Jump to content

Help - IRP Hook, \Driver\atapi DriverStartIo -> 0x860462E2


Recommended Posts

Good morning.

I was wondering if anybody can provide some help regarding a IRP Hook issue. My 2 DDS logs are listed below:

Thank you in advance!

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Mike at 8:49:25 on 2012-11-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.425 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ================

.

\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [sigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264482997859

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342462330312

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vralimuscingh13.connectge.com/dana-cached/setup/JuniperSetupSP1.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{D06A3CDD-2586-49A1-956B-EF9E04D5C8B9} : DHCPNameServer = 192.168.1.1

Filter: text/html - {585a2e0f-49b6-4883-b7eb-9f7a2917de3d} -

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 237408]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301920]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-28 18560]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-12-28 33792]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-11-16 40776]

.

=============== Created Last 30 ================

.

2012-11-27 13:46:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-27 13:46:52 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-11-16 21:46:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-11-15 14:54:09 -------- d-----w- c:\documents and settings\mike\application data\Malwarebytes

2012-11-15 14:53:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-15 14:53:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-15 14:53:54 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

.

==================== Find3M ====================

.

2012-11-27 13:46:33 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-11 20:17:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-11 20:17:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Hitachi_HTS721060G9AT00 rev.MC3OA53A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x860464B1]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8604d93c]; MOV EAX, [0x8604dab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EE180] -> \Device\Harddisk0\DR0[0x8655E900]

3 CLASSPNP[0xF75E7FD7] -> ntkrnlpa!IofCallDriver[0x804EE180] -> [0x862CE030]

\Driver\atapi[0x864901F8] -> IRP_MJ_CREATE -> 0x860464B1

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x860462E2

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 8:50:52.58 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 1/25/2010 11:38:18 PM

System Uptime: 11/27/2012 8:36:58 AM (0 hours ago)

.

Motherboard: Dell Inc. | |

Processor: Intel® Pentium® M processor 1.86GHz | Microprocessor | 1862/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 50 GiB total, 6.719 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP300: 8/24/2012 7:35:57 AM - System Checkpoint

RP301: 8/29/2012 1:36:25 PM - System Checkpoint

RP302: 8/30/2012 3:15:39 PM - System Checkpoint

RP303: 9/6/2012 4:16:10 PM - System Checkpoint

RP304: 9/10/2012 4:50:05 PM - System Checkpoint

RP305: 9/12/2012 11:09:20 AM - Software Distribution Service 3.0

RP306: 9/14/2012 1:16:33 PM - System Checkpoint

RP307: 9/17/2012 2:39:32 PM - System Checkpoint

RP308: 9/19/2012 12:58:29 PM - System Checkpoint

RP309: 9/20/2012 6:35:37 PM - System Checkpoint

RP310: 9/23/2012 12:12:55 PM - Software Distribution Service 3.0

RP311: 9/24/2012 6:34:36 PM - System Checkpoint

RP312: 9/25/2012 6:39:46 PM - System Checkpoint

RP313: 9/27/2012 5:54:07 PM - System Checkpoint

RP314: 9/29/2012 1:07:16 PM - System Checkpoint

RP315: 9/30/2012 9:19:11 PM - System Checkpoint

RP316: 10/2/2012 9:46:29 AM - System Checkpoint

RP317: 10/3/2012 4:38:57 PM - System Checkpoint

RP318: 10/5/2012 6:59:34 AM - System Checkpoint

RP319: 10/6/2012 7:15:01 PM - System Checkpoint

RP320: 10/7/2012 10:14:03 PM - System Checkpoint

RP321: 10/9/2012 12:07:21 PM - System Checkpoint

RP322: 10/10/2012 8:40:45 AM - Software Distribution Service 3.0

RP323: 10/11/2012 9:43:38 AM - System Checkpoint

RP324: 10/12/2012 11:27:19 PM - System Checkpoint

RP325: 10/15/2012 11:43:37 AM - System Checkpoint

RP326: 10/16/2012 12:35:38 PM - System Checkpoint

RP327: 10/17/2012 4:37:24 PM - System Checkpoint

RP328: 10/18/2012 8:38:13 PM - System Checkpoint

RP329: 10/20/2012 12:37:20 PM - System Checkpoint

RP330: 10/21/2012 1:06:24 PM - System Checkpoint

RP331: 10/22/2012 4:51:59 PM - System Checkpoint

RP332: 10/24/2012 10:12:53 PM - System Checkpoint

RP333: 10/27/2012 7:26:01 PM - System Checkpoint

RP334: 10/29/2012 6:07:58 PM - System Checkpoint

RP335: 10/31/2012 9:16:04 AM - System Checkpoint

RP336: 11/6/2012 4:35:20 PM - System Checkpoint

RP337: 11/9/2012 11:09:44 AM - System Checkpoint

RP338: 11/14/2012 9:59:10 AM - Software Distribution Service 3.0

RP339: 11/14/2012 10:15:05 AM - Software Distribution Service 3.0

RP340: 11/20/2012 9:43:17 AM - System Checkpoint

RP341: 11/27/2012 8:45:32 AM - Removed Java 6 Update 18

RP342: 11/27/2012 8:46:18 AM - Installed Java 6 Update 37

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2012

Bonjour

Broadcom 440x 10/100 Integrated Controller

Camera Window

Canon Camera WIA Driver

Canon Camera Window for ZoomBrowser EX

Canon EOS Kiss REBEL 300D WIA Driver

Canon PhotoRecord

Canon Utilities File Viewer Utility 1.3

Canon Utilities PhotoStitch 3.1

Canon Utilities RemoteCapture 2.7

Canon Utilities ZoomBrowser EX

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

ESPNMotion

File Viewer Utility 1.3.1

GemMaster Mystic

High Definition Audio Driver Package - KB888111

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver for Mobile

Intel® PROSet/Wireless Software

iTunes

Java Auto Updater

Java 6 Update 37

LeapFrog Connect

LeapFrog LeapPad Explorer Plugin

LeapFrog Leapster Explorer Plugin

LeapFrog Tag Plugin

Malwarebytes Anti-Malware version 1.65.1.1000

mCore

mDriver

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.0 Security Update (KB2698035)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

mIWA

mLogView

mMHouse

Modem Helper

mPfMgr

mPfWiz

mProSafe

mSCfg

mSSO

MSXML 6.0 Parser

mToolkit

mWlsSafe

mWMI

mZConfig

Otto

PhotoStitch

PowerDVD

QuickTime

RemoteCapture 2.7.4

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SigmaTel Audio

Sonic Encoders

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

Update Rollup 2 for Windows XP Media Center Edition 2005

Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

WebFldrs XP

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

11/26/2012 7:05:42 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for. (0x80072AFC)

11/26/2012 7:04:42 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Chitown27 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please download Malwarebytes Anti-Rootkit from here.

  1. Unzip the contents to a folder in a convenient location.
  2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
  3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  5. Wait while the system shuts down and the cleanup process is performed.
  6. Please post the two logs produced.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Rootkit log
  • a new fresh DDS log

Link to post
Share on other sites

Hello Maniac! Thank you for the help. I pasted the DDS logs and the Mbar system-log report.

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 1/25/2010 11:38:18 PM

System Uptime: 11/27/2012 11:21:30 AM (0 hours ago)

.

Motherboard: Dell Inc. | |

Processor: Intel® Pentium® M processor 1.86GHz | Microprocessor | 1322/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 50 GiB total, 6.63 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/Wireless 2200BG Network Connection

Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27218086&REV_05\4&2FA23535&0&18F0

Manufacturer: Intel Corporation

Name: Intel® PRO/Wireless 2200BG Network Connection

PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27218086&REV_05\4&2FA23535&0&18F0

Service: w29n51

.

==== System Restore Points ===================

.

RP300: 8/24/2012 7:35:57 AM - System Checkpoint

RP301: 8/29/2012 1:36:25 PM - System Checkpoint

RP302: 8/30/2012 3:15:39 PM - System Checkpoint

RP303: 9/6/2012 4:16:10 PM - System Checkpoint

RP304: 9/10/2012 4:50:05 PM - System Checkpoint

RP305: 9/12/2012 11:09:20 AM - Software Distribution Service 3.0

RP306: 9/14/2012 1:16:33 PM - System Checkpoint

RP307: 9/17/2012 2:39:32 PM - System Checkpoint

RP308: 9/19/2012 12:58:29 PM - System Checkpoint

RP309: 9/20/2012 6:35:37 PM - System Checkpoint

RP310: 9/23/2012 12:12:55 PM - Software Distribution Service 3.0

RP311: 9/24/2012 6:34:36 PM - System Checkpoint

RP312: 9/25/2012 6:39:46 PM - System Checkpoint

RP313: 9/27/2012 5:54:07 PM - System Checkpoint

RP314: 9/29/2012 1:07:16 PM - System Checkpoint

RP315: 9/30/2012 9:19:11 PM - System Checkpoint

RP316: 10/2/2012 9:46:29 AM - System Checkpoint

RP317: 10/3/2012 4:38:57 PM - System Checkpoint

RP318: 10/5/2012 6:59:34 AM - System Checkpoint

RP319: 10/6/2012 7:15:01 PM - System Checkpoint

RP320: 10/7/2012 10:14:03 PM - System Checkpoint

RP321: 10/9/2012 12:07:21 PM - System Checkpoint

RP322: 10/10/2012 8:40:45 AM - Software Distribution Service 3.0

RP323: 10/11/2012 9:43:38 AM - System Checkpoint

RP324: 10/12/2012 11:27:19 PM - System Checkpoint

RP325: 10/15/2012 11:43:37 AM - System Checkpoint

RP326: 10/16/2012 12:35:38 PM - System Checkpoint

RP327: 10/17/2012 4:37:24 PM - System Checkpoint

RP328: 10/18/2012 8:38:13 PM - System Checkpoint

RP329: 10/20/2012 12:37:20 PM - System Checkpoint

RP330: 10/21/2012 1:06:24 PM - System Checkpoint

RP331: 10/22/2012 4:51:59 PM - System Checkpoint

RP332: 10/24/2012 10:12:53 PM - System Checkpoint

RP333: 10/27/2012 7:26:01 PM - System Checkpoint

RP334: 10/29/2012 6:07:58 PM - System Checkpoint

RP335: 10/31/2012 9:16:04 AM - System Checkpoint

RP336: 11/6/2012 4:35:20 PM - System Checkpoint

RP337: 11/9/2012 11:09:44 AM - System Checkpoint

RP338: 11/14/2012 9:59:10 AM - Software Distribution Service 3.0

RP339: 11/14/2012 10:15:05 AM - Software Distribution Service 3.0

RP340: 11/20/2012 9:43:17 AM - System Checkpoint

RP341: 11/27/2012 8:45:32 AM - Removed Java 6 Update 18

RP342: 11/27/2012 8:46:18 AM - Installed Java 6 Update 37

RP343: 11/27/2012 11:20:32 AM - Malwarebytes Anti-Rootkit Restore Point

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2012

Bonjour

Broadcom 440x 10/100 Integrated Controller

Camera Window

Canon Camera WIA Driver

Canon Camera Window for ZoomBrowser EX

Canon EOS Kiss REBEL 300D WIA Driver

Canon PhotoRecord

Canon Utilities File Viewer Utility 1.3

Canon Utilities PhotoStitch 3.1

Canon Utilities RemoteCapture 2.7

Canon Utilities ZoomBrowser EX

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

ESPNMotion

File Viewer Utility 1.3.1

GemMaster Mystic

High Definition Audio Driver Package - KB888111

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver for Mobile

Intel® PROSet/Wireless Software

iTunes

Java Auto Updater

Java 6 Update 37

LeapFrog Connect

LeapFrog LeapPad Explorer Plugin

LeapFrog Leapster Explorer Plugin

LeapFrog Tag Plugin

Malwarebytes Anti-Malware version 1.65.1.1000

mCore

mDriver

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.0 Security Update (KB2698035)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

mIWA

mLogView

mMHouse

Modem Helper

mPfMgr

mPfWiz

mProSafe

mSCfg

mSSO

MSXML 6.0 Parser

mToolkit

mWlsSafe

mWMI

mZConfig

Otto

PhotoStitch

PowerDVD

QuickTime

RemoteCapture 2.7.4

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SigmaTel Audio

Sonic Encoders

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

Update Rollup 2 for Windows XP Media Center Edition 2005

Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

WebFldrs XP

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

11/27/2012 9:59:09 AM, error: System Error [1003] - Error code 10000050, parameter1 97025188, parameter2 00000001, parameter3 8604626e, parameter4 00000000.

11/26/2012 7:05:42 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for. (0x80072AFC)

11/26/2012 7:04:42 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

.

==== End Of File ===========================

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Mike at 11:28:03 on 2012-11-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.622 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ================

.

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [sigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264482997859

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342462330312

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vralimuscingh13.connectge.com/dana-cached/setup/JuniperSetupSP1.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Filter: text/html - {585a2e0f-49b6-4883-b7eb-9f7a2917de3d} -

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 237408]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301920]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-28 18560]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-12-28 33792]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-11-27 35144]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-11-16 140616]

.

=============== Created Last 30 ================

.

2012-11-27 14:53:04 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-11-27 13:46:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-27 13:46:52 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-11-16 21:46:06 140616 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-11-15 14:54:09 -------- d-----w- c:\documents and settings\mike\application data\Malwarebytes

2012-11-15 14:53:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-15 14:53:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-15 14:53:54 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

.

==================== Find3M ====================

.

2012-11-27 13:46:33 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-11 20:17:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-11 20:17:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

.

============= FINISH: 11:29:02.59 ===============

MBar system-log

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.862000 GHz

Memory total: 1064693760, free: 442654720

Downloaded database version: v2012.11.27.05

Downloaded database version: v2012.11.26.01

Initializing...

Done!

Scanning directory: C:\WINDOWS\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: E686F016

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 80325 Numsec = 104438565

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.862000 GHz

Memory total: 1064693760, free: 521203712

Initializing...

Done!

Scanning directory: C:\WINDOWS\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

MBR is forged!

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: E686F016

Partition information:

Partition 0 type is Empty (0x0)

Partition is ACTIVE.

Partition starts at LBA: 55 Numsec = 0

Partition is not bootable

Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR]

Changing partition to empty and not active. New active partition is 1 on drive 0 ...

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 80325 Numsec = 104438565

Partition file system is NTFS

Partition is bootable

Partition 2 type is Other (0xdb)

Partition is NOT ACTIVE.

Partition starts at LBA: 104518890 Numsec = 9735390

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0

Disk Size: 58506416640 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-54-114250345-114270345)...

Sector 114270098 --> [Forged physical sector]

Sector 114270099 --> [Forged physical sector]

Sector 114270100 --> [Forged physical sector]

Sector 114270101 --> [Forged physical sector]

Sector 114270102 --> [Forged physical sector]

Sector 114270103 --> [Forged physical sector]

Sector 114270104 --> [Forged physical sector]

Sector 114270105 --> [Forged physical sector]

Sector 114270106 --> [Forged physical sector]

Sector 114270107 --> [Forged physical sector]

Sector 114270108 --> [Forged physical sector]

Sector 114270109 --> [Forged physical sector]

Sector 114270110 --> [Forged physical sector]

Sector 114270111 --> [Forged physical sector]

Sector 114270112 --> [Forged physical sector]

Sector 114270113 --> [Forged physical sector]

Sector 114270114 --> [Forged physical sector]

Sector 114270115 --> [Forged physical sector]

Sector 114270116 --> [Forged physical sector]

Sector 114270117 --> [Forged physical sector]

Sector 114270118 --> [Forged physical sector]

Sector 114270119 --> [Forged physical sector]

Sector 114270120 --> [Forged physical sector]

Sector 114270121 --> [Forged physical sector]

Sector 114270122 --> [Forged physical sector]

Sector 114270123 --> [Forged physical sector]

Sector 114270124 --> [Forged physical sector]

Sector 114270125 --> [Forged physical sector]

Sector 114270126 --> [Forged physical sector]

Sector 114270127 --> [Forged physical sector]

Sector 114270128 --> [Forged physical sector]

Sector 114270129 --> [Forged physical sector]

Sector 114270130 --> [Forged physical sector]

Sector 114270131 --> [Forged physical sector]

Sector 114270132 --> [Forged physical sector]

Sector 114270133 --> [Forged physical sector]

Sector 114270134 --> [Forged physical sector]

Sector 114270135 --> [Forged physical sector]

Sector 114270136 --> [Forged physical sector]

Sector 114270137 --> [Forged physical sector]

Sector 114270138 --> [Forged physical sector]

Sector 114270139 --> [Forged physical sector]

Sector 114270140 --> [Forged physical sector]

Sector 114270141 --> [Forged physical sector]

Sector 114270142 --> [Forged physical sector]

Sector 114270143 --> [Forged physical sector]

Sector 114270144 --> [Forged physical sector]

Sector 114270145 --> [Forged physical sector]

Sector 114270146 --> [Forged physical sector]

Sector 114270147 --> [Forged physical sector]

Sector 114270148 --> [Forged physical sector]

Sector 114270149 --> [Forged physical sector]

Sector 114270150 --> [Forged physical sector]

Sector 114270151 --> [Forged physical sector]

Sector 114270152 --> [Forged physical sector]

Sector 114270153 --> [Forged physical sector]

Sector 114270154 --> [Forged physical sector]

Sector 114270155 --> [Forged physical sector]

Sector 114270156 --> [Forged physical sector]

Sector 114270157 --> [Forged physical sector]

Sector 114270158 --> [Forged physical sector]

Sector 114270159 --> [Forged physical sector]

Sector 114270160 --> [Forged physical sector]

Sector 114270161 --> [Forged physical sector]

Sector 114270162 --> [Forged physical sector]

Sector 114270163 --> [Forged physical sector]

Sector 114270165 --> [Forged physical sector]

Sector 114270166 --> [Forged physical sector]

Sector 114270167 --> [Forged physical sector]

Sector 114270168 --> [Forged physical sector]

Sector 114270169 --> [Forged physical sector]

Sector 114270170 --> [Forged physical sector]

Sector 114270171 --> [Forged physical sector]

Sector 114270172 --> [Forged physical sector]

Sector 114270173 --> [Forged physical sector]

Sector 114270174 --> [Forged physical sector]

Sector 114270175 --> [Forged physical sector]

Sector 114270176 --> [Forged physical sector]

Sector 114270177 --> [Forged physical sector]

Sector 114270178 --> [Forged physical sector]

Sector 114270179 --> [Forged physical sector]

Sector 114270180 --> [Forged physical sector]

Sector 114270181 --> [Forged physical sector]

Sector 114270182 --> [Forged physical sector]

Sector 114270183 --> [Forged physical sector]

Sector 114270184 --> [Forged physical sector]

Sector 114270185 --> [Forged physical sector]

Sector 114270186 --> [Forged physical sector]

Sector 114270187 --> [Forged physical sector]

Sector 114270188 --> [Forged physical sector]

Sector 114270189 --> [Forged physical sector]

Sector 114270190 --> [Forged physical sector]

Sector 114270191 --> [Forged physical sector]

Sector 114270192 --> [Forged physical sector]

Sector 114270195 --> [Forged physical sector]

Sector 114270196 --> [Forged physical sector]

Sector 114270197 --> [Forged physical sector]

Sector 114270198 --> [Forged physical sector]

Sector 114270199 --> [Forged physical sector]

Sector 114270200 --> [Forged physical sector]

Sector 114270201 --> [Forged physical sector]

Sector 114270202 --> [Forged physical sector]

Sector 114270203 --> [Forged physical sector]

Sector 114270204 --> [Forged physical sector]

Sector 114270205 --> [Forged physical sector]

Sector 114270206 --> [Forged physical sector]

Sector 114270207 --> [Forged physical sector]

Sector 114270208 --> [Forged physical sector]

Sector 114270209 --> [Forged physical sector]

Sector 114270210 --> [Forged physical sector]

Sector 114270211 --> [Forged physical sector]

Sector 114270212 --> [Forged physical sector]

Sector 114270213 --> [Forged physical sector]

Sector 114270214 --> [Forged physical sector]

Sector 114270215 --> [Forged physical sector]

Sector 114270216 --> [Forged physical sector]

Sector 114270217 --> [Forged physical sector]

Sector 114270218 --> [Forged physical sector]

Sector 114270219 --> [Forged physical sector]

Sector 114270220 --> [Forged physical sector]

Sector 114270221 --> [Forged physical sector]

Sector 114270222 --> [Forged physical sector]

Sector 114270223 --> [Forged physical sector]

Sector 114270224 --> [Forged physical sector]

Sector 114270225 --> [Forged physical sector]

Sector 114270226 --> [Forged physical sector]

Sector 114270227 --> [Forged physical sector]

Sector 114270228 --> [Forged physical sector]

Sector 114270229 --> [Forged physical sector]

Sector 114270230 --> [Forged physical sector]

Sector 114270242 --> [Forged physical sector]

Sector 114270243 --> [Forged physical sector]

Sector 114270244 --> [Forged physical sector]

Sector 114270245 --> [Forged physical sector]

Sector 114270246 --> [Forged physical sector]

Sector 114270247 --> [Forged physical sector]

Sector 114270248 --> [Forged physical sector]

Sector 114270249 --> [Forged physical sector]

Sector 114270250 --> [Forged physical sector]

Sector 114270251 --> [Forged physical sector]

Sector 114270252 --> [Forged physical sector]

Sector 114270253 --> [Forged physical sector]

Sector 114270254 --> [Forged physical sector]

Sector 114270255 --> [Forged physical sector]

Sector 114270256 --> [Forged physical sector]

Sector 114270257 --> [Forged physical sector]

Sector 114270258 --> [Forged physical sector]

Sector 114270259 --> [Forged physical sector]

Sector 114270260 --> [Forged physical sector]

Sector 114270261 --> [Forged physical sector]

Sector 114270262 --> [Forged physical sector]

Sector 114270263 --> [Forged physical sector]

Sector 114270264 --> [Forged physical sector]

Sector 114270265 --> [Forged physical sector]

Sector 114270266 --> [Forged physical sector]

Sector 114270267 --> [Forged physical sector]

Sector 114270268 --> [Forged physical sector]

Sector 114270269 --> [Forged physical sector]

Sector 114270270 --> [Forged physical sector]

Sector 114270271 --> [Forged physical sector]

Sector 114270272 --> [Forged physical sector]

Sector 114270273 --> [Forged physical sector]

Sector 114270274 --> [Forged physical sector]

Sector 114270275 --> [Forged physical sector]

Sector 114270276 --> [Forged physical sector]

Sector 114270277 --> [Forged physical sector]

Sector 114270280 --> [Forged physical sector]

Sector 114270281 --> [Forged physical sector]

Sector 114270282 --> [Forged physical sector]

Sector 114270283 --> [Forged physical sector]

Sector 114270284 --> [Forged physical sector]

Sector 114270285 --> [Forged physical sector]

Sector 114270286 --> [Forged physical sector]

Sector 114270287 --> [Forged physical sector]

Sector 114270288 --> [Forged physical sector]

Sector 114270289 --> [Forged physical sector]

Sector 114270290 --> [Forged physical sector]

Sector 114270291 --> [Forged physical sector]

Sector 114270292 --> [Forged physical sector]

Sector 114270293 --> [Forged physical sector]

Sector 114270294 --> [Forged physical sector]

Sector 114270295 --> [Forged physical sector]

Sector 114270296 --> [Forged physical sector]

Sector 114270297 --> [Forged physical sector]

Sector 114270298 --> [Forged physical sector]

Sector 114270299 --> [Forged physical sector]

Sector 114270300 --> [Forged physical sector]

Sector 114270301 --> [Forged physical sector]

Sector 114270302 --> [Forged physical sector]

Sector 114270303 --> [Forged physical sector]

Sector 114270304 --> [Forged physical sector]

Sector 114270305 --> [Forged physical sector]

Sector 114270306 --> [Forged physical sector]

Sector 114270307 --> [Forged physical sector]

Sector 114270308 --> [Forged physical sector]

Sector 114270309 --> [Forged physical sector]

Sector 114270310 --> [Forged physical sector]

Sector 114270311 --> [Forged physical sector]

Sector 114270312 --> [Forged physical sector]

Sector 114270313 --> [Forged physical sector]

Sector 114270314 --> [Forged physical sector]

Sector 114270315 --> [Forged physical sector]

Sector 114270316 --> [Forged physical sector]

Sector 114270317 --> [Forged physical sector]

Sector 114270318 --> [Forged physical sector]

Sector 114270319 --> [Forged physical sector]

Sector 114270320 --> [Forged physical sector]

Sector 114270321 --> [Forged physical sector]

Sector 114270322 --> [Forged physical sector]

Sector 114270324 --> [Forged physical sector]

Sector 114270325 --> [Forged physical sector]

Sector 114270326 --> [Forged physical sector]

Sector 114270327 --> [Forged physical sector]

Sector 114270328 --> [Forged physical sector]

Sector 114270329 --> [Forged physical sector]

Sector 114270330 --> [Forged physical sector]

Sector 114270331 --> [Forged physical sector]

Sector 114270332 --> [Forged physical sector]

Sector 114270333 --> [Forged physical sector]

Sector 114270334 --> [Forged physical sector]

Sector 114270335 --> [Forged physical sector]

Sector 114270336 --> [Forged physical sector]

Sector 114270337 --> [Forged physical sector]

Sector 114270338 --> [Forged physical sector]

Sector 114270339 --> [Forged physical sector]

Sector 114270340 --> [Forged physical sector]

Sector 114270341 --> [Forged physical sector]

Sector 114270342 --> [Forged physical sector]

Done!

Performing system, memory and registry scan...

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

Removal scheduling successful. System shutdown needed.

System shutdown occured

=======================================

Link to post
Share on other sites

My bad, I have the results of the MBar below. The process ran and stated that there was nothing to clean.

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.862000 GHz

Memory total: 1064693760, free: 442654720

Downloaded database version: v2012.11.27.05

Downloaded database version: v2012.11.26.01

Initializing...

Done!

Scanning directory: C:\WINDOWS\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: E686F016

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 80325 Numsec = 104438565

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.862000 GHz

Memory total: 1064693760, free: 521203712

Initializing...

Done!

Scanning directory: C:\WINDOWS\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

MBR is forged!

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: E686F016

Partition information:

Partition 0 type is Empty (0x0)

Partition is ACTIVE.

Partition starts at LBA: 55 Numsec = 0

Partition is not bootable

Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR]

Changing partition to empty and not active. New active partition is 1 on drive 0 ...

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 80325 Numsec = 104438565

Partition file system is NTFS

Partition is bootable

Partition 2 type is Other (0xdb)

Partition is NOT ACTIVE.

Partition starts at LBA: 104518890 Numsec = 9735390

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0

Disk Size: 58506416640 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-54-114250345-114270345)...

Sector 114270098 --> [Forged physical sector]

Sector 114270099 --> [Forged physical sector]

Sector 114270100 --> [Forged physical sector]

Sector 114270101 --> [Forged physical sector]

Sector 114270102 --> [Forged physical sector]

Sector 114270103 --> [Forged physical sector]

Sector 114270104 --> [Forged physical sector]

Sector 114270105 --> [Forged physical sector]

Sector 114270106 --> [Forged physical sector]

Sector 114270107 --> [Forged physical sector]

Sector 114270108 --> [Forged physical sector]

Sector 114270109 --> [Forged physical sector]

Sector 114270110 --> [Forged physical sector]

Sector 114270111 --> [Forged physical sector]

Sector 114270112 --> [Forged physical sector]

Sector 114270113 --> [Forged physical sector]

Sector 114270114 --> [Forged physical sector]

Sector 114270115 --> [Forged physical sector]

Sector 114270116 --> [Forged physical sector]

Sector 114270117 --> [Forged physical sector]

Sector 114270118 --> [Forged physical sector]

Sector 114270119 --> [Forged physical sector]

Sector 114270120 --> [Forged physical sector]

Sector 114270121 --> [Forged physical sector]

Sector 114270122 --> [Forged physical sector]

Sector 114270123 --> [Forged physical sector]

Sector 114270124 --> [Forged physical sector]

Sector 114270125 --> [Forged physical sector]

Sector 114270126 --> [Forged physical sector]

Sector 114270127 --> [Forged physical sector]

Sector 114270128 --> [Forged physical sector]

Sector 114270129 --> [Forged physical sector]

Sector 114270130 --> [Forged physical sector]

Sector 114270131 --> [Forged physical sector]

Sector 114270132 --> [Forged physical sector]

Sector 114270133 --> [Forged physical sector]

Sector 114270134 --> [Forged physical sector]

Sector 114270135 --> [Forged physical sector]

Sector 114270136 --> [Forged physical sector]

Sector 114270137 --> [Forged physical sector]

Sector 114270138 --> [Forged physical sector]

Sector 114270139 --> [Forged physical sector]

Sector 114270140 --> [Forged physical sector]

Sector 114270141 --> [Forged physical sector]

Sector 114270142 --> [Forged physical sector]

Sector 114270143 --> [Forged physical sector]

Sector 114270144 --> [Forged physical sector]

Sector 114270145 --> [Forged physical sector]

Sector 114270146 --> [Forged physical sector]

Sector 114270147 --> [Forged physical sector]

Sector 114270148 --> [Forged physical sector]

Sector 114270149 --> [Forged physical sector]

Sector 114270150 --> [Forged physical sector]

Sector 114270151 --> [Forged physical sector]

Sector 114270152 --> [Forged physical sector]

Sector 114270153 --> [Forged physical sector]

Sector 114270154 --> [Forged physical sector]

Sector 114270155 --> [Forged physical sector]

Sector 114270156 --> [Forged physical sector]

Sector 114270157 --> [Forged physical sector]

Sector 114270158 --> [Forged physical sector]

Sector 114270159 --> [Forged physical sector]

Sector 114270160 --> [Forged physical sector]

Sector 114270161 --> [Forged physical sector]

Sector 114270162 --> [Forged physical sector]

Sector 114270163 --> [Forged physical sector]

Sector 114270165 --> [Forged physical sector]

Sector 114270166 --> [Forged physical sector]

Sector 114270167 --> [Forged physical sector]

Sector 114270168 --> [Forged physical sector]

Sector 114270169 --> [Forged physical sector]

Sector 114270170 --> [Forged physical sector]

Sector 114270171 --> [Forged physical sector]

Sector 114270172 --> [Forged physical sector]

Sector 114270173 --> [Forged physical sector]

Sector 114270174 --> [Forged physical sector]

Sector 114270175 --> [Forged physical sector]

Sector 114270176 --> [Forged physical sector]

Sector 114270177 --> [Forged physical sector]

Sector 114270178 --> [Forged physical sector]

Sector 114270179 --> [Forged physical sector]

Sector 114270180 --> [Forged physical sector]

Sector 114270181 --> [Forged physical sector]

Sector 114270182 --> [Forged physical sector]

Sector 114270183 --> [Forged physical sector]

Sector 114270184 --> [Forged physical sector]

Sector 114270185 --> [Forged physical sector]

Sector 114270186 --> [Forged physical sector]

Sector 114270187 --> [Forged physical sector]

Sector 114270188 --> [Forged physical sector]

Sector 114270189 --> [Forged physical sector]

Sector 114270190 --> [Forged physical sector]

Sector 114270191 --> [Forged physical sector]

Sector 114270192 --> [Forged physical sector]

Sector 114270195 --> [Forged physical sector]

Sector 114270196 --> [Forged physical sector]

Sector 114270197 --> [Forged physical sector]

Sector 114270198 --> [Forged physical sector]

Sector 114270199 --> [Forged physical sector]

Sector 114270200 --> [Forged physical sector]

Sector 114270201 --> [Forged physical sector]

Sector 114270202 --> [Forged physical sector]

Sector 114270203 --> [Forged physical sector]

Sector 114270204 --> [Forged physical sector]

Sector 114270205 --> [Forged physical sector]

Sector 114270206 --> [Forged physical sector]

Sector 114270207 --> [Forged physical sector]

Sector 114270208 --> [Forged physical sector]

Sector 114270209 --> [Forged physical sector]

Sector 114270210 --> [Forged physical sector]

Sector 114270211 --> [Forged physical sector]

Sector 114270212 --> [Forged physical sector]

Sector 114270213 --> [Forged physical sector]

Sector 114270214 --> [Forged physical sector]

Sector 114270215 --> [Forged physical sector]

Sector 114270216 --> [Forged physical sector]

Sector 114270217 --> [Forged physical sector]

Sector 114270218 --> [Forged physical sector]

Sector 114270219 --> [Forged physical sector]

Sector 114270220 --> [Forged physical sector]

Sector 114270221 --> [Forged physical sector]

Sector 114270222 --> [Forged physical sector]

Sector 114270223 --> [Forged physical sector]

Sector 114270224 --> [Forged physical sector]

Sector 114270225 --> [Forged physical sector]

Sector 114270226 --> [Forged physical sector]

Sector 114270227 --> [Forged physical sector]

Sector 114270228 --> [Forged physical sector]

Sector 114270229 --> [Forged physical sector]

Sector 114270230 --> [Forged physical sector]

Sector 114270242 --> [Forged physical sector]

Sector 114270243 --> [Forged physical sector]

Sector 114270244 --> [Forged physical sector]

Sector 114270245 --> [Forged physical sector]

Sector 114270246 --> [Forged physical sector]

Sector 114270247 --> [Forged physical sector]

Sector 114270248 --> [Forged physical sector]

Sector 114270249 --> [Forged physical sector]

Sector 114270250 --> [Forged physical sector]

Sector 114270251 --> [Forged physical sector]

Sector 114270252 --> [Forged physical sector]

Sector 114270253 --> [Forged physical sector]

Sector 114270254 --> [Forged physical sector]

Sector 114270255 --> [Forged physical sector]

Sector 114270256 --> [Forged physical sector]

Sector 114270257 --> [Forged physical sector]

Sector 114270258 --> [Forged physical sector]

Sector 114270259 --> [Forged physical sector]

Sector 114270260 --> [Forged physical sector]

Sector 114270261 --> [Forged physical sector]

Sector 114270262 --> [Forged physical sector]

Sector 114270263 --> [Forged physical sector]

Sector 114270264 --> [Forged physical sector]

Sector 114270265 --> [Forged physical sector]

Sector 114270266 --> [Forged physical sector]

Sector 114270267 --> [Forged physical sector]

Sector 114270268 --> [Forged physical sector]

Sector 114270269 --> [Forged physical sector]

Sector 114270270 --> [Forged physical sector]

Sector 114270271 --> [Forged physical sector]

Sector 114270272 --> [Forged physical sector]

Sector 114270273 --> [Forged physical sector]

Sector 114270274 --> [Forged physical sector]

Sector 114270275 --> [Forged physical sector]

Sector 114270276 --> [Forged physical sector]

Sector 114270277 --> [Forged physical sector]

Sector 114270280 --> [Forged physical sector]

Sector 114270281 --> [Forged physical sector]

Sector 114270282 --> [Forged physical sector]

Sector 114270283 --> [Forged physical sector]

Sector 114270284 --> [Forged physical sector]

Sector 114270285 --> [Forged physical sector]

Sector 114270286 --> [Forged physical sector]

Sector 114270287 --> [Forged physical sector]

Sector 114270288 --> [Forged physical sector]

Sector 114270289 --> [Forged physical sector]

Sector 114270290 --> [Forged physical sector]

Sector 114270291 --> [Forged physical sector]

Sector 114270292 --> [Forged physical sector]

Sector 114270293 --> [Forged physical sector]

Sector 114270294 --> [Forged physical sector]

Sector 114270295 --> [Forged physical sector]

Sector 114270296 --> [Forged physical sector]

Sector 114270297 --> [Forged physical sector]

Sector 114270298 --> [Forged physical sector]

Sector 114270299 --> [Forged physical sector]

Sector 114270300 --> [Forged physical sector]

Sector 114270301 --> [Forged physical sector]

Sector 114270302 --> [Forged physical sector]

Sector 114270303 --> [Forged physical sector]

Sector 114270304 --> [Forged physical sector]

Sector 114270305 --> [Forged physical sector]

Sector 114270306 --> [Forged physical sector]

Sector 114270307 --> [Forged physical sector]

Sector 114270308 --> [Forged physical sector]

Sector 114270309 --> [Forged physical sector]

Sector 114270310 --> [Forged physical sector]

Sector 114270311 --> [Forged physical sector]

Sector 114270312 --> [Forged physical sector]

Sector 114270313 --> [Forged physical sector]

Sector 114270314 --> [Forged physical sector]

Sector 114270315 --> [Forged physical sector]

Sector 114270316 --> [Forged physical sector]

Sector 114270317 --> [Forged physical sector]

Sector 114270318 --> [Forged physical sector]

Sector 114270319 --> [Forged physical sector]

Sector 114270320 --> [Forged physical sector]

Sector 114270321 --> [Forged physical sector]

Sector 114270322 --> [Forged physical sector]

Sector 114270324 --> [Forged physical sector]

Sector 114270325 --> [Forged physical sector]

Sector 114270326 --> [Forged physical sector]

Sector 114270327 --> [Forged physical sector]

Sector 114270328 --> [Forged physical sector]

Sector 114270329 --> [Forged physical sector]

Sector 114270330 --> [Forged physical sector]

Sector 114270331 --> [Forged physical sector]

Sector 114270332 --> [Forged physical sector]

Sector 114270333 --> [Forged physical sector]

Sector 114270334 --> [Forged physical sector]

Sector 114270335 --> [Forged physical sector]

Sector 114270336 --> [Forged physical sector]

Sector 114270337 --> [Forged physical sector]

Sector 114270338 --> [Forged physical sector]

Sector 114270339 --> [Forged physical sector]

Sector 114270340 --> [Forged physical sector]

Sector 114270341 --> [Forged physical sector]

Sector 114270342 --> [Forged physical sector]

Done!

Performing system, memory and registry scan...

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

Removal scheduling successful. System shutdown needed.

System shutdown occured

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.862000 GHz

Memory total: 1064693760, free: 119017472

------------ Kernel report ------------

11/28/2012 22:08:07

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

PCIIde.sys

\WINDOWS\System32\Drivers\PCIIDEX.SYS

intelide.sys

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

cercsr6.sys

\WINDOWS\System32\Drivers\SCSIPORT.SYS

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

PxHelp20.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

Mup.sys

avgrkx86.sys

avgidshx.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\ialmnt5.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\bcm4sbxp.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\sdbus.sys

\SystemRoot\system32\DRIVERS\rimmptsk.sys

\SystemRoot\system32\DRIVERS\rimsptsk.sys

\SystemRoot\system32\DRIVERS\rixdptsk.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\sthda.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\avgmfx86.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\avgtdix.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\avgldx86.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ialmdnt5.dll

\SystemRoot\System32\ialmrnt5.dll

\SystemRoot\System32\ialmdev5.DLL

\SystemRoot\System32\ialmdd5.DLL

\SystemRoot\system32\DRIVERS\AegisP.sys

\SystemRoot\system32\DRIVERS\s24trans.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\system32\DRIVERS\avgidsshimx.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\avgidsfilterx.sys

\SystemRoot\system32\DRIVERS\avgidsdriverx.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\System32\Drivers\TDTCP.SYS

\SystemRoot\System32\Drivers\RDPWD.SYS

\SystemRoot\system32\DRIVERS\w29n51.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8650a900

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\

Lower Device Object: 0xffffffff865df940

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Initializing...

Done!

Scanning directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8650a900, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff86512e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8650a900, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff865df940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe2d383e0, 0xffffffff8650a900, 0xffffffff8559a9b8

Lower DeviceData: 0xffffffffe2c809c0, 0xffffffff865df940, 0xffffffff8575c188

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: E686F016

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 80325 Numsec = 104438565

Partition file system is NTFS

Partition is bootable

Partition 2 type is Other (0xdb)

Partition is NOT ACTIVE.

Partition starts at LBA: 104518890 Numsec = 9735390

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 58506416640 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-114250345-114270345)...

Done!

Performing system, memory and registry scan...

Read File: File "C:\Documents and Settings\All Users\Application Data\AVG2012\log\avgcore.log.1" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\AVG2012\log\avgual.2012-09-27.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\AVG2012\log\avgual.2012-10-08.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\AVG2012\log\avgual.2012-10-10.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\AVG2012\log\avgual.2012-10-30.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\AVG2012\log\avgual.2012-11-11.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\AVG2012\log\avgual.2012-11-20.log" is compressed (flags = 1)

Done!

Scan finished

=======================================

Link to post
Share on other sites

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Hello Manic. I need to post the results in two post because I'm getting a message that the post is too long.

tdsskiller log 1 of 2

08:38:42.0234 3644 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

08:38:42.0875 3644 ============================================================

08:38:42.0875 3644 Current date / time: 2012/11/29 08:38:42.0875

08:38:42.0875 3644 SystemInfo:

08:38:42.0875 3644

08:38:42.0875 3644 OS Version: 5.1.2600 ServicePack: 3.0

08:38:42.0875 3644 Product type: Workstation

08:38:42.0875 3644 ComputerName: MIKE-M140

08:38:42.0875 3644 UserName: Mike

08:38:42.0875 3644 Windows directory: C:\WINDOWS

08:38:42.0875 3644 System windows directory: C:\WINDOWS

08:38:42.0875 3644 Processor architecture: Intel x86

08:38:42.0875 3644 Number of processors: 1

08:38:42.0875 3644 Page size: 0x1000

08:38:42.0875 3644 Boot type: Normal boot

08:38:42.0875 3644 ============================================================

08:38:43.0890 3644 BG loaded

08:38:44.0250 3644 Drive \Device\Harddisk0\DR0 - Size: 0xD9F411200 (54.49 Gb), SectorSize: 0x200, Cylinders: 0x1BC9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

08:38:44.0265 3644 ============================================================

08:38:44.0265 3644 \Device\Harddisk0\DR0:

08:38:44.0265 3644 MBR partitions:

08:38:44.0265 3644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x6399B25

08:38:44.0265 3644 ============================================================

08:38:44.0296 3644 C: <-> \Device\Harddisk0\DR0\Partition1

08:38:44.0296 3644 ============================================================

08:38:44.0296 3644 Initialize success

08:38:44.0296 3644 ============================================================

08:40:49.0250 1064 ============================================================

08:40:49.0250 1064 Scan started

08:40:49.0250 1064 Mode: Manual; SigCheck; TDLFS;

08:40:49.0250 1064 ============================================================

08:40:49.0734 1064 ================ Scan system memory ========================

08:40:52.0718 1064 System memory - ok

08:40:52.0718 1064 ================ Scan services =============================

08:40:52.0828 1064 Abiosdsk - ok

08:40:52.0828 1064 abp480n5 - ok

08:40:52.0875 1064 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:40:53.0968 1064 ACPI - ok

08:40:54.0000 1064 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

08:40:54.0140 1064 ACPIEC - ok

08:40:54.0140 1064 adpu160m - ok

08:40:54.0171 1064 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

08:40:54.0328 1064 aec - ok

08:40:54.0359 1064 [ 375EB0B97E3950ADEF3633C27A82438B ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys

08:40:54.0375 1064 AegisP ( UnsignedFile.Multi.Generic ) - warning

08:40:54.0375 1064 AegisP - detected UnsignedFile.Multi.Generic (1)

08:40:54.0437 1064 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

08:40:54.0484 1064 AFD - ok

08:40:54.0484 1064 Aha154x - ok

08:40:54.0484 1064 aic78u2 - ok

08:40:54.0500 1064 aic78xx - ok

08:40:54.0531 1064 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

08:40:54.0656 1064 Alerter - ok

08:40:54.0687 1064 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

08:40:54.0765 1064 ALG - ok

08:40:54.0765 1064 AliIde - ok

08:40:54.0781 1064 amsint - ok

08:40:54.0859 1064 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

08:40:54.0890 1064 Apple Mobile Device - ok

08:40:54.0921 1064 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

08:40:55.0031 1064 AppMgmt - ok

08:40:55.0062 1064 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

08:40:55.0234 1064 Arp1394 - ok

08:40:55.0234 1064 asc - ok

08:40:55.0250 1064 asc3350p - ok

08:40:55.0265 1064 asc3550 - ok

08:40:55.0359 1064 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

08:40:55.0359 1064 aspnet_state ( UnsignedFile.Multi.Generic ) - warning

08:40:55.0359 1064 aspnet_state - detected UnsignedFile.Multi.Generic (1)

08:40:55.0406 1064 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:40:55.0578 1064 AsyncMac - ok

08:40:55.0656 1064 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

08:40:55.0843 1064 atapi - ok

08:40:55.0843 1064 Atdisk - ok

08:40:55.0875 1064 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:40:56.0093 1064 Atmarpc - ok

08:40:56.0171 1064 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

08:40:56.0359 1064 AudioSrv - ok

08:40:56.0406 1064 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

08:40:56.0593 1064 audstub - ok

08:40:56.0875 1064 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

08:40:57.0203 1064 AVGIDSAgent - ok

08:40:57.0250 1064 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

08:40:57.0390 1064 AVGIDSDriver - ok

08:40:57.0437 1064 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys

08:40:57.0468 1064 AVGIDSFilter - ok

08:40:57.0500 1064 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys

08:40:57.0531 1064 AVGIDSHX - ok

08:40:57.0578 1064 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

08:40:57.0609 1064 AVGIDSShim - ok

08:40:57.0656 1064 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys

08:40:57.0718 1064 Avgldx86 - ok

08:40:57.0750 1064 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

08:40:57.0796 1064 Avgmfx86 - ok

08:40:57.0812 1064 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

08:40:57.0843 1064 Avgrkx86 - ok

08:40:57.0906 1064 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys

08:40:57.0953 1064 Avgtdix - ok

08:40:58.0000 1064 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe

08:40:58.0046 1064 avgwd - ok

08:40:58.0093 1064 [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

08:40:58.0187 1064 bcm4sbxp - ok

08:40:58.0203 1064 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

08:40:58.0484 1064 Beep - ok

08:40:58.0531 1064 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

08:40:58.0718 1064 BITS - ok

08:40:58.0781 1064 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

08:40:58.0812 1064 Bonjour Service - ok

08:40:58.0843 1064 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

08:40:58.0906 1064 Browser - ok

08:40:58.0921 1064 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

08:40:59.0046 1064 cbidf2k - ok

08:40:59.0046 1064 cd20xrnt - ok

08:40:59.0078 1064 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

08:40:59.0234 1064 Cdaudio - ok

08:40:59.0265 1064 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

08:40:59.0406 1064 Cdfs - ok

08:40:59.0437 1064 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:40:59.0578 1064 Cdrom - ok

08:40:59.0640 1064 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys

08:40:59.0640 1064 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

08:40:59.0656 1064 cercsr6 - detected UnsignedFile.Multi.Generic (1)

08:40:59.0656 1064 Changer - ok

08:40:59.0687 1064 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

08:40:59.0828 1064 CiSvc - ok

08:40:59.0843 1064 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

08:40:59.0984 1064 ClipSrv - ok

08:41:00.0000 1064 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

08:41:00.0156 1064 CmBatt - ok

08:41:00.0156 1064 CmdIde - ok

08:41:00.0250 1064 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

08:41:00.0375 1064 Compbatt - ok

08:41:00.0390 1064 COMSysApp - ok

08:41:00.0406 1064 Cpqarray - ok

08:41:00.0421 1064 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

08:41:00.0578 1064 CryptSvc - ok

08:41:00.0578 1064 dac2w2k - ok

08:41:00.0593 1064 dac960nt - ok

08:41:00.0656 1064 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

08:41:00.0718 1064 DcomLaunch - ok

08:41:00.0734 1064 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

08:41:00.0890 1064 Dhcp - ok

08:41:00.0890 1064 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

08:41:01.0046 1064 Disk - ok

08:41:01.0062 1064 dmadmin - ok

08:41:01.0109 1064 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

08:41:01.0296 1064 dmboot - ok

08:41:01.0328 1064 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

08:41:01.0484 1064 dmio - ok

08:41:01.0515 1064 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

08:41:01.0656 1064 dmload - ok

08:41:01.0734 1064 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

08:41:01.0875 1064 dmserver - ok

08:41:01.0890 1064 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

08:41:02.0031 1064 DMusic - ok

08:41:02.0062 1064 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

08:41:02.0140 1064 Dnscache - ok

08:41:02.0171 1064 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

08:41:02.0312 1064 Dot3svc - ok

08:41:02.0312 1064 dpti2o - ok

08:41:02.0343 1064 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

08:41:02.0484 1064 drmkaud - ok

08:41:02.0515 1064 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

08:41:02.0640 1064 EapHost - ok

08:41:02.0765 1064 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe

08:41:02.0796 1064 ehRecvr - ok

08:41:02.0828 1064 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe

08:41:02.0859 1064 ehSched - ok

08:41:02.0890 1064 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

08:41:03.0015 1064 ERSvc - ok

08:41:03.0046 1064 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

08:41:03.0093 1064 Eventlog - ok

08:41:03.0125 1064 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

08:41:03.0203 1064 EventSystem - ok

08:41:03.0296 1064 [ 4C6FA3FD55087B7C35707068723A1710 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

08:41:03.0390 1064 EvtEng ( UnsignedFile.Multi.Generic ) - warning

08:41:03.0390 1064 EvtEng - detected UnsignedFile.Multi.Generic (1)

08:41:03.0437 1064 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

08:41:03.0656 1064 Fastfat - ok

08:41:03.0734 1064 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

08:41:03.0875 1064 FastUserSwitchingCompatibility - ok

08:41:03.0906 1064 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

08:41:04.0453 1064 Fdc - ok

08:41:04.0484 1064 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

08:41:04.0625 1064 Fips - ok

08:41:04.0640 1064 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

08:41:04.0796 1064 Flpydisk - ok

08:41:04.0828 1064 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

08:41:05.0031 1064 FltMgr - ok

08:41:05.0125 1064 [ 8EFA9BFC940D9EB9348D9DAFB839FE25 ] FlyUsb C:\WINDOWS\system32\DRIVERS\FlyUsb.sys

08:41:05.0187 1064 FlyUsb - ok

08:41:05.0218 1064 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:41:05.0343 1064 Fs_Rec - ok

08:41:05.0406 1064 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:41:05.0562 1064 Ftdisk - ok

08:41:05.0593 1064 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

08:41:05.0625 1064 GEARAspiWDM - ok

08:41:05.0656 1064 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:41:05.0843 1064 Gpc - ok

08:41:05.0906 1064 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

08:41:06.0031 1064 HDAudBus - ok

08:41:06.0140 1064 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

08:41:06.0281 1064 helpsvc - ok

08:41:06.0296 1064 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

08:41:06.0437 1064 HidServ - ok

08:41:06.0453 1064 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:41:06.0593 1064 HidUsb - ok

08:41:06.0625 1064 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

08:41:06.0750 1064 hkmsvc - ok

08:41:06.0750 1064 hpn - ok

08:41:06.0796 1064 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

08:41:06.0828 1064 HTTP - ok

08:41:06.0859 1064 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

08:41:07.0000 1064 HTTPFilter - ok

08:41:07.0000 1064 i2omgmt - ok

08:41:07.0000 1064 i2omp - ok

08:41:07.0031 1064 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:41:07.0187 1064 i8042prt - ok

08:41:07.0265 1064 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

08:41:07.0390 1064 ialm - ok

08:41:07.0406 1064 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

08:41:07.0562 1064 Imapi - ok

08:41:07.0593 1064 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

08:41:07.0734 1064 ImapiService - ok

08:41:07.0750 1064 ini910u - ok

08:41:07.0796 1064 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

08:41:07.0953 1064 IntelIde - ok

08:41:07.0968 1064 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

08:41:08.0109 1064 intelppm - ok

08:41:08.0125 1064 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

08:41:08.0250 1064 Ip6Fw - ok

08:41:08.0281 1064 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:41:08.0421 1064 IpFilterDriver - ok

08:41:08.0437 1064 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:41:08.0562 1064 IpInIp - ok

08:41:08.0593 1064 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:41:08.0734 1064 IpNat - ok

08:41:08.0796 1064 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

08:41:08.0843 1064 iPod Service - ok

08:41:08.0875 1064 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:41:09.0000 1064 IPSec - ok

08:41:09.0031 1064 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

08:41:09.0109 1064 IRENUM - ok

08:41:09.0125 1064 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:41:09.0265 1064 isapnp - ok

08:41:09.0328 1064 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

08:41:09.0343 1064 JavaQuickStarterService - ok

08:41:09.0375 1064 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:41:09.0500 1064 Kbdclass - ok

08:41:09.0531 1064 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

08:41:09.0640 1064 kmixer - ok

08:41:09.0671 1064 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

08:41:09.0734 1064 KSecDD - ok

08:41:09.0765 1064 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

08:41:09.0812 1064 lanmanserver - ok

08:41:09.0843 1064 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

08:41:09.0890 1064 lanmanworkstation - ok

08:41:09.0906 1064 lbrtfdc - ok

08:41:10.0218 1064 [ 32F1B95C60042F3D95FC8AB43559B3B1 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

08:41:10.0703 1064 LeapFrog Connect Device Service - ok

08:41:10.0734 1064 [ 5CFFDA921FE0C9E9EBDE3150D3C81594 ] Leapfrog-USBLAN C:\WINDOWS\system32\DRIVERS\btblan.sys

08:41:10.0828 1064 Leapfrog-USBLAN - ok

08:41:10.0875 1064 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

08:41:11.0125 1064 LmHosts - ok

08:41:11.0203 1064 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys

08:41:11.0218 1064 mbamchameleon - ok

08:41:11.0250 1064 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe

08:41:11.0265 1064 McrdSvc - ok

08:41:11.0296 1064 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

08:41:11.0421 1064 Messenger - ok

08:41:11.0468 1064 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll

08:41:11.0515 1064 MHN ( UnsignedFile.Multi.Generic ) - warning

08:41:11.0515 1064 MHN - detected UnsignedFile.Multi.Generic (1)

08:41:11.0531 1064 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys

08:41:11.0546 1064 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

08:41:11.0546 1064 MHNDRV - detected UnsignedFile.Multi.Generic (1)

08:41:11.0625 1064 Microsoft SharePoint Workspace Audit Service - ok

08:41:11.0656 1064 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

08:41:11.0843 1064 mnmdd - ok

08:41:11.0890 1064 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

08:41:12.0031 1064 mnmsrvc - ok

08:41:12.0062 1064 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

08:41:12.0187 1064 Modem - ok

08:41:12.0187 1064 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:41:12.0328 1064 Mouclass - ok

08:41:12.0343 1064 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:41:12.0468 1064 mouhid - ok

08:41:12.0500 1064 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

08:41:12.0640 1064 MountMgr - ok

08:41:12.0656 1064 mraid35x - ok

08:41:12.0671 1064 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:41:12.0796 1064 MRxDAV - ok

08:41:12.0843 1064 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:41:12.0921 1064 MRxSmb - ok

08:41:12.0968 1064 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

08:41:13.0093 1064 MSDTC - ok

08:41:13.0093 1064 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

08:41:13.0218 1064 Msfs - ok

08:41:13.0234 1064 MSIServer - ok

08:41:13.0265 1064 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:41:13.0406 1064 MSKSSRV - ok

08:41:13.0421 1064 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:41:13.0578 1064 MSPCLOCK - ok

08:41:13.0593 1064 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

08:41:13.0734 1064 MSPQM - ok

08:41:13.0765 1064 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:41:13.0890 1064 mssmbios - ok

08:41:13.0984 1064 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

08:41:14.0062 1064 Mup - ok

08:41:14.0109 1064 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

08:41:14.0265 1064 napagent - ok

08:41:14.0281 1064 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

08:41:14.0421 1064 NDIS - ok

08:41:14.0453 1064 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:41:14.0515 1064 NdisTapi - ok

08:41:14.0531 1064 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:41:14.0703 1064 Ndisuio - ok

08:41:14.0765 1064 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:41:14.0937 1064 NdisWan - ok

08:41:14.0968 1064 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

08:41:15.0062 1064 NDProxy - ok

08:41:15.0093 1064 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

08:41:15.0265 1064 NetBIOS - ok

08:41:15.0281 1064 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

08:41:15.0453 1064 NetBT - ok

08:41:15.0500 1064 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

08:41:15.0687 1064 NetDDE - ok

08:41:15.0703 1064 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

08:41:15.0906 1064 NetDDEdsdm - ok

08:41:15.0937 1064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

08:41:16.0078 1064 Netlogon - ok

08:41:16.0093 1064 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

08:41:16.0234 1064 Netman - ok

08:41:16.0250 1064 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

08:41:16.0375 1064 NIC1394 - ok

08:41:16.0421 1064 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

08:41:16.0453 1064 Nla - ok

08:41:16.0484 1064 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

08:41:16.0609 1064 Npfs - ok

08:41:16.0640 1064 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

08:41:16.0781 1064 Ntfs - ok

08:41:16.0796 1064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

08:41:16.0921 1064 NtLmSsp - ok

08:41:16.0968 1064 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

08:41:17.0125 1064 NtmsSvc - ok

08:41:17.0140 1064 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

08:41:17.0250 1064 Null - ok

08:41:17.0296 1064 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:41:17.0421 1064 NwlnkFlt - ok

08:41:17.0437 1064 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:41:17.0546 1064 NwlnkFwd - ok

08:41:17.0593 1064 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

08:41:17.0718 1064 ohci1394 - ok

08:41:17.0781 1064 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:41:17.0812 1064 ose - ok

08:41:18.0000 1064 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

08:41:18.0656 1064 osppsvc - ok

08:41:18.0703 1064 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys

08:41:19.0218 1064 Parport - ok

08:41:19.0234 1064 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

08:41:19.0359 1064 PartMgr - ok

08:41:19.0406 1064 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

08:41:19.0546 1064 ParVdm - ok

08:41:19.0578 1064 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

08:41:19.0781 1064 PCI - ok

08:41:19.0796 1064 PCIDump - ok

08:41:19.0859 1064 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys

08:41:20.0046 1064 PCIIde - ok

08:41:20.0078 1064 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

08:41:20.0296 1064 Pcmcia - ok

08:41:20.0296 1064 PDCOMP - ok

08:41:20.0312 1064 PDFRAME - ok

08:41:20.0312 1064 PDRELI - ok

08:41:20.0328 1064 PDRFRAME - ok

08:41:20.0343 1064 perc2 - ok

08:41:20.0359 1064 perc2hib - ok

08:41:20.0406 1064 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

08:41:20.0421 1064 PlugPlay - ok

08:41:20.0437 1064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

08:41:20.0546 1064 PolicyAgent - ok

08:41:20.0562 1064 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:41:20.0703 1064 PptpMiniport - ok

08:41:20.0703 1064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

08:41:20.0828 1064 ProtectedStorage - ok

08:41:20.0859 1064 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

08:41:20.0984 1064 PSched - ok

08:41:21.0000 1064 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:41:21.0125 1064 Ptilink - ok

08:41:21.0156 1064 [ 617ACCADA2E0A0F43EC6030BBAC49513 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

08:41:21.0187 1064 PxHelp20 - ok

08:41:21.0203 1064 ql1080 - ok

08:41:21.0203 1064 Ql10wnt - ok

08:41:21.0218 1064 ql12160 - ok

08:41:21.0218 1064 ql1240 - ok

08:41:21.0234 1064 ql1280 - ok

08:41:21.0250 1064 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:41:21.0375 1064 RasAcd - ok

08:41:21.0421 1064 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

08:41:21.0546 1064 RasAuto - ok

08:41:21.0562 1064 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:41:21.0671 1064 Rasl2tp - ok

08:41:21.0703 1064 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

08:41:21.0843 1064 RasMan - ok

08:41:21.0843 1064 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:41:21.0968 1064 RasPppoe - ok

08:41:22.0000 1064 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

08:41:22.0125 1064 Raspti - ok

08:41:22.0140 1064 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:41:22.0281 1064 Rdbss - ok

08:41:22.0296 1064 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:41:22.0421 1064 RDPCDD - ok

08:41:22.0453 1064 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:41:22.0578 1064 rdpdr - ok

08:41:22.0625 1064 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

08:41:22.0671 1064 RDPWD - ok

08:41:22.0718 1064 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

08:41:22.0843 1064 RDSessMgr - ok

08:41:22.0875 1064 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

08:41:23.0000 1064 redbook - ok

08:41:23.0031 1064 [ 8AC155995F5D10FC0D3AD949A1A68075 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

08:41:23.0046 1064 RegSrvc ( UnsignedFile.Multi.Generic ) - warning

08:41:23.0046 1064 RegSrvc - detected UnsignedFile.Multi.Generic (1)

08:41:23.0078 1064 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

08:41:23.0203 1064 RemoteAccess - ok

08:41:23.0218 1064 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

08:41:23.0359 1064 RemoteRegistry - ok

08:41:23.0421 1064 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

08:41:23.0453 1064 rimmptsk - ok

08:41:23.0484 1064 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

08:41:23.0531 1064 rimsptsk - ok

08:41:23.0531 1064 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

08:41:23.0593 1064 rismxdp - ok

08:41:23.0625 1064 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

08:41:23.0750 1064 RpcLocator - ok

08:41:23.0781 1064 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

08:41:23.0828 1064 RpcSs - ok

08:41:23.0875 1064 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

08:41:24.0031 1064 RSVP - ok

08:41:24.0078 1064 [ 131D50F081D2E29EBD1365B21F6B9736 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

08:41:24.0140 1064 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning

08:41:24.0140 1064 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)

08:41:24.0171 1064 [ E2C6ABCBEFB1D44F6AAEB1CD5D6062D4 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys

08:41:24.0187 1064 s24trans ( UnsignedFile.Multi.Generic ) - warning

08:41:24.0187 1064 s24trans - detected UnsignedFile.Multi.Generic (1)

08:41:24.0203 1064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

08:41:24.0328 1064 SamSs - ok

08:41:24.0359 1064 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

08:41:24.0484 1064 SCardSvr - ok

08:41:24.0515 1064 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

08:41:24.0671 1064 Schedule - ok

08:41:24.0703 1064 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys

08:41:24.0843 1064 sdbus - ok

08:41:24.0921 1064 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:41:25.0000 1064 Secdrv - ok

08:41:25.0015 1064 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

08:41:25.0156 1064 seclogon - ok

08:41:25.0218 1064 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

08:41:25.0375 1064 SENS - ok

08:41:25.0421 1064 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

08:41:25.0562 1064 Serial - ok

08:41:25.0593 1064 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys

08:41:25.0718 1064 sffdisk - ok

08:41:25.0734 1064 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

08:41:25.0890 1064 sffp_sd - ok

08:41:25.0906 1064 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

08:41:26.0031 1064 Sfloppy - ok

08:41:26.0062 1064 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

08:41:26.0218 1064 SharedAccess - ok

08:41:26.0234 1064 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

08:41:26.0265 1064 ShellHWDetection - ok

08:41:26.0265 1064 Simbad - ok

08:41:26.0281 1064 Sparrow - ok

08:41:26.0312 1064 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

08:41:26.0453 1064 splitter - ok

08:41:26.0484 1064 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

08:41:26.0531 1064 Spooler - ok

08:41:26.0546 1064 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

08:41:26.0625 1064 sr - ok

08:41:26.0656 1064 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

08:41:26.0734 1064 srservice - ok

08:41:26.0781 1064 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

08:41:26.0843 1064 Srv - ok

08:41:26.0875 1064 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

08:41:26.0953 1064 SSDPSRV - ok

08:41:27.0015 1064 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys

08:41:27.0109 1064 STHDA - ok

08:41:27.0156 1064 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

08:41:27.0390 1064 stisvc - ok

08:41:27.0453 1064 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

08:41:27.0656 1064 swenum - ok

08:41:27.0718 1064 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

08:41:27.0906 1064 swmidi - ok

08:41:27.0921 1064 SwPrv - ok

08:41:27.0937 1064 symc810 - ok

08:41:27.0953 1064 symc8xx - ok

08:41:27.0968 1064 sym_hi - ok

08:41:27.0984 1064 sym_u3 - ok

08:41:28.0000 1064 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

08:41:28.0187 1064 sysaudio - ok

08:41:28.0203 1064 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

08:41:28.0328 1064 SysmonLog - ok

08:41:28.0421 1064 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

08:41:28.0546 1064 TapiSrv - ok

08:41:28.0625 1064 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:41:28.0656 1064 Tcpip - ok

08:41:28.0703 1064 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

08:41:28.0843 1064 TDPIPE - ok

08:41:28.0859 1064 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

08:41:29.0000 1064 TDTCP - ok

08:41:29.0015 1064 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

08:41:29.0171 1064 TermDD - ok

08:41:29.0218 1064 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

08:41:29.0343 1064 TermService - ok

08:41:29.0359 1064 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

08:41:29.0406 1064 Themes - ok

08:41:29.0453 1064 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

08:41:29.0515 1064 TlntSvr - ok

08:41:29.0515 1064 TosIde - ok

08:41:29.0546 1064 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

08:41:29.0671 1064 TrkWks - ok

08:41:29.0687 1064 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

08:41:29.0828 1064 Udfs - ok

08:41:29.0828 1064 UIUSys - ok

08:41:29.0843 1064 ultra - ok

08:41:29.0921 1064 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

08:41:30.0078 1064 Update - ok

08:41:30.0109 1064 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

08:41:30.0187 1064 upnphost - ok

08:41:30.0203 1064 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

08:41:30.0328 1064 UPS - ok

08:41:30.0421 1064 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

08:41:30.0500 1064 USBAAPL - ok

08:41:30.0546 1064 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:41:30.0718 1064 usbccgp - ok

08:41:30.0734 1064 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:41:30.0875 1064 usbehci - ok

08:41:30.0906 1064 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:41:31.0093 1064 usbhub - ok

08:41:31.0125 1064 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:41:31.0281 1064 usbscan - ok

08:41:31.0312 1064 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:41:31.0500 1064 USBSTOR - ok

08:41:31.0515 1064 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:41:31.0656 1064 usbuhci - ok

08:41:31.0671 1064 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

08:41:31.0812 1064 VgaSave - ok

08:41:31.0812 1064 ViaIde - ok

08:41:31.0890 1064 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

08:41:32.0015 1064 VolSnap - ok

08:41:32.0046 1064 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

08:41:32.0125 1064 VSS - ok

08:41:32.0234 1064 [ D6006DE6A6ED423D8016A03BC50CBE6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys

08:41:32.0406 1064 w29n51 - ok

08:41:32.0453 1064 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

08:41:32.0640 1064 W32Time - ok

08:41:32.0671 1064 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:41:32.0843 1064 Wanarp - ok

08:41:32.0843 1064 WDICA - ok

08:41:32.0890 1064 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

08:41:33.0078 1064 wdmaud - ok

08:41:33.0093 1064 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

08:41:33.0281 1064 WebClient - ok

08:41:33.0343 1064 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

08:41:33.0515 1064 winmgmt - ok

08:41:33.0578 1064 [ 8880769B9F88918E27F8E7332AA1AA01 ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

08:41:33.0609 1064 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning

08:41:33.0609 1064 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)

08:41:33.0625 1064 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

08:41:33.0687 1064 WmdmPmSN - ok

08:41:33.0734 1064 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

08:41:33.0796 1064 Wmi - ok

08:41:33.0828 1064 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

08:41:34.0031 1064 WmiApSrv - ok

08:41:34.0125 1064 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

08:41:34.0187 1064 WMPNetworkSvc - ok

08:41:34.0234 1064 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

08:41:34.0406 1064 wscsvc - ok

08:41:34.0437 1064 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

08:41:34.0609 1064 wuauserv - ok

08:41:34.0640 1064 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:41:34.0718 1064 WudfPf - ok

08:41:34.0734 1064 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:41:34.0812 1064 WudfRd - ok

08:41:34.0828 1064 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

08:41:34.0859 1064 WudfSvc - ok

08:41:34.0906 1064 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

08:41:35.0109 1064 WZCSVC - ok

08:41:35.0140 1064 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

08:41:35.0375 1064 xmlprov - ok

08:41:35.0421 1064 ================ Scan global ===============================

08:41:35.0453 1064 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

08:41:35.0500 1064 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

08:41:35.0531 1064 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

08:41:35.0546 1064 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

08:41:35.0562 1064 [Global] - ok

08:41:35.0562 1064 ================ Scan MBR ==================================

08:41:35.0578 1064 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

08:41:35.0890 1064 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

08:41:35.0890 1064 \Device\Harddisk0\DR0 - detected TDSS File System (1)

08:41:35.0890 1064 ================ Scan VBR ==================================

08:41:35.0890 1064 [ 2D77386FA7DDAF0949DA20BCD86F12CE ] \Device\Harddisk0\DR0\Partition1

08:41:35.0890 1064 \Device\Harddisk0\DR0\Partition1 - ok

08:41:35.0906 1064 ================ Scan active images ========================

08:41:35.0906 1064 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys

08:41:35.0906 1064 C:\WINDOWS\system32\drivers\intelppm.sys - ok

08:41:35.0906 1064 [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\system32\drivers\cmbatt.sys

08:41:35.0906 1064 C:\WINDOWS\system32\drivers\cmbatt.sys - ok

08:41:35.0921 1064 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys

08:41:35.0921 1064 C:\WINDOWS\system32\drivers\videoprt.sys - ok

08:41:35.0921 1064 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] C:\WINDOWS\system32\drivers\ialmnt5.sys

08:41:35.0921 1064 C:\WINDOWS\system32\drivers\ialmnt5.sys - ok

08:41:35.0921 1064 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys

08:41:35.0921 1064 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok

08:41:35.0937 1064 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys

08:41:35.0937 1064 C:\WINDOWS\system32\drivers\usbport.sys - ok

08:41:35.0937 1064 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys

08:41:35.0937 1064 C:\WINDOWS\system32\drivers\usbuhci.sys - ok

08:41:35.0953 1064 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys

08:41:35.0953 1064 C:\WINDOWS\system32\drivers\usbehci.sys - ok

08:41:35.0953 1064 [ C768C8A463D32C219CE291645A0621A4 ] C:\WINDOWS\system32\drivers\bcm4sbxp.sys

08:41:35.0953 1064 C:\WINDOWS\system32\drivers\bcm4sbxp.sys - ok

08:41:35.0953 1064 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys

08:41:35.0953 1064 C:\WINDOWS\system32\drivers\nic1394.sys - ok

08:41:35.0968 1064 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] C:\WINDOWS\system32\drivers\sdbus.sys

08:41:35.0968 1064 C:\WINDOWS\system32\drivers\sdbus.sys - ok

08:41:35.0968 1064 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] C:\WINDOWS\system32\drivers\rimmptsk.sys

08:41:35.0968 1064 C:\WINDOWS\system32\drivers\rimmptsk.sys - ok

08:41:35.0984 1064 [ DB8EB01C58C9FADA00C70B1775278AE0 ] C:\WINDOWS\system32\drivers\rimsptsk.sys

08:41:35.0984 1064 C:\WINDOWS\system32\drivers\rimsptsk.sys - ok

08:41:35.0984 1064 [ 6C1F93C0760C9F79A1869D07233DF39D ] C:\WINDOWS\system32\drivers\rixdptsk.sys

08:41:35.0984 1064 C:\WINDOWS\system32\drivers\rixdptsk.sys - ok

08:41:35.0984 1064 [ D6006DE6A6ED423D8016A03BC50CBE6B ] C:\WINDOWS\system32\drivers\w29n51.sys

08:41:35.0984 1064 C:\WINDOWS\system32\drivers\w29n51.sys - ok

08:41:36.0000 1064 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys

08:41:36.0000 1064 C:\WINDOWS\system32\drivers\i8042prt.sys - ok

08:41:36.0000 1064 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys

08:41:36.0000 1064 C:\WINDOWS\system32\drivers\kbdclass.sys - ok

08:41:36.0000 1064 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys

08:41:36.0000 1064 C:\WINDOWS\system32\drivers\mouclass.sys - ok

08:41:36.0015 1064 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys

08:41:36.0015 1064 C:\WINDOWS\system32\drivers\imapi.sys - ok

08:41:36.0015 1064 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys

08:41:36.0015 1064 C:\WINDOWS\system32\drivers\cdrom.sys - ok

08:41:36.0031 1064 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys

08:41:36.0031 1064 C:\WINDOWS\system32\drivers\ks.sys - ok

08:41:36.0031 1064 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys

08:41:36.0031 1064 C:\WINDOWS\system32\drivers\redbook.sys - ok

08:41:36.0031 1064 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

08:41:36.0031 1064 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok

08:41:36.0046 1064 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys

08:41:36.0046 1064 C:\WINDOWS\system32\drivers\audstub.sys - ok

08:41:36.0046 1064 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys

08:41:36.0046 1064 C:\WINDOWS\system32\drivers\ndistapi.sys - ok

08:41:36.0062 1064 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys

08:41:36.0062 1064 C:\WINDOWS\system32\drivers\ndiswan.sys - ok

08:41:36.0062 1064 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys

08:41:36.0062 1064 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok

08:41:36.0062 1064 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys

08:41:36.0062 1064 C:\WINDOWS\system32\drivers\raspppoe.sys - ok

08:41:36.0078 1064 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys

08:41:36.0078 1064 C:\WINDOWS\system32\drivers\tdi.sys - ok

08:41:36.0078 1064 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys

08:41:36.0078 1064 C:\WINDOWS\system32\drivers\psched.sys - ok

08:41:36.0093 1064 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys

08:41:36.0093 1064 C:\WINDOWS\system32\drivers\raspptp.sys - ok

08:41:36.0093 1064 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys

08:41:36.0093 1064 C:\WINDOWS\system32\drivers\msgpc.sys - ok

08:41:36.0093 1064 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys

08:41:36.0093 1064 C:\WINDOWS\system32\drivers\ptilink.sys - ok

08:41:36.0109 1064 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys

08:41:36.0109 1064 C:\WINDOWS\system32\drivers\raspti.sys - ok

08:41:36.0109 1064 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys

08:41:36.0109 1064 C:\WINDOWS\system32\drivers\rdpdr.sys - ok

08:41:36.0125 1064 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys

08:41:36.0125 1064 C:\WINDOWS\system32\drivers\swenum.sys - ok

08:41:36.0125 1064 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys

08:41:36.0125 1064 C:\WINDOWS\system32\drivers\termdd.sys - ok

08:41:36.0125 1064 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys

08:41:36.0125 1064 C:\WINDOWS\system32\drivers\update.sys - ok

08:41:36.0140 1064 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys

08:41:36.0140 1064 C:\WINDOWS\system32\drivers\mssmbios.sys - ok

08:41:36.0140 1064 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys

08:41:36.0140 1064 C:\WINDOWS\system32\drivers\ndproxy.sys - ok

08:41:36.0156 1064 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys

08:41:36.0156 1064 C:\WINDOWS\system32\drivers\drmk.sys - ok

08:41:36.0156 1064 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys

08:41:36.0156 1064 C:\WINDOWS\system32\drivers\portcls.sys - ok

08:41:36.0156 1064 [ 951801DFB54D86F611F0AF47825476F9 ] C:\WINDOWS\system32\drivers\sthda.sys

08:41:36.0156 1064 C:\WINDOWS\system32\drivers\sthda.sys - ok

08:41:36.0171 1064 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys

08:41:36.0171 1064 C:\WINDOWS\system32\drivers\usbd.sys - ok

08:41:36.0171 1064 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys

08:41:36.0171 1064 C:\WINDOWS\system32\drivers\usbhub.sys - ok

08:41:36.0187 1064 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys

08:41:36.0187 1064 C:\WINDOWS\system32\drivers\fdc.sys - ok

08:41:36.0187 1064 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys

08:41:36.0187 1064 C:\WINDOWS\system32\drivers\flpydisk.sys - ok

08:41:36.0203 1064 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys

08:41:36.0203 1064 C:\WINDOWS\system32\drivers\sfloppy.sys - ok

08:41:36.0203 1064 [ CCDD61545AAEA265977E4B1EFDC74E8C ] C:\WINDOWS\system32\drivers\avgmfx86.sys

08:41:36.0203 1064 C:\WINDOWS\system32\drivers\avgmfx86.sys - ok

08:41:36.0218 1064 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys

08:41:36.0218 1064 C:\WINDOWS\system32\drivers\cdaudio.sys - ok

08:41:36.0234 1064 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys

08:41:36.0234 1064 C:\WINDOWS\system32\drivers\beep.sys - ok

08:41:36.0234 1064 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys

08:41:36.0234 1064 C:\WINDOWS\system32\drivers\fs_rec.sys - ok

08:41:36.0234 1064 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys

08:41:36.0250 1064 C:\WINDOWS\system32\drivers\null.sys - ok

08:41:36.0250 1064 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys

08:41:36.0250 1064 C:\WINDOWS\system32\drivers\vga.sys - ok

08:41:36.0250 1064 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys

08:41:36.0250 1064 C:\WINDOWS\system32\drivers\mnmdd.sys - ok

08:41:36.0265 1064 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys

08:41:36.0265 1064 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok

08:41:36.0265 1064 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys

08:41:36.0265 1064 C:\WINDOWS\system32\drivers\ipsec.sys - ok

08:41:36.0281 1064 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys

08:41:36.0281 1064 C:\WINDOWS\system32\drivers\msfs.sys - ok

08:41:36.0281 1064 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys

08:41:36.0281 1064 C:\WINDOWS\system32\drivers\npfs.sys - ok

08:41:36.0296 1064 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys

08:41:36.0296 1064 C:\WINDOWS\system32\drivers\rasacd.sys - ok

08:41:36.0296 1064 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys

08:41:36.0296 1064 C:\WINDOWS\system32\drivers\tcpip.sys - ok

08:41:36.0312 1064 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] C:\WINDOWS\system32\drivers\avgtdix.sys

08:41:36.0312 1064 C:\WINDOWS\system32\drivers\avgtdix.sys - ok

08:41:36.0312 1064 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys

08:41:36.0312 1064 C:\WINDOWS\system32\drivers\ipnat.sys - ok

08:41:36.0328 1064 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys

08:41:36.0328 1064 C:\WINDOWS\system32\drivers\netbt.sys - ok

08:41:36.0343 1064 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys

08:41:36.0343 1064 C:\WINDOWS\system32\drivers\afd.sys - ok

08:41:36.0343 1064 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys

08:41:36.0343 1064 C:\WINDOWS\system32\drivers\netbios.sys - ok

08:41:36.0359 1064 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys

08:41:36.0359 1064 C:\WINDOWS\system32\drivers\rdbss.sys - ok

08:41:36.0359 1064 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys

08:41:36.0359 1064 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok

08:41:36.0375 1064 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys

08:41:36.0375 1064 C:\WINDOWS\system32\drivers\fips.sys - ok

08:41:36.0375 1064 [ DCB09125C8B4766A88C86914B65487C1 ] C:\WINDOWS\system32\drivers\avgldx86.sys

08:41:36.0375 1064 C:\WINDOWS\system32\drivers\avgldx86.sys - ok

08:41:36.0375 1064 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys

08:41:36.0375 1064 C:\WINDOWS\system32\drivers\wanarp.sys - ok

08:41:36.0390 1064 [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys

08:41:36.0390 1064 C:\WINDOWS\system32\drivers\arp1394.sys - ok

08:41:36.0390 1064 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe

08:41:36.0390 1064 C:\WINDOWS\system32\smss.exe - ok

08:41:36.0390 1064 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll

08:41:36.0390 1064 C:\WINDOWS\system32\ntdll.dll - ok

08:41:36.0390 1064 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe

08:41:36.0390 1064 C:\WINDOWS\system32\autochk.exe - ok

08:41:36.0406 1064 [ CE1288544F75F7AE26C0E59697819FEA ] C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

08:41:36.0406 1064 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe - ok

08:41:36.0406 1064 [ 93312F83FD4D5C38CEE8AA1265C061EE ] C:\Program Files\AVG\AVG2012\avgsysx.dll

08:41:36.0406 1064 C:\Program Files\AVG\AVG2012\avgsysx.dll - ok

08:41:36.0406 1064 [ 91DC97F9DA3E2B59049D410870935C78 ] C:\Program Files\AVG\AVG2012\avgntopensslx.dll

08:41:36.0406 1064 C:\Program Files\AVG\AVG2012\avgntopensslx.dll - ok

08:41:36.0421 1064 [ 25CD97F030AE70AF458FF6AB0B7E9B2E ] C:\Program Files\AVG\AVG2012\avglogx.dll

08:41:36.0421 1064 C:\Program Files\AVG\AVG2012\avglogx.dll - ok

08:41:36.0421 1064 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys

08:41:36.0421 1064 C:\WINDOWS\system32\drivers\cdfs.sys - ok

08:41:36.0421 1064 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe

08:41:36.0421 1064 C:\WINDOWS\system32\csrss.exe - ok

08:41:36.0437 1064 [ 4EA92135C436D18975C2EBEC242B71DA ] C:\WINDOWS\system32\icmp.dll

08:41:36.0437 1064 C:\WINDOWS\system32\icmp.dll - ok

08:41:36.0437 1064 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll

08:41:36.0437 1064 C:\WINDOWS\system32\kbdus.dll - ok

08:41:36.0437 1064 [ C3200506FB212A0F4FB736A80E646C40 ] C:\WINDOWS\system32\lz32.dll

08:41:36.0437 1064 C:\WINDOWS\system32\lz32.dll - ok

08:41:36.0437 1064 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll

08:41:36.0437 1064 C:\WINDOWS\system32\msidle.dll - ok

08:41:36.0453 1064 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll

08:41:36.0453 1064 C:\WINDOWS\system32\msimg32.dll - ok

08:41:36.0453 1064 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll

08:41:36.0453 1064 C:\WINDOWS\system32\rasadhlp.dll - ok

08:41:36.0453 1064 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll

08:41:36.0453 1064 C:\WINDOWS\system32\sensapi.dll - ok

08:41:36.0468 1064 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll

08:41:36.0468 1064 C:\WINDOWS\system32\sfc.dll - ok

08:41:36.0468 1064 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll

08:41:36.0468 1064 C:\WINDOWS\system32\wmi.dll - ok

08:41:36.0468 1064 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll

08:41:36.0468 1064 C:\WINDOWS\system32\wuauserv.dll - ok

08:41:36.0468 1064 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll

08:41:36.0468 1064 C:\WINDOWS\system32\dot3dlg.dll - ok

08:41:36.0484 1064 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll

08:41:36.0484 1064 C:\WINDOWS\system32\vga.dll - ok

08:41:36.0484 1064 [ 8985FCECE06A74017E23DDD093E34D4E ] C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll

08:41:36.0484 1064 C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll - ok

08:41:36.0484 1064 [ 6D280BC969218AE4A72180F907C32913 ] C:\WINDOWS\ehome\ehTrace.dll

08:41:36.0484 1064 C:\WINDOWS\ehome\ehTrace.dll - ok

08:41:36.0500 1064 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll

08:41:36.0500 1064 C:\WINDOWS\system32\lmhsvc.dll - ok

08:41:36.0500 1064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe

08:41:36.0500 1064 C:\WINDOWS\system32\lsass.exe - ok

08:41:36.0500 1064 [ D25C03D04159D462D69F294BA7142BDB ] C:\WINDOWS\system32\msdmo.dll

08:41:36.0500 1064 C:\WINDOWS\system32\msdmo.dll - ok

08:41:36.0500 1064 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe

08:41:36.0500 1064 C:\WINDOWS\system32\svchost.exe - ok

08:41:36.0515 1064 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll

08:41:36.0515 1064 C:\WINDOWS\system32\version.dll - ok

08:41:36.0515 1064 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll

08:41:36.0515 1064 C:\WINDOWS\system32\dimsntfy.dll - ok

08:41:36.0515 1064 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll

08:41:36.0515 1064 C:\WINDOWS\system32\nddeapi.dll - ok

08:41:36.0531 1064 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll

08:41:36.0531 1064 C:\WINDOWS\system32\normaliz.dll - ok

08:41:36.0531 1064 [ D8361BEAB7109AB8B069F7F5028E37B1 ] C:\WINDOWS\system32\olesvr32.dll

08:41:36.0531 1064 C:\WINDOWS\system32\olesvr32.dll - ok

08:41:36.0531 1064 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll

08:41:36.0531 1064 C:\WINDOWS\system32\winrnr.dll - ok

08:41:36.0531 1064 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll

08:41:36.0531 1064 C:\WINDOWS\system32\ws2help.dll - ok

08:41:36.0546 1064 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll

08:41:36.0546 1064 C:\WINDOWS\system32\wshtcpip.dll - ok

08:41:36.0546 1064 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll

08:41:36.0546 1064 C:\WINDOWS\system32\wtsapi32.dll - ok

08:41:36.0546 1064 [ 6C63DC384A15E2AFD4A860031EF40267 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll

08:41:36.0546 1064 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok

08:41:36.0562 1064 [ 81E9041DAC0983AACE5C8920AF73D64E ] C:\Program Files\Common Files\System\msadc\msadcer.dll

08:41:36.0562 1064 C:\Program Files\Common Files\System\msadc\msadcer.dll - ok

08:41:36.0562 1064 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll

08:41:36.0562 1064 C:\WINDOWS\system32\csrsrv.dll - ok

08:41:36.0562 1064 [ 99F59B3392AD68F08BB528791F5D880D ] C:\WINDOWS\system32\oleaccrc.dll

08:41:36.0562 1064 C:\WINDOWS\system32\oleaccrc.dll - ok

08:41:36.0578 1064 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll

08:41:36.0578 1064 C:\WINDOWS\system32\profmap.dll - ok

08:41:36.0578 1064 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll

08:41:36.0578 1064 C:\WINDOWS\system32\psapi.dll - ok

08:41:36.0578 1064 [ 7AC813E17BD960987C5DA788AF295361 ] C:\WINDOWS\ehome\ehdebug.dll

08:41:36.0578 1064 C:\WINDOWS\ehome\ehdebug.dll - ok

08:41:36.0578 1064 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll

08:41:36.0578 1064 C:\WINDOWS\system32\cfgmgr32.dll - ok

08:41:36.0593 1064 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll

08:41:36.0593 1064 C:\WINDOWS\system32\powrprof.dll - ok

08:41:36.0593 1064 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll

08:41:36.0593 1064 C:\WINDOWS\system32\seclogon.dll - ok

08:41:36.0593 1064 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll

08:41:36.0593 1064 C:\WINDOWS\system32\wbem\wbemprox.dll - ok

08:41:36.0609 1064 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll

08:41:36.0609 1064 C:\WINDOWS\system32\dmserver.dll - ok

08:41:36.0609 1064 [ 4C3E431C30F13918B2B624839C5851D4 ] C:\WINDOWS\system32\ialmrnt5.dll

08:41:36.0609 1064 C:\WINDOWS\system32\ialmrnt5.dll - ok

08:41:36.0609 1064 [ 86440EDFF27095E03741AEDC5752AA51 ] C:\WINDOWS\system32\olecnv32.dll

08:41:36.0609 1064 C:\WINDOWS\system32\olecnv32.dll - ok

08:41:36.0625 1064 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll

08:41:36.0625 1064 C:\WINDOWS\system32\wsock32.dll - ok

08:41:36.0625 1064 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll

08:41:36.0625 1064 C:\WINDOWS\system32\dot3api.dll - ok

08:41:36.0625 1064 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll

08:41:36.0625 1064 C:\WINDOWS\system32\ersvc.dll - ok

08:41:36.0625 1064 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll

08:41:36.0625 1064 C:\WINDOWS\system32\hidserv.dll - ok

08:41:36.0640 1064 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll

08:41:36.0640 1064 C:\WINDOWS\system32\cryptdll.dll - ok

08:41:36.0640 1064 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll

08:41:36.0640 1064 C:\WINDOWS\system32\eapolqec.dll - ok

08:41:36.0640 1064 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll

08:41:36.0640 1064 C:\WINDOWS\system32\hid.dll - ok

08:41:36.0656 1064 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll

08:41:36.0656 1064 C:\WINDOWS\system32\ncobjapi.dll - ok

08:41:36.0656 1064 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll

08:41:36.0656 1064 C:\WINDOWS\system32\odbcbcp.dll - ok

08:41:36.0656 1064 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll

08:41:36.0656 1064 C:\WINDOWS\system32\shfolder.dll - ok

08:41:36.0656 1064 [ 53A6FFB9FFF5C3E64B64E9B68C31D4E5 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll

08:41:36.0656 1064 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok

08:41:36.0671 1064 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll

08:41:36.0671 1064 C:\WINDOWS\AppPatch\acadproc.dll - ok

08:41:36.0671 1064 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

08:41:36.0671 1064 C:\WINDOWS\system32\basesrv.dll - ok

08:41:36.0671 1064 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll

08:41:36.0671 1064 C:\WINDOWS\system32\regapi.dll - ok

08:41:36.0687 1064 [ FA1B9CAE64B23C950DA3D96ABBF23BD0 ] C:\WINDOWS\system32\olecli32.dll

08:41:36.0687 1064 C:\WINDOWS\system32\olecli32.dll - ok

08:41:36.0687 1064 [ AE9543F20FCC1E7BCAA13051CC076147 ] C:\WINDOWS\system32\olethk32.dll

08:41:36.0687 1064 C:\WINDOWS\system32\olethk32.dll - ok

08:41:36.0687 1064 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll

08:41:36.0687 1064 C:\WINDOWS\system32\secur32.dll - ok

08:41:36.0703 1064 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll

08:41:36.0703 1064 C:\WINDOWS\system32\apphelp.dll - ok

08:41:36.0703 1064 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll

08:41:36.0703 1064 C:\WINDOWS\system32\authz.dll - ok

08:41:36.0703 1064 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll

08:41:36.0703 1064 C:\WINDOWS\system32\mpr.dll - ok

08:41:36.0703 1064 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll

08:41:36.0703 1064 C:\WINDOWS\system32\msasn1.dll - ok

08:41:36.0718 1064 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll

08:41:36.0718 1064 C:\WINDOWS\system32\winsta.dll - ok

08:41:36.0718 1064 [ F401929EE0CC92BFE7F15161CA535383 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

08:41:36.0718 1064 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok

08:41:36.0718 1064 [ 3550DFA6FFFBD7604DABB28DF4ABF096 ] C:\WINDOWS\ehome\custsat.dll

08:41:36.0718 1064 C:\WINDOWS\ehome\custsat.dll - ok

08:41:36.0734 1064 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll

08:41:36.0734 1064 C:\WINDOWS\system32\dnsrslvr.dll - ok

08:41:36.0734 1064 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll

08:41:36.0734 1064 C:\WINDOWS\system32\msprivs.dll - ok

08:41:36.0734 1064 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll

08:41:36.0734 1064 C:\WINDOWS\system32\msvcrt40.dll - ok

08:41:36.0734 1064 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll

08:41:36.0734 1064 C:\WINDOWS\system32\winipsec.dll - ok

08:41:36.0750 1064 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll

08:41:36.0750 1064 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok

08:41:36.0750 1064 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll

08:41:36.0750 1064 C:\WINDOWS\system32\ntdsapi.dll - ok

08:41:36.0750 1064 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll

08:41:36.0750 1064 C:\WINDOWS\system32\perfdisk.dll - ok

08:41:36.0765 1064 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll

08:41:36.0765 1064 C:\WINDOWS\system32\perfos.dll - ok

08:41:36.0765 1064 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll

08:41:36.0765 1064 C:\WINDOWS\system32\pstorsvc.dll - ok

08:41:36.0765 1064 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll

08:41:36.0765 1064 C:\WINDOWS\system32\rtutils.dll - ok

08:41:36.0765 1064 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll

08:41:36.0765 1064 C:\WINDOWS\system32\shimeng.dll - ok

08:41:36.0781 1064 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll

08:41:36.0781 1064 C:\WINDOWS\system32\ws2_32.dll - ok

08:41:36.0781 1064 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll

08:41:36.0781 1064 C:\WINDOWS\system32\audiosrv.dll - ok

08:41:36.0781 1064 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll

08:41:36.0781 1064 C:\WINDOWS\system32\mspatcha.dll - ok

08:41:36.0796 1064 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll

08:41:36.0796 1064 C:\WINDOWS\system32\wdigest.dll - ok

08:41:36.0796 1064 [ 566382CA5F2C41FEAEEEFAC908F1EB92 ] C:\WINDOWS\system32\xmlprovi.dll

08:41:36.0796 1064 C:\WINDOWS\system32\xmlprovi.dll - ok

08:41:36.0796 1064 [ 15530639789C990827E594344EACC465 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll

08:41:36.0796 1064 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok

Link to post
Share on other sites

tdsskiller log 2 of 2

08:41:36.0812 1064 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll

08:41:36.0812 1064 C:\WINDOWS\system32\eventlog.dll - ok

08:41:36.0812 1064 [ A70E25C193FE92936665617D3B4973D6 ] C:\WINDOWS\system32\ialmdnt5.dll

08:41:36.0812 1064 C:\WINDOWS\system32\ialmdnt5.dll - ok

08:41:36.0812 1064 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll

08:41:36.0812 1064 C:\WINDOWS\system32\odbcint.dll - ok

08:41:36.0812 1064 [ 5CE275CDC5FFB77B1EC29DBDFE4B6689 ] C:\WINDOWS\system32\odbcji32.dll

08:41:36.0812 1064 C:\WINDOWS\system32\odbcji32.dll - ok

08:41:36.0828 1064 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll

08:41:36.0828 1064 C:\WINDOWS\system32\samlib.dll - ok

08:41:36.0828 1064 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll

08:41:36.0828 1064 C:\WINDOWS\system32\wzcsapi.dll - ok

08:41:36.0828 1064 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll

08:41:36.0828 1064 C:\WINDOWS\system32\eappprxy.dll - ok

08:41:36.0843 1064 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll

08:41:36.0843 1064 C:\WINDOWS\system32\msacm32.dll - ok

08:41:36.0843 1064 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll

08:41:36.0843 1064 C:\WINDOWS\system32\sens.dll - ok

08:41:36.0843 1064 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll

08:41:36.0843 1064 C:\WINDOWS\system32\ssdpapi.dll - ok

08:41:36.0859 1064 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll

08:41:36.0859 1064 C:\WINDOWS\system32\digest.dll - ok

08:41:36.0859 1064 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll

08:41:36.0859 1064 C:\WINDOWS\system32\imm32.dll - ok

08:41:36.0859 1064 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll

08:41:36.0859 1064 C:\WINDOWS\system32\msapsspc.dll - ok

08:41:36.0859 1064 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll

08:41:36.0859 1064 C:\WINDOWS\system32\wldap32.dll - ok

08:41:36.0875 1064 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll

08:41:36.0875 1064 C:\WINDOWS\system32\shsvcs.dll - ok

08:41:36.0875 1064 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll

08:41:36.0875 1064 C:\WINDOWS\system32\clusapi.dll - ok

08:41:36.0875 1064 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll

08:41:36.0875 1064 C:\WINDOWS\system32\colbact.dll - ok

08:41:36.0890 1064 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll

08:41:36.0890 1064 C:\WINDOWS\system32\iphlpapi.dll - ok

08:41:36.0890 1064 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll

08:41:36.0890 1064 C:\WINDOWS\system32\resutils.dll - ok

08:41:36.0890 1064 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

08:41:36.0890 1064 C:\WINDOWS\system32\services.exe - ok

08:41:36.0906 1064 [ F86A2C7C279C746D5C5E06941ED4C337 ] C:\Program Files\Common Files\System\Ole DB\oledb32r.dll

08:41:36.0906 1064 C:\Program Files\Common Files\System\Ole DB\oledb32r.dll - ok

08:41:36.0906 1064 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll

08:41:36.0906 1064 C:\WINDOWS\system32\comdlg32.dll - ok

08:41:36.0906 1064 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll

08:41:36.0906 1064 C:\WINDOWS\system32\shlwapi.dll - ok

08:41:36.0921 1064 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll

08:41:36.0921 1064 C:\WINDOWS\system32\wups.dll - ok

08:41:36.0921 1064 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll

08:41:36.0921 1064 C:\WINDOWS\system32\umpnpmgr.dll - ok

08:41:36.0921 1064 [ 0D14F07B29FBF0D750AA2495DD72B968 ] C:\WINDOWS\system32\msjter40.dll

08:41:36.0921 1064 C:\WINDOWS\system32\msjter40.dll - ok

08:41:36.0921 1064 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll

08:41:36.0921 1064 C:\WINDOWS\system32\shgina.dll - ok

08:41:36.0937 1064 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll

08:41:36.0937 1064 C:\WINDOWS\system32\winscard.dll - ok

08:41:36.0937 1064 [ 045DF7AE14CAAED71338916D6FB66812 ] C:\WINDOWS\system32\wow32.dll

08:41:36.0937 1064 C:\WINDOWS\system32\wow32.dll - ok

08:41:36.0937 1064 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll

08:41:36.0937 1064 C:\WINDOWS\system32\gdi32.dll - ok

08:41:36.0953 1064 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll

08:41:36.0953 1064 C:\WINDOWS\system32\mtxclu.dll - ok

08:41:36.0953 1064 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll

08:41:36.0953 1064 C:\WINDOWS\system32\atl.dll - ok

08:41:36.0953 1064 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll

08:41:36.0953 1064 C:\WINDOWS\system32\sfc_os.dll - ok

08:41:36.0953 1064 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll

08:41:36.0953 1064 C:\WINDOWS\system32\user32.dll - ok

08:41:36.0968 1064 [ D3F8D22ED63CDBB7F535AA4A914296C4 ] C:\WINDOWS\system32\ialmdev5.dll

08:41:36.0968 1064 C:\WINDOWS\system32\ialmdev5.dll - ok

08:41:36.0968 1064 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll

08:41:36.0968 1064 C:\WINDOWS\system32\rasman.dll - ok

08:41:36.0968 1064 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll

08:41:36.0968 1064 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok

08:41:36.0984 1064 [ 3BDE52411DF2FE4252C9289F51CB0F7E ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll

08:41:36.0984 1064 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok

08:41:36.0984 1064 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll

08:41:36.0984 1064 C:\WINDOWS\system32\dnsapi.dll - ok

08:41:36.0984 1064 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll

08:41:36.0984 1064 C:\WINDOWS\system32\ntmarta.dll - ok

08:41:37.0000 1064 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll

08:41:37.0000 1064 C:\WINDOWS\system32\kernel32.dll - ok

08:41:37.0000 1064 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll

08:41:37.0000 1064 C:\WINDOWS\system32\wbem\ncprov.dll - ok

08:41:37.0000 1064 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll

08:41:37.0000 1064 C:\WINDOWS\system32\wups2.dll - ok

08:41:37.0000 1064 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll

08:41:37.0000 1064 C:\WINDOWS\system32\cscdll.dll - ok

08:41:37.0015 1064 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll

08:41:37.0015 1064 C:\WINDOWS\system32\msvcrt.dll - ok

08:41:37.0015 1064 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll

08:41:37.0015 1064 C:\Program Files\Bonjour\mdnsNSP.dll - ok

08:41:37.0015 1064 [ AA5E22854F56C68148EB3345DBD62970 ] C:\WINDOWS\system32\devenum.dll

08:41:37.0015 1064 C:\WINDOWS\system32\devenum.dll - ok

08:41:37.0015 1064 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll

08:41:37.0015 1064 C:\WINDOWS\system32\regsvc.dll - ok

08:41:37.0031 1064 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll

08:41:37.0031 1064 C:\WINDOWS\system32\cabinet.dll - ok

08:41:37.0031 1064 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll

08:41:37.0031 1064 C:\WINDOWS\system32\msv1_0.dll - ok

08:41:37.0031 1064 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll

08:41:37.0031 1064 C:\WINDOWS\system32\cryptsvc.dll - ok

08:41:37.0046 1064 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll

08:41:37.0046 1064 C:\WINDOWS\system32\qutil.dll - ok

08:41:37.0046 1064 [ 008DF0C9D81BD814480DD9C052893E8C ] C:\WINDOWS\ehome\ehRec.exe

08:41:37.0046 1064 C:\WINDOWS\ehome\ehRec.exe - ok

08:41:37.0046 1064 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll

08:41:37.0046 1064 C:\WINDOWS\system32\comctl32.dll - ok

08:41:37.0062 1064 [ B0D081E7CD1D60CF63317ADC6E8535C7 ] C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll

08:41:37.0062 1064 C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll - ok

08:41:37.0062 1064 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll

08:41:37.0062 1064 C:\WINDOWS\system32\odbc32.dll - ok

08:41:37.0062 1064 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll

08:41:37.0062 1064 C:\WINDOWS\system32\wlnotify.dll - ok

08:41:37.0062 1064 [ B47AEE3FE8D6036B1F7B04C2417D639C ] C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll

08:41:37.0062 1064 C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll - ok

08:41:37.0078 1064 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll

08:41:37.0078 1064 C:\WINDOWS\system32\webclnt.dll - ok

08:41:37.0078 1064 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe

08:41:37.0078 1064 C:\WINDOWS\system32\wuauclt.exe - ok

08:41:37.0078 1064 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll

08:41:37.0078 1064 C:\WINDOWS\system32\advapi32.dll - ok

08:41:37.0093 1064 [ 73BAFFA0B02320690CDC606241078CE4 ] C:\Program Files\Common Files\System\Ole DB\msdatl3.dll

08:41:37.0093 1064 C:\Program Files\Common Files\System\Ole DB\msdatl3.dll - ok

08:41:37.0093 1064 [ EA08C74D9BE05E53D3C92456413AA656 ] C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll

08:41:37.0093 1064 C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll - ok

08:41:37.0093 1064 [ 128DD9AF8640DBCC711940903C8B554F ] C:\WINDOWS\system32\mscoree.dll

08:41:37.0093 1064 C:\WINDOWS\system32\mscoree.dll - ok

08:41:37.0109 1064 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll

08:41:37.0109 1064 C:\WINDOWS\system32\uxtheme.dll - ok

08:41:37.0109 1064 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll

08:41:37.0109 1064 C:\WINDOWS\system32\winmm.dll - ok

08:41:37.0109 1064 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll

08:41:37.0109 1064 C:\WINDOWS\system32\mprapi.dll - ok

08:41:37.0109 1064 [ 681B807E53BDADA337735C28C0E48A1B ] C:\WINDOWS\system32\ntvdm.exe

08:41:37.0109 1064 C:\WINDOWS\system32\ntvdm.exe - ok

08:41:37.0125 1064 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll

08:41:37.0125 1064 C:\WINDOWS\system32\raschap.dll - ok

08:41:37.0125 1064 [ 2C288AA87E4723AC9FF4D76A192EC3F8 ] C:\WINDOWS\system32\odbccp32.dll

08:41:37.0125 1064 C:\WINDOWS\system32\odbccp32.dll - ok

08:41:37.0125 1064 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll

08:41:37.0125 1064 C:\WINDOWS\system32\oledlg.dll - ok

08:41:37.0140 1064 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\WINDOWS\system32\dnssd.dll

08:41:37.0140 1064 C:\WINDOWS\system32\dnssd.dll - ok

08:41:37.0140 1064 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll

08:41:37.0140 1064 C:\WINDOWS\system32\rpcrt4.dll - ok

08:41:37.0140 1064 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe

08:41:37.0140 1064 C:\WINDOWS\system32\winlogon.exe - ok

08:41:37.0156 1064 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe

08:41:37.0156 1064 C:\WINDOWS\system32\spoolsv.exe - ok

08:41:37.0156 1064 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll

08:41:37.0156 1064 C:\WINDOWS\system32\sfcfiles.dll - ok

08:41:37.0156 1064 [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

08:41:37.0156 1064 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok

08:41:37.0156 1064 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll

08:41:37.0156 1064 C:\WINDOWS\system32\ssdpsrv.dll - ok

08:41:37.0171 1064 [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll

08:41:37.0171 1064 C:\WINDOWS\system32\faultrep.dll - ok

08:41:37.0171 1064 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll

08:41:37.0171 1064 C:\WINDOWS\system32\userenv.dll - ok

08:41:37.0171 1064 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll

08:41:37.0171 1064 C:\WINDOWS\system32\mscms.dll - ok

08:41:37.0187 1064 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll

08:41:37.0187 1064 C:\WINDOWS\system32\scesrv.dll - ok

08:41:37.0187 1064 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll

08:41:37.0187 1064 C:\WINDOWS\system32\w32time.dll - ok

08:41:37.0187 1064 [ BA02F01BE7ED88E8974C798ACB3075F5 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

08:41:37.0187 1064 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok

08:41:37.0203 1064 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll

08:41:37.0203 1064 C:\WINDOWS\system32\dhcpcsvc.dll - ok

08:41:37.0203 1064 [ 01F0CBEB457CAE7EF0CA52C7CCA5B0E8 ] C:\WINDOWS\system32\msdart.dll

08:41:37.0203 1064 C:\WINDOWS\system32\msdart.dll - ok

08:41:37.0203 1064 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll

08:41:37.0203 1064 C:\WINDOWS\system32\schannel.dll - ok

08:41:37.0203 1064 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll

08:41:37.0203 1064 C:\WINDOWS\system32\srvsvc.dll - ok

08:41:37.0218 1064 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll

08:41:37.0218 1064 C:\WINDOWS\system32\psbase.dll - ok

08:41:37.0218 1064 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll

08:41:37.0218 1064 C:\WINDOWS\system32\wscsvc.dll - ok

08:41:37.0218 1064 [ 7E2B58CE8C4013287371667880B1080D ] C:\WINDOWS\system32\msjint40.dll

08:41:37.0218 1064 C:\WINDOWS\system32\msjint40.dll - ok

08:41:37.0234 1064 [ 3B7D8EAE5E44CBDA4CD772720594F116 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

08:41:37.0234 1064 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok

08:41:37.0234 1064 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll

08:41:37.0234 1064 C:\WINDOWS\system32\browser.dll - ok

08:41:37.0234 1064 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll

08:41:37.0234 1064 C:\WINDOWS\system32\msvcp60.dll - ok

08:41:37.0234 1064 [ A53243709439AC2A4C216B817F8D7411 ] C:\WINDOWS\ehome\ehSched.exe

08:41:37.0234 1064 C:\WINDOWS\ehome\ehSched.exe - ok

08:41:37.0250 1064 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll

08:41:37.0250 1064 C:\WINDOWS\system32\wkssvc.dll - ok

08:41:37.0250 1064 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll

08:41:37.0250 1064 C:\WINDOWS\system32\rastls.dll - ok

08:41:37.0250 1064 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll

08:41:37.0250 1064 C:\WINDOWS\system32\trkwks.dll - ok

08:41:37.0265 1064 [ CF9EEA7F51101A281B99FCA7AFFA2524 ] C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll

08:41:37.0265 1064 C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll - ok

08:41:37.0265 1064 [ 576FF75D51B79536C3AE7659B482B7D5 ] C:\WINDOWS\ehome\bdatunepia.dll

08:41:37.0265 1064 C:\WINDOWS\ehome\bdatunepia.dll - ok

08:41:37.0265 1064 [ DF0A511F38F16016BF658FCA0090CB87 ] C:\WINDOWS\ehome\mcrdsvc.exe

08:41:37.0265 1064 C:\WINDOWS\ehome\mcrdsvc.exe - ok

08:41:37.0265 1064 [ 515383A387685564CA99542739D48E55 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

08:41:37.0265 1064 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - ok

08:41:37.0281 1064 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll

08:41:37.0281 1064 C:\WINDOWS\system32\atmfd.dll - ok

08:41:37.0281 1064 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll

08:41:37.0281 1064 C:\WINDOWS\system32\msnsspc.dll - ok

08:41:37.0281 1064 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll

08:41:37.0281 1064 C:\WINDOWS\system32\samsrv.dll - ok

08:41:37.0296 1064 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll

08:41:37.0296 1064 C:\WINDOWS\system32\rsaenh.dll - ok

08:41:37.0296 1064 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll

08:41:37.0296 1064 C:\WINDOWS\system32\wbem\wmiutils.dll - ok

08:41:37.0296 1064 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

08:41:37.0296 1064 C:\WINDOWS\system32\winsrv.dll - ok

08:41:37.0312 1064 [ 0F0F5B564C5A3C9B38A6220230252567 ] C:\WINDOWS\ehome\ehProxy.dll

08:41:37.0312 1064 C:\WINDOWS\ehome\ehProxy.dll - ok

08:41:37.0312 1064 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll

08:41:37.0312 1064 C:\WINDOWS\system32\adsldpc.dll - ok

08:41:37.0312 1064 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll

08:41:37.0312 1064 C:\WINDOWS\system32\scecli.dll - ok

08:41:37.0328 1064 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll

08:41:37.0328 1064 C:\WINDOWS\system32\eappcfg.dll - ok

08:41:37.0328 1064 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll

08:41:37.0328 1064 C:\WINDOWS\system32\imagehlp.dll - ok

08:41:37.0328 1064 [ DA45AD502B4F2B7FC4ADEBA2E309F384 ] C:\WINDOWS\system32\netevent.dll

08:41:37.0328 1064 C:\WINDOWS\system32\netevent.dll - ok

08:41:37.0328 1064 [ ECAF48B8262DCEFCC605FABCBB15B6EF ] C:\WINDOWS\system32\ialmdd5.dll

08:41:37.0328 1064 C:\WINDOWS\system32\ialmdd5.dll - ok

08:41:37.0343 1064 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll

08:41:37.0343 1064 C:\WINDOWS\system32\setupapi.dll - ok

08:41:37.0343 1064 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll

08:41:37.0343 1064 C:\WINDOWS\system32\tapi32.dll - ok

08:41:37.0343 1064 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll

08:41:37.0343 1064 C:\WINDOWS\system32\msgina.dll - ok

08:41:37.0359 1064 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll

08:41:37.0359 1064 C:\WINDOWS\system32\sxs.dll - ok

08:41:37.0359 1064 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

08:41:37.0359 1064 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok

08:41:37.0359 1064 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll

08:41:37.0359 1064 C:\WINDOWS\system32\kerberos.dll - ok

08:41:37.0375 1064 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll

08:41:37.0375 1064 C:\WINDOWS\system32\lsasrv.dll - ok

08:41:37.0375 1064 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll

08:41:37.0375 1064 C:\WINDOWS\system32\netlogon.dll - ok

08:41:37.0375 1064 [ 0967D9749326622FA8FDE688CA126736 ] C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll

08:41:37.0375 1064 C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll - ok

08:41:37.0390 1064 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll

08:41:37.0390 1064 C:\WINDOWS\system32\dssenh.dll - ok

08:41:37.0390 1064 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll

08:41:37.0390 1064 C:\WINDOWS\system32\msctf.dll - ok

08:41:37.0390 1064 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll

08:41:37.0390 1064 C:\WINDOWS\system32\rpcss.dll - ok

08:41:37.0390 1064 [ 691B9B7C0CC1653732717D292D6B305D ] C:\Program Files\Java\jre6\bin\jqs.exe

08:41:37.0390 1064 C:\Program Files\Java\jre6\bin\jqs.exe - ok

08:41:37.0406 1064 [ EA9BCAC060FF4E0947B78DF7EA8AA6CE ] C:\WINDOWS\system32\url.dll

08:41:37.0406 1064 C:\WINDOWS\system32\url.dll - ok

08:41:37.0406 1064 [ 32D78DCABFB942275E01363D5232C77D ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll

08:41:37.0406 1064 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok

08:41:37.0406 1064 [ 576FF75D51B79536C3AE7659B482B7D5 ] C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll

08:41:37.0406 1064 C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll - ok

08:41:37.0421 1064 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll

08:41:37.0421 1064 C:\WINDOWS\system32\mswsock.dll - ok

08:41:37.0421 1064 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll

08:41:37.0421 1064 C:\WINDOWS\system32\oleaut32.dll - ok

08:41:37.0421 1064 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll

08:41:37.0421 1064 C:\WINDOWS\system32\hnetcfg.dll - ok

08:41:37.0437 1064 [ 13085FDD224995130B0A92E7E697F149 ] C:\Program Files\Intel\Wireless\Bin\DbEngine.dll

08:41:37.0437 1064 C:\Program Files\Intel\Wireless\Bin\DbEngine.dll - ok

08:41:37.0437 1064 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll

08:41:37.0437 1064 C:\WINDOWS\system32\duser.dll - ok

08:41:37.0437 1064 [ 17063190E94407460CC520F88BDA0041 ] C:\WINDOWS\system32\winbrand.dll

08:41:37.0437 1064 C:\WINDOWS\system32\winbrand.dll - ok

08:41:37.0437 1064 [ 4C6FA3FD55087B7C35707068723A1710 ] C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

08:41:37.0437 1064 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - ok

08:41:37.0453 1064 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe

08:41:37.0453 1064 C:\WINDOWS\system32\logonui.exe - ok

08:41:37.0453 1064 [ BBF5780BEB99A84DE110DCF51C047420 ] C:\Program Files\Intel\Wireless\Bin\IntStngs.dll

08:41:37.0453 1064 C:\Program Files\Intel\Wireless\Bin\IntStngs.dll - ok

08:41:37.0453 1064 [ 03D99216594CA1061CC3E197EF7BEAC7 ] C:\Program Files\Intel\Wireless\Bin\TraceAPI.dll

08:41:37.0453 1064 C:\Program Files\Intel\Wireless\Bin\TraceAPI.dll - ok

08:41:37.0468 1064 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll

08:41:37.0468 1064 C:\WINDOWS\system32\credui.dll - ok

08:41:37.0468 1064 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll

08:41:37.0468 1064 C:\WINDOWS\AppPatch\acgenral.dll - ok

08:41:37.0468 1064 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll

08:41:37.0468 1064 C:\WINDOWS\system32\activeds.dll - ok

08:41:37.0468 1064 [ 1ED4C96EC76C3DDFCABD7644DA23F4B6 ] C:\Program Files\Common Files\System\Ole DB\msdasql.dll

08:41:37.0468 1064 C:\Program Files\Common Files\System\Ole DB\msdasql.dll - ok

08:41:37.0484 1064 [ 1B05DCC75FBB903A17E3E0DDAEA8D508 ] C:\WINDOWS\system32\odbcjt32.dll

08:41:37.0484 1064 C:\WINDOWS\system32\odbcjt32.dll - ok

08:41:37.0484 1064 [ 9FD027A1F15521052F648A0DD282B298 ] C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll

08:41:37.0484 1064 C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll - ok

08:41:37.0484 1064 [ 8880769B9F88918E27F8E7332AA1AA01 ] C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

08:41:37.0484 1064 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe - ok

08:41:37.0500 1064 [ FC2E10BD1E84408AEFE7F52A5B574D4D ] C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll

08:41:37.0500 1064 C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll - ok

08:41:37.0500 1064 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll

08:41:37.0500 1064 C:\WINDOWS\system32\schedsvc.dll - ok

08:41:37.0500 1064 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll

08:41:37.0500 1064 C:\WINDOWS\system32\clbcatq.dll - ok

08:41:37.0500 1064 [ 142CEDECAE89E372EE347681C3FBB257 ] C:\Program Files\Common Files\System\msadc\msadce.dll

08:41:37.0500 1064 C:\Program Files\Common Files\System\msadc\msadce.dll - ok

08:41:37.0515 1064 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll

08:41:37.0515 1064 C:\WINDOWS\system32\xpsp2res.dll - ok

08:41:37.0515 1064 [ 4BD5F133FD7DE5C508B313B73C74AB87 ] C:\Program Files\Intel\Wireless\Bin\MurocApi.dll

08:41:37.0515 1064 C:\Program Files\Intel\Wireless\Bin\MurocApi.dll - ok

08:41:37.0515 1064 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll

08:41:37.0515 1064 C:\WINDOWS\system32\oleacc.dll - ok

08:41:37.0531 1064 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll

08:41:37.0531 1064 C:\WINDOWS\system32\netmsg.dll - ok

08:41:37.0531 1064 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll

08:41:37.0531 1064 C:\WINDOWS\system32\onex.dll - ok

08:41:37.0531 1064 [ AFF2E23E4E867140F07ABADC9E29ACDC ] C:\Program Files\AVG\AVG2012\avgopensslx.dll

08:41:37.0531 1064 C:\Program Files\AVG\AVG2012\avgopensslx.dll - ok

08:41:37.0546 1064 [ 11ADD8816D61A6025844EB5123EC92D3 ] C:\Program Files\Intel\Wireless\Bin\Libeay32.dll

08:41:37.0546 1064 C:\Program Files\Intel\Wireless\Bin\Libeay32.dll - ok

08:41:37.0546 1064 [ 2F67C092A56F2814BE4C75EDE8D1E176 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll

08:41:37.0546 1064 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll - ok

08:41:37.0546 1064 [ DC095DB6D468CB5B653E05F865487E57 ] C:\Program Files\Common Files\System\Ole DB\oledb32.dll

08:41:37.0546 1064 C:\Program Files\Common Files\System\Ole DB\oledb32.dll - ok

08:41:37.0546 1064 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll

08:41:37.0546 1064 C:\WINDOWS\system32\wbem\wmisvc.dll - ok

08:41:37.0562 1064 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll

08:41:37.0562 1064 C:\WINDOWS\system32\certcli.dll - ok

08:41:37.0562 1064 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll

08:41:37.0562 1064 C:\WINDOWS\system32\rasapi32.dll - ok

08:41:37.0562 1064 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll

08:41:37.0562 1064 C:\WINDOWS\system32\srsvc.dll - ok

08:41:37.0578 1064 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll

08:41:37.0578 1064 C:\WINDOWS\system32\comres.dll - ok

08:41:37.0578 1064 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll

08:41:37.0578 1064 C:\WINDOWS\system32\ipsecsvc.dll - ok

08:41:37.0578 1064 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll

08:41:37.0578 1064 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok

08:41:37.0593 1064 [ 131D50F081D2E29EBD1365B21F6B9736 ] C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

08:41:37.0593 1064 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - ok

08:41:37.0593 1064 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll

08:41:37.0593 1064 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok

08:41:37.0593 1064 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll

08:41:37.0593 1064 C:\WINDOWS\system32\netcfgx.dll - ok

08:41:37.0593 1064 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll

08:41:37.0593 1064 C:\WINDOWS\system32\comsvcs.dll - ok

08:41:37.0609 1064 [ 9E70016C950B1F8FDEAA6F067E2E25A8 ] C:\WINDOWS\system32\msjet40.dll

08:41:37.0609 1064 C:\WINDOWS\system32\msjet40.dll - ok

08:41:37.0609 1064 [ 7AE10F954A5AEA3BA8422413B05361A9 ] C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll

08:41:37.0609 1064 C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll - ok

08:41:37.0609 1064 [ AFDC647D16B285B9AE6140335B3B3255 ] C:\WINDOWS\system32\mswstr10.dll

08:41:37.0609 1064 C:\WINDOWS\system32\mswstr10.dll - ok

08:41:37.0625 1064 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll

08:41:37.0625 1064 C:\WINDOWS\system32\riched20.dll - ok

08:41:37.0625 1064 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll

08:41:37.0625 1064 C:\WINDOWS\system32\wzcsvc.dll - ok

08:41:37.0625 1064 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll

08:41:37.0625 1064 C:\WINDOWS\system32\esent.dll - ok

08:41:37.0625 1064 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll

08:41:37.0625 1064 C:\WINDOWS\system32\cryptui.dll - ok

08:41:37.0640 1064 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll

08:41:37.0640 1064 C:\WINDOWS\system32\netman.dll - ok

08:41:37.0640 1064 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe

08:41:37.0640 1064 C:\Program Files\Bonjour\mDNSResponder.exe - ok

08:41:37.0640 1064 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll

08:41:37.0640 1064 C:\WINDOWS\system32\mlang.dll - ok

08:41:37.0656 1064 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] C:\WINDOWS\ehome\ehrecvr.exe

08:41:37.0656 1064 C:\WINDOWS\ehome\ehrecvr.exe - ok

08:41:37.0656 1064 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll

08:41:37.0656 1064 C:\WINDOWS\system32\es.dll - ok

08:41:37.0656 1064 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll

08:41:37.0656 1064 C:\WINDOWS\system32\wbem\esscli.dll - ok

08:41:37.0671 1064 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll

08:41:37.0671 1064 C:\WINDOWS\system32\wintrust.dll - ok

08:41:37.0671 1064 [ 30D9CFDDDE206082A5A3CF71AAB6C9C3 ] C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

08:41:37.0671 1064 C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - ok

08:41:37.0671 1064 [ 926AFC4848FF3297BB264333BF51E21F ] C:\WINDOWS\system32\sbe.dll

08:41:37.0671 1064 C:\WINDOWS\system32\sbe.dll - ok

08:41:37.0671 1064 [ EA1145DEBCD508FD25BD1E95C4346929 ] C:\Program Files\AVG\AVG2012\avgwdsvc.exe

08:41:37.0671 1064 C:\Program Files\AVG\AVG2012\avgwdsvc.exe - ok

08:41:37.0687 1064 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll

08:41:37.0687 1064 C:\WINDOWS\system32\pdh.dll - ok

08:41:37.0687 1064 [ 7C87A5FB95777E4132B11FC3D92CAAF5 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll

08:41:37.0687 1064 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll - ok

08:41:37.0687 1064 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll

08:41:37.0687 1064 C:\WINDOWS\system32\netapi32.dll - ok

08:41:37.0703 1064 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll

08:41:37.0703 1064 C:\WINDOWS\system32\oakley.dll - ok

08:41:37.0703 1064 [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll

08:41:37.0703 1064 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok

08:41:37.0703 1064 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll

08:41:37.0703 1064 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll - ok

08:41:37.0718 1064 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll

08:41:37.0718 1064 C:\WINDOWS\system32\wbem\wbemess.dll - ok

08:41:37.0718 1064 [ 60732ECEC8AEF0A05FE36E661AA1C99C ] C:\PROGRA~1\AVG\AVG2012\avgclitx.dll

08:41:37.0718 1064 C:\PROGRA~1\AVG\AVG2012\avgclitx.dll - ok

08:41:37.0718 1064 [ 8AC155995F5D10FC0D3AD949A1A68075 ] C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

08:41:37.0718 1064 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - ok

08:41:37.0718 1064 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll

08:41:37.0718 1064 C:\WINDOWS\system32\msi.dll - ok

08:41:37.0734 1064 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll

08:41:37.0734 1064 C:\WINDOWS\system32\netshell.dll - ok

08:41:37.0734 1064 [ 73B44FE5423982B2709D6EA2F674B807 ] C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll

08:41:37.0734 1064 C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll - ok

08:41:37.0734 1064 [ B0BF87F9E247BB0621BCE59EB8CD113F ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll

08:41:37.0734 1064 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok

08:41:37.0750 1064 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll

08:41:37.0750 1064 C:\WINDOWS\system32\wiaservc.dll - ok

08:41:37.0750 1064 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll

08:41:37.0750 1064 C:\WINDOWS\system32\ipnathlp.dll - ok

08:41:37.0750 1064 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll

08:41:37.0750 1064 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok

08:41:37.0750 1064 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll

08:41:37.0750 1064 C:\WINDOWS\system32\winhttp.dll - ok

08:41:37.0765 1064 [ 8BA39E5F79366F45AF9759C1DAE346AE ] C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll

08:41:37.0765 1064 C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll - ok

08:41:37.0765 1064 [ B6335A2EFBF0B4B7D4080E8B933A9F9B ] C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll

08:41:37.0765 1064 C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll - ok

08:41:37.0765 1064 [ B642E645D7A790E0FA41E16C6C4234E6 ] C:\Program Files\AVG\AVG2012\avgwdwsc.dll

08:41:37.0765 1064 C:\Program Files\AVG\AVG2012\avgwdwsc.dll - ok

08:41:37.0781 1064 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll

08:41:37.0781 1064 C:\WINDOWS\system32\vssapi.dll - ok

08:41:37.0781 1064 [ 254CCDC043DFADC5D5EF99B533BB1DC2 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll

08:41:37.0781 1064 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll - ok

08:41:37.0781 1064 [ 855F6333E3A4DFC6F3C8B0520C261FCD ] C:\WINDOWS\system32\msftedit.dll

08:41:37.0781 1064 C:\WINDOWS\system32\msftedit.dll - ok

08:41:37.0781 1064 [ A5205B3AF85B1477AB2C2A1E12201598 ] C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll

08:41:37.0781 1064 C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll - ok

08:41:37.0796 1064 [ A5675206B80C4127BC687DCCA9A57212 ] C:\Program Files\AVG\AVG2012\avgntsqlitex.dll

08:41:37.0796 1064 C:\Program Files\AVG\AVG2012\avgntsqlitex.dll - ok

08:41:37.0796 1064 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll

08:41:37.0796 1064 C:\WINDOWS\system32\wbem\fastprox.dll - ok

08:41:37.0796 1064 [ 6F640DC052CF77161A23E29261593793 ] C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll

08:41:37.0796 1064 C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll - ok

08:41:37.0812 1064 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll

08:41:37.0812 1064 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok

08:41:37.0812 1064 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll

08:41:37.0812 1064 C:\WINDOWS\system32\wbem\wbemcore.dll - ok

08:41:37.0812 1064 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll

08:41:37.0812 1064 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok

08:41:37.0828 1064 [ 28BD81378C1D1B267E66827B628114DD ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

08:41:37.0828 1064 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - ok

08:41:37.0828 1064 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll

08:41:37.0828 1064 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok

08:41:37.0828 1064 [ 2133B82CD52F1B62CDEA633769819A60 ] C:\Program Files\Common Files\System\ado\msado15.dll

08:41:37.0828 1064 C:\Program Files\Common Files\System\ado\msado15.dll - ok

08:41:37.0828 1064 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll

08:41:37.0828 1064 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok

08:41:37.0843 1064 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll

08:41:37.0843 1064 C:\WINDOWS\system32\wuapi.dll - ok

08:41:37.0843 1064 [ 66946DE593185983B6D05F837D452262 ] C:\WINDOWS\ehome\ehui.dll

08:41:37.0843 1064 C:\WINDOWS\ehome\ehui.dll - ok

08:41:37.0843 1064 [ EB4A30EAC3B3C304EAC8A10970E3402E ] C:\Program Files\AVG\AVG2012\avgsched.dll

08:41:37.0843 1064 C:\Program Files\AVG\AVG2012\avgsched.dll - ok

08:41:37.0859 1064 [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll

08:41:37.0859 1064 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok

08:41:37.0859 1064 [ 73B44FE5423982B2709D6EA2F674B807 ] C:\WINDOWS\ehome\ehepg.dll

08:41:37.0859 1064 C:\WINDOWS\ehome\ehepg.dll - ok

08:41:37.0859 1064 [ 5B8D71AC2074550D78BC188A8888054F ] C:\Program Files\AVG\AVG2012\avgidpsdkx.dll

08:41:37.0859 1064 C:\Program Files\AVG\AVG2012\avgidpsdkx.dll - ok

08:41:37.0875 1064 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll

08:41:37.0875 1064 C:\Program Files\Java\jre6\bin\msvcr71.dll - ok

08:41:37.0875 1064 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll

08:41:37.0875 1064 C:\WINDOWS\system32\ole32.dll - ok

08:41:37.0875 1064 [ 67B539D844F804EBAC7A1E3828FDE709 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll

08:41:37.0875 1064 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok

08:41:37.0875 1064 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll

08:41:37.0875 1064 C:\WINDOWS\system32\crypt32.dll - ok

08:41:37.0890 1064 [ FF1C14BCA1A797CE45DD359FA2C9EDA8 ] C:\WINDOWS\system32\wininet.dll

08:41:37.0890 1064 C:\WINDOWS\system32\wininet.dll - ok

08:41:37.0890 1064 [ 9CE7E61E07EBD3CCF05055CC3FBC0C19 ] C:\Program Files\AVG\AVG2012\avgemcx.exe

08:41:37.0890 1064 C:\Program Files\AVG\AVG2012\avgemcx.exe - ok

08:41:37.0890 1064 [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll

08:41:37.0890 1064 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok

08:41:37.0906 1064 [ 73862FF693168369A90F046E7F227B83 ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

08:41:37.0906 1064 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok

08:41:37.0906 1064 [ 9371862D37E8F0AF21E4DEA95E867C39 ] C:\WINDOWS\system32\urlmon.dll

08:41:37.0906 1064 C:\WINDOWS\system32\urlmon.dll - ok

08:41:37.0906 1064 [ 34FFB6ABA2DA398BB33422E1E9275BA9 ] C:\WINDOWS\system32\quartz.dll

08:41:37.0906 1064 C:\WINDOWS\system32\quartz.dll - ok

08:41:37.0921 1064 [ 49FB9F4A7CE25B82B1E00C402783F5C5 ] C:\WINDOWS\system32\ntoskrnl.exe

08:41:37.0921 1064 C:\WINDOWS\system32\ntoskrnl.exe - ok

08:41:37.0921 1064 [ E2C78D19572AACC2062A00F01503807E ] C:\Program Files\AVG\AVG2012\avgcfgx.dll

08:41:37.0921 1064 C:\Program Files\AVG\AVG2012\avgcfgx.dll - ok

08:41:37.0921 1064 [ FAB5650F32677320A5056A9A540F36C9 ] C:\Program Files\AVG\AVG2012\avgnsx.exe

08:41:37.0921 1064 C:\Program Files\AVG\AVG2012\avgnsx.exe - ok

08:41:37.0921 1064 [ 52ABC8C57DFEE5A7AAA210CE2E9DFE73 ] C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll

08:41:37.0921 1064 C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll - ok

08:41:37.0937 1064 [ E325BCDBB6DED6C89F679B8AE89E975C ] C:\WINDOWS\system32\msvidctl.dll

08:41:37.0937 1064 C:\WINDOWS\system32\msvidctl.dll - ok

08:41:37.0937 1064 [ 1B743D92E2D76E3E753A893F4C1B92A8 ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2c369c77\mscorlib.dll

08:41:37.0937 1064 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2c369c77\mscorlib.dll - ok

08:41:37.0937 1064 [ 773E0B3E52D00AAE61AAAD1DD87FEBEF ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

08:41:37.0937 1064 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - ok

08:41:37.0953 1064 [ 2F1C8714F66F3F0DDCB6D5A16F8CB32E ] C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

08:41:37.0953 1064 C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - ok

08:41:37.0953 1064 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll

08:41:37.0953 1064 C:\WINDOWS\system32\wuaueng.dll - ok

08:41:37.0953 1064 [ 0579CC3B95EDD1CE664A35E016F3DD58 ] C:\WINDOWS\system32\iertutil.dll

08:41:37.0953 1064 C:\WINDOWS\system32\iertutil.dll - ok

08:41:37.0968 1064 [ AC633C7D40C63A197649955A512AD7BD ] C:\Program Files\AVG\AVG2012\avgwd.dll

08:41:37.0968 1064 C:\Program Files\AVG\AVG2012\avgwd.dll - ok

08:41:37.0968 1064 [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll

08:41:37.0968 1064 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok

08:41:37.0968 1064 [ B2D4FD49DDEF6DEF6900DAAC5730F425 ] C:\WINDOWS\system32\ntkrnlpa.exe

08:41:37.0968 1064 C:\WINDOWS\system32\ntkrnlpa.exe - ok

08:41:37.0984 1064 [ 0ED3C591D5A37B3054B62396648963FA ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f83d8168\System.Xml.dll

08:41:37.0984 1064 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f83d8168\System.Xml.dll - ok

08:41:37.0984 1064 [ D3B05D063A0929BFCA6C6D7FE2F3129C ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

08:41:37.0984 1064 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - ok

08:41:37.0984 1064 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll

08:41:37.0984 1064 C:\WINDOWS\system32\shell32.dll - ok

08:41:37.0984 1064 [ 2C880C853886304C31BAA2C9D0A55D2A ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_722ed086\System.dll

08:41:37.0984 1064 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_722ed086\System.dll - ok

08:41:38.0000 1064 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] C:\Program Files\AVG\AVG2012\avgidsagent.exe

08:41:38.0000 1064 C:\Program Files\AVG\AVG2012\avgidsagent.exe - ok

08:41:38.0000 1064 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll

08:41:38.0000 1064 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok

08:41:38.0000 1064 [ 9F3CB28822DE5AFA691809102F8D640C ] C:\Program Files\AVG\AVG2012\avgcorex.dll

08:41:38.0000 1064 C:\Program Files\AVG\AVG2012\avgcorex.dll - ok

08:41:38.0000 1064 [ D573DEB87CB2DF4E5116D2A4E284EAB4 ] C:\WINDOWS\system32\ieframe.dll

08:41:38.0000 1064 C:\WINDOWS\system32\ieframe.dll - ok

08:41:38.0015 1064 [ 32F1B95C60042F3D95FC8AB43559B3B1 ] C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

08:41:38.0015 1064 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe - ok

08:41:38.0015 1064 [ 483288CDA81482A615C6B5F8F7BC00E5 ] C:\PROGRA~1\AVG\AVG2012\avgchjwx.dll

08:41:38.0015 1064 C:\PROGRA~1\AVG\AVG2012\avgchjwx.dll - ok

08:41:38.0015 1064 [ 11790A73767FBC981BA961D2231907E2 ] C:\PROGRA~1\AVG\AVG2012\avgcclix.dll

08:41:38.0015 1064 C:\PROGRA~1\AVG\AVG2012\avgcclix.dll - ok

08:41:38.0031 1064 [ ECC96985954185DFCF455FBBB8037A1B ] C:\Program Files\AVG\AVG2012\avgcsrvx.exe

08:41:38.0031 1064 C:\Program Files\AVG\AVG2012\avgcsrvx.exe - ok

08:41:38.0031 1064 [ 583D2AB70DA4BDC7DCB5EC5C7B87A57C ] C:\Program Files\AVG\AVG2012\avgcertx.dll

08:41:38.0031 1064 C:\Program Files\AVG\AVG2012\avgcertx.dll - ok

08:41:38.0031 1064 [ 3466855DE825F86C484A3454AD090967 ] C:\Program Files\AVG\AVG2012\avgchclx.dll

08:41:38.0031 1064 C:\Program Files\AVG\AVG2012\avgchclx.dll - ok

08:41:38.0046 1064 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys

08:41:38.0046 1064 C:\WINDOWS\system32\drivers\wmilib.sys - ok

08:41:38.0046 1064 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys

08:41:38.0046 1064 C:\WINDOWS\system32\drivers\atapi.sys - ok

08:41:38.0046 1064 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys

08:41:38.0046 1064 C:\WINDOWS\system32\drivers\dxapi.sys - ok

08:41:38.0046 1064 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys

08:41:38.0046 1064 C:\WINDOWS\system32\watchdog.sys - ok

08:41:38.0062 1064 [ 9A5E4D7820FF9A55B4639B32420B10EC ] C:\WINDOWS\system32\win32k.sys

08:41:38.0062 1064 C:\WINDOWS\system32\win32k.sys - ok

08:41:38.0062 1064 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys

08:41:38.0062 1064 C:\WINDOWS\system32\drivers\dxg.sys - ok

08:41:38.0062 1064 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys

08:41:38.0062 1064 C:\WINDOWS\system32\drivers\dxgthk.sys - ok

08:41:38.0078 1064 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime

08:41:38.0078 1064 C:\WINDOWS\system32\msctfime.ime - ok

08:41:38.0078 1064 [ 375EB0B97E3950ADEF3633C27A82438B ] C:\WINDOWS\system32\drivers\AegisP.sys

08:41:38.0078 1064 C:\WINDOWS\system32\drivers\AegisP.sys - ok

08:41:38.0078 1064 [ E2C6ABCBEFB1D44F6AAEB1CD5D6062D4 ] C:\WINDOWS\system32\drivers\s24trans.sys

08:41:38.0078 1064 C:\WINDOWS\system32\drivers\s24trans.sys - ok

08:41:38.0078 1064 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv

08:41:38.0078 1064 C:\WINDOWS\system32\winspool.drv - ok

08:41:38.0093 1064 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys

08:41:38.0093 1064 C:\WINDOWS\system32\drivers\ndisuio.sys - ok

08:41:38.0093 1064 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys

08:41:38.0093 1064 C:\WINDOWS\system32\drivers\mrxdav.sys - ok

08:41:38.0093 1064 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys

08:41:38.0093 1064 C:\WINDOWS\system32\drivers\parport.sys - ok

08:41:38.0109 1064 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys

08:41:38.0109 1064 C:\WINDOWS\system32\drivers\serial.sys - ok

08:41:38.0109 1064 [ BAF975B72062F53D327788E99D64197E ] C:\WINDOWS\system32\drivers\avgidsshimx.sys

08:41:38.0109 1064 C:\WINDOWS\system32\drivers\avgidsshimx.sys - ok

08:41:38.0109 1064 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys

08:41:38.0109 1064 C:\WINDOWS\system32\drivers\http.sys - ok

08:41:38.0125 1064 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys

08:41:38.0125 1064 C:\WINDOWS\system32\drivers\srv.sys - ok

08:41:38.0125 1064 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll

08:41:38.0125 1064 C:\WINDOWS\system32\cscui.dll - ok

08:41:38.0125 1064 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll

08:41:38.0125 1064 C:\WINDOWS\system32\dpcdll.dll - ok

08:41:38.0125 1064 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv

08:41:38.0125 1064 C:\WINDOWS\system32\wdmaud.drv - ok

08:41:38.0140 1064 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys

08:41:38.0140 1064 C:\WINDOWS\system32\drivers\wdmaud.sys - ok

08:41:38.0140 1064 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys

08:41:38.0140 1064 C:\WINDOWS\system32\drivers\sysaudio.sys - ok

08:41:38.0140 1064 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe

08:41:38.0140 1064 C:\WINDOWS\system32\userinit.exe - ok

08:41:38.0156 1064 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys

08:41:38.0156 1064 C:\WINDOWS\system32\drivers\splitter.sys - ok

08:41:38.0156 1064 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys

08:41:38.0156 1064 C:\WINDOWS\system32\drivers\aec.sys - ok

08:41:38.0156 1064 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys

08:41:38.0156 1064 C:\WINDOWS\system32\drivers\swmidi.sys - ok

08:41:38.0171 1064 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys

08:41:38.0171 1064 C:\WINDOWS\system32\drivers\dmusic.sys - ok

08:41:38.0171 1064 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] C:\WINDOWS\system32\drivers\avgidsfilterx.sys

08:41:38.0171 1064 C:\WINDOWS\system32\drivers\avgidsfilterx.sys - ok

08:41:38.0171 1064 [ 1074F787080068C71303B61FAE7E7CA4 ] C:\WINDOWS\system32\drivers\avgidsdriverx.sys

08:41:38.0171 1064 C:\WINDOWS\system32\drivers\avgidsdriverx.sys - ok

08:41:38.0171 1064 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys

08:41:38.0171 1064 C:\WINDOWS\system32\drivers\kmixer.sys - ok

08:41:38.0187 1064 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys

08:41:38.0187 1064 C:\WINDOWS\system32\drivers\drmkaud.sys - ok

08:41:38.0187 1064 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe

08:41:38.0187 1064 C:\WINDOWS\explorer.exe - ok

08:41:38.0187 1064 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv

08:41:38.0187 1064 C:\WINDOWS\system32\msacm32.drv - ok

08:41:38.0203 1064 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll

08:41:38.0203 1064 C:\WINDOWS\system32\midimap.dll - ok

08:41:38.0203 1064 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll

08:41:38.0203 1064 C:\WINDOWS\system32\browseui.dll - ok

08:41:38.0203 1064 [ 62BDF8E945F23BEE485BB3CB4ED19CB7 ] C:\WINDOWS\system32\shdocvw.dll

08:41:38.0203 1064 C:\WINDOWS\system32\shdocvw.dll - ok

08:41:38.0203 1064 [ 660C8E78B94F483E44B0243A774A4746 ] C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

08:41:38.0203 1064 C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL - ok

08:41:38.0218 1064 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll

08:41:38.0218 1064 C:\WINDOWS\system32\actxprxy.dll - ok

08:41:38.0218 1064 [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll

08:41:38.0218 1064 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll - ok

08:41:38.0218 1064 [ E9901A7E569C4156FDA69F5C9356B8ED ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF

08:41:38.0218 1064 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF - ok

08:41:38.0234 1064 [ 676CCC08D9E9A3F4CA39CB04E97048DF ] C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

08:41:38.0234 1064 C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll - ok

08:41:38.0234 1064 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl

08:41:38.0234 1064 C:\WINDOWS\system32\desk.cpl - ok

08:41:38.0234 1064 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll

08:41:38.0234 1064 C:\WINDOWS\system32\themeui.dll - ok

08:41:38.0250 1064 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll

08:41:38.0250 1064 C:\WINDOWS\system32\msxml3.dll - ok

08:41:38.0250 1064 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe

08:41:38.0250 1064 C:\WINDOWS\system32\cmd.exe - ok

08:41:38.0250 1064 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll

08:41:38.0250 1064 C:\WINDOWS\system32\cryptnet.dll - ok

08:41:38.0250 1064 [ 15805123F863DC8E550155279E40FB77 ] C:\Program Files\Java\jre6\bin\awt.dll

08:41:38.0250 1064 C:\Program Files\Java\jre6\bin\awt.dll - ok

08:41:38.0265 1064 [ D1D05E408030CE682392662933BCA671 ] C:\Program Files\Java\jre6\bin\client\jvm.dll

08:41:38.0265 1064 C:\Program Files\Java\jre6\bin\client\jvm.dll - ok

08:41:38.0265 1064 [ 0A9BA6AF531AFE7FA5E4FB973852D863 ] C:\WINDOWS\system32\dllhost.exe

08:41:38.0265 1064 C:\WINDOWS\system32\dllhost.exe - ok

08:41:38.0265 1064 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll

08:41:38.0265 1064 C:\WINDOWS\system32\wbem\wbemcons.dll - ok

08:41:38.0265 1064 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll

08:41:38.0265 1064 C:\WINDOWS\system32\termsrv.dll - ok

08:41:38.0281 1064 [ 17E0CF9C8CBB717D05948656BCD86EFA ] C:\WINDOWS\system32\txflog.dll

08:41:38.0281 1064 C:\WINDOWS\system32\txflog.dll - ok

08:41:38.0281 1064 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll

08:41:38.0281 1064 C:\WINDOWS\system32\icaapi.dll - ok

08:41:38.0281 1064 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll

08:41:38.0281 1064 C:\WINDOWS\system32\mstlsapi.dll - ok

08:41:38.0296 1064 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll

08:41:38.0296 1064 C:\WINDOWS\system32\spoolss.dll - ok

08:41:38.0296 1064 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll

08:41:38.0296 1064 C:\WINDOWS\system32\localspl.dll - ok

08:41:38.0296 1064 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe

08:41:38.0296 1064 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok

08:41:38.0312 1064 [ AAC3E45B573A9199C6D2E4CA6D5980CE ] C:\Program Files\Java\jre6\bin\dcpr.dll

08:41:38.0312 1064 C:\Program Files\Java\jre6\bin\dcpr.dll - ok

08:41:38.0312 1064 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll

08:41:38.0312 1064 C:\WINDOWS\system32\cnbjmon.dll - ok

08:41:38.0312 1064 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe

08:41:38.0312 1064 C:\WINDOWS\system32\alg.exe - ok

08:41:38.0328 1064 [ 9627EE26C7F3FD023D87DB50C62F5111 ] C:\WINDOWS\ehome\sqldb20.dll

08:41:38.0328 1064 C:\WINDOWS\ehome\sqldb20.dll - ok

08:41:38.0328 1064 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll

08:41:38.0328 1064 C:\WINDOWS\system32\pjlmon.dll - ok

08:41:38.0328 1064 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll

08:41:38.0328 1064 C:\WINDOWS\system32\wbem\cimwin32.dll - ok

08:41:38.0343 1064 [ C7C84DF7233F4834CD190F3DCCAF50CA ] C:\WINDOWS\system32\rdpwsx.dll

08:41:38.0343 1064 C:\WINDOWS\system32\rdpwsx.dll - ok

08:41:38.0343 1064 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll

08:41:38.0343 1064 C:\WINDOWS\system32\tcpmon.dll - ok

08:41:38.0343 1064 [ 160762386084A0BB69F91BB694114D14 ] C:\WINDOWS\ehome\sqlse20.dll

08:41:38.0343 1064 C:\WINDOWS\ehome\sqlse20.dll - ok

08:41:38.0359 1064 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll

08:41:38.0359 1064 C:\WINDOWS\system32\usbmon.dll - ok

08:41:38.0359 1064 [ 20BBDEC22713040AF3A8D6DFE61CFA54 ] C:\Program Files\Java\jre6\bin\deploy.dll

08:41:38.0359 1064 C:\Program Files\Java\jre6\bin\deploy.dll - ok

08:41:38.0359 1064 [ A3AE51C21160328EA11F734392A0F269 ] C:\WINDOWS\ehome\sqlqp20.dll

08:41:38.0359 1064 C:\WINDOWS\ehome\sqlqp20.dll - ok

08:41:38.0375 1064 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll

08:41:38.0375 1064 C:\WINDOWS\system32\wbem\framedyn.dll - ok

08:41:38.0375 1064 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll

08:41:38.0375 1064 C:\WINDOWS\system32\win32spl.dll - ok

08:41:38.0375 1064 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll

08:41:38.0375 1064 C:\WINDOWS\system32\netrap.dll - ok

08:41:38.0390 1064 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll

08:41:38.0390 1064 C:\WINDOWS\system32\inetpp.dll - ok

08:41:38.0390 1064 [ 52B53CD458AE8424CDD4B587623680E1 ] C:\Program Files\Java\jre6\bin\fontmanager.dll

08:41:38.0390 1064 C:\Program Files\Java\jre6\bin\fontmanager.dll - ok

08:41:38.0390 1064 [ 350D38B367D413F65EE0BABD3966D9BC ] C:\Program Files\Java\jre6\bin\hpi.dll

08:41:38.0390 1064 C:\Program Files\Java\jre6\bin\hpi.dll - ok

08:41:38.0390 1064 [ 6651729ABEC42DAB2280392019AB2A77 ] C:\Program Files\Java\jre6\bin\java.dll

08:41:38.0390 1064 C:\Program Files\Java\jre6\bin\java.dll - ok

08:41:38.0406 1064 [ A109C40C04D7EE2D78DFC2268D4ED57F ] C:\Program Files\Java\jre6\bin\javaw.exe

08:41:38.0406 1064 C:\Program Files\Java\jre6\bin\javaw.exe - ok

08:41:38.0406 1064 [ B9EAE52AD69546EFDBA1EA3E00C7288B ] C:\Program Files\Java\jre6\bin\jp2native.dll

08:41:38.0406 1064 C:\Program Files\Java\jre6\bin\jp2native.dll - ok

08:41:38.0406 1064 [ EE7C6F2BDE716518C67FCD8651C144AA ] C:\Program Files\Java\jre6\bin\jpeg.dll

08:41:38.0406 1064 C:\Program Files\Java\jre6\bin\jpeg.dll - ok

08:41:38.0421 1064 [ 3202371F4C4E74DFFA17D34FC48AE0CF ] C:\Program Files\Java\jre6\bin\net.dll

08:41:38.0421 1064 C:\Program Files\Java\jre6\bin\net.dll - ok

08:41:38.0421 1064 [ 6B65A0FC01857D928054906AC6699269 ] C:\Program Files\Java\jre6\bin\nio.dll

08:41:38.0421 1064 C:\Program Files\Java\jre6\bin\nio.dll - ok

08:41:38.0421 1064 [ 7940B8E971752702169B3C7916A2405B ] C:\Program Files\Java\jre6\bin\regutils.dll

08:41:38.0421 1064 C:\Program Files\Java\jre6\bin\regutils.dll - ok

08:41:38.0437 1064 [ 1EFA97F590F0DC0726146B4AB81C9339 ] C:\Program Files\Java\jre6\bin\verify.dll

08:41:38.0437 1064 C:\Program Files\Java\jre6\bin\verify.dll - ok

08:41:38.0437 1064 [ C56B6D0402371CF3700EB322EF3AAF61 ] C:\WINDOWS\system32\drivers\tdtcp.sys

08:41:38.0437 1064 C:\WINDOWS\system32\drivers\tdtcp.sys - ok

08:41:38.0437 1064 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] C:\WINDOWS\system32\drivers\rdpwd.sys

08:41:38.0437 1064 C:\WINDOWS\system32\drivers\rdpwd.sys - ok

08:41:38.0437 1064 [ C9A8F1F08D8CA4E538CFA937B13423F7 ] C:\Program Files\Java\jre6\bin\zip.dll

08:41:38.0437 1064 C:\Program Files\Java\jre6\bin\zip.dll - ok

08:41:38.0453 1064 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll

08:41:38.0453 1064 C:\WINDOWS\system32\linkinfo.dll - ok

08:41:38.0453 1064 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll

08:41:38.0453 1064 C:\WINDOWS\system32\ntshrui.dll - ok

08:41:38.0453 1064 [ 7A21E06385E748E9CB0252F1BBC493F1 ] C:\WINDOWS\ehome\ehtray.exe

08:41:38.0453 1064 C:\WINDOWS\ehome\ehtray.exe - ok

08:41:38.0468 1064 [ 0E81905F53B1A2A41558519CDCDC9C61 ] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

08:41:38.0468 1064 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe - ok

08:41:38.0468 1064 [ F8A99D6F2C65C83D9E419164D427F1C6 ] C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

08:41:38.0468 1064 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe - ok

08:41:38.0468 1064 [ 012844A8E13BE3941C9CAF1F91F47DF2 ] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

08:41:38.0468 1064 C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe - ok

08:41:38.0484 1064 [ 03A905FBA1D62317087DB5C21C0F8F62 ] C:\WINDOWS\ehome\ehmsas.exe

08:41:38.0484 1064 C:\WINDOWS\ehome\ehmsas.exe - ok

08:41:38.0484 1064 [ 5656D65A9A9F1E3D68D64A350CFF1732 ] C:\WINDOWS\system32\igfxtray.exe

08:41:38.0484 1064 C:\WINDOWS\system32\igfxtray.exe - ok

08:41:38.0484 1064 [ 82ADC58B63E069AC4641A33EA9841E54 ] C:\WINDOWS\system32\hkcmd.exe

08:41:38.0484 1064 C:\WINDOWS\system32\hkcmd.exe - ok

08:41:38.0484 1064 [ A0E2FFB7B0FCE82AA3BCC3105306C45C ] C:\WINDOWS\system32\igfxpers.exe

08:41:38.0484 1064 C:\WINDOWS\system32\igfxpers.exe - ok

08:41:38.0500 1064 [ DE3D1356E0FE9F88D122E34DDC2C3787 ] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

08:41:38.0500 1064 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe - ok

08:41:38.0500 1064 [ 69581380E69C8DCE30EDE2A463C912EE ] C:\Program Files\QuickTime\QTTask.exe

08:41:38.0500 1064 C:\Program Files\QuickTime\QTTask.exe - ok

08:41:38.0500 1064 [ 035029D2B692A5C73BECF7331F9C65B5 ] C:\WINDOWS\system32\hccutils.dll

08:41:38.0500 1064 C:\WINDOWS\system32\hccutils.dll - ok

08:41:38.0500 1064 [ F2B4A9D0D0E1FBF6CCA824EA0A76FFC0 ] C:\Program Files\SigmaTel\C-Major Audio\WDM\stlang.dll

08:41:38.0500 1064 C:\Program Files\SigmaTel\C-Major Audio\WDM\stlang.dll - ok

08:41:38.0515 1064 [ F6F2BFC17069EB335ACCEEF7595F9302 ] C:\WINDOWS\system32\mfc42u.dll

08:41:38.0515 1064 C:\WINDOWS\system32\mfc42u.dll - ok

08:41:38.0515 1064 [ 596F5A2C5916EFD177B0614788B0CDF1 ] C:\Program Files\AVG\AVG2012\avgtray.exe

08:41:38.0515 1064 C:\Program Files\AVG\AVG2012\avgtray.exe - ok

08:41:38.0515 1064 [ 2888E77950D6E98A1B1D1BBD05FA4887 ] C:\WINDOWS\system32\igfxsrvc.exe

08:41:38.0515 1064 C:\WINDOWS\system32\igfxsrvc.exe - ok

08:41:38.0531 1064 [ 38FBB26EC0E2136046E8C355400704A8 ] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

08:41:38.0531 1064 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe - ok

08:41:38.0531 1064 [ B45F2C4076ACFD9714037B7C69D90167 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

08:41:38.0531 1064 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok

08:41:38.0531 1064 [ 07086F74E3B72FFFDAF11FC9F0B88A03 ] C:\WINDOWS\system32\stacapi.dll

08:41:38.0531 1064 C:\WINDOWS\system32\stacapi.dll - ok

08:41:38.0546 1064 [ 47C1DE0A890613FFCFF1D67648EEDF90 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

08:41:38.0546 1064 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok

08:41:38.0546 1064 [ 965F92D5D32B3584EAE533D9F37DDDCF ] C:\WINDOWS\system32\igfxsrvc.dll

08:41:38.0546 1064 C:\WINDOWS\system32\igfxsrvc.dll - ok

08:41:38.0546 1064 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll

08:41:38.0546 1064 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll - ok

08:41:38.0546 1064 [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll

08:41:38.0546 1064 C:\WINDOWS\system32\ddraw.dll - ok

08:41:38.0562 1064 [ C30CD61F961FB498C68994F188CD70B5 ] C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll

08:41:38.0562 1064 C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll - ok

08:41:38.0562 1064 [ 735623AAED32285D47FE6716D92ABC40 ] C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll

08:41:38.0562 1064 C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll - ok

08:41:38.0562 1064 [ 34086F1DBB4065047EA3671CB70505CC ] C:\Program Files\iTunes\iTunesHelper.exe

08:41:38.0562 1064 C:\Program Files\iTunes\iTunesHelper.exe - ok

08:41:38.0578 1064 [ 18C288F56F1D670682D64807914413BF ] C:\WINDOWS\system32\igfxdev.dll

08:41:38.0578 1064 C:\WINDOWS\system32\igfxdev.dll - ok

08:41:38.0578 1064 [ B77081F8221968C7DAB794B0BA55C43E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe

08:41:38.0578 1064 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok

08:41:38.0578 1064 [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll

08:41:38.0578 1064 C:\WINDOWS\system32\dciman32.dll - ok

08:41:38.0593 1064 [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll

08:41:38.0593 1064 C:\WINDOWS\system32\d3d9.dll - ok

08:41:38.0593 1064 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll

08:41:38.0593 1064 C:\WINDOWS\system32\webcheck.dll - ok

08:41:38.0593 1064 [ 6B3CDFD6A7903561B5ACAF5535927204 ] C:\WINDOWS\system32\igfxres.dll

08:41:38.0593 1064 C:\WINDOWS\system32\igfxres.dll - ok

08:41:38.0593 1064 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe

08:41:38.0593 1064 C:\WINDOWS\system32\imapi.exe - ok

08:41:38.0609 1064 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll

08:41:38.0609 1064 C:\WINDOWS\system32\stobject.dll - ok

08:41:38.0609 1064 [ 31B067C412FA1A9BAD3CA2A63D7DA440 ] C:\WINDOWS\system32\d3d8thk.dll

08:41:38.0609 1064 C:\WINDOWS\system32\d3d8thk.dll - ok

08:41:38.0609 1064 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll

08:41:38.0609 1064 C:\WINDOWS\system32\batmeter.dll - ok

08:41:38.0625 1064 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Program Files\CyberLink\PowerDVD DX\MFC71.dll

08:41:38.0625 1064 C:\Program Files\CyberLink\PowerDVD DX\MFC71.dll - ok

08:41:38.0625 1064 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll

08:41:38.0625 1064 C:\WINDOWS\system32\WPDShServiceObj.dll - ok

08:41:38.0625 1064 [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll

08:41:38.0625 1064 C:\WINDOWS\system32\msvcp100.dll - ok

08:41:38.0640 1064 [ 235B2311786AC007AD644B12A2DA8AC7 ] C:\WINDOWS\system32\msvfw32.dll

08:41:38.0640 1064 C:\WINDOWS\system32\msvfw32.dll - ok

08:41:38.0640 1064 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\CyberLink\PowerDVD DX\msvcr71.dll

08:41:38.0640 1064 C:\Program Files\CyberLink\PowerDVD DX\msvcr71.dll - ok

08:41:38.0640 1064 [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll

08:41:38.0640 1064 C:\WINDOWS\system32\msvcr100.dll - ok

08:41:38.0640 1064 [ 964B05EE97D3E71F585F97FD93C2CD6B ] C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll

08:41:38.0640 1064 C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll - ok

08:41:38.0656 1064 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe

08:41:38.0656 1064 C:\WINDOWS\system32\ctfmon.exe - ok

08:41:38.0656 1064 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\CyberLink\PowerDVD DX\msvcp71.dll

08:41:38.0656 1064 C:\Program Files\CyberLink\PowerDVD DX\msvcp71.dll - ok

08:41:38.0656 1064 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll

08:41:38.0656 1064 C:\WINDOWS\system32\mydocs.dll - ok

08:41:38.0671 1064 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll

08:41:38.0671 1064 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll - ok

08:41:38.0671 1064 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll

08:41:38.0671 1064 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok

08:41:38.0671 1064 [ 3E930C641079443D4DE036167A69CAA2 ] C:\Program Files\Messenger\msmsgs.exe

08:41:38.0671 1064 C:\Program Files\Messenger\msmsgs.exe - ok

08:41:38.0687 1064 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll

08:41:38.0687 1064 C:\WINDOWS\system32\PortableDeviceApi.dll - ok

08:41:38.0687 1064 [ D97CAD482F0ECCE41C8E6E0992495BB4 ] C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll

08:41:38.0687 1064 C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll - ok

08:41:38.0687 1064 [ 8B9D6D070113CFD8E20793768AFA26FC ] C:\Program Files\AVG\AVG2012\avglngx.dll

08:41:38.0687 1064 C:\Program Files\AVG\AVG2012\avglngx.dll - ok

08:41:38.0687 1064 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll

08:41:38.0687 1064 C:\WINDOWS\system32\msutb.dll - ok

08:41:38.0703 1064 [ B1CA4AA760FF0DDFA1C38E95D19CFEFB ] C:\Program Files\iTunes\iTunesHelper.dll

08:41:38.0703 1064 C:\Program Files\iTunes\iTunesHelper.dll - ok

08:41:38.0703 1064 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll

08:41:38.0703 1064 C:\WINDOWS\ime\sptip.dll - ok

08:41:38.0703 1064 [ E0CD5872CA4552056C4C705361A6BB5A ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll

08:41:38.0703 1064 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok

08:41:38.0718 1064 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll

08:41:38.0718 1064 C:\WINDOWS\system32\security.dll - ok

08:41:38.0718 1064 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll

08:41:38.0718 1064 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok

08:41:38.0718 1064 [ E7FE89F69C3CC65CAD3D1ADC5D6A9F41 ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll

08:41:38.0718 1064 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok

08:41:38.0734 1064 [ 0654195051D1024C005E7BE135A6FEE7 ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll

08:41:38.0734 1064 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok

08:41:38.0734 1064 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll

08:41:38.0734 1064 C:\WINDOWS\system32\upnp.dll - ok

08:41:38.0734 1064 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll

08:41:38.0734 1064 C:\WINDOWS\system32\wbem\wmipcima.dll - ok

08:41:38.0734 1064 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll

08:41:38.0734 1064 C:\WINDOWS\system32\rasmans.dll - ok

08:41:38.0750 1064 [ 7FACB452456EF5C053AF3EE4B228FE0D ] C:\WINDOWS\system32\xpob2res.dll

08:41:38.0750 1064 C:\WINDOWS\system32\xpob2res.dll - ok

08:41:38.0750 1064 [ 283BA4ACC3CF1E5797AF7879EFB38386 ] C:\Program Files\AVG\AVG2012\avgxpl.dll

08:41:38.0750 1064 C:\Program Files\AVG\AVG2012\avgxpl.dll - ok

08:41:38.0750 1064 [ 0BFE25805BA658C32CCDA7B0C470C269 ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe

08:41:38.0750 1064 C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok

08:41:38.0750 1064 [ D5369247B6C11EAE2C0650D8303E23B4 ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

08:41:38.0750 1064 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok

08:41:38.0765 1064 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll

08:41:38.0765 1064 C:\WINDOWS\system32\tapisrv.dll - ok

08:41:38.0765 1064 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll

08:41:38.0765 1064 C:\WINDOWS\system32\rastapi.dll - ok

08:41:38.0765 1064 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp

08:41:38.0765 1064 C:\WINDOWS\system32\unimdm.tsp - ok

08:41:38.0781 1064 [ E8FB38F7C31958803DEA6E65AE48FA58 ] C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\LeapPadExplorerDeviceHook.dll

08:41:38.0781 1064 C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\LeapPadExplorerDeviceHook.dll - ok

08:41:38.0781 1064 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll

08:41:38.0781 1064 C:\WINDOWS\system32\uniplat.dll - ok

08:41:38.0781 1064 [ 5170119951D44B09EF14C5FD8A21A0A3 ] C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\LeapsterExplorerDeviceHook.dll

08:41:38.0781 1064 C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\LeapsterExplorerDeviceHook.dll - ok

08:41:38.0796 1064 [ 7240EA3FA768ED1E6E52741AE47EA08A ] C:\Program Files\AVG\AVG2012\avgabout.dll

08:41:38.0796 1064 C:\Program Files\AVG\AVG2012\avgabout.dll - ok

08:41:38.0796 1064 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp

08:41:38.0796 1064 C:\WINDOWS\system32\kmddsp.tsp - ok

08:41:38.0796 1064 [ E54BA411272A9750D475F48747A48E5E ] C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\TagDeviceHook.dll

08:41:38.0796 1064 C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\TagDeviceHook.dll - ok

08:41:38.0796 1064 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp

08:41:38.0796 1064 C:\WINDOWS\system32\ndptsp.tsp - ok

08:41:38.0812 1064 [ CC28E928C0BC21F6A2D69B00432E874A ] C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

08:41:38.0812 1064 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe - ok

08:41:38.0812 1064 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp

08:41:38.0812 1064 C:\WINDOWS\system32\ipconf.tsp - ok

08:41:38.0812 1064 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp

08:41:38.0812 1064 C:\WINDOWS\system32\h323.tsp - ok

08:41:38.0828 1064 [ FF47057227B48AE17439E5FE56B5CFC2 ] C:\Program Files\Intel\Wireless\Bin\acAuth.dll

08:41:38.0828 1064 C:\Program Files\Intel\Wireless\Bin\acAuth.dll - ok

08:41:38.0828 1064 [ E6BE7A41A28D8F2DB174957454D32448 ] C:\Program Files\iPod\bin\iPodService.exe

08:41:38.0828 1064 C:\Program Files\iPod\bin\iPodService.exe - ok

08:41:38.0828 1064 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp

08:41:38.0828 1064 C:\WINDOWS\system32\hidphone.tsp - ok

08:41:38.0843 1064 [ B7C7FA3BEDE83AC5F1DE03B30D494CC1 ] C:\WINDOWS\system32\httpapi.dll

08:41:38.0843 1064 C:\WINDOWS\system32\httpapi.dll - ok

08:41:38.0843 1064 [ 0AE5669FB6F850C3070AF26B8CE39F86 ] C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.DLL

08:41:38.0843 1064 C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.DLL - ok

08:41:38.0843 1064 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll

08:41:38.0843 1064 C:\WINDOWS\system32\rasppp.dll - ok

08:41:38.0859 1064 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll

08:41:38.0859 1064 C:\WINDOWS\system32\ntlsapi.dll - ok

08:41:38.0859 1064 [ CE4B444BD0CDCD45D57D17C206159BED ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll

08:41:38.0859 1064 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok

08:41:38.0859 1064 [ EDC992A51A19205C619C48261DD53655 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll

08:41:38.0859 1064 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok

08:41:38.0875 1064 [ 6F20729E802D5CC643A73A7F0339032B ] C:\Program Files\AVG\AVG2012\avguires.dll

08:41:38.0875 1064 C:\Program Files\AVG\AVG2012\avguires.dll - ok

08:41:38.0875 1064 [ 6100A808600F44D999CEBDEF8841C7A3 ] C:\WINDOWS\system32\w3ssl.dll

08:41:38.0875 1064 C:\WINDOWS\system32\w3ssl.dll - ok

08:41:38.0875 1064 [ 1ECAD6CDB2CEE77C847BF579482B3270 ] C:\Program Files\Intel\Wireless\Bin\acCTA.dll

08:41:38.0875 1064 C:\Program Files\Intel\Wireless\Bin\acCTA.dll - ok

08:41:38.0890 1064 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll

08:41:38.0890 1064 C:\WINDOWS\system32\rasqec.dll - ok

08:41:38.0890 1064 [ 4A93B65CFB514F2EA76B59568D5F39CE ] C:\WINDOWS\system32\strmfilt.dll

08:41:38.0890 1064 C:\WINDOWS\system32\strmfilt.dll - ok

08:41:38.0890 1064 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll

08:41:38.0890 1064 C:\WINDOWS\system32\rasdlg.dll - ok

08:41:38.0906 1064 [ B2E9DB5E5F4091FCDA0C9249C1E3F974 ] C:\Program Files\AVG\AVG2012\avgidpmx.dll

08:41:38.0906 1064 C:\Program Files\AVG\AVG2012\avgidpmx.dll - ok

08:41:38.0906 1064 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Documents and Settings\Mike\Desktop\tdsskiller.exe

08:41:38.0906 1064 C:\Documents and Settings\Mike\Desktop\tdsskiller.exe - ok

08:41:38.0906 1064 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\83057362.sys

08:41:38.0906 1064 C:\WINDOWS\system32\drivers\83057362.sys - ok

08:41:38.0921 1064 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll

08:41:38.0921 1064 C:\WINDOWS\system32\drprov.dll - ok

08:41:38.0921 1064 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll

08:41:38.0921 1064 C:\WINDOWS\system32\ntlanman.dll - ok

08:41:38.0921 1064 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll

08:41:38.0921 1064 C:\WINDOWS\system32\netui0.dll - ok

08:41:38.0937 1064 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll

08:41:38.0937 1064 C:\WINDOWS\system32\netui1.dll - ok

08:41:38.0937 1064 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll

08:41:38.0937 1064 C:\WINDOWS\system32\davclnt.dll - ok

08:41:38.0937 1064 ============================================================

08:41:38.0937 1064 Scan finished

08:41:38.0937 1064 ============================================================

08:41:39.0046 3448 Detected object count: 11

08:41:39.0046 3448 Actual detected object count: 11

08:43:21.0687 3448 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

08:43:21.0687 3448 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:43:21.0687 3448 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user

08:43:21.0687 3448 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:43:21.0687 3448 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

08:43:21.0687 3448 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:43:21.0687 3448 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

08:43:21.0687 3448 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:43:21.0687 3448 MHN ( UnsignedFile.Multi.Generic ) - skipped by user

08:43:21.0687 3448 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:43:21.0687 3448 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

08:43:21.0687 3448 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:43:21.0687 3448 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

08:43:21.0687 3448 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:43:21.0687 3448 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user

08:43:21.0687 3448 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:43:21.0703 3448 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

08:43:21.0703 3448 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:43:21.0703 3448 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user

08:43:21.0703 3448 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:43:21.0703 3448 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:43:21.0703 3448 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

08:44:58.0203 3632 Deinitialize success

Link to post
Share on other sites

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

08:43:21.0703 3448 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:43:21.0703 3448 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Ok, I re-ran the TDSSKiller and deleted

08:43:21.0703 3448 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:43:21.0703 3448 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

I ran the ComboFix and the log is below

ComboFix 12-11-30.02 - Mike 11/30/2012 9:50.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.568 [GMT -5:00]

Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Mike\WINDOWS

c:\program files\Shared

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

.

((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))))

.

.

2012-11-30 14:25 . 2012-11-30 14:25 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-27 14:53 . 2012-11-27 14:53 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-11-27 13:47 . 2012-11-27 13:47 -------- d-----w- c:\program files\Common Files\Java

2012-11-27 13:46 . 2012-11-27 13:46 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-27 13:46 . 2012-11-27 13:46 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-11-27 13:44 . 2012-11-27 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-11-15 14:54 . 2012-11-15 14:54 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes

2012-11-15 14:53 . 2012-11-15 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-15 14:53 . 2012-11-15 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-11-15 14:53 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-27 13:46 . 2011-02-08 23:25 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-11 20:17 . 2012-04-05 13:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-11 20:17 . 2011-06-03 21:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-22 08:37 . 2004-08-10 11:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04 . 2004-08-10 11:00 58368 ----a-w- c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 3:50 AM 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 237408]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 301920]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 3:53 AM 193288]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 12:32 PM 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 12:32 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 12:32 PM 17232]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 2:24 AM 5167736]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/28/2010 9:11 PM 18560]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [12/28/2010 9:10 PM 33792]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [11/27/2012 9:53 AM 35144]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 27629557

*NewlyCreated* - 38782552

*NewlyCreated* - 43808719

*Deregistered* - 27629557

*Deregistered* - 38782552

*Deregistered* - 43808719

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-27629557.sys

MSConfigStartUp-dvtigpbg - c:\documents and settings\Mike\Local Settings\Application Data\mbaxwsvgv\sryawevtssd.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-30 09:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1123561945-448539723-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1100)

c:\windows\system32\igfxdev.dll

.

Completion time: 2012-11-30 09:57:45

ComboFix-quarantined-files.txt 2012-11-30 14:57

.

Pre-Run: 10,735,013,888 bytes free

Post-Run: 10,973,134,848 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 506A695FC9BF22DF84CEF1859F386CF9

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::

c:\documents and settings\Mike\Local Settings\Application Data\mbaxwsvgv

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Here is the ComboFix log

ComboFix 12-11-30.02 - Mike 12/01/2012 9:06.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.522 [GMT -5:00]

Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))

.

.

2012-11-30 14:25 . 2012-11-30 14:25 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-27 14:53 . 2012-11-27 14:53 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-11-27 13:47 . 2012-11-27 13:47 -------- d-----w- c:\program files\Common Files\Java

2012-11-27 13:46 . 2012-11-27 13:46 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-27 13:46 . 2012-11-27 13:46 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-11-27 13:44 . 2012-11-27 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-11-15 14:54 . 2012-11-15 14:54 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes

2012-11-15 14:53 . 2012-11-15 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-15 14:53 . 2012-11-15 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-11-15 14:53 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-27 13:46 . 2011-02-08 23:25 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-11 20:17 . 2012-04-05 13:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-11 20:17 . 2011-06-03 21:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-22 08:37 . 2004-08-10 11:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04 . 2004-08-10 11:00 58368 ----a-w- c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 3:50 AM 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 237408]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 301920]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 2:24 AM 5167736]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 3:53 AM 193288]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 12:32 PM 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 12:32 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 12:32 PM 17232]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/28/2010 9:11 PM 18560]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [12/28/2010 9:10 PM 33792]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [11/27/2012 9:53 AM 35144]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 27629557

*NewlyCreated* - 38782552

*NewlyCreated* - 43808719

*Deregistered* - 27629557

*Deregistered* - 38782552

*Deregistered* - 43808719

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-01 09:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1123561945-448539723-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1100)

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'explorer.exe'(3492)

c:\windows\system32\WININET.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-12-01 09:16:48

ComboFix-quarantined-files.txt 2012-12-01 14:16

ComboFix2.txt 2012-11-30 14:57

.

Pre-Run: 10,944,491,520 bytes free

Post-Run: 10,936,291,328 bytes free

.

- - End Of File - - 4F492A3F468745372BA2D3F5FF6ABE68

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Thank you again for all the help! The ESET logfile is below.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1f092fc7f2291047a06bf70fd58dc0c9

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-02 04:44:29

# local_time=2012-12-02 11:44:29 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777191 100 0 36371165 36371165 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=106507

# found=130

# cleaned=130

# scan_time=4902

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channel-awardz-center_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channel-pathway-central_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channel-reward-central_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channel-reward-central_com[2].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channel-reward-central_com[3].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channel-reward-central_com[4].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channel-rewardcenter_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channel-survey-center_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channelawardcentral_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channelawardcentral_com[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channelawardspot_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channelbonuscenter_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channelbonuscenter_com[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\channelbonuscenter_com[3].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\station-rewardspot_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\stationbonusspot_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\survey-pathway-central_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\the-awards-central_com[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\theawardscentral_com[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4DOO71QX\therewardspot_net[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channel-reward-central_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channel-reward-central_com[2].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channel-reward-central_com[3].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channel-reward-central_com[4].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channel-rewardcenter_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channel-rewardcenter_com[2].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channel-rewardcenter_com[3].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channel-survey-center_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channel-survey-center_com[2].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channel-survey-center_com[3].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channelawardcentral_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channelawardcentral_com[2].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channelawardspot_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channelawardspot_com[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channelbonuscenter_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channelbonuscenter_com[2].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\channelbonuscenter_com[3].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\rewardcenterchannel_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\rewardsurveychannel_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\station-rewardspot_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\station-rewardspot_com[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\stationbonusspot_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\survey-awardcentral_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\survey-pathway-spot_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-approval-spot_net[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-approval-spot_net[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-awardz-line_com[10].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-awardz-line_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-awardz-line_com[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-awardz-line_com[3].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-awardz-line_com[4].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-awardz-line_com[5].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-awardz-line_com[6].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-awardz-line_com[7].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-awardz-line_com[8].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-awardz-line_com[9].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-bonusspot_net[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-bonusspot_net[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\the-bonusspot_net[3].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\your-approvalplace_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\your-pathway-line_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4M2POJO4\your-pathwaycenter_org[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\channel-awardcentral_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\channel-pathway-central_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\channel-rewardcenter_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\channel-survey-center_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\channelbonuscenter_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\channelbonuscenter_com[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\channelbonuscenter_com[3].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\channelrewardcentral_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\rewardsurveychannel_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\station-approval-place_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\station-awardz-central_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\station-awardz-central_com[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\station-awardzline_net[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\the-approval-spot_net[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\the-awardz-line_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\the-awardz-line_com[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\the-awardz-line_com[3].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\the-awardz-line_com[4].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\the-awardz-line_com[5].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\the-awardz-line_com[6].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\the-awardz-line_com[7].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\the-awardz-line_com[8].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\the-awardz-line_com[9].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\theawardscentral_com[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\theawardscentral_com[2].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\theawardscentral_com[3].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\your-pathway-line_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\your-pathway-line_com[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\your-pathway-line_com[3].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\your-pathway-line_com[4].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H13VEINN\your-pathway-line_com[5].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-awardz-center_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-reward-central_comCAHMG261.htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-reward-central_comCAUR40W3.htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-reward-central_com[10].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-reward-central_com[11].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-reward-central_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-reward-central_com[2].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-reward-central_com[3].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-reward-central_com[4].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-reward-central_com[5].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-reward-central_com[6].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-reward-central_com[7].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-reward-central_com[8].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-reward-central_com[9].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channel-rewardcenter_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channelawardspot_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\channelrewardcentral_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\rewardcenterchannel_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\rewardchannelcenter_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\rewardsurveychannel_com[1].htm HTML/Fraud.BG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\station-awardz-central_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\station-awardz-central_com[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\station-rewardcentral_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\station-rewardspot_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\station-rewardspot_com[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\stationbonusspot_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\surveyawardspot_net[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\the-approvalline_net[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\the-bonusspot_net[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\the-bonusspot_net[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\the-bonusspot_net[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\the-rewardz-spot_net[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\thedepotcenter_org[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\your-approvalplace_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\your-pathwaycenter_org[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\your-rewardz-place_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBVUXG6O\yourbonusspot_net[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Let me know how are things then.

Link to post
Share on other sites

About in your slow system, please check this out:

http://forums.malwarebytes.org/index.php?showtopic=81990

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Next, please uninstall ESET Online Scanner.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Maniac,

My most sincere thank you for all your help and patience while working to fix my system. My system seems to be working fine and I'm currently not experiencing any issues. This is only due to your help and expertise. Thank you for always providing prompt feedback and clear instructions. I’m more than happy to hit you up on PayPal for your services.

Chitown27

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.