEC]< 15:20:38.0250 3576 [ A545DF28F75BCB109A3AADBB07552B12 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys >[/color]

[color=#A23BEC]< 15:20:38.0265 3576 NVENETFD - ok >[/color]

[color=#A23BEC]< 15:20:38.0296 3576 [ EA41F641420F3D8271804D287C1EF461 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys >[/color]

[color=#A23BEC]< 15:20:38.0312 3576 nvnetbus - ok >[/color]

[color=#A23BEC]< 15:20:38.0359 3576 [ CC4F8220EAD1F6A38D51679708F435B9 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe >[/color]

[color=#A23BEC]< 15:20:38.0375 3576 nvsvc - ok >[/color]

[color=#A23BEC]< 15:20:38.0406 3576 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys >[/color]

[color=#A23BEC]< 15:20:38.0531 3576 NwlnkFlt - ok >[/color]

[color=#A23BEC]< 15:20:38.0546 3576 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys >[/color]

[color=#A23BEC]< 15:20:38.0718 3576 NwlnkFwd - ok >[/color]

[color=#A23BEC]< 15:20:38.0765 3576 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys >[/color]

[color=#A23BEC]< 15:20:38.0890 3576 Parport - ok >[/color]

[color=#A23BEC]< 15:20:38.0906 3576 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys >[/color]

[color=#A23BEC]< 15:20:39.0015 3576 PartMgr - ok >[/color]

[color=#A23BEC]< 15:20:39.0062 3576 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys >[/color]

[color=#A23BEC]< 15:20:39.0203 3576 ParVdm - ok >[/color]

[color=#A23BEC]< 15:20:39.0203 3576 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys >[/color]

[color=#A23BEC]< 15:20:39.0328 3576 PCI - ok >[/color]

[color=#A23BEC]< 15:20:39.0343 3576 PCIDump - ok >[/color]

[color=#A23BEC]< 15:20:39.0359 3576 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys >[/color]

[color=#A23BEC]< 15:20:39.0500 3576 PCIIde - ok >[/color]

[color=#A23BEC]< 15:20:39.0515 3576 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys >[/color]

[color=#A23BEC]< 15:20:39.0640 3576 Pcmcia - ok >[/color]

[color=#A23BEC]< 15:20:39.0640 3576 PDCOMP - ok >[/color]

[color=#A23BEC]< 15:20:39.0656 3576 PDFRAME - ok >[/color]

[color=#A23BEC]< 15:20:39.0656 3576 PDRELI - ok >[/color]

[color=#A23BEC]< 15:20:39.0656 3576 PDRFRAME - ok >[/color]

[color=#A23BEC]< 15:20:39.0671 3576 perc2 - ok >[/color]

[color=#A23BEC]< 15:20:39.0671 3576 perc2hib - ok >[/color]

[color=#A23BEC]< 15:20:39.0687 3576 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe >[/color]

[color=#A23BEC]< 15:20:39.0718 3576 PlugPlay - ok >[/color]

[color=#A23BEC]< 15:20:39.0718 3576 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe >[/color]

[color=#A23BEC]< 15:20:39.0843 3576 PolicyAgent - ok >[/color]

[color=#A23BEC]< 15:20:39.0890 3576 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys >[/color]

[color=#A23BEC]< 15:20:40.0046 3576 PptpMiniport - ok >[/color]

[color=#A23BEC]< 15:20:40.0062 3576 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys >[/color]

[color=#A23BEC]< 15:20:40.0203 3576 Processor - ok >[/color]

[color=#A23BEC]< 15:20:40.0203 3576 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe >[/color]

[color=#A23BEC]< 15:20:40.0328 3576 ProtectedStorage - ok >[/color]

[color=#A23BEC]< 15:20:40.0328 3576 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys >[/color]

[color=#A23BEC]< 15:20:40.0468 3576 PSched - ok >[/color]

[color=#A23BEC]< 15:20:40.0500 3576 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys >[/color]

[color=#A23BEC]< 15:20:40.0609 3576 Ptilink - ok >[/color]

[color=#A23BEC]< 15:20:40.0656 3576 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys >[/color]

[color=#A23BEC]< 15:20:40.0671 3576 PxHelp20 - ok >[/color]

[color=#A23BEC]< 15:20:40.0671 3576 ql1080 - ok >[/color]

[color=#A23BEC]< 15:20:40.0671 3576 Ql10wnt - ok >[/color]

[color=#A23BEC]< 15:20:40.0687 3576 ql12160 - ok >[/color]

[color=#A23BEC]< 15:20:40.0687 3576 ql1240 - ok >[/color]

[color=#A23BEC]< 15:20:40.0687 3576 ql1280 - ok >[/color]

[color=#A23BEC]< 15:20:40.0703 3576 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys >[/color]

[color=#A23BEC]< 15:20:40.0828 3576 RasAcd - ok >[/color]

[color=#A23BEC]< 15:20:40.0859 3576 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll >[/color]

[color=#A23BEC]< 15:20:41.0015 3576 RasAuto - ok >[/color]

[color=#A23BEC]< 15:20:41.0015 3576 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys >[/color]

[color=#A23BEC]< 15:20:41.0140 3576 Rasl2tp - ok >[/color]

[color=#A23BEC]< 15:20:41.0187 3576 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll >[/color]

[color=#A23BEC]< 15:20:41.0328 3576 RasMan - ok >[/color]

[color=#A23BEC]< 15:20:41.0343 3576 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys >[/color]

[color=#A23BEC]< 15:20:41.0484 3576 RasPppoe - ok >[/color]

[color=#A23BEC]< 15:20:41.0500 3576 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys >[/color]

[color=#A23BEC]< 15:20:41.0656 3576 Raspti - ok >[/color]

[color=#A23BEC]< 15:20:41.0671 3576 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys >[/color]

[color=#A23BEC]< 15:20:41.0781 3576 Rdbss - ok >[/color]

[color=#A23BEC]< 15:20:41.0812 3576 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys >[/color]

[color=#A23BEC]< 15:20:41.0937 3576 RDPCDD - ok >[/color]

[color=#A23BEC]< 15:20:41.0968 3576 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys >[/color]

[color=#A23BEC]< 15:20:42.0015 3576 RDPWD - ok >[/color]

[color=#A23BEC]< 15:20:42.0031 3576 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe >[/color]

[color=#A23BEC]< 15:20:42.0171 3576 RDSessMgr - ok >[/color]

[color=#A23BEC]< 15:20:42.0203 3576 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys >[/color]

[color=#A23BEC]< 15:20:42.0328 3576 redbook - ok >[/color]

[color=#A23BEC]< 15:20:42.0359 3576 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll >[/color]

[color=#A23BEC]< 15:20:42.0484 3576 RemoteAccess - ok >[/color]

[color=#A23BEC]< 15:20:42.0515 3576 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys >[/color]

[color=#A23BEC]< 15:20:42.0531 3576 Revoflt - ok >[/color]

[color=#A23BEC]< 15:20:42.0531 3576 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe >[/color]

[color=#A23BEC]< 15:20:42.0656 3576 RpcLocator - ok >[/color]

[color=#A23BEC]< 15:20:42.0687 3576 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll >[/color]

[color=#A23BEC]< 15:20:42.0718 3576 RpcSs - ok >[/color]

[color=#A23BEC]< 15:20:42.0750 3576 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe >[/color]

[color=#A23BEC]< 15:20:42.0890 3576 RSVP - ok >[/color]

[color=#A23BEC]< 15:20:42.0906 3576 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe >[/color]

[color=#A23BEC]< 15:20:43.0046 3576 SamSs - ok >[/color]

[color=#A23BEC]< 15:20:43.0078 3576 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe >[/color]

[color=#A23BEC]< 15:20:43.0218 3576 SCardSvr - ok >[/color]

[color=#A23BEC]< 15:20:43.0265 3576 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll >[/color]

[color=#A23BEC]< 15:20:43.0390 3576 Schedule - ok >[/color]

[color=#A23BEC]< 15:20:43.0406 3576 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys >[/color]

[color=#A23BEC]< 15:20:43.0468 3576 Secdrv - ok >[/color]

[color=#A23BEC]< 15:20:43.0515 3576 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll >[/color]

[color=#A23BEC]< 15:20:43.0656 3576 seclogon - ok >[/color]

[color=#A23BEC]< 15:20:43.0671 3576 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll >[/color]

[color=#A23BEC]< 15:20:43.0796 3576 SENS - ok >[/color]

[color=#A23BEC]< 15:20:43.0812 3576 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys >[/color]

[color=#A23BEC]< 15:20:43.0937 3576 serenum - ok >[/color]

[color=#A23BEC]< 15:20:43.0937 3576 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys >[/color]

[color=#A23BEC]< 15:20:44.0062 3576 Serial - ok >[/color]

[color=#A23BEC]< 15:20:44.0109 3576 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys >[/color]

[color=#A23BEC]< 15:20:44.0218 3576 Sfloppy - ok >[/color]

[color=#A23BEC]< 15:20:44.0265 3576 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll >[/color]

[color=#A23BEC]< 15:20:44.0390 3576 SharedAccess - ok >[/color]

[color=#A23BEC]< 15:20:44.0421 3576 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll >[/color]

[color=#A23BEC]< 15:20:44.0437 3576 ShellHWDetection - ok >[/color]

[color=#A23BEC]< 15:20:44.0437 3576 Simbad - ok >[/color]

[color=#A23BEC]< 15:20:44.0453 3576 Sparrow - ok >[/color]

[color=#A23BEC]< 15:20:44.0500 3576 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys >[/color]

[color=#A23BEC]< 15:20:44.0625 3576 splitter - ok >[/color]

[color=#A23BEC]< 15:20:44.0656 3576 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe >[/color]

[color=#A23BEC]< 15:20:44.0687 3576 Spooler - ok >[/color]

[color=#A23BEC]< 15:20:44.0687 3576 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys >[/color]

[color=#A23BEC]< 15:20:44.0765 3576 sr - ok >[/color]

[color=#A23BEC]< 15:20:44.0796 3576 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll >[/color]

[color=#A23BEC]< 15:20:44.0859 3576 srservice - ok >[/color]

[color=#A23BEC]< 15:20:44.0906 3576 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys >[/color]

[color=#A23BEC]< 15:20:44.0921 3576 Srv - ok >[/color]

[color=#A23BEC]< 15:20:44.0953 3576 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll >[/color]

[color=#A23BEC]< 15:20:45.0015 3576 SSDPSRV - ok >[/color]

[color=#A23BEC]< 15:20:45.0062 3576 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll >[/color]

[color=#A23BEC]< 15:20:45.0171 3576 stisvc - ok >[/color]

[color=#A23BEC]< 15:20:45.0218 3576 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys >[/color]

[color=#A23BEC]< 15:20:45.0375 3576 swenum - ok >[/color]

[color=#A23BEC]< 15:20:45.0390 3576 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys >[/color]

[color=#A23BEC]< 15:20:45.0515 3576 swmidi - ok >[/color]

[color=#A23BEC]< 15:20:45.0531 3576 SwPrv - ok >[/color]

[color=#A23BEC]< 15:20:45.0531 3576 symc810 - ok >[/color]

[color=#A23BEC]< 15:20:45.0531 3576 symc8xx - ok >[/color]

[color=#A23BEC]< 15:20:45.0546 3576 sym_hi - ok >[/color]

[color=#A23BEC]< 15:20:45.0546 3576 sym_u3 - ok >[/color]

[color=#A23BEC]< 15:20:45.0562 3576 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys >[/color]

[color=#A23BEC]< 15:20:45.0671 3576 sysaudio - ok >[/color]

[color=#A23BEC]< 15:20:45.0703 3576 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe >[/color]

[color=#A23BEC]< 15:20:45.0812 3576 SysmonLog - ok >[/color]

[color=#A23BEC]< 15:20:45.0859 3576 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll >[/color]

[color=#A23BEC]< 15:20:45.0984 3576 TapiSrv - ok >[/color]

[color=#A23BEC]< 15:20:46.0031 3576 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys >[/color]

[color=#A23BEC]< 15:20:46.0046 3576 Tcpip - ok >[/color]

[color=#A23BEC]< 15:20:46.0093 3576 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys >[/color]

[color=#A23BEC]< 15:20:46.0203 3576 TDPIPE - ok >[/color]

[color=#A23BEC]< 15:20:46.0234 3576 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys >[/color]

[color=#A23BEC]< 15:20:46.0359 3576 TDTCP - ok >[/color]

[color=#A23BEC]< 15:20:46.0406 3576 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys >[/color]

[color=#A23BEC]< 15:20:46.0515 3576 TermDD - ok >[/color]

[color=#A23BEC]< 15:20:46.0578 3576 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll >[/color]

[color=#A23BEC]< 15:20:46.0703 3576 TermService - ok >[/color]

[color=#A23BEC]< 15:20:46.0734 3576 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll >[/color]

[color=#A23BEC]< 15:20:46.0750 3576 Themes - ok >[/color]

[color=#A23BEC]< 15:20:46.0765 3576 TosIde - ok >[/color]

[color=#A23BEC]< 15:20:46.0796 3576 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll >[/color]

[color=#A23BEC]< 15:20:46.0906 3576 TrkWks - ok >[/color]

[color=#A23BEC]< 15:20:46.0937 3576 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys >[/color]

[color=#A23BEC]< 15:20:47.0062 3576 Udfs - ok >[/color]

[color=#A23BEC]< 15:20:47.0062 3576 ultra - ok >[/color]

[color=#A23BEC]< 15:20:47.0125 3576 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys >[/color]

[color=#A23BEC]< 15:20:47.0281 3576 Update - ok >[/color]

[color=#A23BEC]< 15:20:47.0312 3576 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll >[/color]

[color=#A23BEC]< 15:20:47.0390 3576 upnphost - ok >[/color]

[color=#A23BEC]< 15:20:47.0390 3576 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe >[/color]

[color=#A23BEC]< 15:20:47.0531 3576 UPS - ok >[/color]

[color=#A23BEC]< 15:20:47.0578 3576 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys >[/color]

[color=#A23BEC]< 15:20:47.0578 3576 USBAAPL ( UnsignedFile.Multi.Generic ) - warning >[/color]

[color=#A23BEC]< 15:20:47.0578 3576 USBAAPL - detected UnsignedFile.Multi.Generic (1) >[/color]

[color=#A23BEC]< 15:20:47.0625 3576 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys >[/color]

[color=#A23BEC]< 15:20:47.0734 3576 usbccgp - ok >[/color]

[color=#A23BEC]< 15:20:47.0781 3576 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys >[/color]

[color=#A23BEC]< 15:20:47.0906 3576 usbehci - ok >[/color]

[color=#A23BEC]< 15:20:47.0937 3576 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys >[/color]

[color=#A23BEC]< 15:20:48.0062 3576 usbhub - ok >[/color]

[color=#A23BEC]< 15:20:48.0093 3576 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys >[/color]

[color=#A23BEC]< 15:20:48.0218 3576 usbohci - ok >[/color]

[color=#A23BEC]< 15:20:48.0250 3576 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys >[/color]

[color=#A23BEC]< 15:20:48.0359 3576 usbscan - ok >[/color]

[color=#A23BEC]< 15:20:48.0375 3576 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS >[/color]

[color=#A23BEC]< 15:20:48.0531 3576 USBSTOR - ok >[/color]

[color=#A23BEC]< 15:20:48.0531 3576 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys >[/color]

[color=#A23BEC]< 15:20:48.0656 3576 VgaSave - ok >[/color]

[color=#A23BEC]< 15:20:48.0656 3576 ViaIde - ok >[/color]

[color=#A23BEC]< 15:20:48.0687 3576 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys >[/color]

[color=#A23BEC]< 15:20:48.0812 3576 VolSnap - ok >[/color]

[color=#A23BEC]< 15:20:48.0843 3576 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe >[/color]

[color=#A23BEC]< 15:20:48.0906 3576 VSS - ok >[/color]

[color=#A23BEC]< 15:20:48.0921 3576 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll >[/color]

[color=#A23BEC]< 15:20:49.0046 3576 W32Time - ok >[/color]

[color=#A23BEC]< 15:20:49.0078 3576 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys >[/color]

[color=#A23BEC]< 15:20:49.0203 3576 Wanarp - ok >[/color]

[color=#A23BEC]< 15:20:49.0203 3576 WDICA - ok >[/color]

[color=#A23BEC]< 15:20:49.0234 3576 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys >[/color]

[color=#A23BEC]< 15:20:49.0359 3576 wdmaud - ok >[/color]

[color=#A23BEC]< 15:20:49.0390 3576 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll >[/color]

[color=#A23BEC]< 15:20:49.0531 3576 WebClient - ok >[/color]

[color=#A23BEC]< 15:20:49.0625 3576 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll >[/color]

[color=#A23BEC]< 15:20:49.0750 3576 winmgmt - ok >[/color]

[color=#A23BEC]< 15:20:49.0781 3576 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll >[/color]

[color=#A23BEC]< 15:20:49.0828 3576 WmdmPmSN - ok >[/color]

[color=#A23BEC]< 15:20:49.0843 3576 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe >[/color]

[color=#A23BEC]< 15:20:49.0984 3576 WmiApSrv - ok >[/color]

[color=#A23BEC]< 15:20:50.0062 3576 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe >[/color]

[color=#A23BEC]< 15:20:50.0109 3576 WMPNetworkSvc - ok >[/color]

[color=#A23BEC]< 15:20:50.0156 3576 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys >[/color]

[color=#A23BEC]< 15:20:50.0171 3576 WpdUsb - ok >[/color]

[color=#A23BEC]< 15:20:50.0234 3576 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe >[/color]

[color=#A23BEC]< 15:20:50.0265 3576 WPFFontCache_v0400 - ok >[/color]

[color=#A23BEC]< 15:20:50.0296 3576 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys >[/color]

[color=#A23BEC]< 15:20:50.0406 3576 WS2IFSL - ok >[/color]

[color=#A23BEC]< 15:20:50.0437 3576 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll >[/color]

[color=#A23BEC]< 15:20:50.0593 3576 wscsvc - ok >[/color]

[color=#A23BEC]< 15:20:50.0625 3576 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll >[/color]

[color=#A23BEC]< 15:20:50.0750 3576 wuauserv - ok >[/color]

[color=#A23BEC]< 15:20:50.0781 3576 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys >[/color]

[color=#A23BEC]< 15:20:50.0796 3576 WudfPf - ok >[/color]

[color=#A23BEC]< 15:20:50.0828 3576 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys >[/color]

[color=#A23BEC]< 15:20:50.0843 3576 WudfRd - ok >[/color]

[color=#A23BEC]< 15:20:50.0859 3576 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll >[/color]

[color=#A23BEC]< 15:20:50.0890 3576 WudfSvc - ok >[/color]

[color=#A23BEC]< 15:20:50.0968 3576 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll >[/color]

[color=#A23BEC]< 15:20:51.0093 3576 WZCSVC - ok >[/color]

[color=#A23BEC]< 15:20:51.0125 3576 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll >[/color]

[color=#A23BEC]< 15:20:51.0234 3576 xmlprov - ok >[/color]

[color=#A23BEC]< 15:20:51.0281 3576 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe >[/color]

[color=#A23BEC]< 15:20:51.0296 3576 YahooAUService - ok >[/color]

[color=#A23BEC]< 15:20:51.0312 3576 ================ Scan global =============================== >[/color]

[color=#A23BEC]< 15:20:51.0343 3576 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll >[/color]

[color=#A23BEC]< 15:20:51.0390 3576 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll >[/color]

[color=#A23BEC]< 15:20:51.0421 3576 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll >[/color]

[color=#A23BEC]< 15:20:51.0437 3576 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe >[/color]

[color=#A23BEC]< 15:20:51.0437 3576 [Global] - ok >[/color]

[color=#A23BEC]< 15:20:51.0437 3576 ================ Scan MBR ================================== >[/color]

[color=#A23BEC]< 15:20:51.0468 3576 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 >[/color]

[color=#A23BEC]< 15:20:51.0625 3576 \Device\Harddisk0\DR0 - ok >[/color]

[color=#A23BEC]< 15:20:51.0625 3576 ================ Scan VBR ================================== >[/color]

[color=#A23BEC]< 15:20:51.0640 3576 [ 93A83DEB4B5699128379382F2A2FC396 ] \Device\Harddisk0\DR0\Partition1 >[/color]

[color=#A23BEC]< 15:20:51.0640 3576 \Device\Harddisk0\DR0\Partition1 - ok >[/color]

[color=#A23BEC]< 15:20:51.0640 3576 ============================================================ >[/color]

[color=#A23BEC]< 15:20:51.0640 3576 Scan finished >[/color]

[color=#A23BEC]< 15:20:51.0640 3576 ============================================================ >[/color]

[color=#A23BEC]< 15:20:51.0750 3512 Detected object count: 2 >[/color]

[color=#A23BEC]< 15:20:51.0750 3512 Actual detected object count: 2 >[/color]

< End of report >


Vino's Event Viewer v01c run on Windows XP in English
Report run at 22/04/2013 9:25:48 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type


Vino's Event Viewer v01c run on Windows XP in English
Report run at 22/04/2013 9:27:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'plication' Log - error T

I am lost if i have done this right as I can no longer typer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Appears you copied the TDSSKiller log into the custom scan area of OTL. Also doesn't look like you rebooted after clearing the alarms and before running vew. Still don't see an Extras log.

Combofix and TDSSKiller say all is clean. I'm pretty sure it was just your yahoo account that got hacked and like I said before they are hacking everyone's yahoo account.
  • 0

#12
islandcat802

islandcat802

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Okay thank you for all the time you have given me. I will carry on and see what happens. I am still getting a delay on my typing. I did get two threats show up on TDSSkiller and I put them in quaranteen. I will now delete yahoo mail if I can access it. I hope others learn from this and dont call a so called yahoo tech lol. Again many thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP