Jump to content

Unknown Infection on win XP/IE8...unable to reinstall/run/update mbam

BrianLevy
 Share

Recommended Posts

BrianLevy

BrianLevy

Posted
Posted

Hi,

I was in a rush to try and view a media file for our GM here, and in my haste it looks like I infected myself pretty badly. I am unable to run or reinstall malware bytes. I consistantly get an error:

Run-time error '372';

Failed to load control 'webbrowser' from ieframe.dll. Your version of ieframe may be outdated. Make sure you are using the version of the control that was provided with your application.

I get this when trying to install malware bytes normally, or even when I try and update/install using chameleon.

Another symptom of my infection is the inability to open shortcuts by double clicking on them. I also was running IE8, but I have noticed that since I have been infected, I appear to not have 8 installed...

I have run the dds program. Here are the logs. Any assistance would be appreciated. We have exhausted our normal ideas....

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 7.0.6000.16945

Run by Brian at 10:27:15 on 2013-04-02

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.867 [GMT -4:00]

.

AV: AVG Anti-Virus Business Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Anti-Virus Business Edition 2013 *Enabled*

FW: AVG Firewall *Disabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\smartagent\bin\sprtsvc.exe

C:\Program Files\smartagent\bin\tgsrvc.exe

C:\Program Files\TightVNC\WinVNC.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\ADP\ws2000\ws2000.exe

C:\Program Files\ADP\ADP CTI Desktop\Adp_Telephony.exe

C:\Program Files\ADP\websuite TE\BZVT.EXE

C:\Program Files\ADP\webSuite TE\BZVBA.EXE

C:\Program Files\ADP\webSuite View\Client 4.5.222.0\sw9c.exe

C:\Program Files\ADP\webSuite TE\BZVT.EXE

C:\Program Files\ADP\webSuite TE\BZVBA.EXE

C:\Program Files\ADP\webSuite View\Client 4.5.222.0\sw9c.exe

C:\Program Files\ADP\webSuite TE\BZVT.EXE

C:\Program Files\ADP\webSuite TE\BZVBA.EXE

C:\Documents and Settings\Brian\My Documents\Downloads\mbam-chameleon-1.62.1.1000(1)\mbam-chameleon.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://www.live.com

uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: adp.com

Trusted Zone: adpremotesupport.com

Trusted Zone: adpremotesupport.com

Trusted Zone: adpremotesupport.com

Trusted Zone: jmagroup.com

Trusted Zone: jmfamily.com

DPF: CM_AdvancedCAB - hxxps://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB

DPF: Launcher - hxxp://dealer.jmagroup.com/jmfsdpweb/content/cabs/launcher.cab

DPF: ReyScanCab - hxxps://www.gs.reyrey.com/clientdll/ReyScan.cab

DPF: websignAx - hxxps://www.gmacdealer.com/gmacgdp/gmacscripts/accountaccess/websignax.cab

DPF: {00906302-0F14-442C-B39C-275F61BC25BC} - file://d:\autorun\atSdaCfg.CAB

DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://dsra1he.ds.adp.com/sdccommon/download/tgctlsi.cab

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://dsra1he.ds.adp.com/sdccommon/download/tgctlcm.cab

DPF: {01118F00-3E00-11D2-8470-0060089874ED} - hxxp://dsra1he.ds.adp.com/sdccommon/download/ssrc.cab

DPF: {01119400-3E00-11D2-8470-0060089874ED} - hxxp://dsra1he.ds.adp.com/sdccommon/download/sprtctlln.cab

DPF: {061C4171-40E1-11D2-9311-0060979CAE91} - hxxp://207.186.35.1/paris/winjaxs/winjax.cab

DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxp://multiautomall.adpcrm.net./reports/cr/activexviewer92.cab

DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} - file://d:\autorun\PC-CONFIG-CHECK.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1364862465375

DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxps://cp.ebizautos.com/scripts/aurigma/ImageUploader7.cab

DPF: {80017034-D4F8-410D-9B03-0E713C34CEAD} - hxxp://www.gmdealerpulse.com/ChartfxInt62/download/ChartFX.ComIEClient.Core.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CE840B8D-C389-4500-9ABB-24FBDB850F64} - hxxp://207.186.35.1/we/support/downloads/adpEIOSearcher.CAB

TCP: Interfaces\{ACB9D870-3C41-4DB4-A49F-5477E9F5CC28} : NameServer = 10.41.215.253,12.127.12.71

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\brian\application data\mozilla\firefox\profiles\ig9zvhbz.default\

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\2.0.31005.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 94048]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 35552]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 159712]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 164832]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]

R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2012-12-10 1342024]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-4-2 35144]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-4-1 40776]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2013-03-13 15:44:30 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-13 15:44:30 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:32:34 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:45:12 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:32:36 1876224 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 10:28:38.57 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 4/3/2009 12:32:29 PM

System Uptime: 4/2/2013 8:33:27 AM (2 hours ago)

.

Motherboard: Dell Inc. | | 0TP412

Processor: Intel® Core™2 Duo CPU E7300 @ 2.66GHz | CPU | 2659/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 74 GiB total, 46.599 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1222: 1/3/2013 11:55:23 AM - System Checkpoint

RP1223: 1/4/2013 11:57:46 AM - System Checkpoint

RP1224: 1/4/2013 8:46:15 PM - Software Distribution Service 3.0

RP1225: 1/7/2013 9:56:11 AM - System Checkpoint

RP1226: 1/8/2013 12:09:14 PM - System Checkpoint

RP1227: 1/9/2013 4:11:46 PM - System Checkpoint

RP1228: 1/9/2013 8:54:01 PM - Software Distribution Service 3.0

RP1229: 1/11/2013 12:02:13 PM - System Checkpoint

RP1230: 1/14/2013 1:30:39 PM - System Checkpoint

RP1231: 1/15/2013 2:50:16 PM - System Checkpoint

RP1232: 1/15/2013 7:50:46 PM - Software Distribution Service 3.0

RP1233: 1/17/2013 11:47:28 AM - System Checkpoint

RP1234: 1/18/2013 1:20:12 PM - System Checkpoint

RP1235: 1/21/2013 12:15:45 PM - System Checkpoint

RP1236: 1/22/2013 12:20:02 PM - System Checkpoint

RP1237: 1/23/2013 1:32:08 PM - System Checkpoint

RP1238: 1/24/2013 3:50:12 PM - System Checkpoint

RP1239: 1/25/2013 5:06:56 PM - System Checkpoint

RP1240: 1/28/2013 5:59:24 PM - System Checkpoint

RP1241: 1/30/2013 1:10:48 PM - System Checkpoint

RP1242: 1/31/2013 5:21:45 PM - System Checkpoint

RP1243: 2/1/2013 5:49:30 PM - System Checkpoint

RP1244: 2/4/2013 9:47:27 AM - System Checkpoint

RP1245: 2/5/2013 1:24:16 PM - System Checkpoint

RP1246: 2/6/2013 3:03:42 PM - System Checkpoint

RP1247: 2/7/2013 3:35:36 PM - System Checkpoint

RP1248: 2/8/2013 5:07:31 PM - System Checkpoint

RP1249: 2/11/2013 10:59:02 AM - System Checkpoint

RP1250: 2/12/2013 3:16:52 PM - System Checkpoint

RP1251: 2/13/2013 10:45:46 AM - Software Distribution Service 3.0

RP1252: 2/14/2013 2:51:25 PM - System Checkpoint

RP1253: 2/15/2013 4:57:38 PM - System Checkpoint

RP1254: 2/18/2013 2:45:04 PM - System Checkpoint

RP1255: 2/20/2013 8:27:45 AM - System Checkpoint

RP1256: 2/21/2013 10:17:51 AM - System Checkpoint

RP1257: 2/22/2013 12:38:03 PM - System Checkpoint

RP1258: 2/23/2013 12:41:48 PM - Installed AVG 2013

RP1259: 2/23/2013 12:41:59 PM - Removed AVG 2012

RP1260: 2/23/2013 12:42:31 PM - Installed AVG 2013

RP1261: 2/23/2013 12:45:02 PM - Removed AVG 2012

RP1262: 2/25/2013 12:03:31 PM - System Checkpoint

RP1263: 2/26/2013 3:06:46 PM - System Checkpoint

RP1264: 2/27/2013 4:50:58 PM - System Checkpoint

RP1265: 3/1/2013 11:16:00 AM - System Checkpoint

RP1266: 3/4/2013 10:28:23 AM - System Checkpoint

RP1267: 3/5/2013 11:41:12 AM - System Checkpoint

RP1268: 3/6/2013 12:38:21 PM - System Checkpoint

RP1269: 3/7/2013 12:42:29 PM - System Checkpoint

RP1270: 3/8/2013 12:47:38 PM - System Checkpoint

RP1271: 3/11/2013 2:52:46 PM - System Checkpoint

RP1272: 3/12/2013 3:48:23 PM - System Checkpoint

RP1273: 3/13/2013 4:55:03 PM - System Checkpoint

RP1274: 3/13/2013 7:35:38 PM - Software Distribution Service 3.0

RP1275: 3/14/2013 7:44:02 PM - System Checkpoint

RP1276: 3/18/2013 12:40:37 PM - System Checkpoint

RP1277: 3/19/2013 2:06:12 PM - System Checkpoint

RP1278: 3/20/2013 2:52:35 PM - System Checkpoint

RP1279: 3/21/2013 3:12:41 PM - System Checkpoint

RP1280: 3/21/2013 7:35:15 PM - Software Distribution Service 3.0

RP1281: 3/25/2013 1:02:07 PM - System Checkpoint

RP1282: 3/26/2013 3:47:27 PM - System Checkpoint

RP1283: 3/27/2013 7:50:38 PM - System Checkpoint

RP1284: 3/29/2013 8:48:37 AM - System Checkpoint

RP1285: 4/1/2013 10:47:00 AM - System Checkpoint

RP1286: 4/1/2013 6:22:52 PM - Removed ApproveIt Web Server - Client Software

RP1287: 4/1/2013 6:23:13 PM - Removed Atalasoft Components

RP1288: 4/1/2013 6:26:11 PM - Removed Bonjour

RP1289: 4/1/2013 6:28:10 PM - Removed NetAssistant

RP1290: 4/1/2013 7:09:59 PM - Restore Operation

RP1291: 4/1/2013 7:12:12 PM - Restore Operation

RP1292: 4/1/2013 8:38:20 PM - Installed Windows Internet Explorer 8.

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.4

ADP CTI Desktop

ADP Service Connect Web Chat

ADP Software Install Agent

ADPSecProfile

Apple Mobile Device Support

Apple Software Update

AVG 2013

Broadcom ASF Management Applications

Broadcom Management Programs

Choice Guard

Compatibility Pack for the 2007 Office system

CRUFL wsFunctions

Crystal_11r2sp1

Dell ETS Factory Installation

FC_PR_Acct_Update_45

FC_PR_Service_Update_452

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954434)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB958347)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

IBM iSeries Access for Windows

Intel® Matrix Storage Manager

Interlink Electronics ePad 7.54

iTunes

Java™ 6 Update 11

Junk Mail filter update

Lexmark Printer Software Uninstall

Lexmark Universal v2 Uninstaller

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Live Meeting 2007

Microsoft Office Professional Edition 2003

Microsoft Office Word Viewer 2003

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 2.0 SP3 Runtime

Mozilla Firefox 19.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB927977)

NVIDIA Drivers

Octoshape add-in for Adobe Flash Player

PowerDVD

PR Accounting Update 45

PR CarInk Update 45

PR Parts Update 45

PR Sales Update 45

PR Service Update 45

psqlODBC

QuickTime

Reynolds ERALink

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

ShowCase Suite 8.0

ShowCase Suite Client Update

TightVNC 1.2.9

Uninstall Helper

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

UUDeview for Windows

w.e.b.Suite 4.5 Managed Assemblies

w.e.b.Suite Launch Application

w.e.b.Suite Terminal Emulator 4.1.3.967

w.e.b.Suite Terminal Emulator VBA 4.1.3.952

w.e.b.Suite Terminal Emulator VBA Support

w.e.b.Suite View Client 4.5.193.0

w.e.b.Suite View Client 4.5.222.0

w.e.b.Suite2007 Preview

WebFldrs XP

webSuite PC CONFIG CONTROL

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Presentation Foundation

Windows Search 4.0

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

4/2/2013 10:27:19 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.

4/1/2013 7:17:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

4/1/2013 7:13:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver AVGIDSShim Avgldx86 Fips intelppm MRxSmb Rdbss

4/1/2013 7:13:46 PM, error: Service Control Manager [7023] - The Workstation service terminated with the following error: The system cannot find the file specified.

4/1/2013 7:13:46 PM, error: Service Control Manager [7023] - The Server service terminated with the following error: The system cannot find the file specified.

4/1/2013 7:13:46 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The system cannot find the file specified.

4/1/2013 7:13:46 PM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.

4/1/2013 7:13:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

4/1/2013 7:05:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

4/1/2013 7:05:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/30/2013 2:47:29 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 10.41.215.50. The machine with the IP address 10.41.215.167 did not allow the name to be claimed by this machine.

3/30/2013 12:48:44 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

3/29/2013 10:15:56 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DBTOAXYZ that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ACB9D870-3C41-4DB4-. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites
BrianLevy

BrianLevy

Posted
  • Author
Posted

Hi, and thanks for the help!!

I followed all instructions, but the first time I tried to run combofix, during the actually execution of the program (during the 'stages'), I got a BSOD (plug and play deteceted an error....etc...I do have the stop error copied down if needed). I restarted, and tried again, and it seemed to run.

I did try to open my IE window (forgot to mention in my original post the IE was also hosed...had to install mozilla to get this far), but it would not load any pages. I got an error saying that the page was unavailable.

Here is my combofix log:

ComboFix 13-04-02.01 - Brian 04/02/2013 17:06:12.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1569 [GMT -4:00]

Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe

AV: AVG Anti-Virus Business Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Anti-Virus Business Edition 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Documents\CURRENT MONTH RECAP SUMMARY.xls~RF2405bab.TMP

c:\documents and settings\All Users\Documents\CURRENT MONTH RECAP SUMMARY.xls~RF24a2b24.TMP

c:\documents and settings\Brian\Local Settings\Application Data\assembly\tmp

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

.

c:\windows\system32\drivers\i8042prt.sys . . . is missing!!

.

.

((((((((((((((((((((((((( Files Created from 2013-03-02 to 2013-04-02 )))))))))))))))))))))))))))))))

.

.

2013-04-02 14:40 . 2013-04-02 14:40 -------- d-----w- C:\ae5f3ce45a70cf008edc40bd3a1a64

2013-04-02 14:19 . 2013-04-02 14:19 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-04-02 14:08 . 2013-04-02 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-04-02 14:08 . 2012-12-14 20:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-02 01:03 . 2013-04-02 01:03 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\Mozilla

2013-04-02 01:01 . 2013-04-02 12:33 -------- d-----w- c:\program files\Mozilla Maintenance Service

2013-04-02 00:47 . 2013-04-02 00:54 -------- d-----w- C:\0f5ebfa42f3c2e16d2ae48b60e6651cf

2013-04-02 00:38 . 2009-10-29 07:46 78336 ----a-w- c:\windows\system32\ieencode.dll

2013-04-02 00:38 . 2009-10-29 07:46 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll

2013-04-02 00:21 . 2013-04-02 00:21 -------- d-----w- c:\documents and settings\Backup

2013-04-01 23:18 . 2013-04-01 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ClubSanDisk

2013-04-01 23:08 . 2013-04-01 23:08 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2013-04-01 23:08 . 2013-04-01 23:08 -------- d-----w- c:\documents and settings\Brian\Application Data\Yahoo!

2013-04-01 23:08 . 2013-04-01 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2013-04-01 22:31 . 2013-04-01 23:06 -------- d-----w- c:\documents and settings\Admin

2013-04-01 22:31 . 2013-04-02 21:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-04-01 22:21 . 2013-04-01 22:21 -------- d-----w- c:\program files\W3i

2013-04-01 22:21 . 2013-04-01 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i

2013-04-01 22:21 . 2013-04-01 23:08 -------- d-----w- c:\program files\Yahoo!

2013-04-01 22:19 . 2013-04-01 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\APN

2013-03-21 19:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys

2013-03-21 19:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys

2013-03-14 21:49 . 2013-03-14 21:51 -------- d-----w- c:\windows\system32\NtmsData

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-13 15:44 . 2012-04-03 12:52 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-13 15:44 . 2011-05-20 11:59 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-12 00:32 . 2008-04-25 16:16 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-01-26 03:55 . 2008-04-25 16:16 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:32 . 2008-04-25 16:16 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:45 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:32 . 2008-04-25 16:16 1876224 ----a-w- c:\windows\system32\win32k.sys

2013-03-07 14:31 . 2013-04-02 01:03 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2003-08-01 474624]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-28 13578240]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Check Version]

2005-06-08 09:30 45106 ----a-w- c:\program files\IBM\Client Access\cwbckver.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Express Welcome]

2005-06-08 09:30 20480 ----a-w- c:\program files\IBM\Client Access\cwbwlwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Help Update]

2005-06-08 09:30 24626 ----a-w- c:\program files\IBM\Client Access\cwbinhlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access PC5250 Sound]

2005-06-08 09:30 40960 ----a-w- c:\program files\IBM\Client Access\Emulator\pcssnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Service]

2005-06-08 09:30 20530 ----a-w- c:\program files\IBM\Client Access\cwbsvstr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2007-10-03 20:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-03-13 00:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-10-28 02:07 13578240 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2007-09-12 01:58 1015808 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-03-31 01:33 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\ADP\\webSuite View\\Client 4.5.193.0\\SW9C.EXE"=

"c:\\Program Files\\Reynolds\\ERALink\\wIntegSM.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\supportsoft\\bin\\sprtlisten.exe"=

"c:\\Program Files\\Common Files\\supportsoft\\bin\\ssrc.exe"=

"c:\\Program Files\\smartagent\\agent\\bin\\bcont.exe"=

"c:\\Program Files\\smartagent\\agent\\bin\\bcont_nm.exe"=

"c:\\Program Files\\smartagent\\bin\\sprtcmd.exe"=

"c:\\Program Files\\smartagent\\bin\\sprtsvc.exe"=

"c:\\Program Files\\smartagent\\bin\\tgshell.exe"=

"c:\\Program Files\\smartagent\\bin\\tgsrvc.exe"=

"c:\\Program Files\\ADP\\webSuite View\\Client 4.5.222.0\\SW9C.EXE"=

"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgwdsvc.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 55776]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 4:46 AM 177376]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 35552]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 179936]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 19936]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 159712]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 164832]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 3:30 PM 79168]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 2:05 PM 196664]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/1/2013 6:31 PM 40776]

S?2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/16/2012 12:34 AM 5814904]

S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [12/10/2012 12:11 PM 1342024]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/2/2013 10:08 AM 398184]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/2/2013 10:08 AM 682344]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/2/2013 10:19 AM 35144]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/2/2013 10:08 AM 21104]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMPROTECTOR

*NewlyCreated* - MBAMSCHEDULER

*NewlyCreated* - MBAMSERVICE

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:44]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: adp.com

Trusted Zone: adp.com\*.ds

Trusted Zone: adp.com\dsra1he.ds

Trusted Zone: adp.com\dsrac1he.ds

Trusted Zone: adp.com\dssda1he.ds

Trusted Zone: adp.com\dssda2he.ds

Trusted Zone: adpcrm.net.\multiautomall

Trusted Zone: adpremotesupport.com

Trusted Zone: adpremotesupport.com\www

Trusted Zone: autopartners.net\www

Trusted Zone: dmotorworks.com\www

Trusted Zone: ebizautos.com\cp

Trusted Zone: jmagroup.com

Trusted Zone: jmfamily.com

Trusted Zone: reyrey.com\www.gs

Trusted Zone: yahoo.com\www

TCP: Interfaces\{ACB9D870-3C41-4DB4-A49F-5477E9F5CC28}: NameServer = 10.41.215.253,12.127.12.71

DPF: CM_AdvancedCAB - hxxps://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB

DPF: Launcher - hxxp://dealer.jmagroup.com/jmfsdpweb/content/cabs/launcher.cab

DPF: ReyScanCab - hxxps://www.gs.reyrey.com/clientdll/ReyScan.cab

DPF: websignAx - hxxps://www.gmacdealer.com/gmacgdp/gmacscripts/accountaccess/websignax.cab

DPF: {00906302-0F14-442C-B39C-275F61BC25BC} - file://d:\autorun\atSdaCfg.CAB

DPF: {01118F00-3E00-11D2-8470-0060089874ED} - hxxp://dsra1he.ds.adp.com/sdccommon/download/ssrc.cab

DPF: {01119400-3E00-11D2-8470-0060089874ED} - hxxp://dsra1he.ds.adp.com/sdccommon/download/sprtctlln.cab

DPF: {061C4171-40E1-11D2-9311-0060979CAE91} - hxxp://207.186.35.1/paris/winjaxs/winjax.cab

DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} - file://d:\autorun\PC-CONFIG-CHECK.CAB

DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxps://cp.ebizautos.com/scripts/aurigma/ImageUploader7.cab

DPF: {80017034-D4F8-410D-9B03-0E713C34CEAD} - hxxp://www.gmdealerpulse.com/ChartfxInt62/download/ChartFX.ComIEClient.Core.cab

DPF: {CE840B8D-C389-4500-9ABB-24FBDB850F64} - hxxp://207.186.35.1/we/support/downloads/adpEIOSearcher.CAB

FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

Toolbar-Locked - (no file)

MSConfigStartUp-NetSP - restore settings on power failure - c:\program files\AT&T Global Network Client\NetSP.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-04-02 17:13

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2013-04-02 17:14:23

ComboFix-quarantined-files.txt 2013-04-02 21:14

.

Pre-Run: 50,003,255,296 bytes free

Post-Run: 51,263,602,688 bytes free

.

- - End Of File - - 519E302BC03D3E32AD41B9017290C233

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hi BrianLevy,

My apologies. I missed the email notification.

Please download to your Desktop SystemLook by jpshortstuff from here.

Double-click SystemLook.exe and copy and paste the content of the following codebox (starting with :filefind) into the main textfield and click the Look button to start the scan:

:filefind
i8042prt.sys

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt.

Link to post
Share on other sites
BrianLevy

BrianLevy

Posted
  • Author
Posted

Thanks again for the help.

Here is the systemlook file:

SystemLook 30.07.11 by jpshortstuff

Log created at 16:57 on 04/04/2013 by Brian

Administrator - Elevation successful

========== filefind ==========

Searching for "i8042prt.sys"

No files found.

-= EOF =-

I feel I should also let you know that I inadvertantly updated my system last night. I was in a rush to leave, and when I went to shutdown the PC, I forgot to stop the installation of windows update files. It tried to install 6 updates, 1 of which I know to be IE8. When I turned the PC on this morning, the windows update notification box came up with 2 updates it wants to install now. Cumulative update for IE7, and the IE8 upgrade (which of course means the IE8 upgrade failed last night, as it has been). This computer did have IE8 on it, but ever since this problem started, it no longer seems to be there...

Anyway, let me know what to do next...

Thanks!

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hey BrianLevy,

My apologies for the delay.

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites
BrianLevy

BrianLevy

Posted
  • Author
Posted

Here are the results:

OTL.TXT

OTL logfile created on: 4/8/2013 5:55:26 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Brian\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.76% Memory free

3.84 Gb Paging File | 3.20 Gb Available in Paging File | 83.15% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.43 Gb Total Space | 47.64 Gb Free Space | 64.01% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: PCTERM10 | User Name: Brian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/08 17:53:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTL.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe

PRC - [2012/12/10 12:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe

PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe

PRC - [2012/10/30 05:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe

PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe

PRC - [2012/10/22 14:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe

PRC - [2012/10/22 14:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe

PRC - [2011/11/02 14:40:52 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\smartagent\bin\sprtsvc.exe

PRC - [2011/11/02 14:40:42 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\smartagent\bin\tgsrvc.exe

PRC - [2008/04/23 14:27:56 | 000,132,680 | ---- | M] () -- C:\Program Files\ADP\webSuite TE\BZVBA.EXE

PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007/08/08 17:04:48 | 000,562,488 | ---- | M] (ADP Dealer Services) -- C:\Program Files\ADP\ADP CTI Desktop\Adp_Telephony.exe

PRC - [2007/06/20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

PRC - [2003/08/01 18:28:24 | 000,474,624 | ---- | M] (Constantin Kaplinsky) -- C:\Program Files\TightVNC\WinVNC.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/13 11:48:12 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll

MOD - [2013/01/10 10:24:05 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll

MOD - [2013/01/10 10:23:04 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll

MOD - [2013/01/10 10:22:59 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll

MOD - [2013/01/10 10:22:49 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll

MOD - [2013/01/10 10:22:32 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll

MOD - [2012/12/18 17:59:18 | 000,019,144 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll

MOD - [2009/07/20 11:31:41 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC\BWHostedApi\3.1.20.192__ead84896f9799c17\BWHostedApi.dll

MOD - [2008/04/23 14:27:56 | 000,132,680 | ---- | M] () -- C:\Program Files\ADP\webSuite TE\BZVBA.EXE

MOD - [2003/08/01 18:28:22 | 000,060,928 | ---- | M] () -- C:\Program Files\TightVNC\VNCHooks.dll

========== Services (SafeList) ==========

SRV - [2013/03/13 11:44:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/03/07 10:30:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/12/10 12:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)

SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2011/11/02 14:40:58 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)

SRV - [2011/11/02 14:40:52 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\smartagent\bin\sprtsvc.exe -- (sprtsvc_smartagent)

SRV - [2011/11/02 14:40:42 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\smartagent\bin\tgsrvc.exe -- (tgsrvc_smartagent)

SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2007/06/20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

SRV - [2003/08/01 18:28:24 | 000,474,624 | ---- | M] (Constantin Kaplinsky) [Auto | Running] -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Brian\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2013/04/05 18:25:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2013/04/02 10:19:06 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/11/16 00:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2012/10/22 14:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)

DRV - [2012/10/15 04:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)

DRV - [2012/10/02 04:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2012/09/21 04:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2012/09/21 04:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)

DRV - [2012/09/21 04:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)

DRV - [2012/09/14 04:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)

DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)

DRV - [2009/10/08 13:30:24 | 000,011,392 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)

DRV - [2007/09/11 22:23:54 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2007/09/11 21:58:28 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2007/06/20 15:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)

DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 31 24 A7 28 2F CE 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {7BE152FD-B6D8-4C85-B229-57A818230214}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{74D93B59-01DE-48F0-96D8-DAEB55254C2A}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130414,6901,0,8,0

IE - HKCU\..\SearchScopes\{7BE152FD-B6D8-4C85-B229-57A818230214}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/01 21:03:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/04/01 21:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brian\Application Data\Mozilla\Extensions

[2013/04/01 21:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/03/07 10:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/04/02 17:13:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.

O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [WinVNC] C:\Program Files\TightVNC\WinVNC.exe (Constantin Kaplinsky)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O15 - HKCU\..Trusted Domains: adp.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: adp.com ([*.ds] http in Trusted sites)

O15 - HKCU\..Trusted Domains: adp.com ([*.ds] https in Trusted sites)

O15 - HKCU\..Trusted Domains: adp.com ([dsra1he.ds] * in Trusted sites)

O15 - HKCU\..Trusted Domains: adp.com ([dsrac1he.ds] * in Trusted sites)

O15 - HKCU\..Trusted Domains: adp.com ([dssda1he.ds] * in Trusted sites)

O15 - HKCU\..Trusted Domains: adp.com ([dssda2he.ds] * in Trusted sites)

O15 - HKCU\..Trusted Domains: adpcrm.net. ([multiautomall] * in Trusted sites)

O15 - HKCU\..Trusted Domains: adpremotesupport.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: adpremotesupport.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: adpremotesupport.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: adpremotesupport.com ([www] * in Trusted sites)

O15 - HKCU\..Trusted Domains: autopartners.net ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: dmotorworks.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: ebizautos.com ([cp] https in Trusted sites)

O15 - HKCU\..Trusted Domains: jmagroup.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: jmfamily.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: reyrey.com ([www.gs] https in Trusted sites)

O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)

O15 - HKCU\..Trusted Ranges: adpRange1 ([*] in Trusted sites)

O15 - HKCU\..Trusted Ranges: adpRange2 ([*] in Trusted sites)

O15 - HKCU\..Trusted Ranges: adpRange3 ([*] in Trusted sites)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)

O16 - DPF: {00906302-0F14-442C-B39C-275F61BC25BC} file://D:\autorun\atSdaCfg.CAB (Reg Error: Key error.)

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://dsra1he.ds.adp.com/sdccommon/download/tgctlsi.cab (Reg Error: Key error.)

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://dsra1he.ds.adp.com/sdccommon/download/tgctlcm.cab (Reg Error: Key error.)

O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} http://dsra1he.ds.adp.com/sdccommon/download/ssrc.cab (Reg Error: Key error.)

O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} http://dsra1he.ds.adp.com/sdccommon/download/sprtctlln.cab (Reg Error: Key error.)

O16 - DPF: {061C4171-40E1-11D2-9311-0060979CAE91} http://207.186.35.1/paris/winjaxs/winjax.cab (SEAGULL WinJa ActiveX Client)

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} http://multiautomall.adpcrm.net./reports/cr/activexviewer92.cab (Crystal Report Viewer Control 9)

O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} file://D:\autorun\PC-CONFIG-CHECK.CAB (SysEngW2k Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1364862465375 (WUWebControl Class)

O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} https://cp.ebizautos.com/scripts/aurigma/ImageUploader7.cab (Image Uploader Control)

O16 - DPF: {80017034-D4F8-410D-9B03-0E713C34CEAD} http://www.gmdealerpulse.com/ChartfxInt62/download/ChartFX.ComIEClient.Core.cab (Chart Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CE840B8D-C389-4500-9ABB-24FBDB850F64} http://207.186.35.1/we/support/downloads/adpEIOSearcher.CAB (adpEIOSearcher.Searcher)

O16 - DPF: CM_AdvancedCAB https://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB (Reg Error: Key error.)

O16 - DPF: Launcher http://dealer.jmagroup.com/jmfsdpweb/content/cabs/launcher.cab (Reg Error: Key error.)

O16 - DPF: ReyScanCab https://www.gs.reyrey.com/clientdll/ReyScan.cab (Reg Error: Key error.)

O16 - DPF: websignAx https://www.gmacdealer.com/gmacgdp/gmacscripts/accountaccess/websignax.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACB9D870-3C41-4DB4-A49F-5477E9F5CC28}: NameServer = 10.41.215.253,12.127.12.71

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found

O18 - Protocol\Handler\mhtml - No CLSID value found

O18 - Protocol\Handler\wlmailhtml - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/08 17:54:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTL.exe

[2013/04/08 10:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\deliveries

[2013/04/05 09:05:10 | 000,000,000 | ---D | C] -- C:\e18bd55a6146299c2f34

[2013/04/03 09:12:02 | 000,000,000 | ---D | C] -- C:\550a13b0536b4efbf677d5afbc0e

[2013/04/02 16:52:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2013/04/02 16:46:35 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/04/02 16:44:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/04/02 16:44:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/04/02 16:44:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/04/02 16:44:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/04/02 16:43:45 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/04/02 16:43:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/04/02 16:39:47 | 005,046,606 | R--- | C] (Swearware) -- C:\Documents and Settings\Brian\Desktop\ComboFix.exe

[2013/04/02 15:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\My Documents\BlueZone

[2013/04/02 10:40:23 | 000,000,000 | ---D | C] -- C:\ae5f3ce45a70cf008edc40bd3a1a64

[2013/04/02 10:27:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brian\Start Menu\Programs\Administrative Tools

[2013/04/02 10:08:26 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/04/02 10:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/04/02 10:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/04/01 21:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\My Documents\Downloads

[2013/04/01 21:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla

[2013/04/01 21:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Mozilla

[2013/04/01 21:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2013/04/01 21:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla

[2013/04/01 21:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/04/01 20:47:52 | 000,000,000 | ---D | C] -- C:\0f5ebfa42f3c2e16d2ae48b60e6651cf

[2013/04/01 20:38:02 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll

[2013/04/01 20:38:02 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll

[2013/04/01 20:20:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7

[2013/04/01 19:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk

[2013/04/01 19:13:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2013/04/01 19:08:18 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin

[2013/04/01 19:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Yahoo!

[2013/04/01 19:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2013/04/01 18:31:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2013/04/01 18:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\W3i

[2013/04/01 18:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i

[2013/04/01 18:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uninstall Helper

[2013/04/01 18:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2013/04/01 18:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN

[2013/04/01 18:18:54 | 001,607,248 | ---- | C] (InstallX, LLC) -- C:\Documents and Settings\Brian\My Documents\7zip_installer_d162802.exe

[2013/03/21 15:06:23 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys

[2013/03/21 15:06:23 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys

[2013/03/14 17:49:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/08 17:53:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTL.exe

[2013/04/08 17:43:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/04/08 17:38:03 | 000,002,245 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\w.e.b.Suite.lnk

[2013/04/08 17:18:30 | 000,001,781 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr

[2013/04/08 09:05:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/04/08 09:05:26 | 000,201,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2013/04/08 09:04:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/04/05 18:25:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2013/04/02 17:13:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/04/02 16:46:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2013/04/02 16:39:48 | 005,046,606 | R--- | M] (Swearware) -- C:\Documents and Settings\Brian\Desktop\ComboFix.exe

[2013/04/02 10:40:13 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/04/02 10:19:06 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2013/04/01 20:51:59 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\linkfile_fix.zip

[2013/04/01 19:17:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/04/01 19:13:24 | 002,004,221 | ---- | M] () -- C:\WINDOWS\iis6.BAK

[2013/04/01 19:13:22 | 000,466,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/04/01 19:13:22 | 000,080,112 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/04/01 18:18:58 | 001,607,248 | ---- | M] (InstallX, LLC) -- C:\Documents and Settings\Brian\My Documents\7zip_installer_d162802.exe

[2013/03/13 11:44:30 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/03/13 11:44:30 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/02 16:46:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2013/04/02 16:46:41 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/04/02 16:44:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/04/02 16:44:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/04/02 16:44:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/04/02 16:44:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/04/02 16:44:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/04/02 10:19:06 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2013/04/01 20:51:59 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\linkfile_fix.zip

[2012/05/29 13:19:34 | 001,036,288 | ---- | C] ( ) -- C:\WINDOWS\System32\LMUD1Plang.dll

[2012/05/29 13:19:34 | 000,430,080 | ---- | C] ( ) -- C:\WINDOWS\System32\LMUD1Pcomc.dll

[2012/05/29 13:19:34 | 000,204,800 | ---- | C] ( ) -- C:\WINDOWS\System32\LMUD1Pinpa.dll

[2012/05/15 14:44:40 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\LexLog.dll

[2012/05/15 14:44:39 | 000,001,364 | ---- | C] () -- C:\WINDOWS\LMAAG2DD.ini

[2012/02/16 09:01:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/06/20 14:56:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brian\tilt2.zip

[2011/01/21 19:08:05 | 000,128,150 | ---- | C] () -- C:\Documents and Settings\Brian\att00044.jpg

[2011/01/21 19:08:05 | 000,109,166 | ---- | C] () -- C:\Documents and Settings\Brian\att00032.jpg

[2011/01/21 19:08:05 | 000,098,210 | ---- | C] () -- C:\Documents and Settings\Brian\att00047.jpg

[2011/01/21 19:08:05 | 000,088,670 | ---- | C] () -- C:\Documents and Settings\Brian\att00029.jpg

[2011/01/21 19:08:05 | 000,079,649 | ---- | C] () -- C:\Documents and Settings\Brian\att00014.jpg

[2011/01/21 19:08:05 | 000,075,611 | ---- | C] () -- C:\Documents and Settings\Brian\att00020.jpg

[2011/01/21 19:08:05 | 000,069,400 | ---- | C] () -- C:\Documents and Settings\Brian\att00038.jpg

[2011/01/21 19:08:05 | 000,067,496 | ---- | C] () -- C:\Documents and Settings\Brian\att00056.jpg

[2011/01/21 19:08:05 | 000,065,857 | ---- | C] () -- C:\Documents and Settings\Brian\att00053.jpg

[2011/01/21 19:08:05 | 000,063,874 | ---- | C] () -- C:\Documents and Settings\Brian\att00050.jpg

[2011/01/21 19:08:05 | 000,063,872 | ---- | C] () -- C:\Documents and Settings\Brian\att00008.jpg

[2011/01/21 19:08:05 | 000,062,645 | ---- | C] () -- C:\Documents and Settings\Brian\att00011.jpg

[2011/01/21 19:08:05 | 000,053,459 | ---- | C] () -- C:\Documents and Settings\Brian\att00005.jpg

[2011/01/21 19:08:05 | 000,049,780 | ---- | C] () -- C:\Documents and Settings\Brian\att00041.jpg

[2011/01/21 19:08:05 | 000,047,979 | ---- | C] () -- C:\Documents and Settings\Brian\att00026.jpg

[2011/01/21 19:08:05 | 000,045,958 | ---- | C] () -- C:\Documents and Settings\Brian\att00035.jpg

[2011/01/21 19:08:05 | 000,042,490 | ---- | C] () -- C:\Documents and Settings\Brian\att00059.jpg

[2011/01/21 19:08:05 | 000,030,388 | ---- | C] () -- C:\Documents and Settings\Brian\att00023.jpg

[2009/12/18 20:07:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brian\spbmobileshell3.5.2.exe

[2009/08/17 16:13:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brian\and

[2009/08/17 16:12:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brian\aoldnld.exe

[2009/08/17 16:12:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brian\documents and settings

[2009/06/25 13:38:42 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\fusioncache.dat

[2009/04/03 12:58:59 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/04/25 17:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 21:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/12/06 12:47:14 | 056,853,866 | ---- | M] () -- C:\B41.zip

[2012/04/02 10:24:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2013/04/02 16:46:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2013/04/02 17:14:24 | 000,017,018 | ---- | M] () -- C:\ComboFix.txt

[2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009/03/30 23:22:00 | 000,005,339 | RH-- | M] () -- C:\dell.sdr

[2008/11/05 17:50:36 | 001,735,175 | ---- | M] () -- C:\EA 8.0 PC Load Bulletin_PILOT.pdf

[2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS

[2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS

[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012/08/13 11:22:45 | 000,005,588 | ---- | M] () -- C:\ny_zips.txt

[2013/04/08 09:04:54 | 2144,907,264 | -HS- | M] () -- C:\pagefile.sys

[2013/04/02 10:51:26 | 000,000,359 | ---- | M] () -- C:\rkill.log

[2009/12/18 16:11:32 | 011,932,232 | ---- | M] () -- C:\spbmobileshell3.5.2.exe

[2011/06/20 14:47:40 | 237,193,950 | ---- | M] () -- C:\tilt2.zip

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-04-06 05:05:11

< End of report >

Here is the extras.txt:

OTL Extras logfile created on: 4/8/2013 5:55:26 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Brian\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.76% Memory free

3.84 Gb Paging File | 3.20 Gb Available in Paging File | 83.15% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.43 Gb Total Space | 47.64 Gb Free Space | 64.01% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: PCTERM10 | User Name: Brian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"" =

"C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe" = C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe:*:Enabled:sprtlisten.exe -- (SupportSoft, Inc.)

"C:\Program Files\Common Files\supportsoft\bin\ssrc.exe" = C:\Program Files\Common Files\supportsoft\bin\ssrc.exe:*:Enabled:ssrc.exe -- (SupportSoft, Inc.)

"C:\Program Files\smartagent\agent\bin\bcont.exe" = C:\Program Files\smartagent\agent\bin\bcont.exe:*:Enabled:bcont.exe -- (SupportSoft, Inc.)

"C:\Program Files\smartagent\agent\bin\bcont_nm.exe" = C:\Program Files\smartagent\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe -- (SupportSoft, Inc.)

"C:\Program Files\smartagent\bin\sprtcmd.exe" = C:\Program Files\smartagent\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe -- (SupportSoft, Inc.)

"C:\Program Files\smartagent\bin\sprtsvc.exe" = C:\Program Files\smartagent\bin\sprtsvc.exe:*:Enabled:sprtsvc.exe -- (SupportSoft, Inc.)

"C:\Program Files\smartagent\bin\tgshell.exe" = C:\Program Files\smartagent\bin\tgshell.exe:*:Enabled:tgshell.exe -- (SupportSoft, Inc.)

"C:\Program Files\smartagent\bin\tgsrvc.exe" = C:\Program Files\smartagent\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe -- (SupportSoft, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\ADP\webSuite View\Client 4.5.193.0\SW9C.EXE" = C:\Program Files\ADP\webSuite View\Client 4.5.193.0\SW9C.EXE:*:Enabled:w.e.b.Suite View Client 4.5.193.0 -- (Seagull Software)

"C:\Program Files\Reynolds\ERALink\wIntegSM.exe" = C:\Program Files\Reynolds\ERALink\wIntegSM.exe:*:Enabled:wIntegrate Session Manager -- (IBM Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe" = C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe:*:Enabled:sprtlisten.exe -- (SupportSoft, Inc.)

"C:\Program Files\Common Files\supportsoft\bin\ssrc.exe" = C:\Program Files\Common Files\supportsoft\bin\ssrc.exe:*:Enabled:ssrc.exe -- (SupportSoft, Inc.)

"C:\Program Files\smartagent\agent\bin\bcont.exe" = C:\Program Files\smartagent\agent\bin\bcont.exe:*:Enabled:bcont.exe -- (SupportSoft, Inc.)

"C:\Program Files\smartagent\agent\bin\bcont_nm.exe" = C:\Program Files\smartagent\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe -- (SupportSoft, Inc.)

"C:\Program Files\smartagent\bin\sprtcmd.exe" = C:\Program Files\smartagent\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe -- (SupportSoft, Inc.)

"C:\Program Files\smartagent\bin\sprtsvc.exe" = C:\Program Files\smartagent\bin\sprtsvc.exe:*:Enabled:sprtsvc.exe -- (SupportSoft, Inc.)

"C:\Program Files\smartagent\bin\tgshell.exe" = C:\Program Files\smartagent\bin\tgshell.exe:*:Enabled:tgshell.exe -- (SupportSoft, Inc.)

"C:\Program Files\smartagent\bin\tgsrvc.exe" = C:\Program Files\smartagent\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe -- (SupportSoft, Inc.)

"C:\Program Files\ADP\webSuite View\Client 4.5.222.0\SW9C.EXE" = C:\Program Files\ADP\webSuite View\Client 4.5.222.0\SW9C.EXE:*:Enabled:w.e.b.Suite View Client -- (ADP)

"C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE" = C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel -- (Microsoft Corporation)

"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2013\avgwdsvc.exe" = C:\Program Files\AVG\AVG2013\avgwdsvc.exe:*:Enabled:AVG Remote Administration -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call

"{02816956-413B-4B28-AE98-42DFB8F14E7C}" = w.e.b.Suite View Client 4.5.222.0

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0DEBB31B-6BD6-4A7F-AAA6-8E8837883513}" = w.e.b.Suite Terminal Emulator 4.1.3.967

"{12345678-1234-1234-1234-123456789013}" = w.e.b.Suite 4.5 Managed Assemblies

"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support

"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs

"{1817D973-1329-4CDF-84A8-91D7004535E2}" = Interlink Electronics ePad 7.54

"{1A4DA68B-3F53-49D6-8C96-B29F88206DB0}" = PR Parts Update 45

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013

"{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{26EBB7C9-688F-4C00-A7C6-03C1C08B98E9}" = ShowCase Suite 8.0

"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack

"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar

"{34B85F58-4EA1-40F2-A658-DA3CE5D19820}" = Reynolds ERALink

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36134792-3A23-4402-8CB2-250BC3C991B2}" = ADP CTI Desktop

"{3CF75B37-2164-4693-B125-AFE69F028762}" = w.e.b.Suite Terminal Emulator VBA 4.1.3.952

"{425625E5-EA6B-4C2A-9BCA-28087D3293BB}" = FC_PR_Service_Update_452

"{4633256F-8709-495F-B4D1-A022EFAE7C39}" = psqlODBC

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant

"{6061E918-18B4-4CFF-9D68-5E571BE2AFF7}" = ADPSecProfile

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{6F8CBBFB-7986-4140-91EC-D8C7F1EC8DF3}" = AVG 2013

"{6FFDFB77-F3A6-4A40-B7A8-0BC829738820}" = webSuite PC CONFIG CONTROL

"{7425B175-6E64-4ECF-B08B-422C3616DC7F}" = ADP Software Install Agent

"{7F6B0FE9-3CB9-459C-9581-63621791F6AC}" = PR CarInk Update 45

"{80537879-5B3D-42D7-A487-35A8445A1523}" = PR Service Update 45

"{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}" = Uninstall Helper

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8655B0DC-7E26-4E9F-9C6E-F274FD40FAD7}" = CRUFL wsFunctions

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97D92BA0-E266-4F69-956E-F457EFECF43B}" = Crystal_11r2sp1

"{9DD341CB-9263-4C29-885E-9DC83AF149D0}" = PR Parts Update 45

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BB0C25C1-131F-447D-B884-6BE6895A9FCC}" = PR Accounting Update 45

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BF0DF9FF-C36C-415D-B828-794C7980883C}" = PR Sales Update 45

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes

"{C38157B0-790E-4B60-A4F0-48775526C85D}" = w.e.b.Suite2007 Preview

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D5DCC4B8-EC8B-46B0-ABB0-0EFE994EAF65}" = PR Sales Update 45

"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials

"{DA29E51B-C709-4B1B-9D36-DD5AE694E26F}" = ADP Service Connect Web Chat

"{E47E0DE9-B8BA-424A-A715-8C559A5C89BD}" = FC_PR_Acct_Update_45

"{E4F3626E-1356-4315-BB58-6FE00B24009B}" = w.e.b.Suite Launch Application

"{E56D5DC8-4C73-44B1-B650-AAD75C7A2701}" = Broadcom ASF Management Applications

"{EC5619E7-D7BB-473D-845A-808D81D3FA79}" = ShowCase Suite Client Update

"{EDAF13BC-2ADA-4491-BCA2-972522907138}" = w.e.b.Suite Terminal Emulator VBA Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime

"{F5EA972A-C0D7-4588-A5ED-965FB3EB740F}" = w.e.b.Suite View Client 4.5.193.0

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery

"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"AVG" = AVG 2013

"ClientAccessExpress" = IBM iSeries Access for Windows

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{1817D973-1329-4CDF-84A8-91D7004535E2}" = Interlink Electronics ePad 7.54

"InstallShield_{EC5619E7-D7BB-473D-845A-808D81D3FA79}" = ShowCase Suite Client Update

"Lexmark Printer Software Uninstall" = Lexmark Printer Software Uninstall

"Lexmark Universal v2" = Lexmark Universal v2 Uninstaller

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"TightVNC_is1" = TightVNC 1.2.9

"Uninstall Helper 2.0.1.0" = Uninstall Helper

"UUDeview for Windows" = UUDeview for Windows

"WinLiveSuite_Wave3" = Windows Live Essentials

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 4/8/2013 2:15:13 PM | Computer Name = PCTERM10 | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/8/2013 2:15:13 PM | Computer Name = PCTERM10 | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/8/2013 2:38:05 PM | Computer Name = PCTERM10 | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/8/2013 2:38:05 PM | Computer Name = PCTERM10 | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/8/2013 3:54:13 PM | Computer Name = PCTERM10 | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/8/2013 3:54:13 PM | Computer Name = PCTERM10 | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/8/2013 4:20:05 PM | Computer Name = PCTERM10 | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/8/2013 4:20:05 PM | Computer Name = PCTERM10 | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/8/2013 5:49:13 PM | Computer Name = PCTERM10 | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/8/2013 5:49:13 PM | Computer Name = PCTERM10 | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]

Error - 4/4/2013 1:12:09 AM | Computer Name = PCTERM10 | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80242007: Internet Explorer 8 for Windows XP.

Error - 4/4/2013 1:12:09 AM | Computer Name = PCTERM10 | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x8007f205: Cumulative Security Update for Internet Explorer 7 for Windows

XP (KB2809289).

Error - 4/4/2013 8:20:34 AM | Computer Name = PCTERM10 | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 4/4/2013 8:20:34 AM | Computer Name = PCTERM10 | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 4/5/2013 9:03:41 AM | Computer Name = PCTERM10 | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 4/5/2013 9:03:41 AM | Computer Name = PCTERM10 | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 4/6/2013 1:05:15 AM | Computer Name = PCTERM10 | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80242007: Internet Explorer 8 for Windows XP.

Error - 4/6/2013 1:05:15 AM | Computer Name = PCTERM10 | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x8007f205: Cumulative Security Update for Internet Explorer 7 for Windows

XP (KB2809289).

Error - 4/8/2013 9:05:34 AM | Computer Name = PCTERM10 | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 4/8/2013 9:05:34 AM | Computer Name = PCTERM10 | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

< End of report >

Hey look, it all fit!!

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hey BrianLevy,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O15 - HKCU\..Trusted Domains: adp.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: adp.com ([*.ds] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: adp.com ([*.ds] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: adp.com ([dsra1he.ds] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: adp.com ([dsrac1he.ds] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: adp.com ([dssda1he.ds] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: adp.com ([dssda2he.ds] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: adpcrm.net. ([multiautomall] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: adpremotesupport.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: adpremotesupport.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: adpremotesupport.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: adpremotesupport.com ([www] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: autopartners.net ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: dmotorworks.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ebizautos.com ([cp] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: jmagroup.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: jmfamily.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: reyrey.com ([www.gs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Ranges: adpRange1 (
  • in Trusted sites)
    O15 - HKCU\..Trusted Ranges: adpRange2 (
  • in Trusted sites)
    O15 - HKCU\..Trusted Ranges: adpRange3 (
  • in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 (
  • in Trusted sites)
    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

What issues remain?

Link to post
Share on other sites
BrianLevy

BrianLevy

Posted
  • Author
Posted

I am just wondering...I am staring at the OTL screen, and it has been on "killing processes. Do not interrupt..." But ot has been likw that withoit any indication it is progressing, and has been like that for the last 15 minutes... Is there any way to tell if this is working, or if it is stuck?

Link to post
Share on other sites
BrianLevy

BrianLevy

Posted
  • Author
Posted

I let it sit over night, but the PC was locked up as I left it with the OTL screen. I had to do a hard reboot, and all appears to be unchanged. I am still unable to use IE (it opens, then when I try to go to ANY site, it freezes), desktop shortcuts still do not work normally (have to right click and choose 'open' to use them), and Malwarebytes still gives error 372 when you try to run it.

I pasted from ":OTL: to "[EmptyTemp]" into the custom scan/fixes area, and OTL never got beyond the "Killing processes" screen. It appeared to me to lock up from the start...even the clock was frozen. I did not disable anything when I ran it, so maybe I was unprepared?

I will await further instructions...

Link to post
Share on other sites
BrianLevy

BrianLevy

Posted
  • Author
Posted

I am sorry, but I don't understand. I DID try OTL, and it locked up my PC. Did I do it correctly?

I pasted the whole area in your post from ":OTL" to "[EmptyTemp]" into OTL, then hit the red "Run Fix" button. OTL had the message "Killing Processes...DO NOT INTERRUPT" on the bottom, but nothing happened. I let it be until this morning...it was still exactly the same...and the time on the clock had not changed either, so I had to do a hard boot.

Is there something else I am missing?

Link to post
Share on other sites
BrianLevy

BrianLevy

Posted
  • Author
Posted

Hi Again,

Well, instead of waiting for more instructions I took it upon myself to try and run this in safe mode. It did run. I am not sure if it did everything it was supposed to.

IE still does not work...any page I type into the address bar does nothing. it does not seem to try and connect. it just stares at me, and I have to kill the app in task manager. Malwarebytes still gives error 372 when I try to run it. Desktop shortcuts still do not open with a double click (EXCEPT for IE, which opens RIGHT up).

So I ran OTL with the fix pasted into it. It did generate the file. I RAN THIS IN SAFE MODE, SO I AM NOT SURE IT DID WHAT IT WAS INTENDED TO DO (IT WILL NOT RUN IN NORMAL MODE).

Here is the log file.

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adp.com\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adp.com\*.ds\ not found.

Invalid CLSID key: *.ds

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adp.com\*.ds\ not found.

Invalid CLSID key: *.ds

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adp.com\dsra1he.ds\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adp.com\dsrac1he.ds\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adp.com\dssda1he.ds\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adp.com\dssda2he.ds\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adpcrm.net.\multiautomall\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adpremotesupport.com\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adpremotesupport.com\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adpremotesupport.com\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adpremotesupport.com\www\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\autopartners.net\www\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dmotorworks.com\www\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ebizautos.com\cp\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jmagroup.com\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jmfamily.com\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\reyrey.com\www.gs\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\www\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\adpRange1\\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\adpRange2\\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\adpRange3\\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Admin

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 78991 bytes

->FireFox cache emptied: 1763887 bytes

->Flash cache emptied: 41620 bytes

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: All Users.WINDOWS

User: All Users.WINNT

User: Backup

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 41620 bytes

User: Brian

->Temp folder emptied: 449997 bytes

->Temporary Internet Files folder emptied: 9528905 bytes

->Java cache emptied: 917778 bytes

->FireFox cache emptied: 61748868 bytes

->Flash cache emptied: 1241354 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 41620 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: NOT Brian

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 13037 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 72.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04102013_182307

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hey BrianLevy,

Please download to the Desktop RogueKiller (by tigzy).

  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

Link to post
Share on other sites
BrianLevy

BrianLevy

Posted
  • Author
Posted

Ran without a problem.

Here is the Report:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Brian [Admin rights]

Mode : Scan -- Date : 04/11/2013 09:25:00

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] biclient.exe -- C:\Documents and Settings\Brian\Local Settings\temp\biclient.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{ACB9D870-3C41-4DB4-A49F-5477E9F5CC28} : NameServer (10.41.215.253,12.127.12.71) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{ACB9D870-3C41-4DB4-A49F-5477E9F5CC28} : NameServer (10.41.215.253,12.127.12.71) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380815AS +++++

--- User ---

[MBR] 3c52440d5bf507ed3659621ffacf055c

[bSP] 33011a5e6af84273cc2c64e92fc9f6b2 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 76214 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04112013_02d0925.txt >>

RKreport[1]_S_04112013_02d0925.txt

Link to post
Share on other sites
BrianLevy

BrianLevy

Posted
  • Author
Posted

I know that we are not supposed to do things on our own here, however, when I ran RogueKiller this morning, all went as expected. When I tried to close it, it asked me if I am sure because I had not deleted anything yet. So I took it upon myself to hit the delete button. I could see no change to anything after it deleted whatever it deleted. Here is the log:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Brian [Admin rights]

Mode : Remove -- Date : 04/11/2013 09:38:33

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] biclient.exe -- C:\Documents and Settings\Brian\Local Settings\temp\biclient.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{ACB9D870-3C41-4DB4-A49F-5477E9F5CC28} : NameServer (10.41.215.253,12.127.12.71) -> NOT REMOVED, USE DNSFIX

[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{ACB9D870-3C41-4DB4-A49F-5477E9F5CC28} : NameServer (10.41.215.253,12.127.12.71) -> NOT REMOVED, USE DNSFIX

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380815AS +++++

--- User ---

[MBR] 3c52440d5bf507ed3659621ffacf055c

[bSP] 33011a5e6af84273cc2c64e92fc9f6b2 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 76214 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_04112013_02d0938.txt >>

RKreport[1]_S_04112013_02d0925.txt ; RKreport[2]_D_04112013_02d0938.txt

As I mentioned above, nothing appears to be resolved yet. All of my symptoms still exist...I will await further instructions.

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hey BrianLevy,

Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif
  • Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select Run as administrator).

  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
  • on the next button.
  • Click on the "Export scan results to XML file".
  • Save that file to your Desktop and zip and attach it in your next reply.

Link to post
Share on other sites
BrianLevy

BrianLevy

Posted
  • Author
Posted

Hello,

Your instructions did not exactly match what I saw. After it ran the scan, there was no drop down menu anywhere. It took me to a screen where I was able to activate a 30 day license. When I clicked next, it removed all of what it found....I was unable to select 'ignore all' anywhere. I also did not see the option to export the log file...it only gave me an option to save it. I have 2 logs, one before it removed whatever it removed, and one after. I will post the one after, but if you need the other one, let me know.

One other thing. It identified (and I fear removed) a component of a program that I know to be installed on my PC purposefully. The program is called Tight VNC. I may have to reinstall that program when we are done, but for now, if it needs to be removed/fixed, that is OK.

Here is the log AFTER it removed whatever....


HitmanPro 3.7.3.194
www.hitmanpro.com

   Computer name . . . . : PCTERM10
   Windows . . . . . . . : 5.1.3.2600.X86/2
   User name . . . . . . : PCTERM10\Brian
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-04-15 08:56:06
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 42s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 230

   Objects scanned . . . : 621,627
   Files scanned . . . . : 28,965
   Remnants scanned  . . : 120,957 files / 471,705 keys

Malware _____________________________________________________________________

   C:\Program Files\TightVNC\VNCHooks.dll -> PendingDelete
	  Size . . . . . . . : 60,928 bytes
	  Age  . . . . . . . : 3544.6 days (2003-08-01 18:28:22)
	  Entropy  . . . . . : 6.3
	  SHA-256  . . . . . : DCC8C5F0657BC4C5955E9C6CF18BE4A1255F7F8B19B8042584C33230B76E1518
    > Emsisoft . . . . . : RemoteAccess.Win32.TightVNC.AMN!A2
	  Fuzzy  . . . . . . : 105.0


Cookies _____________________________________________________________________

   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:247realmedia.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:a1.interclick.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ad.360yield.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ad.yieldmanager.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:adbrite.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:adinterax.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:adlegend.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.advertisespace.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.bleepingcomputer.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.bridgetrack.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.creative-serving.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.foodbuzz.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.intergi.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.ookla.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.p161.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.pointroll.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.pubmatic.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.saymedia.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.shorttail.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.simonandschuster.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.undertone.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ads.xda-developers.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:adserver.adreactor.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:adserver.adtechus.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:adserving.autotrader.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:adtech.de
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:adtechus.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:advertising.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:afaservice.122.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:aka-cdn-ns.adtech.de
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:apmebf.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ar.atwola.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:at.atwola.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:atdmt.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:atwola.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:avgtechnologies.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:bs.serving-sys.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:burstnet.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:c.atdmt.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:c1.atdmt.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:care2.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:carfax.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:casalemedia.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:citi.bridgetrack.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:collective-media.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:dmtracker.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:doubleclick.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:draftfcb.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ehg.hitbox.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:emjcd.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:evite.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:fastclick.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:gmcnglobal.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:gmfleet.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:gmgmacmortgage.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:htc.122.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:idgenterprise.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:in.getclicky.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:interclick.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:invitemedia.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:kontera.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:lexmark.122.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:linksynergy.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:media6degrees.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:mediaplex.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:medicaldevicelink.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:microsoftsto.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:mm.chitika.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:msnbc.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:network.realmedia.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:oasc09.247realmedia.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:oasc10.247realmedia.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:overture.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:paypal.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:pointroll.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:premiumtv.122.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:prnewswire.122.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:questionmarket.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:realmedia.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:revsci.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:ru4.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:scdn.uc.atwola.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:seescandyshops.112.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:server.cpmstar.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:serving-sys.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:specificclick.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:statcounter.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:stats.aatrk.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:stats.adotube.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:stats.dallasnews.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:stats.ebay.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:stats.paypal.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:statse.webtrendslive.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:subwayfranchiseeadvertising.122.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:survey.g.doubleclick.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:t1.trackalyzer.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:testdata.coremetrics.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:timeinc.122.2o7.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:track.adform.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:trackalyzer.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:trafficmp.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:tribalfusion.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:uol.realmedia.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:www.burstnet.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:www.emjcd.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:www.googleadservices.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:xiti.com
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:yadro.ru
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:yieldmanager.net
   C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\ig9zvhbz.default\cookies.sqlite:zedo.com
   C:\Documents and Settings\Brian\Cookies\09GGA7N8.txt
   C:\Documents and Settings\Brian\Cookies\0MP9ZZFO.txt
   C:\Documents and Settings\Brian\Cookies\0UFOL66P.txt
   C:\Documents and Settings\Brian\Cookies\1D43PVFK.txt
   C:\Documents and Settings\Brian\Cookies\1M1QHB9N.txt
   C:\Documents and Settings\Brian\Cookies\1SM1OP2E.txt
   C:\Documents and Settings\Brian\Cookies\1U5PIVOK.txt
   C:\Documents and Settings\Brian\Cookies\1YYV5TH2.txt
   C:\Documents and Settings\Brian\Cookies\225YOV5C.txt
   C:\Documents and Settings\Brian\Cookies\27CU1Z7Z.txt
   C:\Documents and Settings\Brian\Cookies\2EHST0GE.txt
   C:\Documents and Settings\Brian\Cookies\2N9DT9V0.txt
   C:\Documents and Settings\Brian\Cookies\2UK6ZW7D.txt
   C:\Documents and Settings\Brian\Cookies\3WC5PXSV.txt
   C:\Documents and Settings\Brian\Cookies\3WFSD6VP.txt
   C:\Documents and Settings\Brian\Cookies\43T6D9KU.txt
   C:\Documents and Settings\Brian\Cookies\4KSN0E1M.txt
   C:\Documents and Settings\Brian\Cookies\4Y19MR60.txt
   C:\Documents and Settings\Brian\Cookies\5M2F1WMW.txt
   C:\Documents and Settings\Brian\Cookies\5PB5F5L3.txt
   C:\Documents and Settings\Brian\Cookies\5TSYZ2P5.txt
   C:\Documents and Settings\Brian\Cookies\61FC9FSS.txt
   C:\Documents and Settings\Brian\Cookies\61V4RSMW.txt
   C:\Documents and Settings\Brian\Cookies\6Z0SCG6C.txt
   C:\Documents and Settings\Brian\Cookies\7NB72LYN.txt
   C:\Documents and Settings\Brian\Cookies\846F6HKE.txt
   C:\Documents and Settings\Brian\Cookies\8DQCAYQW.txt
   C:\Documents and Settings\Brian\Cookies\9CADWQWO.txt
   C:\Documents and Settings\Brian\Cookies\9D6FRYTL.txt
   C:\Documents and Settings\Brian\Cookies\9UMFY6LE.txt
   C:\Documents and Settings\Brian\Cookies\A73RCIPB.txt
   C:\Documents and Settings\Brian\Cookies\B4XXQLAN.txt
   C:\Documents and Settings\Brian\Cookies\B9DQPTRE.txt
   C:\Documents and Settings\Brian\Cookies\BP1W7TBJ.txt
   C:\Documents and Settings\Brian\Cookies\BQTWJ26T.txt
   C:\Documents and Settings\Brian\Cookies\BRNLGTN9.txt
   C:\Documents and Settings\Brian\Cookies\BZC2GMKZ.txt
   C:\Documents and Settings\Brian\Cookies\C3UYRY5R.txt
   C:\Documents and Settings\Brian\Cookies\CEKZTZKX.txt
   C:\Documents and Settings\Brian\Cookies\CHI414A1.txt
   C:\Documents and Settings\Brian\Cookies\CYWK3WIR.txt
   C:\Documents and Settings\Brian\Cookies\D0JWIWNX.txt
   C:\Documents and Settings\Brian\Cookies\D8PBQ4C4.txt
   C:\Documents and Settings\Brian\Cookies\DHV2F4O9.txt
   C:\Documents and Settings\Brian\Cookies\EQTEUIXH.txt
   C:\Documents and Settings\Brian\Cookies\ET0J3S1L.txt
   C:\Documents and Settings\Brian\Cookies\F5HL71D5.txt
   C:\Documents and Settings\Brian\Cookies\F7D6OXHV.txt
   C:\Documents and Settings\Brian\Cookies\F8X6O052.txt
   C:\Documents and Settings\Brian\Cookies\FMH9B2RZ.txt
   C:\Documents and Settings\Brian\Cookies\FRSYTVXY.txt
   C:\Documents and Settings\Brian\Cookies\FYN0GGMH.txt
   C:\Documents and Settings\Brian\Cookies\FZN13HGH.txt
   C:\Documents and Settings\Brian\Cookies\G22HV8WE.txt
   C:\Documents and Settings\Brian\Cookies\HBEP2VZF.txt
   C:\Documents and Settings\Brian\Cookies\HE0WHO0X.txt
   C:\Documents and Settings\Brian\Cookies\HJP8U347.txt
   C:\Documents and Settings\Brian\Cookies\HR9QERE9.txt
   C:\Documents and Settings\Brian\Cookies\HZ66VAVO.txt
   C:\Documents and Settings\Brian\Cookies\ILAJ23A1.txt
   C:\Documents and Settings\Brian\Cookies\JD8GN6G8.txt
   C:\Documents and Settings\Brian\Cookies\KAE353FC.txt
   C:\Documents and Settings\Brian\Cookies\KBBBP59G.txt
   C:\Documents and Settings\Brian\Cookies\KEHNPEND.txt
   C:\Documents and Settings\Brian\Cookies\KP3DZDGF.txt
   C:\Documents and Settings\Brian\Cookies\KTA5M9CG.txt
   C:\Documents and Settings\Brian\Cookies\LAWYJYFJ.txt
   C:\Documents and Settings\Brian\Cookies\LHJS1D29.txt
   C:\Documents and Settings\Brian\Cookies\LM0V3CHJ.txt
   C:\Documents and Settings\Brian\Cookies\LVSJOCSF.txt
   C:\Documents and Settings\Brian\Cookies\MGT6ECR9.txt
   C:\Documents and Settings\Brian\Cookies\MLQO7OBY.txt
   C:\Documents and Settings\Brian\Cookies\MP958USM.txt
   C:\Documents and Settings\Brian\Cookies\MYV4B3HL.txt
   C:\Documents and Settings\Brian\Cookies\N4HXTNV7.txt
   C:\Documents and Settings\Brian\Cookies\N8J2NZF1.txt
   C:\Documents and Settings\Brian\Cookies\NA916GET.txt
   C:\Documents and Settings\Brian\Cookies\NFM4ZO5V.txt
   C:\Documents and Settings\Brian\Cookies\O5JDOY48.txt
   C:\Documents and Settings\Brian\Cookies\OEHQ73B5.txt
   C:\Documents and Settings\Brian\Cookies\OL9YGGKJ.txt
   C:\Documents and Settings\Brian\Cookies\OLEW3PAD.txt
   C:\Documents and Settings\Brian\Cookies\OLUM4042.txt
   C:\Documents and Settings\Brian\Cookies\OPAD55DR.txt
   C:\Documents and Settings\Brian\Cookies\P18FXKJG.txt
   C:\Documents and Settings\Brian\Cookies\P82HPQDQ.txt
   C:\Documents and Settings\Brian\Cookies\PSUY5UDT.txt
   C:\Documents and Settings\Brian\Cookies\RFZ67C7E.txt
   C:\Documents and Settings\Brian\Cookies\RGIJGERT.txt
   C:\Documents and Settings\Brian\Cookies\RKS2NJ8T.txt
   C:\Documents and Settings\Brian\Cookies\RMCI77MX.txt
   C:\Documents and Settings\Brian\Cookies\RPF5AVLC.txt
   C:\Documents and Settings\Brian\Cookies\RVQ3D7XK.txt
   C:\Documents and Settings\Brian\Cookies\T3KL51R0.txt
   C:\Documents and Settings\Brian\Cookies\TETL1PI2.txt
   C:\Documents and Settings\Brian\Cookies\TLSZWOP3.txt
   C:\Documents and Settings\Brian\Cookies\TYV267S8.txt
   C:\Documents and Settings\Brian\Cookies\UAB6BGAN.txt
   C:\Documents and Settings\Brian\Cookies\UTH8GWRE.txt
   C:\Documents and Settings\Brian\Cookies\V2TBGA0W.txt
   C:\Documents and Settings\Brian\Cookies\VO4LDRFA.txt
   C:\Documents and Settings\Brian\Cookies\VPOP7SGT.txt
   C:\Documents and Settings\Brian\Cookies\WAGGT0FG.txt
   C:\Documents and Settings\Brian\Cookies\WKSIOIKQ.txt
   C:\Documents and Settings\Brian\Cookies\WSEFPSOZ.txt
   C:\Documents and Settings\Brian\Cookies\X3TCTHSW.txt
   C:\Documents and Settings\Brian\Cookies\XED5NNC4.txt
   C:\Documents and Settings\Brian\Cookies\XH8XJJXP.txt
   C:\Documents and Settings\Brian\Cookies\XS98AD67.txt
   C:\Documents and Settings\Brian\Cookies\YOHMTCI1.txt
   C:\Documents and Settings\Brian\Cookies\Z6IOCAEZ.txt
   C:\Documents and Settings\Brian\Cookies\ZABHTUWY.txt
   C:\Documents and Settings\Brian\Cookies\ZEQ9ELBV.txt
   C:\Documents and Settings\Brian\Cookies\ZSAUI1XB.txt
   C:\Documents and Settings\Brian\Cookies\ZWX1AGWW.txt


Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Good morning BrianLevy,

Please download TDSSKiller:

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Save it in this folder: C:\Program Files\Malwarebytes Anti-Malware\Chameleon

=====

Then, please do the following to install Chameleon:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

=====

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click Change parameters.
  • Make sure you check the box Loaded modules.
  • A window will popup and say Reboot is required. Please click Reboot now.
  • Then click Change parameters again. Check the box Detect TDLFS file system.
  • Click on the Start Scan button.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue. tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue. tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button.
  • Once the tool has finished, please click Report. Please copy and paste the contents of that log in your reply.
    Note: A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).

Link to post
Share on other sites
BrianLevy

BrianLevy

Posted
  • Author
Posted

I followed your directions, however, after I ran the command in the 'run' box, I did not get a dos window...it just opened up an instance of windows explorer into the Chameleon directory. I did continue as you instructed from that point. Here is my log (nothing found suspicious or infected) (I have to cut the log into 2 parts...it is too long):

17:47:35.0625 3144 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

17:47:37.0640 3144 ============================================================

17:47:37.0656 3144 Current date / time: 2013/04/16 17:47:37.0640

17:47:37.0656 3144 SystemInfo:

17:47:37.0656 3144

17:47:37.0656 3144 OS Version: 5.1.2600 ServicePack: 3.0

17:47:37.0656 3144 Product type: Workstation

17:47:37.0656 3144 ComputerName: PCTERM10

17:47:37.0656 3144 UserName: Brian

17:47:37.0656 3144 Windows directory: C:\WINDOWS

17:47:37.0656 3144 System windows directory: C:\WINDOWS

17:47:37.0656 3144 Processor architecture: Intel x86

17:47:37.0656 3144 Number of processors: 2

17:47:37.0656 3144 Page size: 0x1000

17:47:37.0656 3144 Boot type: Normal boot

17:47:37.0656 3144 ============================================================

17:47:38.0343 3144 BG loaded

17:47:38.0859 3144 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:47:38.0875 3144 ============================================================

17:47:38.0875 3144 \Device\Harddisk0\DR0:

17:47:38.0906 3144 MBR partitions:

17:47:38.0906 3144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x94DB4F4

17:47:38.0906 3144 ============================================================

17:47:39.0203 3144 C: <-> \Device\Harddisk0\DR0\Partition1

17:47:39.0203 3144 ============================================================

17:47:39.0203 3144 Initialize success

17:47:39.0203 3144 ============================================================

17:48:02.0593 2704 ============================================================

17:48:02.0593 2704 Scan started

17:48:02.0593 2704 Mode: Manual; TDLFS;

17:48:02.0593 2704 ============================================================

17:48:02.0671 2704 ================ Scan system memory ========================

17:48:02.0671 2704 System memory - ok

17:48:02.0671 2704 ================ Scan services =============================

17:48:02.0890 2704 Abiosdsk - ok

17:48:02.0906 2704 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

17:48:02.0906 2704 abp480n5 - ok

17:48:02.0921 2704 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:48:02.0937 2704 ACPI - ok

17:48:02.0937 2704 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

17:48:02.0937 2704 ACPIEC - ok

17:48:02.0968 2704 [ DE25FC7DE3A464E455C0D0012757B0AC ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys

17:48:02.0968 2704 ADIHdAudAddService - ok

17:48:03.0000 2704 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

17:48:03.0015 2704 AdobeFlashPlayerUpdateSvc - ok

17:48:03.0046 2704 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys

17:48:03.0046 2704 adpu160m - ok

17:48:03.0062 2704 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

17:48:03.0062 2704 aec - ok

17:48:03.0125 2704 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

17:48:03.0125 2704 AFD - ok

17:48:03.0140 2704 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys

17:48:03.0140 2704 agp440 - ok

17:48:03.0140 2704 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

17:48:03.0140 2704 agpCPQ - ok

17:48:03.0140 2704 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys

17:48:03.0140 2704 Aha154x - ok

17:48:03.0140 2704 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys

17:48:03.0140 2704 aic78u2 - ok

17:48:03.0156 2704 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys

17:48:03.0156 2704 aic78xx - ok

17:48:03.0171 2704 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

17:48:03.0187 2704 Alerter - ok

17:48:03.0203 2704 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

17:48:03.0203 2704 ALG - ok

17:48:03.0218 2704 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys

17:48:03.0218 2704 AliIde - ok

17:48:03.0218 2704 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys

17:48:03.0218 2704 alim1541 - ok

17:48:03.0234 2704 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys

17:48:03.0234 2704 amdagp - ok

17:48:03.0250 2704 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys

17:48:03.0250 2704 amsint - ok

17:48:03.0296 2704 [ 367592EFCA7FF8B4CE11AB6B0744E1E2 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

17:48:03.0296 2704 Apple Mobile Device - ok

17:48:03.0328 2704 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

17:48:03.0328 2704 AppMgmt - ok

17:48:03.0328 2704 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys

17:48:03.0328 2704 asc - ok

17:48:03.0328 2704 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys

17:48:03.0328 2704 asc3350p - ok

17:48:03.0328 2704 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys

17:48:03.0328 2704 asc3550 - ok

17:48:03.0359 2704 [ 6295DD28D0ECBC4E6E450C279FEF5ED9 ] ASFIPmon C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

17:48:03.0359 2704 ASFIPmon - ok

17:48:03.0421 2704 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

17:48:03.0453 2704 aspnet_state - ok

17:48:03.0453 2704 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:48:03.0453 2704 AsyncMac - ok

17:48:03.0468 2704 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

17:48:03.0468 2704 atapi - ok

17:48:03.0468 2704 Atdisk - ok

17:48:03.0515 2704 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:48:03.0515 2704 Atmarpc - ok

17:48:03.0546 2704 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

17:48:03.0546 2704 AudioSrv - ok

17:48:03.0562 2704 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

17:48:03.0562 2704 audstub - ok

17:48:03.0593 2704 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

17:48:03.0593 2704 Avgfwdx - ok

17:48:03.0593 2704 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

17:48:03.0593 2704 Avgfwfd - ok

17:48:03.0687 2704 [ D0BE22C910E46550C6308D50DDA76B94 ] avgfws C:\Program Files\AVG\AVG2013\avgfws.exe

17:48:03.0687 2704 avgfws - ok

17:48:03.0843 2704 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe

17:48:03.0875 2704 AVGIDSAgent - ok

17:48:03.0921 2704 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

17:48:03.0921 2704 AVGIDSDriver - ok

17:48:03.0921 2704 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys

17:48:03.0937 2704 AVGIDSHX - ok

17:48:03.0937 2704 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

17:48:03.0937 2704 AVGIDSShim - ok

17:48:03.0968 2704 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys

17:48:03.0968 2704 Avgldx86 - ok

17:48:03.0984 2704 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys

17:48:04.0000 2704 Avglogx - ok

17:48:04.0000 2704 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

17:48:04.0000 2704 Avgmfx86 - ok

17:48:04.0031 2704 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

17:48:04.0031 2704 Avgrkx86 - ok

17:48:04.0031 2704 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys

17:48:04.0031 2704 Avgtdix - ok

17:48:04.0062 2704 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe

17:48:04.0062 2704 avgwd - ok

17:48:04.0093 2704 [ 255284C2475588F79EDEA559D8D110F7 ] avpnnic C:\WINDOWS\system32\DRIVERS\avpnnic.sys

17:48:04.0093 2704 avpnnic - ok

17:48:04.0125 2704 [ D0692F7B8217E3B82D2BFAC535816117 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys

17:48:04.0125 2704 b57w2k - ok

17:48:04.0140 2704 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

17:48:04.0140 2704 BASFND - ok

17:48:04.0156 2704 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

17:48:04.0156 2704 Beep - ok

17:48:04.0187 2704 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

17:48:04.0234 2704 BITS - ok

17:48:04.0250 2704 [ 34F2F5B6A6D28B8FB872DFD57C5323AC ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe

17:48:04.0250 2704 Brother XP spl Service - ok

17:48:04.0281 2704 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

17:48:04.0281 2704 Browser - ok

17:48:04.0359 2704 catchme - ok

17:48:04.0375 2704 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

17:48:04.0375 2704 cbidf - ok

17:48:04.0375 2704 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

17:48:04.0375 2704 cbidf2k - ok

17:48:04.0390 2704 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

17:48:04.0390 2704 cd20xrnt - ok

17:48:04.0406 2704 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

17:48:04.0406 2704 Cdaudio - ok

17:48:04.0421 2704 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

17:48:04.0421 2704 Cdfs - ok

17:48:04.0437 2704 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:48:04.0437 2704 Cdrom - ok

17:48:04.0453 2704 Changer - ok

17:48:04.0468 2704 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

17:48:04.0468 2704 CiSvc - ok

17:48:04.0484 2704 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

17:48:04.0484 2704 ClipSrv - ok

17:48:04.0500 2704 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:48:04.0531 2704 clr_optimization_v2.0.50727_32 - ok

17:48:04.0546 2704 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys

17:48:04.0546 2704 CmdIde - ok

17:48:04.0546 2704 COMSysApp - ok

17:48:04.0562 2704 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys

17:48:04.0562 2704 Cpqarray - ok

17:48:04.0578 2704 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

17:48:04.0578 2704 CryptSvc - ok

17:48:04.0593 2704 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

17:48:04.0593 2704 dac2w2k - ok

17:48:04.0593 2704 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys

17:48:04.0593 2704 dac960nt - ok

17:48:04.0625 2704 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

17:48:04.0625 2704 DcomLaunch - ok

17:48:04.0656 2704 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

17:48:04.0656 2704 Dhcp - ok

17:48:04.0687 2704 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

17:48:04.0687 2704 Disk - ok

17:48:04.0687 2704 dmadmin - ok

17:48:04.0718 2704 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

17:48:04.0734 2704 dmboot - ok

17:48:04.0734 2704 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

17:48:04.0734 2704 dmio - ok

17:48:04.0734 2704 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

17:48:04.0734 2704 dmload - ok

17:48:04.0765 2704 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

17:48:04.0765 2704 dmserver - ok

17:48:04.0796 2704 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

17:48:04.0796 2704 DMusic - ok

17:48:04.0812 2704 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

17:48:04.0812 2704 Dnscache - ok

17:48:04.0828 2704 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

17:48:04.0828 2704 Dot3svc - ok

17:48:04.0843 2704 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys

17:48:04.0843 2704 dpti2o - ok

17:48:04.0859 2704 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

17:48:04.0859 2704 drmkaud - ok

17:48:04.0875 2704 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

17:48:04.0875 2704 EapHost - ok

17:48:04.0875 2704 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

17:48:04.0875 2704 ERSvc - ok

17:48:04.0906 2704 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

17:48:04.0906 2704 Eventlog - ok

17:48:04.0937 2704 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

17:48:04.0953 2704 EventSystem - ok

17:48:04.0984 2704 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

17:48:04.0984 2704 Fastfat - ok

17:48:05.0015 2704 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

17:48:05.0015 2704 FastUserSwitchingCompatibility - ok

17:48:05.0046 2704 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe

17:48:05.0046 2704 Fax - ok

17:48:05.0062 2704 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

17:48:05.0062 2704 Fdc - ok

17:48:05.0062 2704 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

17:48:05.0078 2704 Fips - ok

17:48:05.0078 2704 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

17:48:05.0078 2704 Flpydisk - ok

17:48:05.0078 2704 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys

17:48:05.0093 2704 FltMgr - ok

17:48:05.0140 2704 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

17:48:05.0140 2704 FontCache3.0.0.0 - ok

17:48:05.0140 2704 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:48:05.0140 2704 Fs_Rec - ok

17:48:05.0171 2704 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:48:05.0171 2704 Ftdisk - ok

17:48:05.0203 2704 [ DF6E37B27A9A1A498C6D9F29995B7A03 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:48:05.0203 2704 GEARAspiWDM - ok

17:48:05.0234 2704 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:48:05.0234 2704 Gpc - ok

17:48:05.0234 2704 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:48:05.0234 2704 HDAudBus - ok

17:48:05.0281 2704 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:48:05.0281 2704 helpsvc - ok

17:48:05.0296 2704 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

17:48:05.0296 2704 HidServ - ok

17:48:05.0312 2704 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:48:05.0312 2704 hidusb - ok

17:48:05.0328 2704 [ 05E0D8EE7D6FAB5CB672FEC3AAD93AA0 ] hitmanpro37 C:\WINDOWS\system32\drivers\hitmanpro37.sys

17:48:05.0328 2704 hitmanpro37 - ok

17:48:05.0359 2704 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

17:48:05.0359 2704 hkmsvc - ok

17:48:05.0375 2704 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys

17:48:05.0375 2704 hpn - ok

17:48:05.0390 2704 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

17:48:05.0390 2704 HTTP - ok

17:48:05.0421 2704 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

17:48:05.0437 2704 HTTPFilter - ok

17:48:05.0453 2704 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys

17:48:05.0453 2704 i2omgmt - ok

17:48:05.0484 2704 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys

17:48:05.0484 2704 i2omp - ok

17:48:05.0515 2704 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

17:48:05.0515 2704 IAANTMON - ok

17:48:05.0546 2704 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys

17:48:05.0546 2704 iaStor - ok

17:48:05.0640 2704 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:48:05.0671 2704 idsvc - ok

17:48:05.0734 2704 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

17:48:05.0734 2704 Imapi - ok

17:48:05.0750 2704 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

17:48:05.0765 2704 ImapiService - ok

17:48:05.0765 2704 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys

17:48:05.0765 2704 ini910u - ok

17:48:05.0781 2704 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

17:48:05.0781 2704 IntelIde - ok

17:48:05.0796 2704 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:48:05.0796 2704 intelppm - ok

17:48:05.0812 2704 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

17:48:05.0812 2704 Ip6Fw - ok

17:48:05.0828 2704 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:48:05.0828 2704 IpFilterDriver - ok

17:48:05.0828 2704 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:48:05.0828 2704 IpInIp - ok

17:48:05.0843 2704 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:48:05.0843 2704 IpNat - ok

17:48:05.0890 2704 [ 5C7538B244E439DF39388DA28E0A18D1 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

17:48:05.0890 2704 iPod Service - ok

17:48:05.0921 2704 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:48:05.0921 2704 IPSec - ok

17:48:05.0937 2704 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

17:48:05.0937 2704 IRENUM - ok

17:48:05.0937 2704 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:48:05.0953 2704 isapnp - ok

17:48:05.0984 2704 [ 32192B4EBE8720ED8D49A455C962CB91 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

17:48:05.0984 2704 JavaQuickStarterService - ok

17:48:06.0015 2704 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:48:06.0015 2704 Kbdclass - ok

17:48:06.0015 2704 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:48:06.0015 2704 kbdhid - ok

17:48:06.0031 2704 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

17:48:06.0046 2704 kmixer - ok

17:48:06.0062 2704 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

17:48:06.0062 2704 KSecDD - ok

17:48:06.0078 2704 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll

17:48:06.0078 2704 LanmanServer - ok

17:48:06.0109 2704 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

17:48:06.0109 2704 lanmanworkstation - ok

17:48:06.0109 2704 lbrtfdc - ok

17:48:06.0140 2704 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

17:48:06.0140 2704 LmHosts - ok

17:48:06.0171 2704 [ 20856B8A44F41BB42F3F5F03C3BB2B00 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys

17:48:06.0171 2704 mbamchameleon - ok

17:48:06.0203 2704 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

17:48:06.0203 2704 MBAMProtector - ok

17:48:06.0250 2704 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

17:48:06.0250 2704 MBAMScheduler - ok

17:48:06.0281 2704 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

17:48:06.0281 2704 MBAMService - ok

17:48:06.0312 2704 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys

17:48:06.0312 2704 MBAMSwissArmy - ok

17:48:06.0343 2704 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

17:48:06.0343 2704 Messenger - ok

17:48:06.0375 2704 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

17:48:06.0375 2704 mnmdd - ok

17:48:06.0375 2704 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

17:48:06.0375 2704 mnmsrvc - ok

17:48:06.0390 2704 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

17:48:06.0390 2704 Modem - ok

17:48:06.0406 2704 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:48:06.0406 2704 Mouclass - ok

17:48:06.0421 2704 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:48:06.0421 2704 mouhid - ok

17:48:06.0421 2704 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

17:48:06.0421 2704 MountMgr - ok

17:48:06.0484 2704 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

17:48:06.0500 2704 MozillaMaintenance - ok

17:48:06.0515 2704 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys

17:48:06.0531 2704 mraid35x - ok

17:48:06.0546 2704 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:48:06.0546 2704 MRxDAV - ok

17:48:06.0578 2704 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:48:06.0593 2704 MRxSmb - ok

17:48:06.0640 2704 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

17:48:06.0656 2704 MSDTC - ok

17:48:06.0656 2704 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

17:48:06.0656 2704 Msfs - ok

17:48:06.0656 2704 MSIServer - ok

17:48:06.0671 2704 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:48:06.0671 2704 MSKSSRV - ok

17:48:06.0687 2704 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:48:06.0687 2704 MSPCLOCK - ok

17:48:06.0687 2704 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

17:48:06.0687 2704 MSPQM - ok

17:48:06.0703 2704 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:48:06.0703 2704 mssmbios - ok

17:48:06.0718 2704 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

17:48:06.0718 2704 Mup - ok

17:48:06.0734 2704 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

17:48:06.0750 2704 napagent - ok

17:48:06.0765 2704 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

17:48:06.0765 2704 NDIS - ok

17:48:06.0796 2704 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:48:06.0796 2704 NdisTapi - ok

17:48:06.0812 2704 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:48:06.0812 2704 Ndisuio - ok

17:48:06.0828 2704 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:48:06.0828 2704 NdisWan - ok

17:48:06.0843 2704 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

17:48:06.0843 2704 NDProxy - ok

17:48:06.0859 2704 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

17:48:06.0859 2704 NetBIOS - ok

17:48:06.0890 2704 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

17:48:06.0890 2704 NetBT - ok

17:48:06.0921 2704 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

17:48:06.0921 2704 NetDDE - ok

17:48:06.0921 2704 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

17:48:06.0921 2704 NetDDEdsdm - ok

17:48:06.0953 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

17:48:06.0953 2704 Netlogon - ok

17:48:06.0953 2704 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

17:48:06.0968 2704 Netman - ok

17:48:06.0984 2704 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:48:06.0984 2704 NetTcpPortSharing - ok

17:48:07.0015 2704 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

17:48:07.0015 2704 Nla - ok

17:48:07.0046 2704 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

17:48:07.0046 2704 Npfs - ok

17:48:07.0078 2704 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

17:48:07.0109 2704 Ntfs - ok

17:48:07.0109 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

17:48:07.0109 2704 NtLmSsp - ok

17:48:07.0140 2704 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

17:48:07.0156 2704 NtmsSvc - ok

17:48:07.0171 2704 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

17:48:07.0171 2704 Null - ok

17:48:07.0312 2704 [ B7EF2303B118B0994B37B6ABDEFB2B99 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:48:07.0343 2704 nv - ok

17:48:07.0375 2704 [ B9C89204C262A50FD35E9F56A24C36D9 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe

17:48:07.0375 2704 NVSvc - ok

17:48:07.0390 2704 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:48:07.0390 2704 NwlnkFlt - ok

17:48:07.0390 2704 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:48:07.0390 2704 NwlnkFwd - ok

17:48:07.0453 2704 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:48:07.0468 2704 ose - ok

17:48:07.0500 2704 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

17:48:07.0500 2704 Parport - ok

17:48:07.0515 2704 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

17:48:07.0515 2704 PartMgr - ok

17:48:07.0515 2704 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

17:48:07.0515 2704 ParVdm - ok

17:48:07.0515 2704 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

17:48:07.0515 2704 PCI - ok

17:48:07.0515 2704 PCIDump - ok

17:48:07.0546 2704 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

17:48:07.0546 2704 PCIIde - ok

17:48:07.0562 2704 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

17:48:07.0562 2704 Pcmcia - ok

17:48:07.0562 2704 PDCOMP - ok

17:48:07.0562 2704 PDFRAME - ok

17:48:07.0562 2704 PDRELI - ok

17:48:07.0578 2704 PDRFRAME - ok

17:48:07.0578 2704 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys

17:48:07.0578 2704 perc2 - ok

17:48:07.0578 2704 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys

17:48:07.0578 2704 perc2hib - ok

17:48:07.0609 2704 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

17:48:07.0609 2704 PlugPlay - ok

17:48:07.0625 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

17:48:07.0625 2704 PolicyAgent - ok

17:48:07.0625 2704 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:48:07.0640 2704 PptpMiniport - ok

17:48:07.0640 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

17:48:07.0640 2704 ProtectedStorage - ok

17:48:07.0640 2704 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

17:48:07.0640 2704 PSched - ok

17:48:07.0640 2704 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:48:07.0640 2704 Ptilink - ok

17:48:07.0640 2704 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys

17:48:07.0640 2704 ql1080 - ok

17:48:07.0656 2704 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

17:48:07.0656 2704 Ql10wnt - ok

17:48:07.0671 2704 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys

17:48:07.0671 2704 ql12160 - ok

17:48:07.0671 2704 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys

17:48:07.0671 2704 ql1240 - ok

17:48:07.0671 2704 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys

17:48:07.0671 2704 ql1280 - ok

17:48:07.0687 2704 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:48:07.0687 2704 RasAcd - ok

17:48:07.0718 2704 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

17:48:07.0718 2704 RasAuto - ok

17:48:07.0718 2704 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:48:07.0718 2704 Rasl2tp - ok

17:48:07.0734 2704 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

17:48:07.0734 2704 RasMan - ok

17:48:07.0750 2704 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:48:07.0750 2704 RasPppoe - ok

17:48:07.0750 2704 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

17:48:07.0750 2704 Raspti - ok

17:48:07.0765 2704 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:48:07.0765 2704 Rdbss - ok

17:48:07.0765 2704 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:48:07.0765 2704 RDPCDD - ok

17:48:07.0781 2704 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:48:07.0781 2704 rdpdr - ok

17:48:07.0812 2704 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

17:48:07.0812 2704 RDPWD - ok

17:48:07.0828 2704 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

17:48:07.0828 2704 RDSessMgr - ok

17:48:07.0843 2704 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

17:48:07.0843 2704 redbook - ok

17:48:07.0859 2704 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

17:48:07.0859 2704 RemoteAccess - ok

17:48:07.0890 2704 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

17:48:07.0890 2704 RemoteRegistry - ok

17:48:07.0890 2704 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

17:48:07.0890 2704 RpcLocator - ok

17:48:07.0906 2704 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

17:48:07.0906 2704 RpcSs - ok

17:48:07.0921 2704 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

17:48:07.0937 2704 RSVP - ok

17:48:07.0953 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

17:48:07.0953 2704 SamSs - ok

17:48:07.0953 2704 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

17:48:07.0953 2704 SCardSvr - ok

17:48:07.0968 2704 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

17:48:07.0968 2704 Schedule - ok

17:48:08.0031 2704 [ 58DC20EB15F071804C56FCCC796417A2 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

17:48:08.0031 2704 SeaPort - ok

17:48:08.0046 2704 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:48:08.0046 2704 Secdrv - ok

17:48:08.0062 2704 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

17:48:08.0062 2704 seclogon - ok

17:48:08.0078 2704 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys

17:48:08.0093 2704 SenFiltService - ok

17:48:08.0109 2704 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

17:48:08.0109 2704 SENS - ok

17:48:08.0109 2704 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

17:48:08.0109 2704 Serenum - ok

17:48:08.0125 2704 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

17:48:08.0125 2704 Serial - ok

17:48:08.0156 2704 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

17:48:08.0156 2704 Sfloppy - ok

17:48:08.0187 2704 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

17:48:08.0187 2704 SharedAccess - ok

17:48:08.0218 2704 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

17:48:08.0218 2704 ShellHWDetection - ok

17:48:08.0218 2704 Simbad - ok

17:48:08.0234 2704 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys

17:48:08.0234 2704 sisagp - ok

17:48:08.0250 2704 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys

17:48:08.0250 2704 Sparrow - ok

17:48:08.0265 2704 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

17:48:08.0265 2704 splitter - ok

17:48:08.0296 2704 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

17:48:08.0296 2704 Spooler - ok

17:48:08.0343 2704 sprtsvc_smartagent - ok

17:48:08.0359 2704 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

17:48:08.0359 2704 sr - ok

17:48:08.0390 2704 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

17:48:08.0390 2704 srservice - ok

17:48:08.0421 2704 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

17:48:08.0421 2704 Srv - ok

17:48:08.0421 2704 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

17:48:08.0421 2704 SSDPSRV - ok

17:48:08.0453 2704 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

17:48:08.0453 2704 stisvc - ok

17:48:08.0484 2704 [ 2E9FA053700556F1EE7E6FBA658D081D ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

17:48:08.0484 2704 SupportSoft RemoteAssist - ok

17:48:08.0500 2704 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

17:48:08.0500 2704 swenum - ok

17:48:08.0515 2704 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

17:48:08.0515 2704 swmidi - ok

17:48:08.0515 2704 SwPrv - ok

17:48:08.0546 2704 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys

17:48:08.0546 2704 symc810 - ok

17:48:08.0562 2704 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys

17:48:08.0562 2704 symc8xx - ok

17:48:08.0562 2704 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys

17:48:08.0562 2704 sym_hi - ok

17:48:08.0562 2704 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys

17:48:08.0578 2704 sym_u3 - ok

17:48:08.0593 2704 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

17:48:08.0593 2704 sysaudio - ok

17:48:08.0625 2704 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

17:48:08.0625 2704 SysmonLog - ok

17:48:08.0656 2704 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

17:48:08.0671 2704 TapiSrv - ok

17:48:08.0734 2704 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:48:08.0750 2704 Tcpip - ok

17:48:08.0781 2704 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

17:48:08.0781 2704 TDPIPE - ok

17:48:08.0781 2704 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

17:48:08.0781 2704 TDTCP - ok

17:48:08.0796 2704 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

17:48:08.0796 2704 TermDD - ok

17:48:08.0796 2704 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

17:48:08.0812 2704 TermService - ok

17:48:08.0812 2704 tgsrvc_smartagent - ok

17:48:08.0828 2704 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

17:48:08.0828 2704 Themes - ok

17:48:08.0843 2704 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

17:48:08.0843 2704 TlntSvr - ok

17:48:08.0843 2704 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys

17:48:08.0843 2704 TosIde - ok

17:48:08.0875 2704 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

17:48:08.0875 2704 TrkWks - ok

17:48:08.0921 2704 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

17:48:08.0921 2704 Udfs - ok

17:48:08.0953 2704 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys

17:48:08.0953 2704 ultra - ok

17:48:08.0968 2704 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

17:48:08.0968 2704 Update - ok

17:48:09.0000 2704 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

17:48:09.0000 2704 upnphost - ok

17:48:09.0000 2704 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

17:48:09.0000 2704 UPS - ok

17:48:09.0015 2704 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:48:09.0015 2704 usbccgp - ok

17:48:09.0046 2704 [ 2825E0E294686A26506690059E1F437A ] USBCCID C:\WINDOWS\system32\DRIVERS\usbccid.sys

17:48:09.0046 2704 USBCCID - ok

17:48:09.0062 2704 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:48:09.0062 2704 usbehci - ok

17:48:09.0078 2704 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:48:09.0078 2704 usbhub - ok

17:48:09.0109 2704 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:48:09.0109 2704 usbprint - ok

17:48:09.0140 2704 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:48:09.0140 2704 usbscan - ok

17:48:09.0171 2704 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:48:09.0171 2704 USBSTOR - ok

17:48:09.0187 2704 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:48:09.0187 2704 usbuhci - ok

17:48:09.0203 2704 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

17:48:09.0203 2704 VgaSave - ok

17:48:09.0218 2704 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys

17:48:09.0218 2704 viaagp - ok

17:48:09.0234 2704 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

17:48:09.0234 2704 ViaIde - ok

17:48:09.0250 2704 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

17:48:09.0250 2704 VolSnap - ok

17:48:09.0281 2704 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

17:48:09.0281 2704 VSS - ok

17:48:09.0296 2704 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll

17:48:09.0312 2704 w32time - ok

17:48:09.0312 2704 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:48:09.0312 2704 Wanarp - ok

17:48:09.0312 2704 WDICA - ok

17:48:09.0328 2704 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

17:48:09.0328 2704 wdmaud - ok

17:48:09.0328 2704 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

17:48:09.0328 2704 WebClient - ok

17:48:09.0390 2704 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

17:48:09.0390 2704 winmgmt - ok

17:48:09.0421 2704 [ F58F2F89A111B08A26EAD3A8FD56B65C ] winvnc C:\Program Files\TightVNC\WinVNC.exe

17:48:09.0421 2704 winvnc - ok

17:48:09.0437 2704 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll

17:48:09.0437 2704 WmdmPmSN - ok

17:48:09.0468 2704 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

17:48:09.0468 2704 Wmi - ok

17:48:09.0500 2704 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:48:09.0500 2704 WmiApSrv - ok

17:48:09.0515 2704 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:48:09.0531 2704 WS2IFSL - ok

17:48:09.0546 2704 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

17:48:09.0546 2704 wscsvc - ok

17:48:09.0562 2704 WSearch - ok

17:48:09.0593 2704 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

17:48:09.0593 2704 wuauserv - ok

17:48:09.0625 2704 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

17:48:09.0625 2704 WZCSVC - ok

17:48:09.0640 2704 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

17:48:09.0640 2704 xmlprov - ok

17:48:09.0640 2704 ================ Scan global ===============================

17:48:09.0671 2704 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

17:48:09.0703 2704 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

17:48:09.0703 2704 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

17:48:09.0734 2704 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

17:48:09.0734 2704 [Global] - ok

17:48:09.0734 2704 ================ Scan MBR ==================================

17:48:09.0750 2704 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

17:48:10.0000 2704 \Device\Harddisk0\DR0 - ok

17:48:10.0000 2704 ================ Scan VBR ==================================

17:48:10.0000 2704 [ 0D7636ECFBCF1B93BA3BE49C97399009 ] \Device\Harddisk0\DR0\Partition1

17:48:10.0000 2704 \Device\Harddisk0\DR0\Partition1 - ok

17:48:10.0000 2704 ================ Scan active images ========================

17:48:10.0000 2704 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys

17:48:10.0000 2704 C:\WINDOWS\system32\drivers\intelppm.sys - ok

17:48:10.0000 2704 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys

17:48:10.0000 2704 C:\WINDOWS\system32\drivers\videoprt.sys - ok

17:48:10.0015 2704 [ B7EF2303B118B0994B37B6ABDEFB2B99 ] C:\WINDOWS\system32\drivers\nv4_mini.sys

17:48:10.0015 2704 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok

17:48:10.0015 2704 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys

17:48:10.0015 2704 C:\WINDOWS\system32\drivers\usbport.sys - ok

17:48:10.0015 2704 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys

17:48:10.0015 2704 C:\WINDOWS\system32\drivers\usbehci.sys - ok

17:48:10.0015 2704 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys

17:48:10.0015 2704 C:\WINDOWS\system32\drivers\usbuhci.sys - ok

17:48:10.0031 2704 [ D0692F7B8217E3B82D2BFAC535816117 ] C:\WINDOWS\system32\drivers\b57xp32.sys

17:48:10.0031 2704 C:\WINDOWS\system32\drivers\b57xp32.sys - ok

17:48:10.0031 2704 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys

17:48:10.0031 2704 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok

17:48:10.0031 2704 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys

17:48:10.0031 2704 C:\WINDOWS\system32\drivers\parport.sys - ok

17:48:10.0031 2704 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys

17:48:10.0031 2704 C:\WINDOWS\system32\drivers\serial.sys - ok

17:48:10.0046 2704 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys

17:48:10.0046 2704 C:\WINDOWS\system32\drivers\serenum.sys - ok

17:48:10.0046 2704 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys

17:48:10.0046 2704 C:\WINDOWS\system32\drivers\cdrom.sys - ok

17:48:10.0046 2704 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys

17:48:10.0046 2704 C:\WINDOWS\system32\drivers\ks.sys - ok

17:48:10.0046 2704 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys

17:48:10.0046 2704 C:\WINDOWS\system32\drivers\redbook.sys - ok

17:48:10.0062 2704 [ DF6E37B27A9A1A498C6D9F29995B7A03 ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

17:48:10.0062 2704 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok

17:48:10.0062 2704 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys

17:48:10.0062 2704 C:\WINDOWS\system32\drivers\audstub.sys - ok

17:48:10.0062 2704 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] C:\WINDOWS\system32\drivers\avgfwdx.sys

17:48:10.0062 2704 C:\WINDOWS\system32\drivers\avgfwdx.sys - ok

17:48:10.0078 2704 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys

17:48:10.0078 2704 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok

17:48:10.0078 2704 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys

17:48:10.0078 2704 C:\WINDOWS\system32\drivers\ndistapi.sys - ok

17:48:10.0078 2704 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys

17:48:10.0078 2704 C:\WINDOWS\system32\drivers\ndiswan.sys - ok

17:48:10.0078 2704 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys

17:48:10.0078 2704 C:\WINDOWS\system32\drivers\raspppoe.sys - ok

17:48:10.0093 2704 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys

17:48:10.0093 2704 C:\WINDOWS\system32\drivers\tdi.sys - ok

17:48:10.0093 2704 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys

17:48:10.0093 2704 C:\WINDOWS\system32\drivers\psched.sys - ok

17:48:10.0093 2704 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys

17:48:10.0093 2704 C:\WINDOWS\system32\drivers\raspptp.sys - ok

17:48:10.0093 2704 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys

17:48:10.0093 2704 C:\WINDOWS\system32\drivers\msgpc.sys - ok

17:48:10.0109 2704 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys

17:48:10.0109 2704 C:\WINDOWS\system32\drivers\ptilink.sys - ok

17:48:10.0109 2704 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys

17:48:10.0109 2704 C:\WINDOWS\system32\drivers\raspti.sys - ok

17:48:10.0109 2704 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys

17:48:10.0109 2704 C:\WINDOWS\system32\drivers\rdpdr.sys - ok

17:48:10.0109 2704 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys

17:48:10.0109 2704 C:\WINDOWS\system32\drivers\kbdclass.sys - ok

17:48:10.0125 2704 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys

17:48:10.0125 2704 C:\WINDOWS\system32\drivers\mouclass.sys - ok

17:48:10.0125 2704 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys

17:48:10.0125 2704 C:\WINDOWS\system32\drivers\swenum.sys - ok

17:48:10.0125 2704 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys

17:48:10.0125 2704 C:\WINDOWS\system32\drivers\termdd.sys - ok

17:48:10.0140 2704 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys

17:48:10.0140 2704 C:\WINDOWS\system32\drivers\update.sys - ok

17:48:10.0140 2704 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys

17:48:10.0140 2704 C:\WINDOWS\system32\drivers\mssmbios.sys - ok

17:48:10.0140 2704 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys

17:48:10.0140 2704 C:\WINDOWS\system32\drivers\ndproxy.sys - ok

17:48:10.0140 2704 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys

17:48:10.0140 2704 C:\WINDOWS\system32\drivers\usbd.sys - ok

17:48:10.0156 2704 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys

17:48:10.0156 2704 C:\WINDOWS\system32\drivers\usbhub.sys - ok

17:48:10.0156 2704 [ DE25FC7DE3A464E455C0D0012757B0AC ] C:\WINDOWS\system32\drivers\ADIHdAud.sys

17:48:10.0156 2704 C:\WINDOWS\system32\drivers\ADIHdAud.sys - ok

17:48:10.0156 2704 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys

17:48:10.0156 2704 C:\WINDOWS\system32\drivers\drmk.sys - ok

17:48:10.0156 2704 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys

17:48:10.0156 2704 C:\WINDOWS\system32\drivers\portcls.sys - ok

17:48:10.0171 2704 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] C:\WINDOWS\system32\drivers\senfilt.sys

17:48:10.0171 2704 C:\WINDOWS\system32\drivers\senfilt.sys - ok

17:48:10.0171 2704 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys

17:48:10.0171 2704 C:\WINDOWS\system32\drivers\fdc.sys - ok

17:48:10.0171 2704 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys

17:48:10.0171 2704 C:\WINDOWS\system32\drivers\flpydisk.sys - ok

17:48:10.0171 2704 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys

17:48:10.0171 2704 C:\WINDOWS\system32\drivers\beep.sys - ok

17:48:10.0187 2704 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys

17:48:10.0187 2704 C:\WINDOWS\system32\drivers\cdaudio.sys - ok

17:48:10.0187 2704 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys

17:48:10.0187 2704 C:\WINDOWS\system32\drivers\fs_rec.sys - ok

17:48:10.0187 2704 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys

17:48:10.0187 2704 C:\WINDOWS\system32\drivers\hidparse.sys - ok

17:48:10.0203 2704 [ 9368670BD426EBEA5E8B18A62416EC28 ] C:\WINDOWS\system32\drivers\i2omgmt.sys

17:48:10.0203 2704 C:\WINDOWS\system32\drivers\i2omgmt.sys - ok

17:48:10.0203 2704 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys

17:48:10.0203 2704 C:\WINDOWS\system32\drivers\kbdhid.sys - ok

17:48:10.0203 2704 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys

17:48:10.0203 2704 C:\WINDOWS\system32\drivers\null.sys - ok

17:48:10.0203 2704 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys

17:48:10.0203 2704 C:\WINDOWS\system32\drivers\sfloppy.sys - ok

17:48:10.0218 2704 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys

17:48:10.0218 2704 C:\WINDOWS\system32\drivers\mnmdd.sys - ok

17:48:10.0218 2704 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys

17:48:10.0218 2704 C:\WINDOWS\system32\drivers\msfs.sys - ok

17:48:10.0218 2704 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys

17:48:10.0218 2704 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok

17:48:10.0218 2704 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys

17:48:10.0218 2704 C:\WINDOWS\system32\drivers\vga.sys - ok

17:48:10.0234 2704 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys

17:48:10.0234 2704 C:\WINDOWS\system32\drivers\ipsec.sys - ok

17:48:10.0234 2704 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys

17:48:10.0234 2704 C:\WINDOWS\system32\drivers\npfs.sys - ok

17:48:10.0234 2704 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys

17:48:10.0234 2704 C:\WINDOWS\system32\drivers\rasacd.sys - ok

17:48:10.0234 2704 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys

17:48:10.0234 2704 C:\WINDOWS\system32\drivers\tcpip.sys - ok

17:48:10.0250 2704 [ BA73B38E9033FC6018DB736B635706AE ] C:\WINDOWS\system32\drivers\avgtdix.sys

17:48:10.0250 2704 C:\WINDOWS\system32\drivers\avgtdix.sys - ok

17:48:10.0250 2704 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys

17:48:10.0250 2704 C:\WINDOWS\system32\drivers\ipnat.sys - ok

17:48:10.0250 2704 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys

17:48:10.0250 2704 C:\WINDOWS\system32\drivers\netbt.sys - ok

17:48:10.0265 2704 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys

17:48:10.0265 2704 C:\WINDOWS\system32\drivers\wanarp.sys - ok

17:48:10.0265 2704 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys

17:48:10.0265 2704 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok

17:48:10.0265 2704 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys

17:48:10.0265 2704 C:\WINDOWS\system32\drivers\afd.sys - ok

17:48:10.0265 2704 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys

17:48:10.0265 2704 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok

17:48:10.0281 2704 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys

17:48:10.0281 2704 C:\WINDOWS\system32\drivers\netbios.sys - ok

17:48:10.0281 2704 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys

17:48:10.0281 2704 C:\WINDOWS\system32\drivers\rdbss.sys - ok

17:48:10.0281 2704 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys

17:48:10.0281 2704 C:\WINDOWS\system32\drivers\fips.sys - ok

17:48:10.0281 2704 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys

17:48:10.0281 2704 C:\WINDOWS\system32\drivers\imapi.sys - ok

17:48:10.0296 2704 [ D53D35031365A0ECCB1DC1BC1B15B18E ] C:\WINDOWS\system32\drivers\avgldx86.sys

17:48:10.0296 2704 C:\WINDOWS\system32\drivers\avgldx86.sys - ok

17:48:10.0296 2704 [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys

17:48:10.0296 2704 C:\WINDOWS\system32\drivers\usbprint.sys - ok

17:48:10.0296 2704 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys

17:48:10.0296 2704 C:\WINDOWS\system32\drivers\hidclass.sys - ok

17:48:10.0296 2704 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys

17:48:10.0296 2704 C:\WINDOWS\system32\drivers\hidusb.sys - ok

17:48:10.0312 2704 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys

17:48:10.0312 2704 C:\WINDOWS\system32\drivers\mouhid.sys - ok

17:48:10.0312 2704 [ 7BB2C605094DBCA536D127B434214862 ] C:\WINDOWS\system32\drivers\avgidsdriverx.sys

17:48:10.0312 2704 C:\WINDOWS\system32\drivers\avgidsdriverx.sys - ok

17:48:10.0312 2704 [ A8DE230CC8536790CA07D37FBCD87A74 ] C:\WINDOWS\system32\drivers\avgidsshimx.sys

17:48:10.0312 2704 C:\WINDOWS\system32\drivers\avgidsshimx.sys - ok

17:48:10.0328 2704 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe

17:48:10.0328 2704 C:\WINDOWS\system32\smss.exe - ok

17:48:10.0328 2704 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll

17:48:10.0328 2704 C:\WINDOWS\system32\ntdll.dll - ok

17:48:10.0328 2704 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe

17:48:10.0328 2704 C:\WINDOWS\system32\autochk.exe - ok

17:48:10.0328 2704 [ 544D486301588C8199187C9AB5778B4B ] C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

17:48:10.0328 2704 C:\PROGRA~1\AVG\AVG2013\avgrsx.exe - ok

17:48:10.0343 2704 [ 484987420BC8DED2CB26C6F4EC9BA7F2 ] C:\Program Files\AVG\AVG2013\avgsysx.dll

17:48:10.0343 2704 C:\Program Files\AVG\AVG2013\avgsysx.dll - ok

17:48:10.0343 2704 [ 42836D10270B1940F9A2FF77AE679537 ] C:\Program Files\AVG\AVG2013\avgntopensslx.dll

17:48:10.0343 2704 C:\Program Files\AVG\AVG2013\avgntopensslx.dll - ok

17:48:10.0343 2704 [ 1C2E1FC9F8ED794CC191E92F27D1391C ] C:\Program Files\AVG\AVG2013\avglogx.dll

17:48:10.0343 2704 C:\Program Files\AVG\AVG2013\avglogx.dll - ok

17:48:10.0343 2704 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys

17:48:10.0343 2704 C:\WINDOWS\system32\drivers\cdfs.sys - ok

17:48:10.0359 2704 [ F6E1849C8D78752628673BE7811A71E8 ] C:\WINDOWS\system32\ntoskrnl.exe

17:48:10.0359 2704 C:\WINDOWS\system32\ntoskrnl.exe - ok

17:48:10.0359 2704 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe

17:48:10.0359 2704 C:\WINDOWS\system32\csrss.exe - ok

17:48:10.0359 2704 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll

17:48:10.0359 2704 C:\WINDOWS\system32\kbdus.dll - ok

17:48:10.0359 2704 [ C3200506FB212A0F4FB736A80E646C40 ] C:\WINDOWS\system32\lz32.dll

17:48:10.0359 2704 C:\WINDOWS\system32\lz32.dll - ok

17:48:10.0375 2704 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll

17:48:10.0375 2704 C:\WINDOWS\system32\normaliz.dll - ok

17:48:10.0375 2704 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll

17:48:10.0375 2704 C:\WINDOWS\system32\sfc.dll - ok

17:48:10.0375 2704 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll

17:48:10.0375 2704 C:\WINDOWS\system32\dot3dlg.dll - ok

17:48:10.0375 2704 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll

17:48:10.0375 2704 C:\WINDOWS\system32\icaapi.dll - ok

17:48:10.0390 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe

17:48:10.0390 2704 C:\WINDOWS\system32\lsass.exe - ok

17:48:10.0390 2704 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll

17:48:10.0390 2704 C:\WINDOWS\system32\msidle.dll - ok

17:48:10.0390 2704 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll

17:48:10.0390 2704 C:\WINDOWS\system32\msimg32.dll - ok

17:48:10.0390 2704 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll

17:48:10.0390 2704 C:\WINDOWS\system32\netrap.dll - ok

17:48:10.0406 2704 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll

17:48:10.0406 2704 C:\WINDOWS\system32\rasadhlp.dll - ok

17:48:10.0406 2704 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll

17:48:10.0406 2704 C:\WINDOWS\system32\sensapi.dll - ok

17:48:10.0406 2704 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe

17:48:10.0406 2704 C:\WINDOWS\system32\svchost.exe - ok

17:48:10.0421 2704 [ 463C616C63AFA3E02B54513E64D7939C ] C:\WINDOWS\system32\url.dll

17:48:10.0421 2704 C:\WINDOWS\system32\url.dll - ok

17:48:10.0421 2704 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll

17:48:10.0421 2704 C:\WINDOWS\system32\vga.dll - ok

17:48:10.0421 2704 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll

17:48:10.0421 2704 C:\WINDOWS\system32\wmi.dll - ok

17:48:10.0421 2704 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll

17:48:10.0421 2704 C:\WINDOWS\system32\wuauserv.dll - ok

17:48:10.0437 2704 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll

17:48:10.0437 2704 C:\WINDOWS\system32\lmhsvc.dll - ok

17:48:10.0437 2704 [ 1E744353BD534405187A404667DA3DC3 ] C:\WINDOWS\system32\mgmtapi.dll

17:48:10.0437 2704 C:\WINDOWS\system32\mgmtapi.dll - ok

17:48:10.0437 2704 [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll

17:48:10.0437 2704 C:\WINDOWS\system32\msisip.dll - ok

17:48:10.0437 2704 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll

17:48:10.0437 2704 C:\WINDOWS\system32\nddeapi.dll - ok

17:48:10.0453 2704 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll

17:48:10.0453 2704 C:\WINDOWS\system32\pjlmon.dll - ok

17:48:10.0453 2704 [ 8357809E111E09393633039769D96281 ] C:\WINDOWS\system32\tcpmib.dll

17:48:10.0453 2704 C:\WINDOWS\system32\tcpmib.dll - ok

17:48:10.0453 2704 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll

17:48:10.0453 2704 C:\WINDOWS\system32\version.dll - ok

17:48:10.0453 2704 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll

17:48:10.0453 2704 C:\WINDOWS\system32\ws2help.dll - ok

17:48:10.0468 2704 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll

17:48:10.0468 2704 C:\WINDOWS\system32\wshtcpip.dll - ok

17:48:10.0468 2704 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll

17:48:10.0468 2704 C:\WINDOWS\system32\wtsapi32.dll - ok

17:48:10.0468 2704 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll

17:48:10.0468 2704 C:\WINDOWS\system32\cfgmgr32.dll - ok

17:48:10.0484 2704 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll

17:48:10.0484 2704 C:\WINDOWS\system32\csrsrv.dll - ok

17:48:10.0484 2704 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll

17:48:10.0484 2704 C:\WINDOWS\system32\dimsntfy.dll - ok

17:48:10.0484 2704 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll

17:48:10.0484 2704 C:\WINDOWS\system32\hid.dll - ok

17:48:10.0484 2704 [ CF0376023360AADD55C89BA50564AFDC ] C:\WINDOWS\system32\mdimon.dll

17:48:10.0484 2704 C:\WINDOWS\system32\mdimon.dll - ok

17:48:10.0500 2704 [ 99F59B3392AD68F08BB528791F5D880D ] C:\WINDOWS\system32\oleaccrc.dll

17:48:10.0500 2704 C:\WINDOWS\system32\oleaccrc.dll - ok

17:48:10.0500 2704 [ D8361BEAB7109AB8B069F7F5028E37B1 ] C:\WINDOWS\system32\olesvr32.dll

17:48:10.0500 2704 C:\WINDOWS\system32\olesvr32.dll - ok

17:48:10.0500 2704 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll

17:48:10.0500 2704 C:\WINDOWS\system32\powrprof.dll - ok

17:48:10.0500 2704 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll

17:48:10.0500 2704 C:\WINDOWS\system32\profmap.dll - ok

17:48:10.0515 2704 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll

17:48:10.0515 2704 C:\WINDOWS\system32\psapi.dll - ok

17:48:10.0515 2704 [ F1DAC7969C1337AF790BD1D981AA780C ] C:\WINDOWS\system32\qmgrprxy.dll

17:48:10.0515 2704 C:\WINDOWS\system32\qmgrprxy.dll - ok

17:48:10.0515 2704 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll

17:48:10.0515 2704 C:\WINDOWS\system32\seclogon.dll - ok

17:48:10.0531 2704 [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll

17:48:10.0531 2704 C:\WINDOWS\system32\snmpapi.dll - ok

17:48:10.0531 2704 [ 58E13A2292839321D3CDC918D5A4F5AE ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

17:48:10.0531 2704 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok

17:48:10.0531 2704 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll

17:48:10.0531 2704 C:\WINDOWS\system32\uniplat.dll - ok

17:48:10.0531 2704 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll

17:48:10.0531 2704 C:\WINDOWS\system32\usbmon.dll - ok

17:48:10.0546 2704 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll

17:48:10.0546 2704 C:\WINDOWS\system32\wbem\wbemprox.dll - ok

17:48:10.0546 2704 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll

17:48:10.0546 2704 C:\WINDOWS\system32\winrnr.dll - ok

17:48:10.0546 2704 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll

17:48:10.0546 2704 C:\WINDOWS\system32\wsock32.dll - ok

17:48:10.0546 2704 [ D1E18F4AE94FFEC7270BE0A10C0B295E ] C:\WINDOWS\system32\xmllite.dll

17:48:10.0546 2704 C:\WINDOWS\system32\xmllite.dll - ok

17:48:10.0562 2704 [ 65085456FD9A74D7F1A999520C299ECB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

17:48:10.0562 2704 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok

17:48:10.0562 2704 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll

17:48:10.0562 2704 C:\WINDOWS\system32\dmserver.dll - ok

17:48:10.0562 2704 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll

17:48:10.0562 2704 C:\WINDOWS\system32\dot3api.dll - ok

17:48:10.0562 2704 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll

17:48:10.0562 2704 C:\WINDOWS\system32\eapolqec.dll - ok

17:48:10.0578 2704 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll

17:48:10.0578 2704 C:\WINDOWS\system32\ersvc.dll - ok

17:48:10.0578 2704 [ CC6292CA575E851E5B74BF8883AB967A ] C:\WINDOWS\system32\fxsmon.dll

17:48:10.0578 2704 C:\WINDOWS\system32\fxsmon.dll - ok

17:48:10.0578 2704 [ 2D583E2844FDD592D1629EB6B10E5702 ] C:\WINDOWS\system32\fxsroute.dll

17:48:10.0578 2704 C:\WINDOWS\system32\fxsroute.dll - ok

17:48:10.0593 2704 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll

17:48:10.0593 2704 C:\WINDOWS\system32\hidserv.dll - ok

17:48:10.0593 2704 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll

17:48:10.0593 2704 C:\WINDOWS\system32\mspatcha.dll - ok

17:48:10.0593 2704 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll

17:48:10.0593 2704 C:\WINDOWS\system32\odbcbcp.dll - ok

17:48:10.0593 2704 [ 86440EDFF27095E03741AEDC5752AA51 ] C:\WINDOWS\system32\olecnv32.dll

17:48:10.0593 2704 C:\WINDOWS\system32\olecnv32.dll - ok

17:48:10.0593 2704 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll

17:48:10.0593 2704 C:\WINDOWS\system32\perfdisk.dll - ok

17:48:10.0609 2704 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll

17:48:10.0609 2704 C:\WINDOWS\system32\perfos.dll - ok

17:48:10.0609 2704 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll

17:48:10.0609 2704 C:\WINDOWS\system32\shfolder.dll - ok

17:48:10.0609 2704 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll

17:48:10.0609 2704 C:\WINDOWS\system32\winipsec.dll - ok

17:48:10.0625 2704 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll

17:48:10.0625 2704 C:\WINDOWS\system32\wups.dll - ok

17:48:10.0625 2704 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll

17:48:10.0625 2704 C:\WINDOWS\AppPatch\AcAdProc.dll - ok

17:48:10.0625 2704 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll

17:48:10.0625 2704 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok

17:48:10.0625 2704 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

17:48:10.0625 2704 C:\WINDOWS\system32\basesrv.dll - ok

17:48:10.0640 2704 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll

17:48:10.0640 2704 C:\WINDOWS\system32\cryptdll.dll - ok

17:48:10.0640 2704 [ 63E8D944AFBEEBB243F25C4ED07E74C5 ] C:\WINDOWS\system32\inetmib1.dll

17:48:10.0640 2704 C:\WINDOWS\system32\inetmib1.dll - ok

17:48:10.0640 2704 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll

17:48:10.0640 2704 C:\WINDOWS\system32\mpr.dll - ok

17:48:10.0640 2704 [ 8F580BCC5296ECC9DC8A649D75BE6BA5 ] C:\WINDOWS\system32\msscb.dll

17:48:10.0640 2704 C:\WINDOWS\system32\msscb.dll - ok

17:48:10.0656 2704 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll

17:48:10.0656 2704 C:\WINDOWS\system32\ncobjapi.dll - ok

17:48:10.0656 2704 [ FA1B9CAE64B23C950DA3D96ABBF23BD0 ] C:\WINDOWS\system32\olecli32.dll

17:48:10.0656 2704 C:\WINDOWS\system32\olecli32.dll - ok

17:48:10.0656 2704 [ 1793CC660605F63B14FB96C7707F75BA ] C:\WINDOWS\system32\perfproc.dll

17:48:10.0656 2704 C:\WINDOWS\system32\perfproc.dll - ok

17:48:10.0656 2704 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll

17:48:10.0656 2704 C:\WINDOWS\system32\pstorsvc.dll - ok

17:48:10.0671 2704 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll

17:48:10.0671 2704 C:\WINDOWS\system32\regapi.dll - ok

17:48:10.0671 2704 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe

17:48:10.0671 2704 C:\WINDOWS\system32\rundll32.exe - ok

17:48:10.0671 2704 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll

17:48:10.0671 2704 C:\WINDOWS\system32\ssdpapi.dll - ok

17:48:10.0687 2704 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll

17:48:10.0687 2704 C:\WINDOWS\system32\audiosrv.dll - ok

17:48:10.0687 2704 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll

17:48:10.0687 2704 C:\WINDOWS\system32\authz.dll - ok

17:48:10.0687 2704 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll

17:48:10.0687 2704 C:\WINDOWS\system32\eappprxy.dll - ok

17:48:10.0687 2704 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll

17:48:10.0687 2704 C:\WINDOWS\system32\msprivs.dll - ok

17:48:10.0703 2704 [ 572334E13E0D4C8A2986CCA2A736DCE5 ] C:\WINDOWS\system32\msxml3r.dll

17:48:10.0703 2704 C:\WINDOWS\system32\msxml3r.dll - ok

17:48:10.0703 2704 [ AE9543F20FCC1E7BCAA13051CC076147 ] C:\WINDOWS\system32\olethk32.dll

17:48:10.0703 2704 C:\WINDOWS\system32\olethk32.dll - ok

17:48:10.0703 2704 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll

17:48:10.0703 2704 C:\WINDOWS\system32\rtutils.dll - ok

17:48:10.0703 2704 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll

17:48:10.0703 2704 C:\WINDOWS\system32\secur32.dll - ok

17:48:10.0718 2704 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll

17:48:10.0718 2704 C:\WINDOWS\system32\sens.dll - ok

17:48:10.0718 2704 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll

17:48:10.0718 2704 C:\WINDOWS\system32\winsta.dll - ok

17:48:10.0718 2704 [ 00948AC0EE6ABF35C0E16D9DEB663887 ] C:\Program Files\Common Files\supportsoft\bin\vnchooks.dll

17:48:10.0718 2704 C:\Program Files\Common Files\supportsoft\bin\vnchooks.dll - ok

17:48:10.0718 2704 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll

17:48:10.0718 2704 C:\WINDOWS\system32\apphelp.dll - ok

17:48:10.0734 2704 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll

17:48:10.0734 2704 C:\WINDOWS\system32\cnbjmon.dll - ok

17:48:10.0734 2704 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll

17:48:10.0734 2704 C:\WINDOWS\system32\cryptnet.dll - ok

17:48:10.0734 2704 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll

17:48:10.0734 2704 C:\WINDOWS\system32\dnsrslvr.dll - ok

17:48:10.0750 2704 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll

17:48:10.0750 2704 C:\WINDOWS\system32\msasn1.dll - ok

17:48:10.0750 2704 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll

17:48:10.0750 2704 C:\WINDOWS\system32\shimeng.dll - ok

17:48:10.0750 2704 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll

17:48:10.0750 2704 C:\WINDOWS\system32\tcpmon.dll - ok

17:48:10.0750 2704 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll

17:48:10.0750 2704 C:\WINDOWS\system32\wbem\ncprov.dll - ok

17:48:10.0765 2704 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll

17:48:10.0765 2704 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok

17:48:10.0765 2704 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll

17:48:10.0765 2704 C:\WINDOWS\system32\wdigest.dll - ok

17:48:10.0765 2704 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll

17:48:10.0765 2704 C:\WINDOWS\system32\ws2_32.dll - ok

17:48:10.0765 2704 [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll

17:48:10.0765 2704 C:\WINDOWS\system32\wsnmp32.dll - ok

17:48:10.0781 2704 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll

17:48:10.0781 2704 C:\WINDOWS\system32\atl.dll - ok

17:48:10.0781 2704 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll

17:48:10.0781 2704 C:\WINDOWS\system32\cryptsvc.dll - ok

17:48:10.0781 2704 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll

17:48:10.0781 2704 C:\WINDOWS\system32\eventlog.dll - ok

17:48:10.0781 2704 [ BDB83C844EDEC9BD01A94750D2C38DDF ] C:\WINDOWS\system32\fxsevent.dll

17:48:10.0781 2704 C:\WINDOWS\system32\fxsevent.dll - ok

17:48:10.0828 2704 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll

17:48:10.0828 2704 C:\WINDOWS\system32\imagehlp.dll - ok

17:48:10.0828 2704 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll

17:48:10.0828 2704 C:\WINDOWS\system32\msvcrt40.dll - ok

17:48:10.0828 2704 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll

17:48:10.0828 2704 C:\WINDOWS\system32\rasman.dll - ok

17:48:10.0828 2704 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll

17:48:10.0828 2704 C:\WINDOWS\system32\regsvc.dll - ok

17:48:10.0828 2704 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll

17:48:10.0828 2704 C:\WINDOWS\system32\samlib.dll - ok

17:48:10.0828 2704 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe

17:48:10.0828 2704 C:\WINDOWS\system32\spoolsv.exe - ok

17:48:10.0828 2704 [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll

17:48:10.0828 2704 C:\WINDOWS\system32\wshext.dll - ok

17:48:10.0828 2704 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe

17:48:10.0828 2704 C:\WINDOWS\system32\wuauclt.exe - ok

17:48:10.0828 2704 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll

17:48:10.0828 2704 C:\WINDOWS\system32\wups2.dll - ok

17:48:10.0843 2704 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll

17:48:10.0843 2704 C:\WINDOWS\system32\wzcsapi.dll - ok

17:48:10.0843 2704 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll

17:48:10.0843 2704 C:\WINDOWS\system32\clusapi.dll - ok

17:48:10.0843 2704 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll

17:48:10.0843 2704 C:\WINDOWS\system32\colbact.dll - ok

17:48:10.0843 2704 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll

17:48:10.0843 2704 C:\WINDOWS\system32\comdlg32.dll - ok

17:48:10.0843 2704 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll

17:48:10.0843 2704 C:\WINDOWS\system32\odbcint.dll - ok

17:48:10.0843 2704 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll

17:48:10.0843 2704 C:\WINDOWS\system32\wldap32.dll - ok

17:48:10.0843 2704 [ 045DF7AE14CAAED71338916D6FB66812 ] C:\WINDOWS\system32\wow32.dll

17:48:10.0843 2704 C:\WINDOWS\system32\wow32.dll - ok

17:48:10.0843 2704 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll

17:48:10.0843 2704 C:\WINDOWS\system32\cabinet.dll - ok

17:48:10.0843 2704 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll

17:48:10.0843 2704 C:\WINDOWS\system32\gdi32.dll - ok

17:48:10.0859 2704 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll

17:48:10.0859 2704 C:\WINDOWS\system32\resutils.dll - ok

17:48:10.0875 2704 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll

17:48:10.0875 2704 C:\WINDOWS\system32\shlwapi.dll - ok

17:48:10.0875 2704 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll

17:48:10.0875 2704 C:\WINDOWS\system32\imm32.dll - ok

17:48:10.0875 2704 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll

17:48:10.0875 2704 C:\WINDOWS\system32\msvcrt.dll - ok

17:48:10.0875 2704 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll

17:48:10.0875 2704 C:\WINDOWS\system32\ntdsapi.dll - ok

17:48:10.0875 2704 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll

17:48:10.0875 2704 C:\WINDOWS\system32\user32.dll - ok

17:48:10.0875 2704 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll

17:48:10.0875 2704 C:\WINDOWS\system32\digest.dll - ok

17:48:10.0875 2704 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll

17:48:10.0875 2704 C:\WINDOWS\system32\msacm32.dll - ok

17:48:10.0875 2704 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll

17:48:10.0875 2704 C:\WINDOWS\system32\msapsspc.dll - ok

17:48:10.0875 2704 [ 681B807E53BDADA337735C28C0E48A1B ] C:\WINDOWS\system32\ntvdm.exe

17:48:10.0875 2704 C:\WINDOWS\system32\ntvdm.exe - ok

17:48:10.0890 2704 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll

17:48:10.0890 2704 C:\WINDOWS\system32\qutil.dll - ok

17:48:10.0890 2704 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

17:48:10.0890 2704 C:\WINDOWS\system32\services.exe - ok

17:48:10.0890 2704 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll

17:48:10.0890 2704 C:\WINDOWS\system32\shgina.dll - ok

17:48:10.0890 2704 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll

17:48:10.0890 2704 C:\WINDOWS\system32\iphlpapi.dll - ok

17:48:10.0890 2704 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll

17:48:10.0890 2704 C:\WINDOWS\system32\mprapi.dll - ok

17:48:10.0890 2704 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll

17:48:10.0890 2704 C:\WINDOWS\system32\mtxclu.dll - ok

17:48:10.0890 2704 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll

17:48:10.0890 2704 C:\WINDOWS\system32\sfc_os.dll - ok

17:48:10.0890 2704 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll

17:48:10.0890 2704 C:\WINDOWS\system32\shsvcs.dll - ok

17:48:10.0890 2704 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll

17:48:10.0890 2704 C:\WINDOWS\system32\webclnt.dll - ok

17:48:10.0906 2704 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

17:48:10.0906 2704 C:\WINDOWS\system32\winsrv.dll - ok

17:48:10.0906 2704 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll

17:48:10.0906 2704 C:\WINDOWS\system32\inetpp.dll - ok

17:48:10.0906 2704 [ 2411A26056E0B68F673B8D2BA417A0AD ] C:\WINDOWS\system32\lmdimon8.dll

17:48:10.0906 2704 C:\WINDOWS\system32\lmdimon8.dll - ok

17:48:10.0906 2704 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll

17:48:10.0906 2704 C:\WINDOWS\system32\odbc32.dll - ok

17:48:10.0906 2704 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll

17:48:10.0906 2704 C:\WINDOWS\system32\raschap.dll - ok

17:48:10.0906 2704 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll

17:48:10.0906 2704 C:\WINDOWS\system32\spoolss.dll - ok

17:48:10.0906 2704 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll

17:48:10.0906 2704 C:\WINDOWS\system32\umpnpmgr.dll - ok

17:48:10.0906 2704 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll

17:48:10.0906 2704 C:\WINDOWS\system32\wbem\wbemcons.dll - ok

17:48:10.0906 2704 [ 6295DD28D0ECBC4E6E450C279FEF5ED9 ] C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

17:48:10.0906 2704 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe - ok

17:48:10.0921 2704 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll

17:48:10.0921 2704 C:\WINDOWS\system32\cscdll.dll - ok

Link to post
Share on other sites
BrianLevy

BrianLevy

Posted
  • Author
Posted

continued:

17:48:10.0921 2704 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll

17:48:10.0921 2704 C:\WINDOWS\system32\dhcpcsvc.dll - ok

17:48:10.0921 2704 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll

17:48:10.0921 2704 C:\WINDOWS\system32\dnsapi.dll - ok

17:48:10.0921 2704 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll

17:48:10.0921 2704 C:\WINDOWS\system32\ntmarta.dll - ok

17:48:10.0921 2704 [ D099AD50779641869B9AB44B64BFB95B ] C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll

17:48:10.0921 2704 C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll - ok

17:48:10.0921 2704 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll

17:48:10.0921 2704 C:\WINDOWS\system32\winscard.dll - ok

17:48:10.0921 2704 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll

17:48:10.0921 2704 C:\WINDOWS\system32\wlnotify.dll - ok

17:48:10.0921 2704 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll

17:48:10.0921 2704 C:\WINDOWS\system32\mscms.dll - ok

17:48:10.0937 2704 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

17:48:10.0937 2704 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok

17:48:10.0937 2704 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe

17:48:10.0937 2704 C:\WINDOWS\system32\winlogon.exe - ok

17:48:10.0937 2704 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll

17:48:10.0937 2704 C:\WINDOWS\system32\winmm.dll - ok

17:48:10.0937 2704 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll

17:48:10.0937 2704 C:\WINDOWS\system32\browser.dll - ok

17:48:10.0937 2704 [ 23D42C651F89420F7232AEB7A2A43D03 ] C:\WINDOWS\system32\cscript.exe

17:48:10.0937 2704 C:\WINDOWS\system32\cscript.exe - ok

17:48:10.0937 2704 [ 89D74683C859B7982056D15938BACA3E ] C:\WINDOWS\system32\propsys.dll

17:48:10.0937 2704 C:\WINDOWS\system32\propsys.dll - ok

17:48:10.0937 2704 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll

17:48:10.0937 2704 C:\WINDOWS\system32\wscsvc.dll - ok

17:48:10.0937 2704 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll

17:48:10.0937 2704 C:\WINDOWS\system32\comctl32.dll - ok

17:48:10.0937 2704 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll

17:48:10.0937 2704 C:\WINDOWS\system32\msv1_0.dll - ok

17:48:10.0953 2704 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll

17:48:10.0953 2704 C:\WINDOWS\system32\schannel.dll - ok

17:48:10.0953 2704 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll

17:48:10.0953 2704 C:\WINDOWS\system32\actxprxy.dll - ok

17:48:10.0953 2704 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll

17:48:10.0953 2704 C:\WINDOWS\system32\advapi32.dll - ok

17:48:10.0953 2704 [ 0CE5F8AE9C371A965D17E3F2ED134809 ] C:\WINDOWS\system32\fxst30.dll

17:48:10.0953 2704 C:\WINDOWS\system32\fxst30.dll - ok

17:48:10.0953 2704 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll

17:48:10.0953 2704 C:\WINDOWS\system32\psbase.dll - ok

17:48:10.0953 2704 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll

17:48:10.0953 2704 C:\WINDOWS\system32\trkwks.dll - ok

17:48:10.0953 2704 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll

17:48:10.0953 2704 C:\WINDOWS\system32\w32time.dll - ok

17:48:10.0953 2704 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll

17:48:10.0953 2704 C:\WINDOWS\system32\ole32.dll - ok

17:48:10.0953 2704 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll

17:48:10.0953 2704 C:\WINDOWS\system32\rpcrt4.dll - ok

17:48:10.0968 2704 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll

17:48:10.0968 2704 C:\WINDOWS\system32\scesrv.dll - ok

17:48:10.0968 2704 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll

17:48:10.0968 2704 C:\WINDOWS\system32\uxtheme.dll - ok

17:48:10.0968 2704 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll

17:48:10.0968 2704 C:\WINDOWS\system32\wbem\wmiutils.dll - ok

17:48:10.0968 2704 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll

17:48:10.0968 2704 C:\WINDOWS\system32\sfcfiles.dll - ok

17:48:10.0968 2704 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll

17:48:10.0968 2704 C:\WINDOWS\system32\msnsspc.dll - ok

17:48:10.0968 2704 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll

17:48:10.0968 2704 C:\WINDOWS\system32\msvcp60.dll - ok

17:48:10.0968 2704 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll

17:48:10.0968 2704 C:\WINDOWS\system32\rastls.dll - ok

17:48:10.0968 2704 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll

17:48:10.0968 2704 C:\WINDOWS\system32\rsaenh.dll - ok

17:48:10.0984 2704 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll

17:48:10.0984 2704 C:\WINDOWS\system32\adsldpc.dll - ok

17:48:10.0984 2704 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll

17:48:10.0984 2704 C:\WINDOWS\system32\userenv.dll - ok

17:48:10.0984 2704 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll

17:48:10.0984 2704 C:\WINDOWS\system32\samsrv.dll - ok

17:48:10.0984 2704 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll

17:48:10.0984 2704 C:\WINDOWS\system32\scecli.dll - ok

17:48:10.0984 2704 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll

17:48:10.0984 2704 C:\WINDOWS\system32\wbem\framedyn.dll - ok

17:48:10.0984 2704 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll

17:48:10.0984 2704 C:\WINDOWS\system32\win32spl.dll - ok

17:48:10.0984 2704 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll

17:48:10.0984 2704 C:\WINDOWS\system32\wkssvc.dll - ok

17:48:10.0984 2704 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll

17:48:10.0984 2704 C:\WINDOWS\system32\activeds.dll - ok

17:48:10.0984 2704 [ E97D6A8684466DF94FF3BC24FB787A07 ] C:\WINDOWS\system32\fxssvc.exe

17:48:10.0984 2704 C:\WINDOWS\system32\fxssvc.exe - ok

17:48:11.0000 2704 [ DA45AD502B4F2B7FC4ADEBA2E309F384 ] C:\WINDOWS\system32\netevent.dll

17:48:11.0000 2704 C:\WINDOWS\system32\netevent.dll - ok

17:48:11.0000 2704 [ 86D007E7A654B9A71D1D7D856B104353 ] C:\WINDOWS\system32\scardsvr.exe

17:48:11.0000 2704 C:\WINDOWS\system32\scardsvr.exe - ok

17:48:11.0000 2704 [ 4278079BAD7EC9F1ABDD16E11AFC3AE7 ] C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_ENU.dll

17:48:11.0000 2704 C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_ENU.dll - ok

17:48:11.0000 2704 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll

17:48:11.0000 2704 C:\WINDOWS\system32\setupapi.dll - ok

17:48:11.0000 2704 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll

17:48:11.0000 2704 C:\WINDOWS\system32\tapi32.dll - ok

17:48:11.0000 2704 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll

17:48:11.0000 2704 C:\WINDOWS\system32\msgina.dll - ok

17:48:11.0000 2704 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll

17:48:11.0000 2704 C:\WINDOWS\system32\schedsvc.dll - ok

17:48:11.0000 2704 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll

17:48:11.0000 2704 C:\WINDOWS\system32\srvsvc.dll - ok

17:48:11.0000 2704 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll

17:48:11.0000 2704 C:\WINDOWS\system32\sxs.dll - ok

17:48:11.0015 2704 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

17:48:11.0015 2704 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok

17:48:11.0015 2704 [ 367592EFCA7FF8B4CE11AB6B0744E1E2 ] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

17:48:11.0015 2704 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - ok

17:48:11.0015 2704 [ 32192B4EBE8720ED8D49A455C962CB91 ] C:\Program Files\Java\jre6\bin\jqs.exe

17:48:11.0015 2704 C:\Program Files\Java\jre6\bin\jqs.exe - ok

17:48:11.0015 2704 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll

17:48:11.0015 2704 C:\WINDOWS\system32\lsasrv.dll - ok

17:48:11.0015 2704 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll

17:48:11.0015 2704 C:\WINDOWS\AppPatch\AcGenral.dll - ok

17:48:11.0015 2704 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll

17:48:11.0015 2704 C:\WINDOWS\system32\eappcfg.dll - ok

17:48:11.0015 2704 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll

17:48:11.0015 2704 C:\WINDOWS\system32\kerberos.dll - ok

17:48:11.0015 2704 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\MSCTF.dll

17:48:11.0015 2704 C:\WINDOWS\system32\MSCTF.dll - ok

17:48:11.0031 2704 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll

17:48:11.0031 2704 C:\WINDOWS\system32\netlogon.dll - ok

17:48:11.0031 2704 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll

17:48:11.0031 2704 C:\WINDOWS\system32\mswsock.dll - ok

17:48:11.0031 2704 [ B9C89204C262A50FD35E9F56A24C36D9 ] C:\WINDOWS\system32\nvsvc32.exe

17:48:11.0031 2704 C:\WINDOWS\system32\nvsvc32.exe - ok

17:48:11.0031 2704 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll

17:48:11.0031 2704 C:\WINDOWS\system32\rpcss.dll - ok

17:48:11.0031 2704 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll

17:48:11.0031 2704 C:\WINDOWS\system32\hnetcfg.dll - ok

17:48:11.0031 2704 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll

17:48:11.0031 2704 C:\WINDOWS\system32\mstlsapi.dll - ok

17:48:11.0031 2704 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll

17:48:11.0031 2704 C:\WINDOWS\system32\onex.dll - ok

17:48:11.0031 2704 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll

17:48:11.0031 2704 C:\WINDOWS\system32\wzcsvc.dll - ok

17:48:11.0031 2704 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll

17:48:11.0031 2704 C:\WINDOWS\system32\credui.dll - ok

17:48:11.0046 2704 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll

17:48:11.0046 2704 C:\WINDOWS\system32\dssenh.dll - ok

17:48:11.0046 2704 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll

17:48:11.0046 2704 C:\WINDOWS\system32\duser.dll - ok

17:48:11.0046 2704 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll

17:48:11.0046 2704 C:\WINDOWS\system32\upnp.dll - ok

17:48:11.0046 2704 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll

17:48:11.0046 2704 C:\WINDOWS\system32\oleacc.dll - ok

17:48:11.0046 2704 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll

17:48:11.0046 2704 C:\WINDOWS\system32\rasapi32.dll - ok

17:48:11.0046 2704 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll

17:48:11.0046 2704 C:\WINDOWS\system32\certcli.dll - ok

17:48:11.0046 2704 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll

17:48:11.0046 2704 C:\WINDOWS\system32\esent.dll - ok

17:48:11.0046 2704 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll

17:48:11.0046 2704 C:\WINDOWS\system32\netmsg.dll - ok

17:48:11.0046 2704 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll

17:48:11.0046 2704 C:\WINDOWS\system32\wbem\wmisvc.dll - ok

17:48:11.0062 2704 [ E53DF1B27AD928731900256E4508BCFE ] C:\WINDOWS\system32\nv4_disp.dll

17:48:11.0062 2704 C:\WINDOWS\system32\nv4_disp.dll - ok

17:48:11.0062 2704 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll

17:48:11.0062 2704 C:\WINDOWS\system32\clbcatq.dll - ok

17:48:11.0062 2704 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll

17:48:11.0062 2704 C:\WINDOWS\system32\comres.dll - ok

17:48:11.0062 2704 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll

17:48:11.0062 2704 C:\WINDOWS\system32\cryptui.dll - ok

17:48:11.0062 2704 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll

17:48:11.0062 2704 C:\WINDOWS\system32\WgaLogon.dll - ok

17:48:11.0062 2704 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll

17:48:11.0062 2704 C:\WINDOWS\system32\ipsecsvc.dll - ok

17:48:11.0062 2704 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe

17:48:11.0062 2704 C:\WINDOWS\system32\logonui.exe - ok

17:48:11.0062 2704 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll

17:48:11.0062 2704 C:\WINDOWS\system32\netman.dll - ok

17:48:11.0078 2704 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll

17:48:11.0078 2704 C:\WINDOWS\system32\srsvc.dll - ok

17:48:11.0078 2704 [ F036DB9CF05B3C21405403FF074A78D9 ] C:\Program Files\AVG\AVG2013\avgopensslx.dll

17:48:11.0078 2704 C:\Program Files\AVG\AVG2013\avgopensslx.dll - ok

17:48:11.0078 2704 [ F67480EE1AC3CB32C63AF86B0AE57AC9 ] C:\Program Files\AVG\AVG2013\avgwdwsc.dll

17:48:11.0078 2704 C:\Program Files\AVG\AVG2013\avgwdwsc.dll - ok

17:48:11.0078 2704 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll

17:48:11.0078 2704 C:\WINDOWS\system32\riched20.dll - ok

17:48:11.0078 2704 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll

17:48:11.0078 2704 C:\WINDOWS\system32\es.dll - ok

17:48:11.0078 2704 [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll

17:48:11.0078 2704 C:\WINDOWS\system32\qmgr.dll - ok

17:48:11.0078 2704 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll

17:48:11.0078 2704 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok

17:48:11.0078 2704 [ 684A3B692602F8072EB8DA4D7793EED1 ] C:\Program Files\Broadcom\ASFIPMon\BMAPI.dll

17:48:11.0078 2704 C:\Program Files\Broadcom\ASFIPMon\BMAPI.dll - ok

17:48:11.0078 2704 [ 3A1E66A261DEA3187EF5DCC746CDE971 ] C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll

17:48:11.0078 2704 C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll - ok

17:48:11.0093 2704 [ EC818B7C006773A442694965168C79D4 ] C:\Program Files\smartagent\bin\sprtsvc.exe

17:48:11.0093 2704 C:\Program Files\smartagent\bin\sprtsvc.exe - ok

17:48:11.0093 2704 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll

17:48:11.0093 2704 C:\WINDOWS\system32\pdh.dll - ok

17:48:11.0093 2704 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll

17:48:11.0093 2704 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok

17:48:11.0093 2704 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll

17:48:11.0093 2704 C:\WINDOWS\system32\wintrust.dll - ok

17:48:11.0093 2704 [ 72B53E9C8924949DEC8F3799BCBA2251 ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

17:48:11.0093 2704 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe - ok

17:48:11.0093 2704 [ 58DC20EB15F071804C56FCCC796417A2 ] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

17:48:11.0093 2704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - ok

17:48:11.0093 2704 [ 41A34198DDFFB464DD225CF3E4B34A67 ] C:\Program Files\smartagent\bin\tgsrvc.exe

17:48:11.0093 2704 C:\Program Files\smartagent\bin\tgsrvc.exe - ok

17:48:11.0093 2704 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll

17:48:11.0093 2704 C:\WINDOWS\system32\netapi32.dll - ok

17:48:11.0093 2704 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll

17:48:11.0093 2704 C:\WINDOWS\system32\tapisrv.dll - ok

17:48:11.0109 2704 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll

17:48:11.0109 2704 C:\WINDOWS\system32\xpsp2res.dll - ok

17:48:11.0109 2704 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll

17:48:11.0109 2704 C:\WINDOWS\system32\localspl.dll - ok

17:48:11.0109 2704 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll

17:48:11.0109 2704 C:\WINDOWS\system32\oakley.dll - ok

17:48:11.0109 2704 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] C:\Program Files\AVG\AVG2013\avgwdsvc.exe

17:48:11.0109 2704 C:\Program Files\AVG\AVG2013\avgwdsvc.exe - ok

17:48:11.0109 2704 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll

17:48:11.0109 2704 C:\Program Files\Java\jre6\bin\msvcr71.dll - ok

17:48:11.0109 2704 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll

17:48:11.0109 2704 C:\WINDOWS\system32\wbem\esscli.dll - ok

17:48:11.0109 2704 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll

17:48:11.0109 2704 C:\WINDOWS\system32\wbem\wbemess.dll - ok

17:48:11.0109 2704 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll

17:48:11.0109 2704 C:\WINDOWS\system32\winhttp.dll - ok

17:48:11.0109 2704 [ 2E9FA053700556F1EE7E6FBA658D081D ] C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

17:48:11.0109 2704 C:\Program Files\Common Files\supportsoft\bin\ssrc.exe - ok

17:48:11.0125 2704 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll

17:48:11.0125 2704 C:\WINDOWS\system32\termsrv.dll - ok

17:48:11.0125 2704 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll

17:48:11.0125 2704 C:\WINDOWS\system32\wiaservc.dll - ok

17:48:11.0125 2704 [ F58F2F89A111B08A26EAD3A8FD56B65C ] C:\Program Files\TightVNC\WinVNC.exe

17:48:11.0125 2704 C:\Program Files\TightVNC\WinVNC.exe - ok

17:48:11.0125 2704 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll

17:48:11.0125 2704 C:\WINDOWS\system32\atmfd.dll - ok

17:48:11.0125 2704 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll

17:48:11.0125 2704 C:\WINDOWS\system32\ipnathlp.dll - ok

17:48:11.0125 2704 [ 4B8AFDC03F86763606C09BCA0B137A70 ] C:\Program Files\Common Files\supportsoft\bin\msvcp60.dll

17:48:11.0125 2704 C:\Program Files\Common Files\supportsoft\bin\msvcp60.dll - ok

17:48:11.0125 2704 [ 1144EF6B4BB72E33B41912AE1AE4F97A ] C:\WINDOWS\system32\fxstiff.dll

17:48:11.0125 2704 C:\WINDOWS\system32\fxstiff.dll - ok

17:48:11.0125 2704 [ DA801CB9610B1FD4C9B6DF94E5CC9851 ] C:\WINDOWS\system32\nvapi.dll

17:48:11.0125 2704 C:\WINDOWS\system32\nvapi.dll - ok

17:48:11.0125 2704 [ 7778BDFA3F6F6FBA0E75B9594098F737 ] C:\WINDOWS\system32\searchindexer.exe

17:48:11.0125 2704 C:\WINDOWS\system32\searchindexer.exe - ok

17:48:11.0140 2704 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll

17:48:11.0140 2704 C:\WINDOWS\system32\vssapi.dll - ok

17:48:11.0140 2704 [ 76FFA2433FEB42E78FB5421A50C8FBE3 ] C:\Program Files\AVG\AVG2013\avgclitx.dll

17:48:11.0140 2704 C:\Program Files\AVG\AVG2013\avgclitx.dll - ok

17:48:11.0140 2704 [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll

17:48:11.0140 2704 C:\WINDOWS\system32\msvcp100.dll - ok

17:48:11.0140 2704 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll

17:48:11.0140 2704 C:\WINDOWS\system32\netshell.dll - ok

17:48:11.0140 2704 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll

17:48:11.0140 2704 C:\WINDOWS\system32\wbem\fastprox.dll - ok

17:48:11.0140 2704 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll

17:48:11.0140 2704 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok

17:48:11.0140 2704 [ 0329D0A4F230094B669A87BB3B85606E ] C:\WINDOWS\system32\fxsapi.dll

17:48:11.0140 2704 C:\WINDOWS\system32\fxsapi.dll - ok

17:48:11.0140 2704 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll

17:48:11.0140 2704 C:\WINDOWS\system32\wbem\wbemcore.dll - ok

17:48:11.0156 2704 [ 8622AE563E2AC2F8BF9FAFEE726FC7B8 ] C:\Program Files\AVG\AVG2013\avgsched.dll

17:48:11.0156 2704 C:\Program Files\AVG\AVG2013\avgsched.dll - ok

17:48:11.0156 2704 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll

17:48:11.0156 2704 C:\WINDOWS\system32\msi.dll - ok

17:48:11.0156 2704 [ 9120D1F505133D0B03EA49328D925880 ] C:\WINDOWS\system32\nvcpl.dll

17:48:11.0156 2704 C:\WINDOWS\system32\nvcpl.dll - ok

17:48:11.0156 2704 [ 070184A22BB3ECB714F8FE1471664591 ] C:\WINDOWS\system32\nvdisps.dll

17:48:11.0156 2704 C:\WINDOWS\system32\nvdisps.dll - ok

17:48:11.0156 2704 [ A6251155B7017D4B4A77A3531A8DA6D8 ] C:\Program Files\AVG\AVG2013\avgcommx.dll

17:48:11.0156 2704 C:\Program Files\AVG\AVG2013\avgcommx.dll - ok

17:48:11.0156 2704 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll

17:48:11.0156 2704 C:\WINDOWS\system32\wuapi.dll - ok

17:48:11.0156 2704 [ 5C5209B04B1942A534259C2AB7BB1EEA ] C:\Program Files\smartagent\bin\libeay32.dll

17:48:11.0156 2704 C:\Program Files\smartagent\bin\libeay32.dll - ok

17:48:11.0156 2704 [ 1C7265432E130B3250569182FF79D637 ] C:\Program Files\smartagent\bin\sprtsync.dll

17:48:11.0156 2704 C:\Program Files\smartagent\bin\sprtsync.dll - ok

17:48:11.0156 2704 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll

17:48:11.0156 2704 C:\WINDOWS\system32\comsvcs.dll - ok

17:48:11.0171 2704 [ 0CBD1906F74BEB539FCEF6493095B933 ] C:\WINDOWS\system32\tquery.dll

17:48:11.0171 2704 C:\WINDOWS\system32\tquery.dll - ok

17:48:11.0171 2704 [ E65C5F612400B39D7AA83E7057D798C2 ] C:\WINDOWS\system32\mssrch.dll

17:48:11.0171 2704 C:\WINDOWS\system32\mssrch.dll - ok

17:48:11.0171 2704 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll

17:48:11.0171 2704 C:\WINDOWS\system32\crypt32.dll - ok

17:48:11.0171 2704 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll

17:48:11.0171 2704 C:\WINDOWS\system32\msxml3.dll - ok

17:48:11.0171 2704 [ 43E4758953F454090CAD65C303796ED5 ] C:\WINDOWS\system32\query.dll

17:48:11.0171 2704 C:\WINDOWS\system32\query.dll - ok

17:48:11.0171 2704 [ F820B93E4ABCCABD698A175FD5FC83FE ] C:\Program Files\AVG\AVG2013\avgntsqlitex.dll

17:48:11.0171 2704 C:\Program Files\AVG\AVG2013\avgntsqlitex.dll - ok

17:48:11.0171 2704 [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll

17:48:11.0171 2704 C:\WINDOWS\system32\oleaut32.dll - ok

17:48:11.0171 2704 [ C896F6270EC20A60799298B423D5F58B ] C:\WINDOWS\system32\shdocvw.dll

17:48:11.0171 2704 C:\WINDOWS\system32\shdocvw.dll - ok

17:48:11.0171 2704 [ 432841339B7E13DBBA29266D85131E1A ] C:\Program Files\AVG\AVG2013\avgfwcfg3dllx.dll

17:48:11.0171 2704 C:\Program Files\AVG\AVG2013\avgfwcfg3dllx.dll - ok

17:48:11.0187 2704 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll

17:48:11.0187 2704 C:\WINDOWS\system32\kernel32.dll - ok

17:48:11.0187 2704 [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll

17:48:11.0187 2704 C:\WINDOWS\system32\d3d9.dll - ok

17:48:11.0187 2704 [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll

17:48:11.0187 2704 C:\WINDOWS\system32\msvcr100.dll - ok

17:48:11.0187 2704 [ 491918E4C46ED4CEB6E7A90F7B73924D ] C:\Program Files\AVG\AVG2013\avgxpl.dll

17:48:11.0187 2704 C:\Program Files\AVG\AVG2013\avgxpl.dll - ok

17:48:11.0187 2704 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll

17:48:11.0187 2704 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok

17:48:11.0187 2704 [ 3977E4863FBA44B07B278A115074544A ] C:\Program Files\AVG\AVG2013\avgcslx.dll

17:48:11.0187 2704 C:\Program Files\AVG\AVG2013\avgcslx.dll - ok

17:48:11.0187 2704 [ 9E30B21B14FB24C383AC255BDFA47E0E ] C:\Program Files\AVG\AVG2013\avgsecapix.dll

17:48:11.0187 2704 C:\Program Files\AVG\AVG2013\avgsecapix.dll - ok

17:48:11.0187 2704 [ B40F5DCD59ED2A46EED8AE340CC167FB ] C:\Program Files\AVG\AVG2013\avgcfgx.dll

17:48:11.0187 2704 C:\Program Files\AVG\AVG2013\avgcfgx.dll - ok

17:48:11.0203 2704 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll

17:48:11.0203 2704 C:\WINDOWS\system32\wuaueng.dll - ok

17:48:11.0203 2704 [ 1CA7C04957F8419E426E334B5FF2D0FA ] C:\Program Files\AVG\AVG2013\avgnsx.exe

17:48:11.0203 2704 C:\Program Files\AVG\AVG2013\avgnsx.exe - ok

17:48:11.0203 2704 [ D0BE22C910E46550C6308D50DDA76B94 ] C:\Program Files\AVG\AVG2013\avgfws.exe

17:48:11.0203 2704 C:\Program Files\AVG\AVG2013\avgfws.exe - ok

17:48:11.0203 2704 [ EC5B8B05909AF0B0FF5F9FE7E10C0939 ] C:\WINDOWS\system32\ntkrnlpa.exe

17:48:11.0203 2704 C:\WINDOWS\system32\ntkrnlpa.exe - ok

17:48:11.0203 2704 [ 5014D9C982E360176066F30D633D6600 ] C:\Program Files\AVG\AVG2013\avgwd.dll

17:48:11.0203 2704 C:\Program Files\AVG\AVG2013\avgwd.dll - ok

17:48:11.0203 2704 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll

17:48:11.0203 2704 C:\WINDOWS\system32\shell32.dll - ok

17:48:11.0203 2704 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] C:\Program Files\AVG\AVG2013\avgidsagent.exe

17:48:11.0203 2704 C:\Program Files\AVG\AVG2013\avgidsagent.exe - ok

17:48:11.0203 2704 [ 43D8779059D848BB26D725D4E6C3350C ] C:\Program Files\AVG\AVG2013\avgcorex.dll

17:48:11.0203 2704 C:\Program Files\AVG\AVG2013\avgcorex.dll - ok

17:48:11.0203 2704 [ A8AB8F27F7BBA9CB6C0B8D0534B3C4AE ] C:\WINDOWS\system32\ieframe.dll

17:48:11.0203 2704 C:\WINDOWS\system32\ieframe.dll - ok

17:48:11.0218 2704 [ 142E08E570D8FCD87E845F1463C1AECE ] C:\WINDOWS\system32\vbscript.dll

17:48:11.0218 2704 C:\WINDOWS\system32\vbscript.dll - ok

17:48:11.0218 2704 [ 7C599DEC022BEF6E3C9F4DB4FC164E8B ] C:\WINDOWS\system32\wininet.dll

17:48:11.0218 2704 C:\WINDOWS\system32\wininet.dll - ok

17:48:11.0218 2704 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll

17:48:11.0218 2704 C:\WINDOWS\system32\dbghelp.dll - ok

17:48:11.0218 2704 [ 3B41C69A0CCF62855F691748ADD26E26 ] C:\WINDOWS\system32\iertutil.dll

17:48:11.0218 2704 C:\WINDOWS\system32\iertutil.dll - ok

17:48:11.0218 2704 [ 2BA799D03CC9FF9124E37A39F6A6F004 ] C:\WINDOWS\system32\urlmon.dll

17:48:11.0218 2704 C:\WINDOWS\system32\urlmon.dll - ok

17:48:11.0218 2704 [ 50EBDFE58A286B48B0F0FBFAF623548C ] C:\Program Files\Java\jre6\bin\jp2native.dll

17:48:11.0218 2704 C:\Program Files\Java\jre6\bin\jp2native.dll - ok

17:48:11.0218 2704 [ 8BEAF2B4BCDE405AF7EC46A9E03B2D65 ] C:\WINDOWS\system32\mssprxy.dll

17:48:11.0218 2704 C:\WINDOWS\system32\mssprxy.dll - ok

17:48:11.0218 2704 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll

17:48:11.0218 2704 C:\WINDOWS\system32\rastapi.dll - ok

17:48:11.0218 2704 [ 7A6727D522E6260CCA5B884F8B0EA1D7 ] C:\Program Files\Java\jre6\bin\hpi.dll

17:48:11.0218 2704 C:\Program Files\Java\jre6\bin\hpi.dll - ok

17:48:11.0234 2704 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

17:48:11.0234 2704 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok

17:48:11.0234 2704 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll

17:48:11.0234 2704 C:\WINDOWS\system32\ssdpsrv.dll - ok

17:48:11.0234 2704 [ EF39CCCC9AD927A25334AE0B41A8A343 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll

17:48:11.0234 2704 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok

17:48:11.0234 2704 [ 80D8679BF84A9383BFF33E07D5D9FC35 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll

17:48:11.0234 2704 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok

17:48:11.0234 2704 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll

17:48:11.0234 2704 C:\WINDOWS\system32\rasmans.dll - ok

17:48:11.0234 2704 [ FBF1C00F54579BB7A66EE497427E9885 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizD.dll

17:48:11.0234 2704 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizD.dll - ok

17:48:11.0234 2704 [ 4C3C30FA8DC2F16DD89759882935477E ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizM.dll

17:48:11.0234 2704 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizM.dll - ok

17:48:11.0234 2704 [ A3B6CBB71BD7C54B8E7DC4EB2C4B7E21 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizR.dll

17:48:11.0234 2704 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizR.dll - ok

17:48:11.0250 2704 [ A8590E33BCF59D4D75FCB940F95E7BBB ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizC.dll

17:48:11.0250 2704 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizC.dll - ok

17:48:11.0250 2704 [ 3D525A7AB3C01793A94DC89E9FFCF8C0 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll

17:48:11.0250 2704 C:\Program Files\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll - ok

17:48:11.0250 2704 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll

17:48:11.0250 2704 C:\WINDOWS\system32\netcfgx.dll - ok

17:48:11.0250 2704 [ 27AE731A03AECD47B5777BEC2C58ED76 ] C:\Program Files\Java\jre6\bin\nio.dll

17:48:11.0250 2704 C:\Program Files\Java\jre6\bin\nio.dll - ok

17:48:11.0250 2704 [ 86A41ED9E019C2B78B6CD6C69187782B ] C:\Program Files\Java\jre6\bin\verify.dll

17:48:11.0250 2704 C:\Program Files\Java\jre6\bin\verify.dll - ok

17:48:11.0250 2704 [ 5BAD9129281E1ADDD77F6967F38F58EB ] C:\Program Files\Java\jre6\bin\zip.dll

17:48:11.0250 2704 C:\Program Files\Java\jre6\bin\zip.dll - ok

17:48:11.0250 2704 [ 61D26253C2886201EFBD8374DAE11231 ] C:\Program Files\Java\jre6\bin\deploy.dll

17:48:11.0250 2704 C:\Program Files\Java\jre6\bin\deploy.dll - ok

17:48:11.0250 2704 [ C583655EBBE239C50269B941384F4DEF ] C:\Program Files\Java\jre6\bin\java.exe

17:48:11.0250 2704 C:\Program Files\Java\jre6\bin\java.exe - ok

17:48:11.0250 2704 [ 2CAA5852BAFD29F30309903920941F6F ] C:\Program Files\Java\jre6\bin\jpeg.dll

17:48:11.0250 2704 C:\Program Files\Java\jre6\bin\jpeg.dll - ok

17:48:11.0265 2704 [ C15143171EB21C777C5B767386171807 ] C:\Program Files\Java\jre6\bin\net.dll

17:48:11.0265 2704 C:\Program Files\Java\jre6\bin\net.dll - ok

17:48:11.0265 2704 [ C3CF3F41FF6893606B4F28D59DF1C309 ] C:\Program Files\Java\jre6\bin\dcpr.dll

17:48:11.0265 2704 C:\Program Files\Java\jre6\bin\dcpr.dll - ok

17:48:11.0265 2704 [ C65AA4E545682DB273307095C10AF6A0 ] C:\Program Files\Java\jre6\bin\java.dll

17:48:11.0265 2704 C:\Program Files\Java\jre6\bin\java.dll - ok

17:48:11.0265 2704 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll

17:48:11.0265 2704 C:\WINDOWS\system32\olepro32.dll - ok

17:48:11.0265 2704 [ 63006AB8B94AD9673937AA98F0716AB2 ] C:\Program Files\Java\jre6\bin\fontmanager.dll

17:48:11.0265 2704 C:\Program Files\Java\jre6\bin\fontmanager.dll - ok

17:48:11.0265 2704 [ 77A54BDFBAD4604E6131AE68E3CF76D6 ] C:\WINDOWS\system32\srclient.dll

17:48:11.0265 2704 C:\WINDOWS\system32\srclient.dll - ok

17:48:11.0265 2704 [ BFFC7808524CD816B9DF472581B9F1D7 ] C:\Program Files\Java\jre6\bin\regutils.dll

17:48:11.0265 2704 C:\Program Files\Java\jre6\bin\regutils.dll - ok

17:48:11.0265 2704 [ 4ADCFEE16EE9978F06157634669D36FB ] C:\Documents and Settings\Brian\Desktop\OTL.exe

17:48:11.0265 2704 C:\Documents and Settings\Brian\Desktop\OTL.exe - ok

17:48:11.0265 2704 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe

17:48:11.0265 2704 C:\WINDOWS\system32\alg.exe - ok

17:48:11.0281 2704 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll

17:48:11.0281 2704 C:\WINDOWS\system32\ntlsapi.dll - ok

17:48:11.0281 2704 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll

17:48:11.0281 2704 C:\WINDOWS\system32\rasqec.dll - ok

17:48:11.0281 2704 [ 623ECC167CE924D4B13D4791157446F1 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll

17:48:11.0281 2704 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll - ok

17:48:11.0281 2704 [ EC9B27B37D8E9D361C38E8D364F09611 ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

17:48:11.0281 2704 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe - ok

17:48:11.0281 2704 [ AAC856F555FFD7ED3112395D06F8F592 ] C:\Program Files\Java\jre6\bin\awt.dll

17:48:11.0281 2704 C:\Program Files\Java\jre6\bin\awt.dll - ok

17:48:11.0281 2704 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll

17:48:11.0281 2704 C:\WINDOWS\system32\rasppp.dll - ok

17:48:11.0281 2704 [ F54B27DF67DB75785E163F33A2DD7B9A ] C:\Program Files\Java\jre6\bin\client\jvm.dll

17:48:11.0281 2704 C:\Program Files\Java\jre6\bin\client\jvm.dll - ok

17:48:11.0281 2704 [ 9275F02BEA644F43A459E316A932658F ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll

17:48:11.0281 2704 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok

17:48:11.0296 2704 [ 9B2E14F4D66A59306584566A705F8CDD ] C:\WINDOWS\system32\bitsprx2.dll

17:48:11.0296 2704 C:\WINDOWS\system32\bitsprx2.dll - ok

17:48:11.0296 2704 [ 97AE3A4180CAB360F44F7F03E5E0F409 ] C:\WINDOWS\system32\bitsprx4.dll

17:48:11.0296 2704 C:\WINDOWS\system32\bitsprx4.dll - ok

17:48:11.0296 2704 [ FAEC969501113433B3F38891F3B77A26 ] C:\Documents and Settings\Brian\My Documents\Downloads\HitmanPro36.exe

17:48:11.0296 2704 C:\Documents and Settings\Brian\My Documents\Downloads\HitmanPro36.exe - ok

17:48:11.0296 2704 [ 0E297F71CBFAA611F830407D1054DC70 ] C:\PROGRA~1\AVG\AVG2013\avgchjwx.dll

17:48:11.0296 2704 C:\PROGRA~1\AVG\AVG2013\avgchjwx.dll - ok

17:48:11.0296 2704 [ CCF775179F42797A3EE8BA5678543621 ] C:\PROGRA~1\AVG\AVG2013\avgcclix.dll

17:48:11.0296 2704 C:\PROGRA~1\AVG\AVG2013\avgcclix.dll - ok

17:48:11.0296 2704 [ 99997FA9056ACB38AA388BDA134CEF6E ] C:\Program Files\AVG\AVG2013\avgcsrvx.exe

17:48:11.0296 2704 C:\Program Files\AVG\AVG2013\avgcsrvx.exe - ok

17:48:11.0296 2704 [ 95EFDCB44DD093EDAD447F1D21C8A3F7 ] C:\Program Files\AVG\AVG2013\avgcertx.dll

17:48:11.0296 2704 C:\Program Files\AVG\AVG2013\avgcertx.dll - ok

17:48:11.0296 2704 [ 6F19639188F792BBB234B2A3FCB0C8C9 ] C:\Program Files\AVG\AVG2013\avgchclx.dll

17:48:11.0296 2704 C:\Program Files\AVG\AVG2013\avgchclx.dll - ok

17:48:11.0296 2704 [ E5A0034847537EAEE3C00349D5C34C5F ] C:\WINDOWS\system32\drivers\iaStor.sys

17:48:11.0296 2704 C:\WINDOWS\system32\drivers\iaStor.sys - ok

17:48:11.0312 2704 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys

17:48:11.0312 2704 C:\WINDOWS\system32\drivers\dxapi.sys - ok

17:48:11.0312 2704 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys

17:48:11.0312 2704 C:\WINDOWS\system32\watchdog.sys - ok

17:48:11.0312 2704 [ B57F6110AC77DFE6BA7E58A0FF699915 ] C:\WINDOWS\system32\win32k.sys

17:48:11.0312 2704 C:\WINDOWS\system32\win32k.sys - ok

17:48:11.0312 2704 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys

17:48:11.0312 2704 C:\WINDOWS\system32\drivers\dxg.sys - ok

17:48:11.0312 2704 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys

17:48:11.0312 2704 C:\WINDOWS\system32\drivers\dxgthk.sys - ok

17:48:11.0312 2704 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\MSCTFIME.IME

17:48:11.0312 2704 C:\WINDOWS\system32\MSCTFIME.IME - ok

17:48:11.0312 2704 [ 4470E3C1E0C3378E4CAB137893C12C3A ] C:\WINDOWS\system32\drivers\mbam.sys

17:48:11.0312 2704 C:\WINDOWS\system32\drivers\mbam.sys - ok

17:48:11.0312 2704 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys

17:48:11.0312 2704 C:\WINDOWS\system32\drivers\ndisuio.sys - ok

17:48:11.0312 2704 [ 34F2F5B6A6D28B8FB872DFD57C5323AC ] C:\WINDOWS\system32\BRSVC01A.EXE

17:48:11.0312 2704 C:\WINDOWS\system32\BRSVC01A.EXE - ok

17:48:11.0328 2704 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv

17:48:11.0328 2704 C:\WINDOWS\system32\winspool.drv - ok

17:48:11.0328 2704 [ 9E646CD378D4D0C996BAF9BCB18237C7 ] C:\WINDOWS\system32\BRSS01A.EXE

17:48:11.0328 2704 C:\WINDOWS\system32\BRSS01A.EXE - ok

17:48:11.0328 2704 [ D687F98275FF82F89DF02401FDBC96CC ] C:\WINDOWS\system32\spool\prtprocs\w32x86\BRPP2KA.DLL

17:48:11.0328 2704 C:\WINDOWS\system32\spool\prtprocs\w32x86\BRPP2KA.DLL - ok

17:48:11.0328 2704 [ E290C26AC15351721C8CBFD4D05F8E54 ] C:\WINDOWS\system32\LMUD1Plang.dll

17:48:11.0328 2704 C:\WINDOWS\system32\LMUD1Plang.dll - ok

17:48:11.0328 2704 [ D6C22FE122B40113F4626DB6939BC398 ] C:\WINDOWS\system32\LMUD1Pinpa.dll

17:48:11.0328 2704 C:\WINDOWS\system32\LMUD1Pinpa.dll - ok

17:48:11.0328 2704 [ 525045879EA05CE77882CBA492C2D7B5 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\LMUD1P4C.DLL

17:48:11.0328 2704 C:\WINDOWS\system32\spool\prtprocs\w32x86\LMUD1P4C.DLL - ok

17:48:11.0328 2704 [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe

17:48:11.0328 2704 C:\WINDOWS\system32\mpnotify.exe - ok

17:48:11.0328 2704 [ 854DD988C985A55CE5BB9195B44E879F ] C:\Program Files\IBM\Client Access\Shared\cwbnetnt.dll

17:48:11.0328 2704 C:\Program Files\IBM\Client Access\Shared\cwbnetnt.dll - ok

17:48:11.0328 2704 [ E5937E0C54072714F362EB1FE05329B3 ] C:\WINDOWS\system32\cwbcore.dll

17:48:11.0328 2704 C:\WINDOWS\system32\cwbcore.dll - ok

17:48:11.0343 2704 [ F0513F53A484A3EDC70D9F4CDA84716D ] C:\WINDOWS\system32\cwbunpls.dll

17:48:11.0343 2704 C:\WINDOWS\system32\cwbunpls.dll - ok

17:48:11.0343 2704 [ F6F2BFC17069EB335ACCEEF7595F9302 ] C:\WINDOWS\system32\mfc42u.dll

17:48:11.0343 2704 C:\WINDOWS\system32\mfc42u.dll - ok

17:48:11.0343 2704 [ 5E2A848DECC34800397BAEF8AD4E1B5D ] C:\WINDOWS\system32\cwbrw.dll

17:48:11.0343 2704 C:\WINDOWS\system32\cwbrw.dll - ok

17:48:11.0343 2704 [ 585992D78B671AAA075C02241309795D ] C:\WINDOWS\system32\msvcirt.dll

17:48:11.0343 2704 C:\WINDOWS\system32\msvcirt.dll - ok

17:48:11.0343 2704 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll

17:48:11.0343 2704 C:\WINDOWS\system32\cscui.dll - ok

17:48:11.0343 2704 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll

17:48:11.0343 2704 C:\WINDOWS\system32\dpcdll.dll - ok

17:48:11.0343 2704 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv

17:48:11.0343 2704 C:\WINDOWS\system32\wdmaud.drv - ok

17:48:11.0343 2704 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys

17:48:11.0343 2704 C:\WINDOWS\system32\drivers\wdmaud.sys - ok

17:48:11.0359 2704 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys

17:48:11.0359 2704 C:\WINDOWS\system32\drivers\sysaudio.sys - ok

17:48:11.0359 2704 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys

17:48:11.0359 2704 C:\WINDOWS\system32\drivers\aec.sys - ok

17:48:11.0359 2704 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys

17:48:11.0359 2704 C:\WINDOWS\system32\drivers\splitter.sys - ok

17:48:11.0359 2704 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys

17:48:11.0359 2704 C:\WINDOWS\system32\drivers\swmidi.sys - ok

17:48:11.0359 2704 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys

17:48:11.0359 2704 C:\WINDOWS\system32\drivers\DMusic.sys - ok

17:48:11.0359 2704 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys

17:48:11.0359 2704 C:\WINDOWS\system32\drivers\kmixer.sys - ok

17:48:11.0359 2704 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe

17:48:11.0359 2704 C:\WINDOWS\system32\userinit.exe - ok

17:48:11.0359 2704 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys

17:48:11.0359 2704 C:\WINDOWS\system32\drivers\drmkaud.sys - ok

17:48:11.0359 2704 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe

17:48:11.0359 2704 C:\WINDOWS\system32\WgaTray.exe - ok

17:48:11.0375 2704 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv

17:48:11.0375 2704 C:\WINDOWS\system32\msacm32.drv - ok

17:48:11.0375 2704 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll

17:48:11.0375 2704 C:\WINDOWS\system32\midimap.dll - ok

17:48:11.0375 2704 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe

17:48:11.0375 2704 C:\WINDOWS\explorer.exe - ok

17:48:11.0375 2704 [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll

17:48:11.0375 2704 C:\WINDOWS\system32\LegitCheckControl.dll - ok

17:48:11.0375 2704 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll

17:48:11.0375 2704 C:\WINDOWS\system32\browseui.dll - ok

17:48:11.0375 2704 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl

17:48:11.0375 2704 C:\WINDOWS\system32\desk.cpl - ok

17:48:11.0375 2704 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll

17:48:11.0375 2704 C:\WINDOWS\system32\themeui.dll - ok

17:48:11.0375 2704 [ 994AD0D8550B8B26990A6E3AA0791502 ] C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll

17:48:11.0375 2704 C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll - ok

17:48:11.0375 2704 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys

17:48:11.0375 2704 C:\WINDOWS\system32\drivers\mrxdav.sys - ok

17:48:11.0390 2704 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe

17:48:11.0390 2704 C:\WINDOWS\system32\cmd.exe - ok

17:48:11.0390 2704 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

17:48:11.0390 2704 C:\Program Files\Broadcom\ASFIPMon\BASFND.sys - ok

17:48:11.0390 2704 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys

17:48:11.0390 2704 C:\WINDOWS\system32\drivers\srv.sys - ok

17:48:11.0390 2704 [ FF9AFBD2864BBEA6A9E7F90F8C94F6B7 ] C:\Program Files\AVG\AVG2013\avgidpsdkx.dll

17:48:11.0390 2704 C:\Program Files\AVG\AVG2013\avgidpsdkx.dll - ok

17:48:11.0390 2704 [ 6B9D00AA13F9062A6F99DF0CAF845CBC ] C:\Program Files\AVG\AVG2013\avgadmclx.dll

17:48:11.0390 2704 C:\Program Files\AVG\AVG2013\avgadmclx.dll - ok

17:48:11.0390 2704 [ E9296800685ED622132C0E1FA9241F92 ] C:\Program Files\AVG\AVG2013\avgkrnlapix.dll

17:48:11.0390 2704 C:\Program Files\AVG\AVG2013\avgkrnlapix.dll - ok

17:48:11.0390 2704 [ D1D5DAB39DCB4BE0359943738D87409B ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

17:48:11.0390 2704 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok

17:48:11.0390 2704 [ 4D75DEEB4B333EA5F1F18641ECDF9D1B ] C:\Program Files\smartagent\bin\sprtsched.dll

17:48:11.0390 2704 C:\Program Files\smartagent\bin\sprtsched.dll - ok

17:48:11.0406 2704 [ 61FBC3649E10F2D8CF3F6DB33B7AA042 ] C:\Program Files\smartagent\bin\sprtupdate.dll

17:48:11.0406 2704 C:\Program Files\smartagent\bin\sprtupdate.dll - ok

17:48:11.0406 2704 [ FFB3115AA757ABEFBA7FBA90BAD5DD0A ] C:\WINDOWS\system32\en-US\tquery.dll.mui

17:48:11.0406 2704 C:\WINDOWS\system32\en-US\tquery.dll.mui - ok

17:48:11.0406 2704 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp

17:48:11.0406 2704 C:\WINDOWS\system32\unimdm.tsp - ok

17:48:11.0406 2704 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp

17:48:11.0406 2704 C:\WINDOWS\system32\kmddsp.tsp - ok

17:48:11.0406 2704 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp

17:48:11.0406 2704 C:\WINDOWS\system32\ndptsp.tsp - ok

17:48:11.0406 2704 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp

17:48:11.0406 2704 C:\WINDOWS\system32\ipconf.tsp - ok

17:48:11.0406 2704 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp

17:48:11.0406 2704 C:\WINDOWS\system32\h323.tsp - ok

17:48:11.0406 2704 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp

17:48:11.0406 2704 C:\WINDOWS\system32\hidphone.tsp - ok

17:48:11.0406 2704 [ A1F734BDE374EDE1AE4A16EB8F0E254F ] C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID.pin

17:48:11.0406 2704 C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID.pin - ok

17:48:11.0421 2704 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys

17:48:11.0421 2704 C:\WINDOWS\system32\drivers\http.sys - ok

17:48:11.0421 2704 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe

17:48:11.0421 2704 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok

17:48:11.0421 2704 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll

17:48:11.0421 2704 C:\WINDOWS\system32\licwmi.dll - ok

17:48:11.0421 2704 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll

17:48:11.0421 2704 C:\WINDOWS\system32\licdll.dll - ok

17:48:11.0421 2704 [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll

17:48:11.0421 2704 C:\WINDOWS\system32\msxml6.dll - ok

17:48:11.0421 2704 [ B4082B209267F415840B4D911B6E3C48 ] C:\Program Files\Microsoft\Search Enhancement Pack\SeaShadow\SEASHADO.DLL

17:48:11.0421 2704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaShadow\SEASHADO.DLL - ok

17:48:11.0421 2704 [ 713C03A259EE66219E2DAD1DB08484A6 ] C:\WINDOWS\system32\wbem\cimwin32.dll

17:48:11.0421 2704 C:\WINDOWS\system32\wbem\cimwin32.dll - ok

17:48:11.0421 2704 [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\Brian\LOCALS~1\temp\C7FEB4A1-3EB1-4FAF-B38B-DC25E42E162F.exe

17:48:11.0421 2704 C:\DOCUME~1\Brian\LOCALS~1\temp\C7FEB4A1-3EB1-4FAF-B38B-DC25E42E162F.exe - ok

17:48:11.0421 2704 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll

17:48:11.0421 2704 C:\WINDOWS\system32\ntshrui.dll - ok

17:48:11.0437 2704 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe

17:48:11.0437 2704 C:\WINDOWS\system32\verclsid.exe - ok

17:48:11.0437 2704 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll

17:48:11.0437 2704 C:\WINDOWS\system32\linkinfo.dll - ok

17:48:11.0437 2704 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll

17:48:11.0437 2704 C:\WINDOWS\system32\mlang.dll - ok

17:48:11.0437 2704 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\92318076.sys

17:48:11.0437 2704 C:\WINDOWS\system32\drivers\92318076.sys - ok

17:48:11.0437 2704 [ E66532FD491AD5604C36916715FBA092 ] C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

17:48:11.0437 2704 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe - ok

17:48:11.0437 2704 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

17:48:11.0437 2704 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok

17:48:11.0437 2704 [ 9DADF1A809ECEC86F04BDE35190D59FE ] C:\Program Files\AVG\AVG2013\avgui.exe

17:48:11.0437 2704 C:\Program Files\AVG\AVG2013\avgui.exe - ok

17:48:11.0437 2704 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe

17:48:11.0437 2704 C:\WINDOWS\system32\ctfmon.exe - ok

17:48:11.0453 2704 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll

17:48:11.0453 2704 C:\WINDOWS\system32\msutb.dll - ok

17:48:11.0453 2704 [ 8C53CCD787C381CD535D8DCCA12584D8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll

17:48:11.0453 2704 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll - ok

17:48:11.0453 2704 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\SPTIP.dll

17:48:11.0453 2704 C:\WINDOWS\ime\SPTIP.dll - ok

17:48:11.0453 2704 [ 1169436EE42F860C7DB37A4692B38F0E ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

17:48:11.0453 2704 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll - ok

17:48:11.0453 2704 [ F32077DF74EFD435A1DCDF415E189DF1 ] C:\WINDOWS\system32\mfc100u.dll

17:48:11.0453 2704 C:\WINDOWS\system32\mfc100u.dll - ok

17:48:11.0453 2704 [ 111718867AD27976B413C5345EF91E10 ] C:\WINDOWS\system32\webcheck.dll

17:48:11.0453 2704 C:\WINDOWS\system32\webcheck.dll - ok

17:48:11.0453 2704 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll

17:48:11.0453 2704 C:\WINDOWS\system32\stobject.dll - ok

17:48:11.0453 2704 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll

17:48:11.0453 2704 C:\WINDOWS\system32\batmeter.dll - ok

17:48:11.0453 2704 [ F908FE45F8FE9E0D4CBE65F9FF5DF6DA ] C:\WINDOWS\system32\mfc100enu.dll

17:48:11.0453 2704 C:\WINDOWS\system32\mfc100enu.dll - ok

17:48:11.0468 2704 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll

17:48:11.0468 2704 C:\WINDOWS\system32\rasdlg.dll - ok

17:48:11.0468 2704 [ 9730643AB698D3B7F19D9192E4D3E4B0 ] C:\Program Files\AVG\AVG2013\avgidpmx.dll

17:48:11.0468 2704 C:\Program Files\AVG\AVG2013\avgidpmx.dll - ok

17:48:11.0468 2704 [ DE35D659575C700BA4E8E912671EA4BA ] C:\Program Files\AVG\AVG2013\avgdiagex.exe

17:48:11.0468 2704 C:\Program Files\AVG\AVG2013\avgdiagex.exe - ok

17:48:11.0468 2704 [ 751EEDB874FD17A6F26B9E2CC5E19170 ] C:\Program Files\AVG\AVG2013\avglngx.dll

17:48:11.0468 2704 C:\Program Files\AVG\AVG2013\avglngx.dll - ok

17:48:11.0468 2704 [ EB74C861075ECFA1B51B396615387657 ] C:\Program Files\AVG\AVG2013\avguires.dll

17:48:11.0468 2704 C:\Program Files\AVG\AVG2013\avguires.dll - ok

17:48:11.0468 2704 [ F7E915FA38C119101873AE5E0E7C8B66 ] C:\Program Files\AVG\AVG2013\avgapps.dll

17:48:11.0468 2704 C:\Program Files\AVG\AVG2013\avgapps.dll - ok

17:48:11.0468 2704 [ 90A9B542C9300E540864D9FE1C42A130 ] C:\WINDOWS\system32\fxsst.dll

17:48:11.0468 2704 C:\WINDOWS\system32\fxsst.dll - ok

17:48:11.0468 2704 ============================================================

17:48:11.0468 2704 Scan finished

17:48:11.0468 2704 ============================================================

17:48:11.0484 2696 Detected object count: 0

17:48:11.0484 2696 Actual detected object count: 0

17:49:28.0109 3116 Deinitialize success

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hello BrianLevy,

Please re-run SystemLook.

Copy and paste the content of the following codebox (starting with :filefind) into the main textfield and click the Look button to start the scan:

:filefind
ieframe.dll

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.