-
Tdsskiller log #6
16:01:08.0097 0x0c70 [ B0CBCE737573C9B02780063B342D0780, 45EC2337677E03AA5F8E8B6F0AC11D3048E976C2C2C1E2DFBD7A8A2EADE2B7FF ] C:\Windows\System32\HPWia2_DJ3510.dll
16:01:08.0107 0x0c70 C:\Windows\System32\HPWia2_DJ3510.dll - ok
16:01:08.0117 0x0c70 [ FF41E1AC301F51E16F61AD7C0F45467C, 8E8F7C932C4A6EE239BC6F48D064C55872ED309C8F77263159729D0C2EC675DA ] C:\Windows\System32\msshsq.dll
16:01:08.0117 0x0c70 C:\Windows\System32\msshsq.dll - ok
16:01:08.0167 0x0c70 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{06DE4B0E-281A-4C6C-AA7F-BA6655394588}.tmp
16:01:08.0167 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{06DE4B0E-281A-4C6C-AA7F-BA6655394588}.tmp - ok
16:01:08.0207 0x0c70 [ 7330D477B7496CB42BF11EFF2D374C6A, 080AAE6294358A96BE5EE0D16F5631354DF5FB8E313A51C486876739423AC5CF ] C:\Toshiba\IVP\swupdate\swupdtmr.exe
16:01:08.0207 0x0c70 C:\Toshiba\IVP\swupdate\swupdtmr.exe - ok
16:01:08.0217 0x0c70 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{7809B66D-A751-42C6-BCF4-19FF537A0CA2}.tmp
16:01:08.0217 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{7809B66D-A751-42C6-BCF4-19FF537A0CA2}.tmp - ok
16:01:08.0227 0x0c70 [ 1CE4A2790EB4A96F4ED1E4264866AFE6, EA079AABE19E4E15674AB6EC0B92EFBB382CEDE1D43CFF8A118127F7FF891FDA ] C:\Windows\System32\NaturalLanguage6.dll
16:01:08.0227 0x0c70 C:\Windows\System32\NaturalLanguage6.dll - ok
16:01:08.0237 0x0c70 [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{F21F7968-1A6E-42FE-8F34-ECA1D02E36A8}.tmp
16:01:08.0237 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{F21F7968-1A6E-42FE-8F34-ECA1D02E36A8}.tmp - ok
16:01:08.0247 0x0c70 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] C:\Windows\System32\drivers\tcpipreg.sys
16:01:08.0247 0x0c70 C:\Windows\System32\drivers\tcpipreg.sys - ok
16:01:08.0267 0x0c70 [ D540858E65BFA6FDED41AD2495ECE344, DB85A860F4C07D1370F34AA7F39FAE5DF7E47C1BE65B4D39954FC37CA703A199 ] C:\Windows\System32\TODDSrv.exe
16:01:08.0267 0x0c70 C:\Windows\System32\TODDSrv.exe - ok
16:01:08.0307 0x0c70 [ 351FA1DF82CFFDEDA801604246E63E95, AD030032C0C4C0E2A8EEDA3E45338BE7DFD75AED330EBC266183C49687E7A3D0 ] C:\Windows\System32\icaapi.dll
16:01:08.0307 0x0c70 C:\Windows\System32\icaapi.dll - ok
16:01:08.0307 0x0c70 [ 5057B4B8A5C53812033911ED55D39180, E56C1350E3AD48D6EB8AC6242C5A35A538216E3C7BB9298DCF1445253F90CD6A ] C:\Windows\System32\HPScanTRDrv_DJ3510.dll
16:01:08.0307 0x0c70 C:\Windows\System32\HPScanTRDrv_DJ3510.dll - ok
16:01:08.0347 0x0c70 [ 3EDF206DA2B97519B8448ADDFCC098FF, D10D4072B4A408B851ECD3FDF5719E71092D3C2416742AFD2EC2C6E9E8E48A91 ] C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
16:01:08.0347 0x0c70 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe - ok
16:01:08.0347 0x0c70 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{EB3DCA6E-B66F-421E-92FE-D31E8D1921B2}.tmp
16:01:08.0347 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{EB3DCA6E-B66F-421E-92FE-D31E8D1921B2}.tmp - ok
16:01:08.0377 0x0c70 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{D10000A7-2905-4AF1-95B7-7EB6AB37EC70}.tmp
16:01:08.0377 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{D10000A7-2905-4AF1-95B7-7EB6AB37EC70}.tmp - ok
16:01:08.0407 0x0c70 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{BEC570DB-AAAC-4A4E-B9C7-003051411CB0}.tmp
16:01:08.0407 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{BEC570DB-AAAC-4A4E-B9C7-003051411CB0}.tmp - ok
16:01:08.0417 0x0c70 [ AA111488C03C58A2BF66509ABB4FDE60, E7E0E3305DB8ECE1E4312D8C664BE0C25B62236C97ABB19ABF5B4FD1E75C83E2 ] C:\Windows\System32\NlsData0009.dll
16:01:08.0417 0x0c70 C:\Windows\System32\NlsData0009.dll - ok
16:01:08.0467 0x0c70 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{6F46873D-7665-4796-8C04-B192BB7F4A17}.tmp
16:01:08.0467 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{6F46873D-7665-4796-8C04-B192BB7F4A17}.tmp - ok
16:01:08.0487 0x0c70 [ 07A607CFB27D195210EAE03B0DC6BD03, 1B71D5DC7A63F72BE90EA4FD76FBC07BEDED4D80E052A2A97EF5FB25FFC9C9C0 ] C:\Program Files\Toshiba\Power Saver\TPwrReg.dll
16:01:08.0487 0x0c70 C:\Program Files\Toshiba\Power Saver\TPwrReg.dll - ok
16:01:08.0507 0x0c70 [ 4B09541D884E5923C1943D5357026BD8, E68FD5BD4C10570600652226E1FF611A883A485BC603DCDE93EB79ACE6715623 ] C:\Program Files\Toshiba\Power Saver\TPwrFunc.dll
16:01:08.0507 0x0c70 C:\Program Files\Toshiba\Power Saver\TPwrFunc.dll - ok
16:01:08.0527 0x0c70 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{FFEA6F22-36C7-41EA-B6F3-FC9D70CDBAA5}.tmp
16:01:08.0527 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{FFEA6F22-36C7-41EA-B6F3-FC9D70CDBAA5}.tmp - ok
16:01:08.0537 0x0c70 [ 76148C3159718B701252F87B067904A6, 90DDCF15A9A447D00213CAFF9FEF24720703EB5398388126DA8F58AFE7DF09BE ] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
16:01:08.0537 0x0c70 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe - ok
16:01:08.0547 0x0c70 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{4EFC2C7C-2100-4A1E-8384-F4A938567AC8}.tmp
16:01:08.0547 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{4EFC2C7C-2100-4A1E-8384-F4A938567AC8}.tmp - ok
16:01:08.0557 0x0c70 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{044B2B15-5A75-4E50-B51E-EF5579CCDB39}.tmp
16:01:08.0557 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{044B2B15-5A75-4E50-B51E-EF5579CCDB39}.tmp - ok
16:01:08.0617 0x0c70 [ 332D341D92B933600D41953B08360DFB, 213A5C84ABB0D627C05B355084A26A5081645D4EC398FF19EF6BBCB690B10055 ] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
16:01:08.0617 0x0c70 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe - ok
16:01:08.0627 0x0c70 [ 74B8C2EA72D43727142D12397D5A49F9, 37E8858211D7BF9DE90CBD22863B18A939C43BA64CAD06229E994A417BD46B0D ] C:\Windows\System32\wbemcomn.dll
16:01:08.0627 0x0c70 C:\Windows\System32\wbemcomn.dll - ok
16:01:08.0637 0x0c70 [ DEB9D08750423069647C3A066CEC7A1B, 5570DF2EFB4D3B6BD2F8839F8FDB89C107424F9C3113238A34F3384285AB940F ] C:\Windows\System32\tquery.dll
16:01:08.0637 0x0c70 C:\Windows\System32\tquery.dll - ok
16:01:08.0657 0x0c70 [ 1F18B9EA1BBFF033413414C3BEA13AD6, EC549203DD16A70F3275500CF1754198FDD4F619A0EC973FF8D4A9934DAACE6B ] C:\Windows\System32\wbem\WinMgmtR.dll
16:01:08.0657 0x0c70 C:\Windows\System32\wbem\WinMgmtR.dll - ok
16:01:08.0667 0x0c70 [ 218B73EA8341EA9FDF018D43052E790A, 35696A2107490EB6E81A442CBE0F3DE36DBED103A0A18677F2686DB2A157FE3C ] C:\Windows\System32\mssrch.dll
16:01:08.0667 0x0c70 C:\Windows\System32\mssrch.dll - ok
16:01:08.0677 0x0c70 [ AAB5FEAABF4CB6F76D794203831C8D94, 2E773665AEC22EAE334F4123F1B1D183790FA165E54C126246E32B8DAB4CD67F ] C:\Windows\System32\msidle.dll
16:01:08.0677 0x0c70 C:\Windows\System32\msidle.dll - ok
16:01:08.0697 0x0c70 [ 30F0DC266B46118E9FBCF5B2A30EB1DB, 72C59BBD1590EAD91D92C07B3434BE308639CE773E8A2E72751E5396B4B10BA5 ] C:\Windows\System32\wbem\wbemprox.dll
16:01:08.0697 0x0c70 C:\Windows\System32\wbem\wbemprox.dll - ok
16:01:08.0767 0x0c70 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] C:\Windows\System32\netprofm.dll
16:01:08.0767 0x0c70 C:\Windows\System32\netprofm.dll - ok
16:01:08.0767 0x0c70 [ 8629B71343F61E1140243581C63BC0C7, DF03E90AC77E2559294385B8502AF8F6BAF5B2B40BE843F1AD50CD5848538F0D ] C:\Windows\System32\NlsLexicons0009.dll
16:01:08.0767 0x0c70 C:\Windows\System32\NlsLexicons0009.dll - ok
16:01:08.0797 0x0c70 [ BF7E4D6F60A6D9E866432855C6F8C262, 6E99AA4BD3867867C6DE1B37F0EA8A1332190D23CD72752889B7A5C90DDC610F ] C:\Windows\System32\sqmapi.dll
16:01:08.0797 0x0c70 C:\Windows\System32\sqmapi.dll - ok
16:01:08.0817 0x0c70 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D, 15A579FDE0288BC732DF0C092A8269159D4D7B8AAC13E78B1D444899EE1CE478 ] C:\Windows\System32\riched20.dll
16:01:08.0817 0x0c70 C:\Windows\System32\riched20.dll - ok
16:01:08.0847 0x0c70 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
16:01:08.0847 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe - ok
16:01:08.0867 0x0c70 [ B458B58F7BB97C48D01AC3CF5805AAAC, C72F88E1CF47B3645177E8CC78E3AE3D098E6401EF7EF598E4C02F75A466B78C ] C:\Windows\System32\Query.dll
16:01:08.0867 0x0c70 C:\Windows\System32\Query.dll - ok
16:01:08.0877 0x0c70 [ A952D0DED445F26AEFCF593A935AB300, 3A5D7D33D6445B146C9F1ABAE7A705EB53E5C4800CE3F04A9392C42E0D9ECBBD ] C:\Windows\System32\hnetcfg.dll
16:01:08.0877 0x0c70 C:\Windows\System32\hnetcfg.dll - ok
16:01:08.0887 0x0c70 [ DFCAB29E8FD38F95650CC1E203E8D318, 96B444CF2FA218447A29BC5BF4308E3A5A47203555A460E79056EE6AC4875F9A ] C:\Windows\System32\npmproxy.dll
16:01:08.0887 0x0c70 C:\Windows\System32\npmproxy.dll - ok
16:01:08.0907 0x0c70 [ BF2156D8D9866983B55D95382131DC4A, 51C0D5038A23BC81829B63505D5E2DCC304C1AEFA0443C7F0B4D65B734D544DB ] C:\Windows\System32\lsmproxy.dll
16:01:08.0907 0x0c70 C:\Windows\System32\lsmproxy.dll - ok
16:01:08.0937 0x0c70 [ 21322832C99E8DE85BD047689A2A69DB, EDEA0659E65AD8C081BDF82A8AFF0999E7DD3B31F2AB0FBCEDDAEE893E90B9EB ] C:\Windows\System32\pnpts.dll
16:01:08.0937 0x0c70 C:\Windows\System32\pnpts.dll - ok
16:01:08.0987 0x0c70 [ A6250DF429D0D78DACFBC6B87074E584, 0C0FC4F1B5CADB8AE9D4182C732F01921979EB839E46462564181F87AE4376F6 ] C:\Windows\System32\regapi.dll
16:01:08.0987 0x0c70 C:\Windows\System32\regapi.dll - ok
16:01:09.0017 0x0c70 [ F0062778F50838145AC46B384FFB4FA3, 7EC4509AB87062D2BA00E3B7AD59F3D6D2F01AF66E4AEFB70BFAFD1B89E7BFEF ] C:\Windows\System32\pcadm.dll
16:01:09.0017 0x0c70 C:\Windows\System32\pcadm.dll - ok
16:01:09.0027 0x0c70 [ E67DAF21DDBE6D4B5771E12902902EEA, 247D7E77AC5B3F67B855C2F3518F543CABFEB39128B391E017A1F515E2F900B5 ] C:\Windows\System32\rdpwsx.dll
16:01:09.0027 0x0c70 C:\Windows\System32\rdpwsx.dll - ok
16:01:09.0047 0x0c70 [ FC1EEE57EB9CD57279D70BA2A9131C38, 3154EF4F545CE40C7C67B8D5A4DF23D37B2A6F0CA8C5EC656CF81D96A7BE3CE9 ] C:\Windows\System32\wbem\wbemcore.dll
16:01:09.0047 0x0c70 C:\Windows\System32\wbem\wbemcore.dll - ok
16:01:09.0057 0x0c70 [ EE60FC8F65B94C392DE0F75533C014FB, 28266E2F196363AC13D06421172A530E09FC5D4A8F23D9D2018D5DC580BB1673 ] C:\Windows\System32\mstlsapi.dll
16:01:09.0057 0x0c70 C:\Windows\System32\mstlsapi.dll - ok
16:01:09.0077 0x0c70 [ AAAE543C535ED596ECAD2AB8761C2C6F, E10E03D5E7A8A7257EA29EA3D045B9E169099BF7B224458806EC2918BD7AD161 ] C:\Windows\System32\dxgi.dll
16:01:09.0077 0x0c70 C:\Windows\System32\dxgi.dll - ok
16:01:09.0097 0x0c70 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] C:\Windows\System32\drivers\tdtcp.sys
16:01:09.0097 0x0c70 C:\Windows\System32\drivers\tdtcp.sys - ok
16:01:09.0117 0x0c70 [ FEA6D21F78922D641A0C9346D885133B, 258B920BFA67A5F5A85A455EC7CCF18119C786F94A708087F09F3B5660CD783C ] C:\Windows\System32\mssprxy.dll
16:01:09.0117 0x0c70 C:\Windows\System32\mssprxy.dll - ok
16:01:09.0127 0x0c70 [ C10E13721B0AAEBEB5EBA914F1D18181, D30BA6FF257A840D67BFA6AF332ADBDC0E79C70EDCEFB10FAACD7071FB431458 ] C:\Windows\System32\wbem\esscli.dll
16:01:09.0127 0x0c70 C:\Windows\System32\wbem\esscli.dll - ok
16:01:09.0147 0x0c70 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] C:\Windows\System32\drivers\tssecsrv.sys
16:01:09.0147 0x0c70 C:\Windows\System32\drivers\tssecsrv.sys - ok
16:01:09.0167 0x0c70 [ 05B6A5CE1C7767C32DF35966107CB1EC, DECC08418A2F6B887268B6C35B11F5C00523D291AD8C6F792CD6DF801FCACBFD ] C:\Windows\System32\hhctrl.ocx
16:01:09.0167 0x0c70 C:\Windows\System32\hhctrl.ocx - ok
16:01:09.0187 0x0c70 [ 1D1C3BBA2191F0F5B14555757DDB729A, 0050EEC0E8B4CFC7675E7C099CC379B1AEB36003ABB73E89435E1747DE171C93 ] C:\Windows\System32\d3d10_1.dll
16:01:09.0187 0x0c70 C:\Windows\System32\d3d10_1.dll - ok
16:01:09.0197 0x0c70 [ BC5A34B6A14C93BF04E3F4E8EA57090A, 55F71740FBA3A079B81A045C81088C39176D44358ED28F568C198F338400E017 ] C:\Windows\System32\wbem\fastprox.dll
16:01:09.0197 0x0c70 C:\Windows\System32\wbem\fastprox.dll - ok
16:01:09.0217 0x0c70 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] C:\Windows\System32\drivers\rdpwd.sys
16:01:09.0217 0x0c70 C:\Windows\System32\drivers\rdpwd.sys - ok
16:01:09.0317 0x0c70 [ 2434237DFBC70483B63A667B9573891E, 35F4D31A947C4E843B63D1F4D5474B56C983AB2F84F2375753596FDD317AC7DB ] C:\Windows\System32\d3d10_1core.dll
16:01:09.0317 0x0c70 C:\Windows\System32\d3d10_1core.dll - ok
16:01:09.0367 0x0c70 [ 52673DCDFA7687EABC0C779894D0F4FF, EAD605C51ABA9BFB2F5DC4AAE8AED5488FE9233205941222B1DD2D4FC8603CC4 ] C:\Windows\System32\d3d10warp.dll
16:01:09.0367 0x0c70 C:\Windows\System32\d3d10warp.dll - ok
16:01:09.0377 0x0c70 [ B8A21907FE2F1A113F3487D9AB60BEF9, 00BC900F04C2594E177A5C13CF613194926292FF92A2E5320E98AFD94A9524D0 ] C:\Windows\System32\en-US\tquery.dll.mui
16:01:09.0377 0x0c70 C:\Windows\System32\en-US\tquery.dll.mui - ok
16:01:09.0397 0x0c70 [ DB0F37DBA4C245C61E5936DDBDE62438, 2DB2979BAF792DA74584E380055F233B9CEF51BCBF992CA84A79AD81A23C1663 ] C:\Windows\System32\wbem\wbemsvc.dll
16:01:09.0397 0x0c70 C:\Windows\System32\wbem\wbemsvc.dll - ok
16:01:09.0427 0x0c70 [ F85134BF76CB335A39F8D7BC4173D4FB, F6D1FA04D5BEA86625016FC460B9BF713C0D47694D84E9EA31AB927AD7527F37 ] C:\Windows\System32\msscb.dll
16:01:09.0427 0x0c70 C:\Windows\System32\msscb.dll - ok
16:01:09.0447 0x0c70 [ 2C3B09E586BDA2CC49A292BE7BADC589, E8AA356380E11A75DA0B51DA9C8BD9D3EA05885206AB9D4D1A69A96D8E9777AE ] C:\Windows\System32\wbem\wmiutils.dll
16:01:09.0447 0x0c70 C:\Windows\System32\wbem\wmiutils.dll - ok
16:01:09.0477 0x0c70 [ 24F90AEFEBE601D427CB4511E74CDCB6, 0FEBBE1F81E6A48DA0D8967E256259B6F92F6E79804DF9CAC9422FEC47CB9BF2 ] C:\Windows\System32\linkinfo.dll
16:01:09.0477 0x0c70 C:\Windows\System32\linkinfo.dll - ok
16:01:09.0497 0x0c70 [ 0F0812A01DD2299792EE254AC3FCF865, 35047AAD472A3A47E29BDCF76FEBA9F307DFE2ED72D802CFE7D7DD0BA35C3F9A ] C:\Program Files\Fighters\SPAMfighter\sfse_update.exe
16:01:09.0497 0x0c70 C:\Program Files\Fighters\SPAMfighter\sfse_update.exe - ok
16:01:09.0507 0x0c70 [ 1D6B95871DC006190964B04E5657E35F, 813F546ECB052166851B3E402DA13BF82CC83D36DA02AF3DED3780FEFFBA3277 ] C:\Windows\System32\rastapi.dll
16:01:09.0507 0x0c70 C:\Windows\System32\rastapi.dll - ok
16:01:09.0517 0x0c70 [ 834933F16EA839AC5AC7CBF88638DF27, 5A91A23ACD760F81E4DF7976DE1FA27E80EF8D35B680EEC859E08AF9588ACBE4 ] C:\Windows\System32\wbem\repdrvfs.dll
16:01:09.0517 0x0c70 C:\Windows\System32\wbem\repdrvfs.dll - ok
16:01:09.0527 0x0c70 [ 0A7F888BCB331B67A7ADC3D5327EEDA2, 5025652A49C2A573A6161AC924A712C4581DF693B4DB982B0C894F17B037FED8 ] C:\Program Files\Fighters\SPAMfighter\sfsg.dll
16:01:09.0527 0x0c70 C:\Program Files\Fighters\SPAMfighter\sfsg.dll - ok
16:01:09.0577 0x0c70 [ FFE170C44287AE0861A0E8B4AEEF8F67, 593B13B4C06236FDAD9AF26E4972BA1016CC1FB58A2925C128DD3A77B5268024 ] C:\Program Files\Fighters\SPAMfighter\sfse.dll
16:01:09.0577 0x0c70 C:\Program Files\Fighters\SPAMfighter\sfse.dll - ok
16:01:09.0587 0x0c70 [ B96B60EC821F86D445C9739A0F3DED59, 5BBB1C4AE7EB45403435D875598A8CC576698FD081977F5D51D438BA43140588 ] C:\Windows\System32\unimdm.tsp
16:01:09.0587 0x0c70 C:\Windows\System32\unimdm.tsp - ok
16:01:09.0627 0x0c70 [ 3EB6D30D82F0E300FCFBAD0498F654FD, 12A9CA74619AE147FC097A8A2142B6DF9318AE8ED0ADAF04A783BC0995039071 ] C:\Windows\System32\mlang.dll
16:01:09.0627 0x0c70 C:\Windows\System32\mlang.dll - ok
16:01:09.0647 0x0c70 [ 159B659B77452D87CE9E6371AB25A2EC, 04BDB62A61578409B18128267CB22BACEB9B75A312FFC3D966379C76FEEEB6F8 ] C:\Program Files\Spybot - Search & Destroy 2\SDHookInst32.exe
16:01:09.0647 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDHookInst32.exe - ok
16:01:09.0657 0x0c70 [ 04044BF8E6989BE45FA718C24407CA28, C88D19AA791793313551B26DF2A33A59BEBE366F2F2930ABDE0865AE932BFD7E ] C:\Windows\System32\networkexplorer.dll
16:01:09.0657 0x0c70 C:\Windows\System32\networkexplorer.dll - ok
16:01:09.0667 0x0c70 [ DFBAADF1B624DC71E88D34D86B3595BE, AFEEA1CF788DC67833C4FA14CCE681B5E30F480A8D9059B9192D636359F8D8DD ] C:\Windows\System32\uniplat.dll
16:01:09.0667 0x0c70 C:\Windows\System32\uniplat.dll - ok
16:01:09.0677 0x0c70 [ 0B71899E60D1265229BF3D080EAB573D, 84CF5A6316DDCF5811CB8CE4C6EC647E2FB2286C852B0D2970DBF17C9CAC3F06 ] C:\Windows\System32\unimdmat.dll
16:01:09.0677 0x0c70 C:\Windows\System32\unimdmat.dll - ok
16:01:09.0697 0x0c70 [ C2C6C014B96581EC8BF0C8604DE1743E, 5641A4B4EEB85C247A6C5718D3DDBAC9BD8C00E1D474721E8F27CFC7E7C25FBC ] C:\Windows\System32\wbem\WmiPrvSD.dll
16:01:09.0697 0x0c70 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
16:01:09.0707 0x0c70 [ D0A95E567224B4C347CBDD6541E5D928, 6CF5AA0B5C48B783A8C300B95E8C75366BC0859B434ACBE5D334AC987462886E ] C:\Windows\System32\wscisvif.dll
16:01:09.0707 0x0c70 C:\Windows\System32\wscisvif.dll - ok
16:01:09.0747 0x0c70 [ A0F4852A5DB9754BEC06F84B400AE743, B233988541B738FC8082F6A286A88DE40679476D3914E9E541D75B89E451C476 ] C:\Windows\System32\wscapi.dll
16:01:09.0747 0x0c70 C:\Windows\System32\wscapi.dll - ok
16:01:09.0747 0x0c70 [ 2E837F3D406224DF131C34BC8F71621E, 1878268AC27FEEFC58F813E84FDFBCC2B1B93412D7F2282E439BC5CAEE99E587 ] C:\Windows\System32\modemui.dll
16:01:09.0747 0x0c70 C:\Windows\System32\modemui.dll - ok
16:01:09.0767 0x0c70 [ 9393A174F440EE1B43E73823647C023B, D1C14AE444D15A4BC42B37361E00B6D64390F594390F9B62DDC55FB73FB5D887 ] C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll
16:01:09.0767 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll - ok
16:01:09.0787 0x0c70 [ 953193A9DEA40348C1086D171F6440AE, D09D2A3238A56C823010F7AB5A92C88D315F7A01093C3EB0CF70C0F058055C93 ] C:\Windows\System32\kmddsp.tsp
16:01:09.0787 0x0c70 C:\Windows\System32\kmddsp.tsp - ok
16:01:09.0797 0x0c70 [ 2F6776ACEFE41EE889C464EA407918F2, 67401F5B8B6DBA6E7478D1D05D1ED91680C8623E66CA66AFB44377D63DD5F13C ] C:\Windows\System32\ndptsp.tsp
16:01:09.0797 0x0c70 C:\Windows\System32\ndptsp.tsp - ok
16:01:09.0817 0x0c70 [ A609A192E98934A8D352704C99AB8577, E4E4B8FEDBDFAC148E416190C7E88F8634269FFB2395E197D92BCB3CD7CDF662 ] C:\Windows\System32\wbem\wbemess.dll
16:01:09.0817 0x0c70 C:\Windows\System32\wbem\wbemess.dll - ok
16:01:09.0827 0x0c70 [ B4B59AC042EE3733A862F26CBC0B17FC, 4EB571061FF1C0CEF66C450FBB266D81A583B7EA2AFD4A32F3ED7079969D7949 ] C:\Windows\System32\hidphone.tsp
16:01:09.0827 0x0c70 C:\Windows\System32\hidphone.tsp - ok
16:01:09.0867 0x0c70 [ CC482978D7F0655BEE5B910E219A6106, 0918B511A20EFD459FC45F83D891AEE18F489C1B776456FA3AC30E6F16042DA5 ] C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll
16:01:09.0867 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll - ok
16:01:09.0877 0x0c70 [ 8B645890A93F1FBBC7DA3E07CC72D762, 9D7054729CC860F2311060C236F7123567CBB2780966A72B6ADEB96185CB5D7B ] C:\Windows\System32\rasppp.dll
16:01:09.0877 0x0c70 C:\Windows\System32\rasppp.dll - ok
16:01:09.0887 0x0c70 [ 88225070DD2F7B0B2ED51E7935078641, 9DC31DE93783EBC7285B8CBEA50E73976AA221B9701C3AE6CED56960F19AB298 ] C:\Windows\System32\rasqec.dll
16:01:09.0887 0x0c70 C:\Windows\System32\rasqec.dll - ok
16:01:09.0897 0x0c70 [ 612C9C28A2B577D8AAC916E73E1F68EC, B6CC3345738706BC9390237944629223087E67D1E33D52ED43AB5B6942CD5EE7 ] C:\Program Files\Spybot - Search & Destroy 2\SDAV.dll
16:01:09.0897 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDAV.dll - ok
16:01:09.0907 0x0c70 [ 248A1F31ABB58DDDDC01490EF0BDC777, 5E5CF3FEAB07628BB1EAE37BED9207E231AB3AEE38907C58D909B1BA391D18A8 ] C:\Windows\System32\cryptui.dll
16:01:09.0907 0x0c70 C:\Windows\System32\cryptui.dll - ok
16:01:09.0917 0x0c70 [ 25D23E5A5A627CC718E478B66AD8AFF7, EFEE79C9ABC23CE3745928247BE63A3DCE74B39C47F2AF0C62C8380E7EDCBFB7 ] C:\Program Files\Spybot - Search & Destroy 2\av\bdquar.dll
16:01:09.0927 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\av\bdquar.dll - ok
16:01:09.0937 0x0c70 [ BADC359C9A0D9C217B7E8DA17BF3F5BB, F3DAD07D80FFF1631AE21C66362757263BD9D6D2D6DE692A618191F84EE46827 ] C:\Windows\System32\ntshrui.dll
16:01:09.0937 0x0c70 C:\Windows\System32\ntshrui.dll - ok
16:01:09.0947 0x0c70 [ 98638A4CA187245C469DA0DEC4F04A45, AE352C68D11888AA27109F366BFFA308CA8EE8E222599C74E2C0B1A1AA9B60A3 ] C:\Windows\System32\pautoenr.dll
16:01:09.0947 0x0c70 C:\Windows\System32\pautoenr.dll - ok
16:01:09.0957 0x0c70 [ AC48FD62E22C4425879FCA5A63F50497, 36234D6835F8CCDE2DEF4AAD2C9AD42C47FC7A5BDD9CFC9BE8FFE6995FB3DE1B ] C:\Windows\System32\certcli.dll
16:01:09.0957 0x0c70 C:\Windows\System32\certcli.dll - ok
16:01:09.0977 0x0c70 [ C8DBFEF835FF54467425C8F3ABCF7046, F9F20D4AD8144B17F53927AF4D901092B2047E1C4300620B6B31232703304356 ] C:\Windows\System32\dssenh.dll
16:01:09.0977 0x0c70 C:\Windows\System32\dssenh.dll - ok
16:01:09.0987 0x0c70 [ 5016B8FC59AD616F03813FBE63295081, D5141F87D456CBF12E7C227A9C5D3918A675D20953E7705A49ED1BE5426C69EB ] C:\Windows\System32\thumbcache.dll
16:01:09.0987 0x0c70 C:\Windows\System32\thumbcache.dll - ok
16:01:10.0047 0x0c70 [ 0053319C4438CDE659AA75C19BBD22F1, F0EE45AAB3DC43DECF7DA6B7A5DC4AAEF9A660D3BE1B571EA5FD2C6779A583FB ] C:\Windows\System32\CertEnroll.dll
16:01:10.0047 0x0c70 C:\Windows\System32\CertEnroll.dll - ok
16:01:10.0067 0x0c70 [ B608BA52FA1FD29BF81B718818246B4D, F1167F0F02D860BE15920760AC09532D844913C0787947E3E5739FD3F9D1AADC ] C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
-
Tdsskiller log #6
16:01:10.0067 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll - ok
16:01:10.0077 0x0c70 [ 61216539E55DDF2F78E421E7EF140650, 0897EEA53F8924441FD2F61EB0FCE96142A6526EDB857B1638FEDD9304AD3561 ] C:\Windows\System32\ExplorerFrame.dll
16:01:10.0077 0x0c70 C:\Windows\System32\ExplorerFrame.dll - ok
16:01:10.0087 0x0c70 [ 5B9777517C41B28DD351C69576D81070, 40E17D37734443A649AE9E5FE9ABADCBBB35104DD6CA63F2E9CBDF45928141E9 ] C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
16:01:10.0087 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe - ok
16:01:10.0117 0x0c70 [ 296937202E4D930AAE98085B99D744D8, 65F569B7291307FD2B0F782888F18E23027A8F986CFB7B719CA53E93FA3B1367 ] C:\Windows\System32\AUDIOKSE.dll
16:01:10.0117 0x0c70 C:\Windows\System32\AUDIOKSE.dll - ok
16:01:10.0137 0x0c70 [ 3ECFFF6C69A056B0BEAD2CD7F96F9961, F7755C365C79EFE5C978764D1C0004459D1874B7C55042D4930BED6D1F27C952 ] C:\Windows\System32\RtkAPO.dll
16:01:10.0137 0x0c70 C:\Windows\System32\RtkAPO.dll - ok
16:01:10.0137 0x0c70 [ 4CEB44AE133F1628917E3385905B88D7, 5900C7EB5B360FF5469AA24E41F3D91C102E6E262937CA9CA40532BE8BE30D55 ] C:\Program Files\Spybot - Search & Destroy 2\av\bdcore.dll
16:01:10.0137 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\av\bdcore.dll - ok
16:01:10.0157 0x0c70 [ C8AE490A93C3CC2E537B6E06247785A1, AE4978ADCBBE8047B3409969752230DC1A2C10B7ADC876859A3965196B7F6203 ] C:\Windows\System32\wbem\NCProv.dll
16:01:10.0157 0x0c70 C:\Windows\System32\wbem\NCProv.dll - ok
16:01:10.0187 0x0c70 [ 1A617835452EEE5060976C9B9F5FE635, DCCAAB049681BE876B73F0880EA32196CDA7EC954D452768A48D366096C5BD53 ] C:\Windows\System32\wuapi.dll
16:01:10.0187 0x0c70 C:\Windows\System32\wuapi.dll - ok
16:01:10.0197 0x0c70 [ 33CB1099D1FE7093773E3C7A2A7B97E7, 2B7556C88958B25E118EABBA782FC962B7171EE27680923BFA024DBA976B89C3 ] C:\Program Files\Wisdom-soft AutoScreenRecorder Free\AutoScreenRecorderFree.exe
16:01:10.0197 0x0c70 C:\Program Files\Wisdom-soft AutoScreenRecorder Free\AutoScreenRecorderFree.exe - ok
16:01:10.0217 0x0c70 [ E3F535656B5ABF249702EB64F3CF9AF0, 8669E7586FC1020E2C382997CF5A3B55BBF4A0135554921F1BC00CF9400FBC75 ] C:\Windows\System32\wbem\wbemcons.dll
16:01:10.0217 0x0c70 C:\Windows\System32\wbem\wbemcons.dll - ok
16:01:10.0237 0x0c70 [ 3458EDA96E30FBD0477A2800D3FB1909, BDF84362E4D8A102E7FB5F352D950B84D1A8E1E7928521B68E7671D4176803C5 ] C:\Windows\System32\wups.dll
16:01:10.0237 0x0c70 C:\Windows\System32\wups.dll - ok
16:01:10.0247 0x0c70 [ 41DFDCFCEF4878407AF1F6DCCA1CE905, A2EB1BAEDE62752C5705B37D0261D98CA65EA5A6FD6A94AFF1C73FF7D969D242 ] C:\Windows\System32\WMALFXGFXDSP.dll
16:01:10.0247 0x0c70 C:\Windows\System32\WMALFXGFXDSP.dll - ok
16:01:10.0257 0x0c70 [ DE6E7A6AFDD684FB3EF48101B8A9C364, 4CA7D4FD4354BAA841BDB93D0A18A614CBE64173AAD245244AB8DAA87B9C70A7 ] C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe
16:01:10.0257 0x0c70 C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe - ok
16:01:10.0287 0x0c70 [ BF142D4F8C61ED3629A9CDD7BA867900, B7928A0143945CB5F19AE888BC1ED1B9C450807A5B8C65FDC139A46777B2827F ] C:\Windows\System32\mfplat.dll
16:01:10.0287 0x0c70 C:\Windows\System32\mfplat.dll - ok
16:01:10.0297 0x0c70 [ 027E5E14C9CFF810377701BDEAD8210F, 053BE912C3F536DFA8734603B9BDFB314B61934404C84B368ABC8CA8C68F2CE5 ] C:\Windows\System32\control.exe
16:01:10.0297 0x0c70 C:\Windows\System32\control.exe - ok
16:01:10.0317 0x0c70 [ 4B555106290BD117334E9A08761C035A, 8A3808FBC197040BF0C65084514E8441E35FFFF8E31980F9CE1F41ED65E08437 ] C:\Windows\System32\rundll32.exe
16:01:10.0317 0x0c70 C:\Windows\System32\rundll32.exe - ok
16:01:10.0327 0x0c70 [ 21221CD7C7C844F6F0E0B7BC69CBA36B, E279C8FBC0233F74E76AFBF857D39176711A4738091D5F1C6BE33185B21DCFCB ] C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE
16:01:10.0327 0x0c70 C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE - ok
16:01:10.0347 0x0c70 [ B5950DF243837D8217F4E597919B224A, 3E675AFDE75E4DB9C528343569F5A9DE495BBCCB699EBE3FE41A2B5199F25E97 ] C:\Windows\System32\stobject.dll
16:01:10.0347 0x0c70 C:\Windows\System32\stobject.dll - ok
16:01:10.0367 0x0c70 [ EC69B16644C613F41A57169F8D068F1D, 400CD49D44643CC72129A918B2E2B4FEDB5DD26A9709D7A686B01432F73F0474 ] C:\Windows\System32\batmeter.dll
16:01:10.0367 0x0c70 C:\Windows\System32\batmeter.dll - ok
16:01:10.0387 0x0c70 [ 26DE50A7F668F541B8130A0E26EFF3D8, 1E1BE454E71D03A0490B203F58B0641B5D3B62189045D176DFECCF816F5FBFC2 ] C:\Program Files\Microsoft Works\MSWorks.exe
16:01:10.0387 0x0c70 C:\Program Files\Microsoft Works\MSWorks.exe - ok
16:01:10.0387 0x0c70 [ 30F02D9C55053367E26A11482F51E255, A1CE545DBB8983BD71C82FAC1C3F2633E571FAC7EFDDD8E99E73C7A308A31861 ] C:\Windows\System32\SndVolSSO.dll
16:01:10.0387 0x0c70 C:\Windows\System32\SndVolSSO.dll - ok
16:01:10.0417 0x0c70 [ C37571F7C79C3972D641804F1DF7C0F5, 8F1A1E7654A6A68B21F856A46C9ED549CCA606B3FCA02289E4123DB18208F748 ] C:\Program Files\Microsoft Works\wksdb.exe
16:01:10.0417 0x0c70 C:\Program Files\Microsoft Works\wksdb.exe - ok
16:01:10.0427 0x0c70 [ 6AF8B469331699F69EB4E770110F19E2, 22D681885E4CB33749D588E7891126F6723095C8E24C83565B723BFF26C314D7 ] C:\Program Files\Toshiba Registration\Registration.exe
16:01:10.0427 0x0c70 C:\Program Files\Toshiba Registration\Registration.exe - ok
16:01:10.0437 0x0c70 [ 313B30189557A2E2793F845DE0F0A4D5, AC3B725CF44C214FACB7F48784CE3CAB7CA2F94B6C3E7C2549AD0C94070DE849 ] C:\Windows\ehome\ehSSO.dll
16:01:10.0437 0x0c70 C:\Windows\ehome\ehSSO.dll - ok
16:01:10.0457 0x0c70 [ 790222D6CCFC576F0D07D418E6115D85, F1B1B9CC64822CE16629B1569121FB782A1A5F4E49E97AB9238BCBCD81E58AF9 ] C:\Program Files\Windows Calendar\WinCal.exe
16:01:10.0457 0x0c70 C:\Program Files\Windows Calendar\WinCal.exe - ok
16:01:10.0587 0x0c70 [ E98E402067978DB38282158F9E8609CA, 63AA9BA292F5A62C0B6C668BE27E4B0BF1761CD5D961D405CAEDE2DC7C54A2E2 ] C:\Windows\System32\netshell.dll
16:01:10.0587 0x0c70 C:\Windows\System32\netshell.dll - ok
16:01:10.0617 0x0c70 [ 0BC020A9DAF363FF08F877E54A5233A5, A6F8405B4BFDA0BB91AD9CDF085D98C8A020738BEEEC015A85C38ED3F7227FCA ] C:\Program Files\Fighters\Tray\FightersTray.exe
16:01:10.0617 0x0c70 C:\Program Files\Fighters\Tray\FightersTray.exe - ok
16:01:10.0647 0x0c70 [ 06164026C38AA5366E4D127E2E36FDE8, 9E2D88DFF9906F929F0F4C343E818DE8FDF0B49DDFA8B0851CF3E1DB66462F2C ] C:\Program Files\Windows Mail\wab.exe
16:01:10.0647 0x0c70 C:\Program Files\Windows Mail\wab.exe - ok
16:01:10.0677 0x0c70 [ 75AD59B9B12EB194486BE8D97B062994, 603ECA45F49420EE4F8549FB11C6CB814990E0A562786E6DEB3AF434A1D42E39 ] C:\Windows\System32\pnidui.dll
16:01:10.0677 0x0c70 C:\Windows\System32\pnidui.dll - ok
16:01:10.0687 0x0c70 [ 3A2EEE8444A8E5C1A454C57B2198F5FC, 6B21A65BBCF9E86193BD8ABC3FAE897B4EB55758E52BE4B9F24BE1C98C73A333 ] C:\Windows\System32\ntlanman.dll
16:01:10.0687 0x0c70 C:\Windows\System32\ntlanman.dll - ok
16:01:10.0767 0x0c70 [ 582EFE56FC0858E58A6CEBA2A64B02C7, 569F05DC50651165FD734C19767C10E7C9DFF03157B8222C59544A35A38E1C75 ] C:\Windows\System32\drprov.dll
16:01:10.0767 0x0c70 C:\Windows\System32\drprov.dll - ok
16:01:10.0777 0x0c70 [ 395335431AD55C167CFDBBAB8420DA73, F9945DA83998BA22F40D334C42D960B2E4A82DE98522637A0F7D14DC6B708CB5 ] C:\Program Files\Movie Maker\DVDMaker.exe
16:01:10.0777 0x0c70 C:\Program Files\Movie Maker\DVDMaker.exe - ok
16:01:10.0787 0x0c70 [ CFBD2E1FE18B50748A76703A2DC6D4E3, 5D553B3CBCC404555DEE7F58102B62A02A968EEDB99E1029624327F0A914D08E ] C:\Windows\System32\davclnt.dll
16:01:10.0787 0x0c70 C:\Windows\System32\davclnt.dll - ok
16:01:10.0807 0x0c70 [ DE7F813217EC88C0A6D4D8F2F39D7949, F749DA3DC87DDA8579B02F27951CC3BBEADFC25362D892E9484146616A0ACF47 ] C:\Windows\System32\msiltcfg.dll
16:01:10.0807 0x0c70 C:\Windows\System32\msiltcfg.dll - ok
16:01:10.0817 0x0c70 [ B7ED332A57FC78CA29E40D3619550225, 6C04CFAE566E8979DBC495F1B9D4FAFCFDF1F061278B5D9794CD6E5FDC7406D7 ] C:\Windows\ehome\ehshell.exe
16:01:10.0817 0x0c70 C:\Windows\ehome\ehshell.exe - ok
16:01:10.0867 0x0c70 [ ABAEAEE763E287BDD39094C4165E1F3F, 7AEF1623E585A42620D423309BC48FE386B8ACC52315F03B946947B6E6F434B6 ] C:\Windows\System32\fdProxy.dll
16:01:10.0867 0x0c70 C:\Windows\System32\fdProxy.dll - ok
16:01:10.0877 0x0c70 [ 52BC119E49F88F2A5D1466230B1275C7, 948EC013DBD86AC61FA3C0CEE4778866161383EF25AD715BD6160B5697BDF5A8 ] C:\Program Files\Windows Collaboration\WinCollab.exe
16:01:10.0877 0x0c70 C:\Program Files\Windows Collaboration\WinCollab.exe - ok
16:01:10.0887 0x0c70 [ C4AB08459CD7B59B410ACFC04D90E87B, 503A3D8590246C9BE313AF0CA0A322509A27AFBAE33A1D0CE2173DBC48170154 ] C:\Program Files\Movie Maker\MOVIEMK.exe
16:01:10.0887 0x0c70 C:\Program Files\Movie Maker\MOVIEMK.exe - ok
16:01:10.0947 0x0c70 [ C03AC1FBCD625F93D2C245D97E06F270, C8B29DA440C32B305FDC734DFA02DBB50B6FD47BC94582A8FAF86B4674534B35 ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
16:01:10.0947 0x0c70 C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok
16:01:10.0967 0x0c70 [ 4BAEC13BCAA595639EBB5185278DEFEA, 9326D08AE3D0547A319777BBEEBAB17B75452F70B3CC40049ABDCA634E366658 ] C:\Windows\System32\fdWSD.dll
16:01:10.0967 0x0c70 C:\Windows\System32\fdWSD.dll - ok
16:01:10.0977 0x0c70 [ 069385484EA57B663D688894C88975C5, 878148BBC052241F5CA78EA4CF708D21F0B31F9EA67EE2BCE07D2BDAD9F67241 ] C:\Windows\System32\wuapp.exe
16:01:10.0977 0x0c70 C:\Windows\System32\wuapp.exe - ok
16:01:11.0077 0x0c70 [ 443C5961CACD4ABC16648874AF06E4A0, 89AB98F2503CD4A36A9FAE668B62431EC219FF5E8428EC7786F6CC4F26BB0A28 ] C:\Windows\System32\fdSSDP.dll
16:01:11.0077 0x0c70 C:\Windows\System32\fdSSDP.dll - ok
16:01:11.0147 0x0c70 [ D6804F089CBB6749E95124E7C4D80900, 262065CFC88A1E27996CA6B161A5B87B40B2ED1850EE928A2033D140C1A84F60 ] C:\Windows\AppPatch\AcLayers.dll
16:01:11.0147 0x0c70 C:\Windows\AppPatch\AcLayers.dll - ok
16:01:11.0177 0x0c70 [ 5610D60C7230BB56647AB40B88AC9476, 97830528A3D6AAC4596073EED16B9CE1DDA1BCBB73D26F73A3F90869CE8FC6D2 ] C:\Windows\System32\spool\drivers\w32x86\3\lxcjtime.dll
16:01:11.0177 0x0c70 C:\Windows\System32\spool\drivers\w32x86\3\lxcjtime.dll - ok
16:01:11.0227 0x0c70 [ 55FE794CF42B6209FD6C51C48E4C9BE0, F430CBF2B92405C4F267D1701BA9F0B0FF81E946A874B4D2A22E27746C5AED1E ] C:\Program Files\Fighters\Tray\SuiteClient.dll
16:01:11.0227 0x0c70 C:\Program Files\Fighters\Tray\SuiteClient.dll - ok
16:01:11.0367 0x0c70 [ 4A839160ED1963F9A1526DDA2D1233B2, 1586B0D89994C37DF8DC045AEA91BA6A26B59DBDF9FB57C4BB7482922CC5B0F2 ] C:\Windows\System32\AltTab.dll
16:01:11.0367 0x0c70 C:\Windows\System32\AltTab.dll - ok
16:01:11.0437 0x0c70 [ A216F1C708CA4CBB7E1EB096C3A7EC5F,
-
Tdsskiller log #7
1E1D30495D4D5FEC7B2F68737FA31105A335B01986D28D96911D3D62F1EBBC9F ] C:\Windows\System32\WPDShServiceObj.dll
16:01:11.0437 0x0c70 C:\Windows\System32\WPDShServiceObj.dll - ok
16:01:11.0487 0x0c70 [ 744F08CF9ACFFB1C715191D04DEEE907, 22FD4A3BA5F6424EEC0310AF9D0184599F1F820201CF643311FB6527A0BC2016 ] C:\Windows\System32\srchadmin.dll
16:01:11.0497 0x0c70 C:\Windows\System32\srchadmin.dll - ok
16:01:11.0537 0x0c70 [ 5193DE33F3284C447E0D31DAFBF92570, EA0F12B0C2F9DD4EA651BD96FC88AE5584364F2C0D4138E8E3D4F18F226717FE ] C:\Windows\System32\webcheck.dll
16:01:11.0537 0x0c70 C:\Windows\System32\webcheck.dll - ok
16:01:11.0607 0x0c70 [ 4ACEA0C4BB15ACE55E3AE5EC4E88DD55, 3014464C3A1E4D653A378CE6DFB22911B1B0F98EA8D3F6AD9AAD7399E319795C ] C:\Windows\System32\SyncCenter.dll
16:01:11.0607 0x0c70 C:\Windows\System32\SyncCenter.dll - ok
16:01:11.0627 0x0c70 [ 0B5AC46982E77CAF3EC1D55C9AC6AB56, D13A98929C5A4F0BBC24F2C5DEC13D850563E6745EACA0196179D7DCBA0DE8DC ] C:\Windows\System32\wscntfy.dll
16:01:11.0627 0x0c70 C:\Windows\System32\wscntfy.dll - ok
16:01:11.0667 0x0c70 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] C:\Windows\System32\drivers\cdfs.sys
16:01:11.0667 0x0c70 C:\Windows\System32\drivers\cdfs.sys - ok
16:01:11.0707 0x0c70 [ 3192ED5E2FFDF5B630541B9643AE1AA3, 5F2A25A3B49E312D39CFD5C3D9E058AC3807016A09458F991894FABEFE029A56 ] C:\Windows\System32\upnp.dll
16:01:11.0707 0x0c70 C:\Windows\System32\upnp.dll - ok
16:01:11.0717 0x0c70 [ 9B0726A03B790E5B82BED44D24009BEF, F82F3379C2D399B64BE4A9B10B85B4CE8D3C75F7BAA5BF3938A6E5DFC2826F13 ] C:\Windows\System32\imapi2.dll
16:01:11.0717 0x0c70 C:\Windows\System32\imapi2.dll - ok
16:01:11.0757 0x0c70 [ 9765724992C11ED770D920FFE1F845B7, C5A384322A7B4D5C5C7584CA9AD6751376C41793E74F0F679F85531728C21810 ] C:\Program Files\IObit\Advanced SystemCare 6\DelayLoad.exe
16:01:11.0757 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\DelayLoad.exe - ok
16:01:11.0777 0x0c70 [ FE8B09A83451DF72456556EBCCC3B305, AC4F0AEAEC2D57059738D4C36474575E097D46A607E4EC2D23F62C4F1708124F ] C:\Program Files\Haali\MatroskaSplitter\gdsmux.exe
16:01:11.0777 0x0c70 C:\Program Files\Haali\MatroskaSplitter\gdsmux.exe - ok
16:01:11.0797 0x0c70 [ 898ABECCD5F0B9A8E8F1318DDB234685, CD9B0AE2FDF22B694FD2E3FD92C751AAECDDD85779D6F8CCD7EFCD3CC8C1161B ] C:\Windows\System32\dot3api.dll
16:01:11.0797 0x0c70 C:\Windows\System32\dot3api.dll - ok
16:01:11.0817 0x0c70 [ 8D544AC1B7AA7FB9DFF0C3E7DA6AD295, 745FA882709CCD6CEBD9881A001B9F26D9F09BE5D64582D61A6557E1C8E6C58F ] C:\Windows\System32\wlanhlp.dll
16:01:11.0817 0x0c70 C:\Windows\System32\wlanhlp.dll - ok
16:01:11.0827 0x0c70 [ C0ABD66F31C0B84CD944802E6D3D02C2, FCB7316FBA1F37EAA0036CE6A075C55FBBCB58C4444B053963E540517E95D636 ] C:\Windows\System32\bthprops.cpl
16:01:11.0827 0x0c70 C:\Windows\System32\bthprops.cpl - ok
16:01:11.0837 0x0c70 [ F7A9AA5A708404B3A66C0D352D8FDCA3, 561290899CFD9DE821A5C80E04EFB8EF74590F5372526AA7DF2BB666CF099375 ] C:\Program Files\Fighters\SPAMfighter\sfagent.exe
16:01:11.0837 0x0c70 C:\Program Files\Fighters\SPAMfighter\sfagent.exe - ok
16:01:11.0867 0x0c70 [ 63396CBB1365769D520E0FD89C2419F2, 897613C16C11E3836F75EA5E645DB2ECEF99B403F50F6E7361B4A7CC80C54904 ] C:\Windows\System32\localspl.dll
16:01:11.0867 0x0c70 C:\Windows\System32\localspl.dll - ok
16:01:11.0897 0x0c70 [ 9B89B3BB79EA1ACF041F40A7B6FC5827, B84A1F43C19D596BC0AE11D3E2ADF0B70172648CB4A488BF3F2AB371E819632F ] C:\Windows\System32\mobsync.exe
16:01:11.0897 0x0c70 C:\Windows\System32\mobsync.exe - ok
16:01:11.0917 0x0c70 [ 7599E425947A595448DA778B610923BC, AA9D3DE8BC0BD8757F87B12B31EF74A1C7828F1686F79D2C2411D8A0939A301E ] C:\Program Files\Windows Media Player\wmpsyncmgr.dll
16:01:11.0917 0x0c70 C:\Program Files\Windows Media Player\wmpsyncmgr.dll - ok
16:01:11.0937 0x0c70 [ 07B801F4067C1D33490305A7BB6E9F15, 25E172D558689403594A9D36B0E05183CDD0107E122E1B98C7F81F14ED3BC460 ] C:\Windows\System32\lxcjlmpm.dll
16:01:11.0937 0x0c70 C:\Windows\System32\lxcjlmpm.dll - ok
16:01:11.0997 0x0c70 [ B26C0D2B2186AC508B5EFF976BB7FF9D, 3679D359E75B556CFD68C930B2282130BB305502C743FFCF2C0133666A4D3C49 ] C:\Windows\System32\PortableDeviceApi.dll
16:01:11.0997 0x0c70 C:\Windows\System32\PortableDeviceApi.dll - ok
16:01:12.0037 0x0c70 [ 8C90575CF19F570448DE845F6A403445, 911F342C31B8F29ECFCF10A337B84ED264A01BF4305ABA31E109D8DACF9C19BB ] C:\Windows\System32\lxcjcomc.dll
16:01:12.0037 0x0c70 C:\Windows\System32\lxcjcomc.dll - ok
16:01:12.0057 0x0c70 [ 4DF4367DC457E3E391EFE6D18F2CD646, 3DE23639E97F60DE4BDBD361917730D201E05993AE07B58901A31BEFF14D4BF7 ] C:\Program Files\Fighters\Tray\sfhtml.dll
16:01:12.0057 0x0c70 C:\Program Files\Fighters\Tray\sfhtml.dll - ok
16:01:12.0067 0x0c70 ================ Scan generic autorun ======================
16:01:12.0077 0x0c70 LXCJCATS - ok
16:01:13.0007 0x0c70 [ 0BC020A9DAF363FF08F877E54A5233A5, A6F8405B4BFDA0BB91AD9CDF085D98C8A020738BEEEC015A85C38ED3F7227FCA ] C:\Program Files\Fighters\Tray\FightersTray.exe
16:01:15.0397 0x0c70 CommonToolkitTray - ok
16:01:16.0007 0x0c70 [ F7A9AA5A708404B3A66C0D352D8FDCA3, 561290899CFD9DE821A5C80E04EFB8EF74590F5372526AA7DF2BB666CF099375 ] C:\Program Files\Fighters\SPAMfighter\sfagent.exe
16:01:16.0357 0x0c70 sfagent - ok
16:01:17.0837 0x0c70 [ A503A47A5E7EA8024379A8CC6059B74A, 8DEEC50E21924D21DD6383FA7FB3714ECA5AD45C576E0FF0431EE0DB25194620 ] C:\Windows\RtHDVCpl.exe
16:01:21.0588 0x0c70 RtHDVCpl - ok
16:01:22.0290 0x0c70 [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
16:01:22.0305 0x0c70 HP Software Update - ok
16:01:22.0867 0x0c70 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:01:24.0084 0x0c70 Sidebar - ok
16:01:24.0099 0x0c70 WindowsWelcomeCenter - ok
16:01:24.0911 0x0c70 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:01:25.0129 0x0c70 Sidebar - ok
16:01:25.0145 0x0c70 WindowsWelcomeCenter - ok
16:01:26.0003 0x0c70 [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] C:\Users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe
16:01:26.0018 0x0c70 Google Update - ok
16:01:26.0112 0x0c70 [ BC0DF782D8C5C446C2AC7D16D2F3312C, 2702873FDC1B8DEA46F3B6B98BC93ED0EA199FA30F0AA22C0E50D8B6B5381FEE ] C:\Users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe
16:01:26.0159 0x0c70 cdloader - ok
16:01:26.0424 0x0c70 [ 78185A1C861FA7AD6BE016D54D050119, ABC1D092973F8E04329356C9BE192818760D050ED24AD5888CA6140E228396B7 ] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
16:01:26.0455 0x0c70 Advanced SystemCare 6 - ok
16:01:26.0861 0x0c70 [ 395BCC9122E705F6586217E32CD01CC9, 0A2E3BF0E626A65B9FF1BEFB35FFBC9CCAA3C75DB395D175AAE2DD014A8E8A34 ] C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
16:01:27.0157 0x0c70 HP Deskjet 3510 series (NET) - ok
16:01:28.0233 0x0c70 [ D8470A716BE1C02A81F5AD704D43D334, DA2E76AFB6C0F0111CC5B3A83B331D2BCA54CC78C56128D2B90B86FC89E7EAA7 ] C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
16:01:28.0951 0x0c70 Amazon Cloud Player - ok
16:01:29.0357 0x0c70 [ FA249F4F7554861362AB2FB845D22E40, 88C3F861324F8FC734EBA337A8F942BED8C1199C870FA66E80388F85E050D84D ] C:\Users\Colleen\AppData\Local\iogossul.exe
16:01:29.0372 0x0c70 sljwnape - detected UnsignedFile.Multi.Generic ( 1 )
16:01:29.0372 0x0c70 sljwnape ( UnsignedFile.Multi.Generic ) - warning
16:01:29.0637 0x0c70 [ 2ACF209E20B01488246F4F8C5788ECBD, 07C2A607FB2562AF3B19547DFF5F79DB55A2C4C93B0A83731D42DBB789B242D9 ] C:\Users\Colleen\AppData\Local\aeqltsel.exe
16:01:29.0653 0x0c70 cqibmelw - detected UnsignedFile.Multi.Generic ( 1 )
16:01:29.0653 0x0c70 cqibmelw ( UnsignedFile.Multi.Generic ) - warning
16:01:29.0918 0x0c70 [ 2DF7EC8427034EC6327CA7AE3A1280D6, 854A17256C3F7FF9F3AE8A8D836C95CF9AA9DCB25842485FF0039866CABFF778 ] C:\Users\Colleen\AppData\Local\soisaqtj.exe
16:01:29.0934 0x0c70 gkbqtgfq - detected UnsignedFile.Multi.Generic ( 1 )
16:01:29.0934 0x0c70 gkbqtgfq ( UnsignedFile.Multi.Generic ) - warning
16:01:29.0959 0x0c70 AV detected via SS2: Spybot - Search and Destroy, C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe ( 2.3.39.0 ), 0x61000 ( enabled : updated )
16:01:29.0969 0x0c70 Win FW state via NFP2: enabled
16:01:29.0969 0x0c70 ============================================================
16:01:29.0969 0x0c70 Scan finished
16:01:29.0969 0x0c70 ============================================================
16:01:29.0989 0x0c6c Detected object count: 11
16:01:29.0989 0x0c6c Actual detected object count: 11
16:02:27.0132 0x0c6c CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0132 0x0c6c CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0133 0x0c6c RVIEG01 ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0133 0x0c6c RVIEG01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0133 0x0c6c RVIEGVST ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0133 0x0c6c RVIEGVST ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0134 0x0c6c TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0134 0x0c6c TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0135 0x0c6c TosCoSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0135 0x0c6c TosCoSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0144 0x0c6c TOSHIBA Bluetooth Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0144 0x0c6c TOSHIBA Bluetooth Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0147 0x0c6c UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0147 0x0c6c UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0678 0x0c6c \Device\Harddisk0\DR0\Partition1 - copied to quarantine
16:02:28.0255 0x0c6c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
16:02:28.0419 0x0c6c \Device\Harddisk0\DR0\Partition1 - ok
16:02:28.0419 0x0c6c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
16:02:28.0424 0x0c6c sljwnape ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:28.0424 0x0c6c sljwnape ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:28.0428 0x0c6c cqibmelw ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:28.0428 0x0c6c cqibmelw ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:28.0428 0x0c6c gkbqtgfq ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:28.0429 0x0c6c gkbqtgfq ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:33.0264 0x0c6c KLMD registered as C:\Windows\system32\drivers\45258115.sys
16:02:49.0061 0x09d4 Deinitialize success
-
Hi blueskygal,
aswMBR
Re-run aswMBR should be on your desktop.
Right click and select "Run as Administrator".
- When asked if you want to download Avast's virus definitions please select Yes.
- Click Scan
- Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
=========================
Re-run Farbar Recovery Scan Tool it should be on your desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================
In your next post please provide the following:
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
-
aswMBR scan
During the scan a program keeps popping up that looks like an update to adobe flash but i don't recognize it and cancel it. I think this might be a bug but don't know. it's the first time it's surfaced again after a few days. i'm in regular mode now not safe mode, perhaps that's why.
-
Hi blueskygal,
Can you complete the scans requested, or does the pop-up prevent it?
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
-
Hi blueskygal,
Just checking in to see if you still need help?
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
-
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-
2014 01
Ran by Colleen (administrator) on COLLEEN-PC on 16-07-2014
15:06:08
Running from C:\Users\Colleen\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2
(X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingcomputer.com/down...recovery-scan-
tool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingcomputer.com/down...recovery-scan-
tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted
or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-
frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted)
=================
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
( Advanced Software Technologies) C:\Windows\System32\AstSrv.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(TOSHIBA CORPORATION) C:\Program
Files\Toshiba\ConfigFree\CFSvcs.exe
( ) C:\Windows\System32\lxcjcoms.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
(SPAMfighter ApS) C:\Program Files\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfagent.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software
Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program
Files\Real\realplayer\Update\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2
\SDTray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510
series\Bin\ScanToPCActivationApp.exe
() C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music
Helper.exe
() C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2
\SDUpdSvc.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfus.exe
(SPAMfighter ApS) C:\Program Files\Fighters\FighterSuiteService.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power
Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth
Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead
Systems\DVD\ULCDRSvr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2
\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2
\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510
series\Bin\HPNetworkCommunicator.exe
==================== Registry (Whitelisted)
==================
HKLM\...\Run: [Easy Dock] => [X]
HKLM\...\Run: [LXCJCATS] => C:\Windows\system32
\spool\DRIVERS\W32X86\3\LXCJtime.dll [106496 2006-11-21]
(Lexmark International Inc.)
HKLM\...\Run: [CommonToolkitTray] => C:\Program
Files\Fighters\Tray\FightersTray.exe [1497120 2013-04-29]
(SPAMfighter ApS)
HKLM\...\Run: [sfagent] => C:\Program
Files\Fighters\SPAMfighter\sfagent.exe [1065504 2013-06-14]
(SPAMfighter ApS)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [3784704
2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [EfficientPIM] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP
Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-
Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program
Files\Real\realplayer\update\realsched.exe [295512 2014-03-12]
(RealNetworks, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX
Media Server\DivXMediaServer.exe [450560 2014-02-13] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX
Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common
Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe
Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search &
Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe
oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe
oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[Easy Dock] => [X]
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[Google Update] =>
C:\Users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe
[133104 2009-01-24] (Google Inc.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[cdloader] => C:\Users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe
[50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[Advanced SystemCare 6] => C:\Program Files\IObit\Advanced
SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet
3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17]
(Hewlett-Packard Co.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[Amazon Cloud Player] => C:\Users\Colleen\AppData\Local\Amazon
Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[sljwnape] => C:\Users\Colleen\AppData\Local\iogossul.exe [147456
2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[cqibmelw] => C:\Users\Colleen\AppData\Local\aeqltsel.exe [131072
2014-06-27] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[gkbqtgfq] => C:\Users\Colleen\AppData\Local\soisaqtj.exe [88064
2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[Ummuyqdayb] =>
C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe [348160 2007-
02-24] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000
\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000
\...\MountPoints2: {0f57a5df-ad60-11df-acb7-0016d48ced5c} -
E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000
\...\MountPoints2: {22c098ed-bbc9-11df-b0fe-0016d48ced5c} -
E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000
\...\MountPoints2: {69ac5fda-0d5d-11df-ba7b-0016d48ced5c} -
E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000
\...\MountPoints2: {93e9c021-d11b-11e2-a15f-0016d48ced5c} -
E:\menu.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000
\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\EfficientPIM.lnk
ShortcutTarget: EfficientPIM.lnk -> C:\Program
Files\EfficientPIM\EfficientPIM.exe (Efficient Software)
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program
Files\ERUNT\AUTOBACK.EXE ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted)
====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
about:blank
URLSearchHook: HKLM - (No Name) - {9ee802e8-c931-47ab-b570-
aa8f791598ca} - No File
URLSearchHook: HKCU - (No Name) - {9ee802e8-c931-47ab-b570-
aa8f791598ca} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b}
URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}
&SearchSource=4&ctid=CT1641676
SearchScopes: HKCU - Yahoo! URL =
http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-
chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-
73684A933233} URL = http://isearch.avg.com/search?cid={E193F4C5
-F373-46B8-B35A-B3DEFCDD880B}
&mid=c69ac0678e2d6391eb38988c0bd4732a-
43718684b57e539fbe5a9a735e71288613c12102&lang=us&ds=AVG&
pr=fr&d=2013-06-04
11:40:48&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b}
URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}
&SearchSource=4&ctid=CT1641676
BHO: RealNetworks Download and Record Plugin for Internet Explorer
-> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbr
owserrecordplugin.dll (RealDownloader)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC
-5164760863C6} -> C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909
-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Advanced
SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-
ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live
Toolbar\msntb.dll (Microsoft Corporation)
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
-> C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft
Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17
-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
(Yahoo! Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-
9F516DD69829} - No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-
56A92E8F84A7} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-
009027A5CD4F} - No File
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17
-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {9EE802E8-C931-47AB-B570-
AA8F791598CA} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-
79A187E2698E} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-
9F516DD69829} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-
E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-
4ED3E9456D39} - No File
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E}
http://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/downlo...B10-0D6D-4117-
8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get...larbear/ultras
him.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://toolbox.webex.com/client/T26...rt/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} -
C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} -
C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} -
c:\Program Files\Common Files\Microsoft Shared\Information
Retrieval\msitss.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-
204C4F4F5020} - C:\Windows\system\msdxm.ocx (Microsoft
Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-
48E0-853A-EBB7F4A000DA} - C:\Program
Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13]
(SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of
Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12
68.105.28.11
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32
\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program
Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program
Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -
C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download
Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program
Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program
Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program
Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program
Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll
(IObit)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program
Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program
Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin:
@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 -
C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program
Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program
Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -
c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program
Files\PDFlite\npPdfViewer.dll No File
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -
C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program
files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaP
lugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaP
lugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaP
lugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program
files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program
Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugi
n.dll (RealDownloader)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Program
Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program
Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program
Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0
\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -
C:\Users\Colleen\AppData\Local\Citrix\Plugins\104\npappdetector.dll
(Citrix Online)
FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files\eMusic
Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -
C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15
\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -
C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15
\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla
firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla
firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla
firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla
firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-
secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla
firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-
08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5
\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant -
c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension [2009-02-06]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-
4FC4AF8A08E2}] -
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\
Ext
FF Extension: RealDownloader -
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\
Ext [2014-03-12]
Chrome:
=======
CHR HomePage: hxxp://my.netzero.net/start/sp.do
CHR Plugin: (Shockwave Flash) -
C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.
131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) -
C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.
131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) -
C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.
131\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0
\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program
Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files\Java\jre6
\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) -
C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft
Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) -
C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks,
Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla
Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla
Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google
Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google
Updater\2.4.1851.5542\npCIDetect14.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll
(Google, Inc.)
CHR Plugin: (Google Update) - C:\Program
Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program
Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll
(Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program
Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (eMusic Remote Plugin) - C:\Program Files\eMusic
Download Manager\plugin\npemusic.dll (eMusic.com)
CHR Plugin: (iTunes Application Detector) - C:\Program
Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) -
C:\Users\Colleen\AppData\Local\Yahoo!\BrowserPlus\2.9.8
\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32
\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft
Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) -
c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (RealDownloader) -
C:\Users\Colleen\AppData\Local\Google\Chrome\User
Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-
12]
CHR Extension: (WeatherBug (Legacy App)) -
C:\Users\Colleen\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2013-08
-16]
CHR Extension: (FastestFox for Chrome) -
C:\Users\Colleen\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-10-
27]
CHR Extension: (Advanced SystemCare Surfing Protection) -
C:\Users\Colleen\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-08-15]
CHR Extension: (Google Wallet) -
C:\Users\Colleen\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08
-21]
CHR Extension: (Readability) -
C:\Users\Colleen\AppData\Local\Google\Chrome\User
Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-04-
29]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji]
-
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\
Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] -
C:\Program Files\IObit\Advanced SystemCare 6
\BrowerProtect\ASC_GhromePlugin.crx [2013-06-04]
========================== Services (Whitelisted)
=================
R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced
SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-
07] (Apple Inc.)
R2 astcc; C:\Windows\system32\AstSrv.exe [53248 2008-06-11] (
Advanced Software Technologies) [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960
2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150
\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
[File not signed]
R2 lxcj_device; C:\Windows\system32\lxcjcoms.exe [537520 2007-02-
08] ( )
R2 RealNetworks Downloader Resolver Service; C:\Program
Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-
08-14] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2
\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2
\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2
\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SPAMfighter Update Service; C:\Program
Files\Fighters\SPAMfighter\sfus.exe [216608 2013-06-14] (SPAMfighter
ApS)
R2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe
[1281568 2013-05-29] (SPAMfighter ApS)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [40960 2006-07
-20] () [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-
25] (TOSHIBA Corporation) [File not signed]
R2 TosCoSrv; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
[425648 2006-11-22] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth
Toshiba Stack\TosBtSrv.exe [77824 2006-10-31] (TOSHIBA
CORPORATION) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead
Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems,
Inc.) [File not signed]
==================== Drivers (Whitelisted)
====================
R2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672
2007-03-22] (Gteko Ltd.)
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-
03-22] (Gteko Ltd.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-
14] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488
2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456
2006-07-28] (COMPAL ELECTRONIC INC.)
S3 MBAMSwissArmy; C:\Windows\system32
\drivers\MBAMSwissArmy.sys [110296 2014-06-29] (Malwarebytes
Corporation)
R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas
DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed]
R2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas
VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
[12872 2010-02-17] (SUPERAdBlocker.com and
SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
[68168 2010-05-06] (SUPERAdBlocker.com and
SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2
\SDHookDrv32.sys [46336 2014-04-25] ()
R0 SmartDefragDriver; C:\Windows\System32
\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [68204
2005-09-12] (Microsoft Corporation) [File not signed]
U5 Tosrfusb; C:\Windows\System32\Drivers\Tosrfusb.sys [40960 2006-
10-28] (TOSHIBA CORPORATION)
==================== NetSvcs (Whitelisted)
===================
==================== One Month Created Files and Folders
========
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ ()
C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ ()
C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:15 - 00026810 _____ ()
C:\Users\Colleen\Desktop\FRST.txt
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ ()
C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-16 15:03 - 2014-07-16 15:03 - 00000000 ____D ()
C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.)
C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-11 21:16 - 2014-07-11 21:16 - 00002300 _____ ()
C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-11 21:16 - 2014-07-11 21:16 - 00000512 _____ ()
C:\Users\Colleen\Desktop\MBR.dat
2014-07-11 20:35 - 2014-07-12 10:00 - 00000816 _____ ()
C:\Windows\Tasks\Security Center Update - 3528313281.job
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH ()
C:\ProgramData\ntuser.pol
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D ()
C:\TDSSKiller_Quarantine
2014-07-11 15:46 - 2014-07-11 15:46 - 00088064 _____ ()
C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ ()
C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky
Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.)
C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D ()
C:\Users\Colleen\Desktop\Data
2014-07-10 13:32 - 2014-07-10 13:37 - 00046361 _____ ()
C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:29 - 2014-07-10 13:36 - 00049605 _____ ()
C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:26 - 2014-07-16 15:06 - 00000000 ____D () C:\FRST
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar)
C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar)
C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ ()
C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 13:07 - 2014-07-16 15:03 - 01077248 _____ (Farbar)
C:\Users\Colleen\Desktop\FRST.exe
2014-07-10 12:55 - 2014-07-10 12:56 - 00854390 _____ ()
C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ ()
C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ ()
C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D ()
C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:21 - 2014-07-08 16:22 - 05185536 _____ (AVAST
Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware)
C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:47 - 2014-07-01 10:48 - 00688992 ____R (Swearware)
C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware)
C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-11 14:57 - 00000000 ____D ()
C:\Windows\ERDNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ ()
C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D ()
C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars
Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____
(Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ ()
C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 17:29 - 2014-07-12 10:00 - 00000816 _____ ()
C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-06-27 17:29 - 2014-06-27 17:30 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:28 - 2014-06-27 17:26 - 00450609 ____R ()
C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:26 - 2006-09-18 14:41 - 00000736 _____ ()
C:\Windows\system32\Drivers\etc\hosts.20140627-172634.backup
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:31 - 2014-07-16 15:01 - 00000644 _____ ()
C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000618 _____ ()
C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000448 _____ ()
C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D
Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ ()
C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot -
Search & Destroy 2
2014-06-27 16:29 - 2014-06-27 21:32 - 00000000 ____D ()
C:\ProgramData\Spybot - Search & Destroy
2014-06-27 16:29 - 2014-06-27 17:14 - 00000000 ____D ()
C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2013-09-20 10:49 - 00018968 _____ (Safer
Networking Limited) C:\Windows\system32\sdnclean.exe
2014-06-27 16:24 - 2014-06-27 16:26 - 46392680 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:21 - 2014-06-27 16:22 - 46392680 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:18 - 2014-06-27 16:20 - 46392680 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ ()
C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft
Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-
enu.exe
2014-06-27 15:32 - 2014-07-11 15:36 - 00004606 _____ ()
C:\Windows\PFRO.log
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ ()
C:\Users\Colleen\Downloads\My+Information-140210+102523
(1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ ()
C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 14:59 - 2014-06-27 15:00 - 03010560 _____ ()
C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ ()
C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-27 12:54 - 2014-06-27 14:01 - 00000000 ____D ()
C:\Program Files\CCleaner
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ ()
C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 17:59 - 2014-07-11 16:00 - 00147456 _____ ()
C:\Users\Colleen\AppData\Local\iogossul.exe
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ ()
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:49 - 2014-06-26 13:50 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D ()
C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-05-12 07:26 - 00051928 _____
(Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 13:49 - 2014-05-12 07:25 - 00074456 _____
(Malwarebytes Corporation) C:\Windows\system32
\Drivers\mbamchameleon.sys
2014-06-26 11:12 - 2014-06-26 11:14 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ ()
C:\Users\Colleen\AppData\Local\ffageekw
2014-06-24 10:34 - 2014-06-24 10:35 - 01116105 _____ ()
C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts!
Tuesday June 24th 10 am and Noon EST.zip
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to
6-20-14.zip
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to
6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to
6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to
6-15-14.zip
==================== One Month Modified Files and Folders
=======
2014-07-16 15:43 - 2013-06-04 11:29 - 00000830 _____ ()
C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 15:34 - 2014-03-06 13:01 - 00000574 _____ ()
C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2114738196-
1747254254-1146559385-1000.job
2014-07-16 15:30 - 2009-06-30 21:59 - 00000916 _____ ()
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-
1747254254-1146559385-1000UA.job
2014-07-16 15:22 - 2013-08-18 10:32 - 00000000 ____D ()
C:\Windows\system32\MRT
2014-07-16 15:21 - 2006-11-02 03:24 - 93585272 _____ (Microsoft
Corporation) C:\Windows\system32\mrt.exe
2014-07-16 15:15 - 2014-07-16 15:06 - 00026810 _____ ()
C:\Users\Colleen\Desktop\FRST.txt
2014-07-16 15:12 - 2007-09-01 08:47 - 00000256 _____ ()
C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ ()
C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:10 - 2007-01-10 15:30 - 01283861 _____ ()
C:\Windows\WindowsUpdate.log
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ ()
C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ ()
C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-16 15:06 - 2014-07-10 13:26 - 00000000 ____D () C:\FRST
2014-07-16 15:03 - 2014-07-16 15:03 - 00000000 ____D ()
C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-16 15:03 - 2014-07-10 13:07 - 01077248 _____ (Farbar)
C:\Users\Colleen\Desktop\FRST.exe
2014-07-16 15:01 - 2014-06-27 16:31 - 00000644 _____ ()
C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-07-16 15:00 - 2009-12-22 23:09 - 00000882 _____ ()
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 15:00 - 2006-11-02 06:01 - 00000006 ____H ()
C:\Windows\Tasks\SA.DAT
2014-07-16 15:00 - 2006-11-02 05:47 - 00003296 ____H ()
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-
2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 15:00 - 2006-11-02 05:47 - 00003296 ____H ()
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-
2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 10:06 - 2006-11-02 06:01 - 00032642 _____ ()
C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.)
C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-12 10:00 - 2014-07-11 20:35 - 00000816 _____ ()
C:\Windows\Tasks\Security Center Update - 3528313281.job
2014-07-12 10:00 - 2014-06-27 17:29 - 00000816 _____ ()
C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-07-12 10:00 - 2009-12-22 23:09 - 00000886 _____ ()
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-12 09:59 - 2014-03-12 10:59 - 00000300 _____ ()
C:\Windows\Tasks\Digital Sites.job
2014-07-11 21:16 - 2014-07-11 21:16 - 00002300 _____ ()
C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-11 21:16 - 2014-07-11 21:16 - 00000512 _____ ()
C:\Users\Colleen\Desktop\MBR.dat
2014-07-11 20:47 - 2007-08-10 05:54 - 00001356 _____ ()
C:\Users\Colleen\AppData\Local\d3d9caps.dat
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 17:06 - 2014-02-10 10:42 - 00000000 ____D ()
C:\Users\Colleen\Documents\Efficient Organizer AutoBackup
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH ()
C:\ProgramData\ntuser.pol
2014-07-11 16:54 - 2006-11-02 04:18 - 00000000 ___HD ()
C:\Windows\system32\GroupPolicy
2014-07-11 16:43 - 2013-06-04 11:29 - 00699056 _____ (Adobe
Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-11 16:43 - 2013-06-04 11:29 - 00071344 _____ (Adobe
Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D ()
C:\TDSSKiller_Quarantine
2014-07-11 16:00 - 2014-06-26 17:59 - 00147456 _____ ()
C:\Users\Colleen\AppData\Local\iogossul.exe
2014-07-11 15:46 - 2014-07-11 15:46 - 00088064 _____ ()
C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ ()
C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky
Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:36 - 2014-06-27 15:32 - 00004606 _____ ()
C:\Windows\PFRO.log
2014-07-11 15:36 - 2013-10-03 22:41 - 00000000 ____D ()
C:\ProgramData\AVG2014
2014-07-11 15:36 - 2013-06-18 21:06 - 00000000 ____D ()
C:\ProgramData\MFAData
2014-07-11 15:36 - 2009-04-04 09:34 - 00000000 ____D ()
C:\Program Files\AVG
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.)
C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-11 14:59 - 2007-11-17 14:48 - 00000000 ____D ()
C:\Program Files\lx_Cats
2014-07-11 14:57 - 2014-07-01 10:04 - 00000000 ____D ()
C:\Windows\ERDNT
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D ()
C:\Users\Colleen\Desktop\Data
2014-07-10 13:37 - 2014-07-10 13:32 - 00046361 _____ ()
C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:36 - 2014-07-10 13:29 - 00049605 _____ ()
C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar)
C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar)
C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ ()
C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 12:56 - 2014-07-10 12:55 - 00854390 _____ ()
C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:14 - 2007-07-02 20:03 - 06866952 ____R ()
C:\Users\Colleen\Documents\My Money Backup.mbf
2014-07-10 11:14 - 2007-07-01 17:52 - 06864896 _____ ()
C:\Users\Colleen\Documents\My Money.mny
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ ()
C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ ()
C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D ()
C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:22 - 2014-07-08 16:21 - 05185536 _____ (AVAST
Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware)
C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:48 - 2014-07-01 10:47 - 00688992 ____R (Swearware)
C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware)
C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ ()
C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D ()
C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars
Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:08 - 2010-06-07 15:34 - 00110296 _____
(Malwarebytes Corporation) C:\Windows\system32
\Drivers\mbamswissarmy.sys
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____
(Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:59 - 2006-11-02 03:33 - 00703388 _____ ()
C:\Windows\system32\PerfStringBackup.INI
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ ()
C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 21:50 - 2009-06-30 21:59 - 00000864 _____ ()
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-
1747254254-1146559385-1000Core.job
2014-06-27 21:32 - 2014-06-27 16:29 - 00000000 ____D ()
C:\ProgramData\Spybot - Search & Destroy
2014-06-27 17:30 - 2014-06-27 17:29 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:26 - 2014-06-27 17:28 - 00450609 ____R ()
C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:18 - 2014-06-27 16:31 - 00000618 _____ ()
C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 17:18 - 2014-06-27 16:31 - 00000448 _____ ()
C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:14 - 2014-06-27 16:29 - 00000000 ____D ()
C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D
Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ ()
C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot -
Search & Destroy 2
2014-06-27 16:26 - 2014-06-27 16:24 - 46392680 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:22 - 2014-06-27 16:21 - 46392680 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:20 - 2014-06-27 16:18 - 46392680 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ ()
C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft
Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-
enu.exe
2014-06-27 15:43 - 2014-04-21 15:05 - 00000000 ____D ()
C:\Users\Colleen\Documents\A NexRep
2014-06-27 15:32 - 2006-11-30 17:44 - 00000000 ____D ()
C:\Program Files\Google
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ ()
C:\Users\Colleen\Downloads\My+Information-140210+102523
(1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ ()
C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 15:00 - 2014-06-27 14:59 - 03010560 _____ ()
C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 14:32 - 2007-05-26 14:20 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Mozilla
2014-06-27 14:32 - 2007-05-26 14:19 - 00000000 ____D ()
C:\Program Files\Mozilla Firefox
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
Games
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D ()
C:\Program Files\TOSHIBA Games
2014-06-27 14:30 - 2006-11-02 03:23 - 00000375 _____ ()
C:\Windows\win.ini
2014-06-27 14:15 - 2006-11-30 17:39 - 00000000 ____D ()
C:\ProgramData\WildTangent
2014-06-27 14:01 - 2014-06-27 12:54 - 00000000 ____D ()
C:\Program Files\CCleaner
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ ()
C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-27 13:07 - 2006-11-30 16:26 - 00000000 ____D ()
C:\Windows\Panther
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ ()
C:\Users\Public\Desktop\CCleaner.lnk
2014-06-27 12:35 - 2007-02-04 10:28 - 00000000 ____D ()
C:\Users\Colleen\AppData\Local\Google
2014-06-27 12:35 - 2006-11-30 17:44 - 00000000 ____D ()
C:\ProgramData\Google
2014-06-26 17:30 - 2009-04-05 13:18 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\IObit
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ ()
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:50 - 2014-06-26 13:49 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D ()
C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2010-06-07 15:34 - 00000000 ____D ()
C:\ProgramData\Malwarebytes
2014-06-26 11:14 - 2014-06-26 11:12 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-26 10:59 - 2014-03-12 11:59 - 00000040 _____ ()
C:\Users\Colleen\AppData\Roaming\WB.CFG
2014-06-25 12:04 - 2014-04-24 13:20 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Five9
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ ()
C:\Users\Colleen\AppData\Local\ffageekw
2014-06-24 10:35 - 2014-06-24 10:34 - 01116105 _____ ()
C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts!
Tuesday June 24th 10 am and Noon EST.zip
2014-06-23 15:22 - 2006-11-02 04:18 - 00000000 ____D ()
C:\Windows\Microsoft.NET
2014-06-23 14:49 - 2013-12-02 10:59 - 50753536 _____ ()
C:\Windows\system32\config\software.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 38883328 _____ ()
C:\Windows\system32\config\components.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00274432 _____ ()
C:\Windows\system32\config\default.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00057344 _____ ()
C:\Windows\system32\config\sam.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00028672 _____ ()
C:\Windows\system32\config\security.iobit
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to
6-20-14.zip
2014-06-21 14:58 - 2014-05-23 10:57 - 00000000 ____D ()
C:\Users\Colleen\DocumentA NexRep
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to
6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to
6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to
6-15-14.zip
2014-06-18 07:56 - 2013-06-05 14:31 - 00000000 ____D ()
C:\Program Files\Opera
2014-06-16 20:18 - 2010-01-02 20:35 - 00000000 ____D ()
C:\Users\Colleen\AppData\Local\Bible Explorer 4
2014-06-16 08:12 - 2014-02-10 10:29 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EfficientPIM
2014-06-16 08:12 - 2014-02-10 10:29 - 00000000 ____D ()
C:\Program Files\EfficientPIM
Files to move or delete:
====================
C:\Users\Colleen\lametritonus_en.dll
C:\Users\Colleen\lame_enc_en.dll
Some content of TEMP:
====================
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\{5E271BDF-0DFA-41F1-A223
-EDC0089639EC}.exe
==================== Bamital & volsnap Check
=================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-16 15:47
==================== End Of Log
============================
-
aswMBR scan sorry about the delay!
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-11 20:28:29
-----------------------------
20:28:29.080 OS Version: Windows 6.0.6002 Service Pack 2
20:28:29.080 Number of processors: 2 586 0xE0C
20:28:29.080 ComputerName: COLLEEN-PC UserName: Colleen
20:28:30.609 Initialize success
20:28:30.624 VM: initialized successfully
20:28:30.687 VM: Intel CPU virtualization not supported
20:29:42.431 AVAST engine defs: 14071000
20:30:15.425 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:30:15.425 Disk 0 Vendor: Hitachi_HTS541610J9SA00 SBCOC7DP Size: 95396MB BusType: 3
20:30:15.612 Disk 0 MBR read successfully
20:30:15.628 Disk 0 MBR scan
20:30:15.675 Disk 0 Windows VISTA default MBR code
20:30:15.706 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:30:15.722 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 93895 MB offset 3074048
20:30:15.737 Disk 0 scanning sectors +195371008
20:30:16.096 Disk 0 scanning C:\Windows\system32\drivers
20:30:45.284 Service scanning
20:31:27.996 Modules scanning
20:31:53.939 Disk 0 trace - called modules:
20:31:53.970 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:31:53.986 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a60ac8]
20:31:54.002 3 CLASSPNP.SYS[889ae8b3] -> nt!IofCallDriver -> [0x851e6b48]
20:31:54.002 5 acpi.sys[82e566bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851e0b98]
20:31:55.156 AVAST engine scan C:\Windows
20:32:03.499 AVAST engine scan C:\Windows\system32
20:53:14.790 AVAST engine scan C:\Windows\system32\drivers
20:55:40.541 AVAST engine scan C:\Users\Colleen
20:55:46.981 File: C:\Users\Colleen\AppData\Local\aeqltsel.exe **INFECTED** Win32:Malware-gen
21:05:21.784 File: C:\Users\Colleen\AppData\Local\iogossul.exe **INFECTED** Win32:Malware-gen
21:05:30.600 File: C:\Users\Colleen\AppData\Local\knxdsdhe.exe **INFECTED** Win32:Rootkit-gen [Rtk]
21:16:23.462 Disk 0 MBR has been saved successfully to "C:\Users\Colleen\Desktop\MBR.dat"
21:16:23.477 The log file has been saved successfully to "C:\Users\Colleen\Desktop\aswMBR.txt"
-
Hi blueskygal,
Your FRST log is difficult to read as posted. Please disable Word Wrap in Notepad and re post the log.
Remove Word Wrap in Notepad
- Click the Windows “Start” button.
- Enter “Notepad” into the search box and double-click the application from the list of search results that appears. The Notepad application opens.
- Click “Format” from the main menu in Notepad to display the formatting drop-down menu. You will see a check mark next to the words “Word Wrap,” which indicates that the Word Wrap feature is currently inserting line endings into your Notepad files.
- Click “Word Wrap” to remove line endings. The check mark that used to appear next to “Word Wrap” disappears, indicating that you have successfully disabled this feature and removed all line endings from your document.
=========================
Last edited by OCD; 2014-07-17 at 04:30.
Reason: typo
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
