Extremely SLOW PC [Archive] - Safer-Networking Forums

gilmore

2011-09-17, 05:37

Hello-
Our PC has been extremely :confused: slow. We have a few different users (our kids) on this PC and my user runs somewhat ok, but a few of the kids users are extremely slow - about 7 minutes to boot. Sometimes the web page freezes. I think I ran Norton a few months back, but I don't recall it coming up with anything. I know our hard drive is getting full, but it is just strange that the different users load so slow. I have even taken the time over the last few months deleting programs they no longer use. Could this be some sort of trojan or virus that is just not being picked up from Norton? Please help - we are extremely frustrated!

Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Owner at 22:13:26 on 2011-09-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.205 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton Online\Engine\2.2.0.26\ccSvcHst.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\SoftwareTime\ComputerTime\bin\STProxy.exe
C:\WINDOWS\system32\svchost.exe -k svcboot_lkais
C:\WINDOWS\system32\svchost.exe
svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Online\Engine\2.2.0.26\ccSvcHst.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
"C:\WINDOWS\system32\svchost.exe"
C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe
C:\Program Files\SoftwareTime\ComputerTime\bin\stka32.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\QuickTime\QTTask.exe
D:\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Norton Safety Minder BHO: {b8e07826-0971-4f16-b133-047b88034e89} - c:\program files\norton online\addons\norton safety minder\engine\2.2.0.34\coIEPlg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKCU-RunOnce
mRun: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-Run
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-RunOnce
StartupFolder: c:\docume~1\julieg~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\STProxy.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: webkins.com\www
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://rescam1.b2science.org/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F815C68-606F-4179-9E43-F7E95177B20C} : DhcpNameServer = 192.168.1.254
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\julie goodwin\application data\mozilla\firefox\profiles\yrou326h.default\
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.gopher - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: d:\mozilla plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-24 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-24 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-24 482432]
R1 ccSet_NOF;Norton Online Settings Manager;c:\windows\system32\drivers\nof\0202000.01a\ccsetx86.sys [2011-9-15 132744]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110915.030\IDSXpx86.sys [2011-9-15 356280]
R2 ComputerTimeServer;ComputerTime Server;c:\program files\softwaretime\computertime\bin\fbserver.exe [2010-10-12 3780608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-20 10448]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-24 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-29 105592]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110916.018\NAVENG.SYS [2011-9-16 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110916.018\NAVEX15.SYS [2011-9-16 1576312]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-12-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-12-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-12-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-12-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-12-26 25704]
S2 gupdate1c9b9f9fa17bde8;Google Update Service (gupdate1c9b9f9fa17bde8);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2007-5-30 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\nsm\0202000.022\symrdr.sys [2011-9-15 196600]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
.
=============== Created Last 30 ================
.
2011-09-16 02:52:57 196600 ----a-w- c:\windows\system32\drivers\nsm\0202000.022\symrdr.sys
2011-09-16 02:52:57 172152 ----a-w- c:\windows\system32\drivers\nsm\0202000.022\symrdrs.sys
2011-09-16 02:52:52 -------- d-----w- c:\windows\system32\drivers\nsm\0202000.022
2011-09-16 02:52:16 132744 ----a-w- c:\windows\system32\drivers\nof\0202000.01a\ccsetx86.sys
2011-09-16 02:52:09 -------- d-----w- c:\windows\system32\drivers\nof\0202000.01A
2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-19 03:15:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-16 21:31:00 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-08-16 21:31:00 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2006-08-25 23:43:48 11817800 -c----w- c:\program files\GoogleEarth.exe
2002-07-26 22:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 22:16:40.81 ===============

And I think I attached the attach.txt zipped file.
I'm not an expert at computers and I hope I posted things correctly.
I wasn't sure if you wanted the S&D run as of yet. If so, let me know - just trying to post correctly.

Thank you!
-Julie

Jack&Jill

2011-09-22, 18:22

Hello and welcome to Safer Networking.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

gilmore

2011-09-23, 17:29

Thank you for helping!
I have gone through tools so that I get updates on replies.
This weekend is a little crazy and I will be away from the computer (off and on), so please be patient with me : )
Thank you!!!

Jack&Jill

2011-09-24, 18:22

Hello gilmore :),

Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.

--------------------

Please download aswMBR and save it to your desktop. Click here. (http://public.avast.com/~gmerek/aswMBR.exe)

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click the aswMBR.exe file to run it. If you are asked to download an antivirus software, please allow.
Click on the Scan button to start. The program will launch a scan.
When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
Please post the contents of the log in your next reply.

--------------------

Please download Malwarebytes' Anti-Malware (MBAM)© from Malwarebytes and save it to your desktop. Click here. (http://www.malwarebytes.org/mbam-download.php)

Run MBAM

Double click on mbam-setup.exe and follow the prompts to install the program.
At the end of installation, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
MBAM will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update mirror, select one of the websites and click on Check for Updates.
Upon completion of update and loading, select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
When done, you will be prompted. Click OK, then click on Show Results.
Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

--------------------

Please download MiniToolBox© by farbar and save it to your desktop. Click here. (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe)

Double click on MiniToolBox.exe to run it.
Please check (tick) the following options:

List last 10 Event Viewer Errors
List Users, Partitions and Memory size.
List Minidump Files
Click on the GO button. A log will open.
Please post the contents of this log. It can also be found on the desktop as Result.txt.

--------------------

Please post back:
1. aswMBR log
2. MBAM report
3. MiniToolBox result

gilmore

2011-09-27, 00:36

I kept checking my email all weekend looking for a notification. It didn't occur to me that it would shoot into my junk mail - sorry for the delay. The Malwarebytes' took almost 6 hours - wow, is that normal? I also accidentally clicked on some sort of cyber program that downloaded by accident. Had to wait til the Malwarebytes scan finished and then deleted it -I hope that was ok to do.
Here are the three reports requested:

Mini Tool box:
MiniToolBox by Farbar
Ran by Julie (administrator) on 26-09-2011 at 17:28:05
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/26/2011 03:16:23 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

Error: (09/26/2011 03:16:09 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

Error: (09/26/2011 03:16:08 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: The log scan number (103:80:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (09/26/2011 08:01:41 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

Error: (09/26/2011 08:01:21 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

Error: (09/26/2011 08:01:21 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: The log scan number (103:80:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (09/22/2011 05:54:15 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

Error: (09/22/2011 05:53:54 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

Error: (09/22/2011 05:53:53 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: The log scan number (103:80:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (09/22/2011 03:45:27 PM) (Source: Application Error) (User: )
Description: Faulting application ccsvchst.exe, version 11.1.0.16, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [ccsvchst.exe!ws!]

System errors:
=============

Malwarebytes:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7801

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

9/26/2011 3:09:18 PM
mbam-log-2011-09-26 (15-09-17).txt

Scan type: Full scan (C:\|D:\|G:\|)
Objects scanned: 532098
Time elapsed: 5 hour(s), 44 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\adapt_installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

aswMBR:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-26 08:15:51
-----------------------------
08:15:51.082 OS Version: Windows 5.1.2600 Service Pack 3
08:15:51.082 Number of processors: 2 586 0x409
08:15:51.082 ComputerName: HOMESCHOOL UserName:
08:15:52.566 Initialize success
08:17:51.082 AVAST engine defs: 11092600
08:19:43.675 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
08:19:43.675 Disk 0 Vendor: WDC_WD1600JS-75NCB3 10.02E04 Size: 152587MB BusType: 3
08:19:45.691 Disk 0 MBR read successfully
08:19:45.691 Disk 0 MBR scan
08:19:45.754 Disk 0 unknown MBR code
08:19:45.769 Disk 0 scanning sectors +312496380
08:19:45.832 Disk 0 scanning C:\WINDOWS\system32\drivers
08:20:07.957 Service scanning
08:20:09.488 Modules scanning
08:20:18.129 Disk 0 trace - called modules:
08:20:18.160 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
08:20:18.160 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d85ab8]
08:20:18.160 3 CLASSPNP.SYS[f763efd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86d52b00]
08:20:19.394 AVAST engine scan C:\WINDOWS
08:20:51.316 AVAST engine scan C:\WINDOWS\system32
08:23:36.066 AVAST engine scan C:\WINDOWS\system32\drivers
08:24:03.035 AVAST engine scan C:\Documents and Settings\Julie
08:27:54.269 AVAST engine scan C:\Documents and Settings\All Users
08:34:56.972 Scan finished successfully
08:36:04.191 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Julie \Desktop\MBR.dat"
08:36:04.191 The log file has been saved successfully to "C:\Documents and Settings\Julie \Desktop\aswMBR.txt"

Jack&Jill

2011-09-27, 02:19

Hello gilmore :),

No worries about the timing. As long as you reply within 3 days, it is good enough for me. Scan time depend very much on the severity of infection, the size of your hard drive and the number of files. Looking at what you have, yes I would say it is normal for Malwarebytes' Anti-Malware needing 6 hours.

The MiniToolBox result appears incomplete. Could you please check the log file? If it is incomplete, please run it again and post back the results.

gilmore

2011-09-27, 02:58

Here is the mini tool box results:
MiniToolBox by Farbar
Ran by Julie (administrator) on 26-09-2011 at 19:54:50
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/26/2011 05:45:56 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

Error: (09/26/2011 05:45:44 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

Error: (09/26/2011 05:45:43 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: The log scan number (103:80:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (09/26/2011 03:16:23 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

Error: (09/26/2011 03:16:09 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

Error: (09/26/2011 03:16:08 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: The log scan number (103:80:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (09/26/2011 08:01:41 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

Error: (09/26/2011 08:01:21 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

Error: (09/26/2011 08:01:21 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: The log scan number (103:80:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (09/22/2011 05:54:15 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

System errors:
=============
Error: (09/26/2011 05:47:18 PM) (Source: Service Control Manager) (User: )
Description: The STProxy service terminated unexpectedly. It has done this 1 time(s).

Error: (09/26/2011 05:47:18 PM) (Source: Service Control Manager) (User: )
Description: The STProxy service hung on starting.

Error: (09/26/2011 05:15:33 PM) (Source: Service Control Manager) (User: )
Description: The Process creation detector. service failed to start due to the following error:
%%2

Error: (09/26/2011 05:15:32 PM) (Source: Service Control Manager) (User: )
Description: The Process creation detector. service failed to start due to the following error:
%%2

Error: (09/26/2011 05:15:32 PM) (Source: Service Control Manager) (User: )
Description: The Process creation detector. service failed to start due to the following error:
%%2

Error: (09/26/2011 03:17:46 PM) (Source: Service Control Manager) (User: )
Description: The STProxy service terminated unexpectedly. It has done this 1 time(s).

Error: (09/26/2011 03:17:38 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (09/26/2011 03:17:38 PM) (Source: Service Control Manager) (User: )
Description: The STProxy service hung on starting.

Error: (09/26/2011 08:02:13 AM) (Source: Service Control Manager) (User: )
Description: The SeaPort service failed to start due to the following error:
%%1053

Error: (09/26/2011 08:02:13 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the SeaPort service to connect.

Microsoft Office Sessions:
=========================
Error: (09/26/2011 05:45:56 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description:

Error: (09/26/2011 05:45:44 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: msdb4

Error: (09/26/2011 05:45:43 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: (103:80:1)msdb

Error: (09/26/2011 03:16:23 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description:

Error: (09/26/2011 03:16:09 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: msdb4

Error: (09/26/2011 03:16:08 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: (103:80:1)msdb

Error: (09/26/2011 08:01:41 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description:

Error: (09/26/2011 08:01:21 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: msdb4

Error: (09/26/2011 08:01:21 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: (103:80:1)msdb

Error: (09/22/2011 05:54:15 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description:

========================= Memory info: ===================================

Percentage of memory in use: 65%
Total physical RAM: 1014.07 MB
Available physical RAM: 351.04 MB
Total Pagefile: 2440.82 MB
Available Pagefile: 1864.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.65 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:108.59 GB) (Free:22.78 GB) NTFS
2 Drive d: (Backup) (Fixed) (Total:37.24 GB) (Free:37.03 GB) NTFS
3 Drive e: (Math 6 - 1) (CDROM) (Total:0.4 GB) (Free:0 GB) CDFS
5 Drive g: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:379.98 GB) NTFS

========================= Users: ========================================

User accounts for \\HOMESCHOOL

Administrator Dad Guest
HelpAssistant Julie Madison
Patrick PJG Sean
SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini051310-01.dmp
C:\WINDOWS\Minidump\Mini051810-01.dmp
C:\WINDOWS\Minidump\Mini052610-01.dmp
C:\WINDOWS\Minidump\Mini060711-01.dmp

**** End of log ****

Jack&Jill

2011-09-27, 04:31

Hello gilmore :),

Firstly, the RAM is marginally adequate. You might want to consider upgrading.

Next, lets clear off some clutter.

Please download ATF (Atribune Temp File) Cleaner© by Atribune from one of the links below and save it to your desktop.

Link 1 (http://majorgeeks.com/ATF_Cleaner_d4949.html)
Link 2 (http://download.cnet.com/ATF-Cleaner/3000-18512_4-89432.html)

Run ATF Cleaner

Exit all browsers.
Double-click ATF Cleaner.exe to open it.
Click Run if prompted.
At the bottom of the list, check (tick) Select All.
Note: If you would like to keep your cookies, please uncheck this option as it will remove all cookies, including the useful ones you may want to keep.
Then click the Empty Selected button.
Firefox:
Click Firefox at the top and choose: Select All. Uncheck the cookies option if you want to keep them.
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

--------------------

Check your hard disk for error

Go to Start > Run.... Copy and paste the following text into the white box:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
Click OK. A command prompt window will appear for a while. Please wait until it closes.
Post the contents of checkhd.txt. It is found on your desktop.

--------------------

Please close all programs and do not run any others before and during the Rootkit Unhooker scan. Do not use the computer for anything else until after the scan is completed.

Please download Rootkit Unhooker and save it to your desktop. Click here. (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)

Double click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Ensure the following are checked (ticked):

Drivers
Stealth Code
Files
Code Hooks
Uncheck the rest, then click OK. An initial scan will be performed.
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
Save the report somewhere you can find it. Click Close to exit.
Copy the entire contents of the report and paste it in your next reply.

You may get a warning about parasite detection. Please click OK to continue.

--------------------

Please post back:
1. chkdsk result
2. Rootkit Unhooker log

gilmore

2011-09-27, 13:45

I ran the ATF Cleaner then the checkhd.txtx and the Rootkit. Posting in two posts because the log is too long,
Thank you!

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
Recovering orphaned file ETILQS~2 (18017) into directory file 2612.
Recovering orphaned file etilqs_CCXIClg2H89RbJi (18017) into directory file 2612.
Recovering orphaned file EXTENS~2.SQL (50430) into directory file 178084.
Recovering orphaned file extensions.sqlite-journal (50430) into directory file 178084.
Recovering orphaned file PLACES~2.SQL (66750) into directory file 178084.
Recovering orphaned file places.sqlite-wal (66750) into directory file 178084.
Recovering orphaned file parent.lock (148866) into directory file 178084.
Recovering orphaned file PARENT~1.LOC (148866) into directory file 178084.
Recovering orphaned file COOKIE~2.SQL (153131) into directory file 178084.
Recovering orphaned file cookies.sqlite-wal (153131) into directory file 178084.
Recovering orphaned file COOKIE~3.SQL (153136) into directory file 178084.
Recovering orphaned file cookies.sqlite-shm (153136) into directory file 178084.
Recovering orphaned file PLACES~3.SQL (153139) into directory file 178084.
Recovering orphaned file places.sqlite-shm (153139) into directory file 178084.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

113860687 KB total disk space.
89111524 KB in 152859 files.
65200 KB in 31505 indexes.
0 KB in bad sectors.
547311 KB in use by the system.
65536 KB occupied by the log file.
24136652 KB available on disk.

4096 bytes in each allocation unit.
28465171 total allocation units on disk.
6034163 allocation units available on disk.

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF716D000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1306624 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF6FB7000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xAA6C8000 C:\WINDOWS\system32\drivers\sthda.sys 1015808 bytes (SigmaTel, Inc., NDRC)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 929792 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xF6F10000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF734C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA2FC000 C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xAA181000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xAA3F3000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAA395000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF6DA0000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA4D8000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110923.030\IDSxpx86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)
0xAA5F0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9A97000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF7406000 SYMEFA.SYS 323584 bytes
0xBF15A000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAA2BA000 C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
0xA9BDF000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF70D9000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xAA5BC000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
0xF74CF000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF6D72000 C:\WINDOWS\system32\DRIVERS\MarvinBus.sys 188416 bytes (Pinnacle Systems GmbH, Pinnacle Marvin Discrete Bus Enumerator)
0xA9D38000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF731F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAA463000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF7131000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA4B0000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6EEA000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xAA596000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAA548000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0xAA67C000 C:\WINDOWS\system32\drivers\NOF\0202000.01A\ccSetx86.sys 147456 bytes (Symantec Corporation, Common Client Settings Driver)
0xF6EC6000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF710D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF70B6000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA48E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7467000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF749F000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xAA377000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF7305000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7487000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9FAB000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xAA169000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73D9000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6EAF000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9FC3000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA9F95000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF73F0000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xAA533000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
0xA91D8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7159000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA649000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7455000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xA98A5000 C:\WINDOWS\system32\drivers\tmcomm.sys 73728 bytes (Trend Micro Inc., TrendMicro Common Module)
0xF74BE000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6E9E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF782E000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF768E000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76CE000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF769E000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAA0A1000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF779E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF783E000 C:\WINDOWS\System32\Drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xF763E000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF771E000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF761E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF773E000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF77FE000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76AE000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF760E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF772E000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xAA29A000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75FE000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF776E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF77EE000 C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xF775E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF76BE000 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
0xF76DE000 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
0xF76EE000 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
0xF76FE000 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
0xF770E000 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
0xA8D92000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF762E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF784E000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF767E000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF774E000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF77CE000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF764E000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF77BE000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF79BE000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xF79C6000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xF78EE000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7896000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF798E000 C:\WINDOWS\system32\DRIVERS\SymIM.sys 32768 bytes (Symantec Corporation, NDIS Intermediate Driver)
0xF78DE000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS 32768 bytes (Symantec Corporation, NDIS Filter Driver)
0xF79B6000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF78D6000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xAA111000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF79E6000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF787E000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78FE000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS 28672 bytes (Symantec Corporation, IDS Filter Driver)
0xF796E000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF79CE000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF7906000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF797E000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF799E000 C:\WINDOWS\System32\Drivers\LUsbFilt.Sys 24576 bytes (Logitech, Inc., Logitech USB Filter Driver.)
0xF7986000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF78CE000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF79EE000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF79FE000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7886000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7966000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7976000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7956000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7A06000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAA031000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF72AC000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF72C8000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7ACE000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA035000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF6D56000 C:\WINDOWS\system32\drivers\pclepci.sys 16384 bytes (Pinnacle Systems GmbH, PCLEPCI)
0xA9F85000 C:\WINDOWS\system32\DRIVERS\wpsnuio.sys 16384 bytes (Skyhook Wireless, WPS NDIS User Mode I/O Driver)
0xF7A0E000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAA57A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAA6A8000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7A8E000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA9C44000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF72B4000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7ABA000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7AA6000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF6D66000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B36000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B1E000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7BB4000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7B82000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xF7B66000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B32000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B02000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7AFE000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B3A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B3E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B24000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7B28000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B2E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B00000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D11000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C16000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7D0B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7CA8000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xF7C0A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BC6000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [Hdaudio.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [iqvw32.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [emStream.sys]
WARNING: Virus alike driver modification [atwpkt2.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atwpkt264.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [mcd.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
!-->[Hidden] C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-160E1F62.pf
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D4CC, Type: Inline - RelativeJump 0x805044CC-->805044AF [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D550, Type: Inline - RelativeJump 0x80504550-->805044E1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D6A4, Type: Inline - RelativeJump 0x805046A4-->8050467D [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D7D4, Type: Inline - RelativeJump 0x805047D4-->805047B5 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D884, Type: Inline - RelativeJump 0x80504884-->8050484A [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe]
[1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->01970000 [unknown_code_page]
[1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->018F0000 [unknown_code_page]
[1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->01900000 [unknown_code_page]
[1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->01960000 [unknown_code_page]
[1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->01930000 [unknown_code_page]
[1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->01950000 [unknown_code_page]
[1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->01940000 [unknown_code_page]
[1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->01980000 [unknown_code_page]
[1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->01910000 [unknown_code_page]
[1156]SetPoint.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->01960000 [unknown_code_page]
[1156]SetPoint.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->01930000 [unknown_code_page]
[1156]SetPoint.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->01950000 [unknown_code_page]
[1156]SetPoint.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->01940000 [unknown_code_page]
[1156]SetPoint.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->01910000 [unknown_code_page]
[1156]SetPoint.exe-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x00447068-->018F0000 [unknown_code_page]
[1156]SetPoint.exe-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x00447070-->01900000 [unknown_code_page]
[1156]SetPoint.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00447140-->01960000 [unknown_code_page]
[1156]SetPoint.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0044714C-->01930000 [unknown_code_page]
[1156]SetPoint.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0044708C-->01950000 [unknown_code_page]
[1156]SetPoint.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00447128-->01940000 [unknown_code_page]
[1156]SetPoint.exe-->kernel32.dll-->SuspendThread, Type: IAT modification 0x00447130-->01920000 [unknown_code_page]
[1156]SetPoint.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x00447118-->01910000 [unknown_code_page]
[1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->01990000 [unknown_code_page]
[1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->01970000 [unknown_code_page]
[1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->018F0000 [unknown_code_page]
[1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->019A0000 [unknown_code_page]
[1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->01900000 [unknown_code_page]
[1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->01960000 [unknown_code_page]
[1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->01930000 [unknown_code_page]
[1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->019B0000 [unknown_code_page]
[1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->01950000 [unknown_code_page]
[1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->01940000 [unknown_code_page]
[1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->01980000 [unknown_code_page]
[1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->01910000 [unknown_code_page]
[1156]SetPoint.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->019C0000 [unknown_code_page]
[1156]SetPoint.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->018F0000 [unknown_code_page]
[1156]SetPoint.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->01900000 [unknown_code_page]
[1156]SetPoint.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->01960000 [unknown_code_page]
[1156]SetPoint.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->01930000 [unknown_code_page]
[1156]SetPoint.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->01950000 [unknown_code_page]
[1156]SetPoint.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->01940000 [unknown_code_page]
[1156]SetPoint.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->01910000 [unknown_code_page]
[1700]stka32.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->01070000 [unknown_code_page]
[1700]stka32.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->01030000 [unknown_code_page]
[1700]stka32.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->01040000 [unknown_code_page]
[1700]stka32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00FD0000 [unknown_code_page]
[1700]stka32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00FC0000 [unknown_code_page]
[1700]stka32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->01060000 [unknown_code_page]
[1700]stka32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->01050000 [unknown_code_page]
[1700]stka32.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->00FB0000 [unknown_code_page]
[1700]stka32.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->00FA0000 [unknown_code_page]
[1700]stka32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00FD0000 [unknown_code_page]
[1700]stka32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00FC0000 [unknown_code_page]
[1700]stka32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->01060000 [unknown_code_page]
[1700]stka32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->01050000 [unknown_code_page]
[1700]stka32.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->00FA0000 [unknown_code_page]
[1700]stka32.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00453184-->00FD0000 [unknown_code_page]
[1700]stka32.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00453180-->00FC0000 [unknown_code_page]
[1700]stka32.exe-->kernel32.dll-->OpenProcess, Type: IAT modification 0x004531B8-->00FB0000 [unknown_code_page]
[1700]stka32.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x00453168-->00FA0000 [unknown_code_page]
[1700]stka32.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->00FF0000 [unknown_code_page]
[1700]stka32.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->01070000 [unknown_code_page]
[1700]stka32.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->01030000 [unknown_code_page]
[1700]stka32.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->01000000 [unknown_code_page]
[1700]stka32.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->01040000 [unknown_code_page]
[1700]stka32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00FD0000 [unknown_code_page]
[1700]stka32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00FC0000 [unknown_code_page]
[1700]stka32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->01020000 [unknown_code_page]
[1700]stka32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->01060000 [unknown_code_page]
[1700]stka32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->01050000 [unknown_code_page]
[1700]stka32.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->00FB0000 [unknown_code_page]
[1700]stka32.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->00FA0000 [unknown_code_page]
[1700]stka32.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00FE0000 [unknown_code_page]
[1700]stka32.exe-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x00453534-->00FE0000 [unknown_code_page]
[1700]stka32.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->01030000 [unknown_code_page]
[1700]stka32.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->01040000 [unknown_code_page]
[1700]stka32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00FD0000 [unknown_code_page]
[1700]stka32.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00FC0000 [unknown_code_page]
[1700]stka32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->01060000 [unknown_code_page]
[1700]stka32.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->01050000 [unknown_code_page]
[1700]stka32.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->00FA0000 [unknown_code_page]
[1700]stka32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00FD0000 [unknown_code_page]
[1700]stka32.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00FC0000 [unknown_code_page]
[1700]stka32.exe-->ws2_32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x71AB10D0-->00FA0000 [unknown_code_page]
[216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->00CE0000 [unknown_code_page]
[216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->00CA0000 [unknown_code_page]
[216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->00CB0000 [unknown_code_page]
[216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00C90000 [unknown_code_page]
[216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00C80000 [unknown_code_page]
[216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00CD0000 [unknown_code_page]
[216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00CC0000 [unknown_code_page]
[216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->00CF0000 [unknown_code_page]
[216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->00C70000 [unknown_code_page]
[216]hpwuschd2.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00C90000 [unknown_code_page]
[216]hpwuschd2.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00C80000 [unknown_code_page]
[216]hpwuschd2.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00CD0000 [unknown_code_page]
[216]hpwuschd2.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00CC0000 [unknown_code_page]
[216]hpwuschd2.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->00C70000 [unknown_code_page]
[216]hpwuschd2.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00408064-->00C90000 [unknown_code_page]
[216]hpwuschd2.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00408048-->00C80000 [unknown_code_page]
[216]hpwuschd2.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x00408088-->00C70000 [unknown_code_page]
[216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->00D00000 [unknown_code_page]
[216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->00CE0000 [unknown_code_page]
[216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->00CA0000 [unknown_code_page]
[216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->00D10000 [unknown_code_page]
[216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->00CB0000 [unknown_code_page]
[216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00C90000 [unknown_code_page]
[216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00C80000 [unknown_code_page]
[216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00D20000 [unknown_code_page]
[216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00CD0000 [unknown_code_page]
[216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00CC0000 [unknown_code_page]
[216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->00CF0000 [unknown_code_page]
[216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->00C70000 [unknown_code_page]
[216]hpwuschd2.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00D30000 [unknown_code_page]
[216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->00CA0000 [unknown_code_page]
[216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->00CB0000 [unknown_code_page]
[216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00C90000 [unknown_code_page]
[216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00C80000 [unknown_code_page]
[216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00CD0000 [unknown_code_page]
[216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00CC0000 [unknown_code_page]
[216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->00C70000 [unknown_code_page]
[2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->00C60000 [unknown_code_page]
[2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->00C40000 [unknown_code_page]
[2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->00C50000 [unknown_code_page]
[2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00C10000 [unknown_code_page]
[2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00BF0000 [unknown_code_page]
[2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00C30000 [unknown_code_page]
[2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00C20000 [unknown_code_page]
[2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->00BE0000 [unknown_code_page]
[2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->00BD0000 [unknown_code_page]
[2344]QTTask.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00C10000 [unknown_code_page]
[2344]QTTask.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00BF0000 [unknown_code_page]
[2344]QTTask.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00C30000 [unknown_code_page]
[2344]QTTask.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00C20000 [unknown_code_page]
[2344]QTTask.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->00BD0000 [unknown_code_page]
[2344]QTTask.exe-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x0044C090-->00BC0000 [unknown_code_page]
[2344]QTTask.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0044C108-->00C10000 [unknown_code_page]
[2344]QTTask.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0044C104-->00BF0000 [unknown_code_page]
[2344]QTTask.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x0044C05C-->00C00000 [unknown_code_page]
[2344]QTTask.exe-->kernel32.dll-->OpenProcess, Type: IAT modification 0x0044C0F8-->00BE0000 [unknown_code_page]
[2344]QTTask.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x0044C068-->00BD0000 [unknown_code_page]
[2344]QTTask.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->00BC0000 [unknown_code_page]
[2344]QTTask.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->00C60000 [unknown_code_page]
[2344]QTTask.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->00C40000 [unknown_code_page]
[2344]QTTask.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->00C70000 [unknown_code_page]
[2344]QTTask.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->00C50000 [unknown_code_page]
[2344]QTTask.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00C10000 [unknown_code_page]
[2344]QTTask.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00BF0000 [unknown_code_page]
[2344]QTTask.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00C00000 [unknown_code_page]
[2344]QTTask.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00C30000 [unknown_code_page]
[2344]QTTask.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00C20000 [unknown_code_page]
[2344]QTTask.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->00BE0000 [unknown_code_page]

*** Continued next post ***

gilmore

2011-09-27, 13:45

*** Continued ***
[2344]QTTask.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->00BD0000 [unknown_code_page]
[2344]QTTask.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00C80000 [unknown_code_page]
[2344]QTTask.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->00C40000 [unknown_code_page]
[2344]QTTask.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->00C50000 [unknown_code_page]
[2344]QTTask.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00C10000 [unknown_code_page]
[2344]QTTask.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00BF0000 [unknown_code_page]
[2344]QTTask.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00C30000 [unknown_code_page]
[2344]QTTask.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00C20000 [unknown_code_page]
[2344]QTTask.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->00BD0000 [unknown_code_page]
[2604]explorer.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->00DB0000 [unknown_code_page]
[2604]explorer.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->00D10000 [unknown_code_page]
[2604]explorer.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->00D20000 [unknown_code_page]
[2604]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00D90000 [unknown_code_page]
[2604]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00D50000 [unknown_code_page]
[2604]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00D80000 [unknown_code_page]
[2604]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00D60000 [unknown_code_page]
[2604]explorer.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->00D40000 [unknown_code_page]
[2604]explorer.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->00D30000 [unknown_code_page]
[2604]explorer.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x77A8120C-->00DC0000 [unknown_code_page]
[2604]explorer.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77A81210-->00D10000 [unknown_code_page]
[2604]explorer.exe-->crypt32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x77A81214-->00DD0000 [unknown_code_page]
[2604]explorer.exe-->crypt32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77A81218-->00D20000 [unknown_code_page]
[2604]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->00D90000 [unknown_code_page]
[2604]explorer.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A81190-->00D50000 [unknown_code_page]
[2604]explorer.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A811F8-->00D70000 [unknown_code_page]
[2604]explorer.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A811FC-->00D80000 [unknown_code_page]
[2604]explorer.exe-->crypt32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77A811AC-->00D30000 [unknown_code_page]
[2604]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00D90000 [unknown_code_page]
[2604]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00D50000 [unknown_code_page]
[2604]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00D80000 [unknown_code_page]
[2604]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00D60000 [unknown_code_page]
[2604]explorer.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->00D30000 [unknown_code_page]
[2604]explorer.exe-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x01001188-->00D10000 [unknown_code_page]
[2604]explorer.exe-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x01001184-->00D20000 [unknown_code_page]
[2604]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00D90000 [unknown_code_page]
[2604]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010011D4-->00D50000 [unknown_code_page]
[2604]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x0100112C-->00D70000 [unknown_code_page]
[2604]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100117C-->00D80000 [unknown_code_page]
[2604]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x01001254-->00D60000 [unknown_code_page]
[2604]explorer.exe-->kernel32.dll-->OpenProcess, Type: IAT modification 0x010011CC-->00D40000 [unknown_code_page]
[2604]explorer.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x010011F0-->00D30000 [unknown_code_page]
[2604]explorer.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->00DC0000 [unknown_code_page]
[2604]explorer.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->00DB0000 [unknown_code_page]
[2604]explorer.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->00D10000 [unknown_code_page]
[2604]explorer.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->00DD0000 [unknown_code_page]
[2604]explorer.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->00D20000 [unknown_code_page]
[2604]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00D90000 [unknown_code_page]
[2604]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00D50000 [unknown_code_page]
[2604]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00D70000 [unknown_code_page]
[2604]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00D80000 [unknown_code_page]
[2604]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00D60000 [unknown_code_page]
[2604]explorer.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->00D40000 [unknown_code_page]
[2604]explorer.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->00D30000 [unknown_code_page]
[2604]explorer.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00DA0000 [unknown_code_page]
[2604]explorer.exe-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x01001688-->00DA0000 [unknown_code_page]
[2604]explorer.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->00D10000 [unknown_code_page]
[2604]explorer.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->00D20000 [unknown_code_page]
[2604]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00D90000 [unknown_code_page]
[2604]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00D50000 [unknown_code_page]
[2604]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00D80000 [unknown_code_page]
[2604]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00D60000 [unknown_code_page]
[2604]explorer.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->00D30000 [unknown_code_page]
[2604]explorer.exe-->wininet.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x3D93127C-->00DC0000 [unknown_code_page]
[2604]explorer.exe-->wininet.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x3D931284-->00DD0000 [unknown_code_page]
[2604]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00D90000 [unknown_code_page]
[2604]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D931484-->00D50000 [unknown_code_page]
[2604]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931418-->00D80000 [unknown_code_page]
[2604]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D9313EC-->00D60000 [unknown_code_page]
[2604]explorer.exe-->wininet.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x3D931470-->00D30000 [unknown_code_page]
[2604]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]
[3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->022B0000 [unknown_code_page]
[3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->02270000 [unknown_code_page]
[3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->02280000 [unknown_code_page]
[3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->02220000 [unknown_code_page]
[3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->02210000 [unknown_code_page]
[3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->022A0000 [unknown_code_page]
[3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->02290000 [unknown_code_page]
[3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->02200000 [unknown_code_page]
[3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->021F0000 [unknown_code_page]
[3224]ctmn32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->02220000 [unknown_code_page]
[3224]ctmn32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->02210000 [unknown_code_page]
[3224]ctmn32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->022A0000 [unknown_code_page]
[3224]ctmn32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->02290000 [unknown_code_page]
[3224]ctmn32.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->021F0000 [unknown_code_page]
[3224]ctmn32.exe-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x004D213C-->021E0000 [unknown_code_page]
[3224]ctmn32.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004D20BC-->02220000 [unknown_code_page]
[3224]ctmn32.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004D20C0-->02210000 [unknown_code_page]
[3224]ctmn32.exe-->kernel32.dll-->OpenProcess, Type: IAT modification 0x004D20D8-->02200000 [unknown_code_page]
[3224]ctmn32.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x004D20E4-->021F0000 [unknown_code_page]
[3224]ctmn32.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->02220000 [unknown_code_page]
[3224]ctmn32.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->02210000 [unknown_code_page]
[3224]ctmn32.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->02290000 [unknown_code_page]
[3224]ctmn32.exe-->mswsock.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x71A51144-->02200000 [unknown_code_page]
[3224]ctmn32.exe-->mswsock.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x71A510B4-->021F0000 [unknown_code_page]
[3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->021E0000 [unknown_code_page]
[3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->022B0000 [unknown_code_page]
[3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->02270000 [unknown_code_page]
[3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->02240000 [unknown_code_page]
[3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->02280000 [unknown_code_page]
[3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->02220000 [unknown_code_page]
[3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->02210000 [unknown_code_page]
[3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->02260000 [unknown_code_page]
[3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->022A0000 [unknown_code_page]
[3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->02290000 [unknown_code_page]
[3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->02200000 [unknown_code_page]
[3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->021F0000 [unknown_code_page]
[3224]ctmn32.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->02230000 [unknown_code_page]
[3224]ctmn32.exe-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x004D260C-->02230000 [unknown_code_page]
[3224]ctmn32.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->02270000 [unknown_code_page]
[3224]ctmn32.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->02280000 [unknown_code_page]
[3224]ctmn32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->02220000 [unknown_code_page]
[3224]ctmn32.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->02210000 [unknown_code_page]
[3224]ctmn32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->022A0000 [unknown_code_page]
[3224]ctmn32.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->02290000 [unknown_code_page]
[3224]ctmn32.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->021F0000 [unknown_code_page]
[3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x3D93127C-->021E0000 [unknown_code_page]
[3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x3D931284-->02240000 [unknown_code_page]
[3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->02220000 [unknown_code_page]
[3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D931484-->02210000 [unknown_code_page]
[3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931418-->022A0000 [unknown_code_page]
[3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D9313EC-->02290000 [unknown_code_page]
[3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x3D931470-->021F0000 [unknown_code_page]
[3224]ctmn32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->02220000 [unknown_code_page]
[3224]ctmn32.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->02210000 [unknown_code_page]
[3224]ctmn32.exe-->ws2_32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x71AB10D0-->021F0000 [unknown_code_page]
[3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->017B0000 [unknown_code_page]
[3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->016F0000 [unknown_code_page]
[3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->01700000 [unknown_code_page]
[3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->01760000 [unknown_code_page]
[3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->01740000 [unknown_code_page]
[3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->01780000 [unknown_code_page]
[3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->01750000 [unknown_code_page]
[3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->01730000 [unknown_code_page]
[3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->01710000 [unknown_code_page]
[3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x77A8120C-->01790000 [unknown_code_page]
[3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77A81210-->016F0000 [unknown_code_page]
[3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x77A81214-->017A0000 [unknown_code_page]
[3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77A81218-->01700000 [unknown_code_page]
[3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->01760000 [unknown_code_page]
[3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A81190-->01740000 [unknown_code_page]
[3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A811F8-->017C0000 [unknown_code_page]
[3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A811FC-->01780000 [unknown_code_page]
[3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77A811AC-->01710000 [unknown_code_page]
[3420]AdobeARM.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->01760000 [unknown_code_page]
[3420]AdobeARM.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->01740000 [unknown_code_page]
[3420]AdobeARM.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->01780000 [unknown_code_page]
[3420]AdobeARM.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->01750000 [unknown_code_page]
[3420]AdobeARM.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->01710000 [unknown_code_page]
[3420]AdobeARM.exe-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x004663C0-->016F0000 [unknown_code_page]
[3420]AdobeARM.exe-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x004662C4-->01700000 [unknown_code_page]
[3420]AdobeARM.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004663C8-->01760000 [unknown_code_page]
[3420]AdobeARM.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00466270-->01740000 [unknown_code_page]
[3420]AdobeARM.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004663CC-->01750000 [unknown_code_page]
[3420]AdobeARM.exe-->kernel32.dll-->OpenProcess, Type: IAT modification 0x00466320-->01730000 [unknown_code_page]
[3420]AdobeARM.exe-->kernel32.dll-->SuspendThread, Type: IAT modification 0x0046628C-->01720000 [unknown_code_page]
[3420]AdobeARM.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x004661DC-->01710000 [unknown_code_page]
[3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->01790000 [unknown_code_page]
[3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->017B0000 [unknown_code_page]
[3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->016F0000 [unknown_code_page]
[3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->017A0000 [unknown_code_page]
[3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->01700000 [unknown_code_page]
[3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->01760000 [unknown_code_page]
[3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->01740000 [unknown_code_page]
[3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->017C0000 [unknown_code_page]
[3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->01780000 [unknown_code_page]
[3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->01750000 [unknown_code_page]
[3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->01730000 [unknown_code_page]
[3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->01710000 [unknown_code_page]
[3420]AdobeARM.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->01770000 [unknown_code_page]
[3420]AdobeARM.exe-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x004665D4-->01770000 [unknown_code_page]
[3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->016F0000 [unknown_code_page]
[3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->01700000 [unknown_code_page]
[3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->01760000 [unknown_code_page]
[3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->01740000 [unknown_code_page]
[3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->01780000 [unknown_code_page]
[3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->01750000 [unknown_code_page]
[3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->01710000 [unknown_code_page]
[3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->00DA0000 [unknown_code_page]
[3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->00D70000 [unknown_code_page]
[3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->00D90000 [unknown_code_page]
[3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00D50000 [unknown_code_page]
[3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00D40000 [unknown_code_page]
[3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00DD0000 [unknown_code_page]
[3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00DC0000 [unknown_code_page]
[3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->00DB0000 [unknown_code_page]
[3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->00D30000 [unknown_code_page]
[3572]ctfmon.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00D50000 [unknown_code_page]
[3572]ctfmon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00D40000 [unknown_code_page]
[3572]ctfmon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00DD0000 [unknown_code_page]
[3572]ctfmon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00DC0000 [unknown_code_page]
[3572]ctfmon.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->00D30000 [unknown_code_page]
[3572]ctfmon.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00401098-->00D50000 [unknown_code_page]
[3572]ctfmon.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401060-->00D40000 [unknown_code_page]
[3572]ctfmon.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x0040107C-->00D30000 [unknown_code_page]
[3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->00D60000 [unknown_code_page]
[3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->00DA0000 [unknown_code_page]
[3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->00D70000 [unknown_code_page]
[3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->00D80000 [unknown_code_page]
[3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->00D90000 [unknown_code_page]
[3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00D50000 [unknown_code_page]
[3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00D40000 [unknown_code_page]
[3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00DE0000 [unknown_code_page]
[3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00DD0000 [unknown_code_page]
[3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00DC0000 [unknown_code_page]
[3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->00DB0000 [unknown_code_page]
[3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->00D30000 [unknown_code_page]
[3572]ctfmon.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00DF0000 [unknown_code_page]
[3572]ctfmon.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->00D70000 [unknown_code_page]
[3572]ctfmon.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->00D90000 [unknown_code_page]
[3572]ctfmon.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00D50000 [unknown_code_page]
[3572]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00D40000 [unknown_code_page]
[3572]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00DD0000 [unknown_code_page]
[3572]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00DC0000 [unknown_code_page]
[3572]ctfmon.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->00D30000 [unknown_code_page]
[3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->00C90000 [unknown_code_page]
[3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->00C30000 [unknown_code_page]
[3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->00C50000 [unknown_code_page]
[3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00C70000 [unknown_code_page]
[3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00C60000 [unknown_code_page]
[3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00C10000 [unknown_code_page]
[3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00C80000 [unknown_code_page]
[3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->00CA0000 [unknown_code_page]
[3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->00C00000 [unknown_code_page]
[3620]wscntfy.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00C70000 [unknown_code_page]
[3620]wscntfy.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00C60000 [unknown_code_page]
[3620]wscntfy.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00C10000 [unknown_code_page]
[3620]wscntfy.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00C80000 [unknown_code_page]
[3620]wscntfy.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->00C00000 [unknown_code_page]
[3620]wscntfy.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x01001024-->00C10000 [unknown_code_page]
[3620]wscntfy.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x0100103C-->00C00000 [unknown_code_page]
[3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->00C20000 [unknown_code_page]
[3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->00C90000 [unknown_code_page]
[3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->00C30000 [unknown_code_page]
[3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->00C40000 [unknown_code_page]
[3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->00C50000 [unknown_code_page]
[3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00C70000 [unknown_code_page]
[3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00C60000 [unknown_code_page]
[3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00CB0000 [unknown_code_page]
[3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00C10000 [unknown_code_page]
[3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00C80000 [unknown_code_page]
[3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->00CA0000 [unknown_code_page]
[3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->00C00000 [unknown_code_page]
[3620]wscntfy.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00CC0000 [unknown_code_page]
[3620]wscntfy.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->00C30000 [unknown_code_page]
[3620]wscntfy.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->00C50000 [unknown_code_page]
[3620]wscntfy.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00C70000 [unknown_code_page]
[3620]wscntfy.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00C60000 [unknown_code_page]
[3620]wscntfy.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00C10000 [unknown_code_page]
[3620]wscntfy.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00C80000 [unknown_code_page]
[3620]wscntfy.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->00C00000 [unknown_code_page]
[3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->09CF0000 [unknown_code_page]
[3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->09CD0000 [unknown_code_page]
[3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->09CE0000 [unknown_code_page]
[3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->09CC0000 [unknown_code_page]
[3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->09CA0000 [unknown_code_page]
[3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->09D10000 [unknown_code_page]
[3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->09CB0000 [unknown_code_page]
[3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->09D00000 [unknown_code_page]
[3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->09C90000 [unknown_code_page]
[3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x77A8120C-->09D20000 [unknown_code_page]
[3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77A81210-->09CD0000 [unknown_code_page]
[3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x77A81214-->09D30000 [unknown_code_page]
[3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77A81218-->09CE0000 [unknown_code_page]
[3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->09CC0000 [unknown_code_page]
[3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A81190-->09CA0000 [unknown_code_page]
[3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A811F8-->09D40000 [unknown_code_page]
[3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A811FC-->09D10000 [unknown_code_page]
[3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77A811AC-->09C90000 [unknown_code_page]
[3892]iTunesHelper.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->09CC0000 [unknown_code_page]
[3892]iTunesHelper.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->09CA0000 [unknown_code_page]
[3892]iTunesHelper.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->09D10000 [unknown_code_page]
[3892]iTunesHelper.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->09CB0000 [unknown_code_page]
[3892]iTunesHelper.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->09C90000 [unknown_code_page]
[3892]iTunesHelper.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00408018-->09CC0000 [unknown_code_page]
[3892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004080C8-->09CA0000 [unknown_code_page]
[3892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x0040802C-->09CB0000 [unknown_code_page]
[3892]iTunesHelper.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x0040803C-->09C90000 [unknown_code_page]
[3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->09D20000 [unknown_code_page]
[3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->09CF0000 [unknown_code_page]
[3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->09CD0000 [unknown_code_page]
[3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->09D30000 [unknown_code_page]
[3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->09CE0000 [unknown_code_page]
[3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->09CC0000 [unknown_code_page]
[3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->09CA0000 [unknown_code_page]
[3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->09D40000 [unknown_code_page]
[3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->09D10000 [unknown_code_page]
[3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->09CB0000 [unknown_code_page]
[3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->09D00000 [unknown_code_page]
[3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->09C90000 [unknown_code_page]
[3892]iTunesHelper.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->09D50000 [unknown_code_page]
[3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->09CD0000 [unknown_code_page]
[3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->09CE0000 [unknown_code_page]
[3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->09CC0000 [unknown_code_page]
[3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->09CA0000 [unknown_code_page]
[3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->09D10000 [unknown_code_page]
[3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->09CB0000 [unknown_code_page]
[3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->09C90000 [unknown_code_page]
[3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x3D93127C-->09D20000 [unknown_code_page]
[3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x3D931284-->09D30000 [unknown_code_page]
[3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->09CC0000 [unknown_code_page]
[3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D931484-->09CA0000 [unknown_code_page]
[3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931418-->09D10000 [unknown_code_page]
[3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D9313EC-->09CB0000 [unknown_code_page]
[3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x3D931470-->09C90000 [unknown_code_page]
[3892]iTunesHelper.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->09CC0000 [unknown_code_page]
[3892]iTunesHelper.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->09CA0000 [unknown_code_page]
[3892]iTunesHelper.exe-->ws2_32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x71AB10D0-->09C90000 [unknown_code_page]
[4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->027F0000 [unknown_code_page]
[4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->027B0000 [unknown_code_page]
[4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->027C0000 [unknown_code_page]
[4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->027A0000 [unknown_code_page]
[4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->02790000 [unknown_code_page]
[4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->027E0000 [unknown_code_page]
[4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->027D0000 [unknown_code_page]
[4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->02800000 [unknown_code_page]
[4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->02780000 [unknown_code_page]
[4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x77A8120C-->02810000 [unknown_code_page]
[4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77A81210-->027B0000 [unknown_code_page]
[4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x77A81214-->02820000 [unknown_code_page]
[4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77A81218-->027C0000 [unknown_code_page]
[4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->027A0000 [unknown_code_page]
[4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A81190-->02790000 [unknown_code_page]
[4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A811F8-->02830000 [unknown_code_page]
[4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A811FC-->027E0000 [unknown_code_page]
[4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77A811AC-->02780000 [unknown_code_page]
[4560]KHALMNPR.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->027A0000 [unknown_code_page]
[4560]KHALMNPR.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->02790000 [unknown_code_page]
[4560]KHALMNPR.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->027E0000 [unknown_code_page]
[4560]KHALMNPR.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->027D0000 [unknown_code_page]
[4560]KHALMNPR.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->02780000 [unknown_code_page]
[4560]KHALMNPR.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004130DC-->027A0000 [unknown_code_page]
[4560]KHALMNPR.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004130D4-->02790000 [unknown_code_page]
[4560]KHALMNPR.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x004130F8-->02780000 [unknown_code_page]
[4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->02810000 [unknown_code_page]
[4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->027F0000 [unknown_code_page]
[4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->027B0000 [unknown_code_page]
[4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->02820000 [unknown_code_page]
[4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->027C0000 [unknown_code_page]
[4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->027A0000 [unknown_code_page]
[4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->02790000 [unknown_code_page]
[4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->02830000 [unknown_code_page]
[4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->027E0000 [unknown_code_page]
[4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->027D0000 [unknown_code_page]
[4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->02800000 [unknown_code_page]
[4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->02780000 [unknown_code_page]
[4560]KHALMNPR.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->02840000 [unknown_code_page]
[4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->027B0000 [unknown_code_page]
[4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->027C0000 [unknown_code_page]
[4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->027A0000 [unknown_code_page]
[4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->02790000 [unknown_code_page]
[4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->027E0000 [unknown_code_page]
[4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->027D0000 [unknown_code_page]
[4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->02780000 [unknown_code_page]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Jack&Jill

2011-09-27, 17:29

Hello gilmore :),

Repair your hard disk with Chkdsk

Go to Start > Run.... Copy and paste the following text into the white box:

cmd /c chkdsk c: /f
Click OK. You will be prompted to schedule the scan on the next reboot, type Y and press Enter.
The command prompt window will close quickly.
Reboot your computer and Chkdsk will perform the repair tasks accordingly.
If you need help, please take a look at this Chkdsk tutorial (http://forums.whatthetech.com/How_run_CHKDSK_Windows_XP_t102348.html).

You might need to perform Chkdsk more than once to get everything fixed. Let me know how it goes.

gilmore

2011-09-27, 19:30

This is kind of strange. I received the email noting that you replied to repair the hard drive... (copied and paster below). The email also states that there might also be other replies. I went to the forum to see any additional remarks/replies, but there is not a post.
Here is the whole email:

Dear gilmore,

Jack&Jill has just replied to a thread you have subscribed to entitled - Extremely SLOW PC - in the Malware Removal forum of Safer-Networking Forums.

This thread is located at:
http://forums.spybot.info/showthread.php?t=63915&goto=newpost

Here is the message that has just been posted:
***************
Hello gilmore :),

Repair your hard disk with Chkdsk
* Go to *Start* > *Run...*. Copy and paste the following text into the white box:

Code:
---------
cmd /c chkdsk c: /f
---------
* Click *OK*. You will be prompted to schedule the scan on the next reboot, type *Y* and press *Enter*.
* The command prompt window will close quickly.
* Reboot your computer and Chkdsk will perform the repair tasks accordingly.
* If you need help, please take a look at this *Chkdsk tutorial* (http://forums.whatthetech.com/How_run_CHKDSK_Windows_XP_t102348.html).

You might need to perform Chkdsk more than once to get everything fixed. Let me know how it goes.
***************

There may also be other replies, but you will not receive any more notifications until you visit the forum again.

All the best,
Safer-Networking Forums

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Unsubscription information:

To unsubscribe from this thread, please visit this page:
http://forums.spybot.info/subscription.php?do=removesubscription&type=thread&subscriptionid=56227&auth=143f701e134bcfc632f98e2e71f35c71

To unsubscribe from ALL threads, please visit this page:
http://forums.spybot.info/subscription.php?do=viewsubscription&folderid=all

Is there anything else that I need to do (other than repair the hard drive with Chkdsk? Any further instructions? Sorry to post without results, I just want to make sure I am not missing a step.

gilmore

2011-09-27, 19:34

Ugh, never mind!
Once I posted the last message - it must have forced your message to post. Prior to posting, I waited over an hour for your message to post/ refreshed the brower/ quit the application, etc. Frustrating glitch.
I'll run the Chkdsk in a few minutes.

gilmore

2011-09-27, 22:52

Hi-
I did the
cmd /c chkdsk c: /f
three times. It still seems to be running slow.

Is there a virus/trojan/malware on the computer?

I realize the RAM is not sufficient and the computer is pretty full. Is there a trusted website that can help me learn how to run the computer more efficiently? Or which programs can actually me deleted? Also, I used to know how to turn off background programs, but I am not sure with this computer which ones to turn off - is there somewhere that I can learn which programs can be turned off during start up?

Sorry to shoot so many questions. We are just very frustrated with this computer (can't afford a new one right now) and seem to spend half our time just waiting for it to load for start up - or through web pages - etc.

Thanks!

Jack&Jill

2011-09-28, 02:37

Hello gilmore :),

I only asked for Chkdsk. Yes, that would be a glitch.

In the last Chkdsk, are there any more errors?

Is there a virus/trojan/malware on the computer? Some further checks are still required.

Is there a trusted website that can help me learn how to run the computer more efficiently? Or which programs can actually me deleted? I will provide some guidelines later.

--------------------

Please close all programs and do not run any others before and during the GMER scan. Do not use the computer for anything else until after the scan is completed.

Please download GMER and save it to your desktop. Click here. (http://www.gmer.net/download.php)

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
In the right panel, you will see several boxes that have been checked (ticked).
Uncheck IAT/EAT
Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
Uncheck Show All (don't miss this one)
Then click the Scan button and wait for it to finish.
Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
Enable back your security softwares as soon as you completed the GMER steps.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

If you are having problems running GMER, retry with Devices unchecked as well. If you are still encountering difficulties, please try running GMER in Safe Mode. You can get into Safe Mode using the F8 key during the startup of your computer after a reboot.

--------------------

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on Run ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
Then, check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please post back:
1. any more errors from Chkdsk?
2. GMER log
3. ESET online scan report

Jack&Jill

2011-09-30, 02:36

Hello gilmore :),

I usually close the topic after 3 days without any reply, and it has already been 2 days since my last post. Do you still need help? Any problems following my instructions? Need more time?

If I do not get any response within the next 24 hours, this topic will be closed.

gilmore

2011-09-30, 21:21

sorry- I never received an email that you posted a reply. I just happened to check today. I will follow instructions and post results.
I will be out of town most of the weekend, but will check again on Sunday afternoon/evening.

Jack&Jill

2011-10-03, 02:19

Hello gilmore :),

Hope you had a great weekend.

Please post if there are any more errors from Chkdsk, the GMER log and ESET online scan result when you are ready. Try to check for replies at least once a day and get back to me within 3 days. If you need to be away for a while, I would appreciate it if you can let me know like what you did in your last post. Thanks.

gilmore

2011-10-04, 15:06

Thank You for your patience with me as life has been hectic.
I hope I did the ESET correctly. I think the scan went fine, but I had trouble when trying to save and I just now found the file:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=22a08b5a01b5b24688d967a76c60ff1a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-04 06:47:36
# local_time=2011-10-04 01:47:36 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 16777193 80 100 24664312 53512136 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=234210
# found=34
# cleaned=0
# scan_time=8269
C:\Documents and Settings\Madison\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000750 HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Madison\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000779 HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Mozilla Firefox\components\1276916.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Mozilla Firefox 4.0 Beta 8\components\1276916.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\ccp_khffib.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\Director_gafcl.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\dprx_tfxxsx.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\ffe35_jgagda.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\ffe36_cvuiif.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\ffe3_idfbmm.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\ffe40_efgebb.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\ffe_ykbvuu.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\mcapp_gcsego.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\mca_ykbvuu.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\mcff_demmou.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\mcgc_cvuiif.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\mcie_idiqqh.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\mck_frmjvc.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\mclmd_jtewcm.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\mcmsg_gepktc.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\mcoexp_pfvuh.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\mco_byardp.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\mcsc_bfdhpo.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\mcy_elrmxd.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\proxy.dll probably a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\shim_thidgp.dll probably a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\eueidi\svcboot_lkais.dll a variant of Win32/WebWatcher.A application (unable to clean) 00000000000000000000000000000000 I
G:\$RECYCLE.BIN\S-1-5-21-2955408893-2461738074-1752208894-1001\$R93TR98\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
G:\$RECYCLE.BIN\S-1-5-21-2955408893-2461738074-1752208894-1001\$R93TR98\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
G:\$RECYCLE.BIN\S-1-5-21-2955408893-2461738074-1752208894-1001\$R93TR98\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
G:\Mom's Computer\Julie\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
G:\Mom's Computer\Julie\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
G:\Mom's Computer\Julie\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/WebWatcher.A application 00000000000000000000000000000000 I

Here is the GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-30 19:00:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD1600JS-75NCB3 rev.10.02E04
Running: 38g6k1rf.exe; Driver: C:\DOCUME~1\JULIEG~1\LOCALS~1\Temp\kwlyyuow.sys

---- System - GMER 1.0.15 ----

SSDT 85E65E78 ZwAlertResumeThread
SSDT 85F2F8D8 ZwAlertThread
SSDT 85BDDC20 ZwAllocateVirtualMemory
SSDT 85E62058 ZwAssignProcessToJobObject
SSDT 85EC39E0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA046980]
SSDT 85BC4640 ZwCreateMutant
SSDT 85AD2738 ZwCreateSymbolicLinkObject
SSDT 85EC7360 ZwCreateThread
SSDT 85EBA7C0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA046C00]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA046F10]
SSDT 85BDDEF8 ZwDuplicateObject
SSDT 85BF1DB8 ZwFreeVirtualMemory
SSDT 85EB2E78 ZwImpersonateAnonymousToken
SSDT 85EB0478 ZwImpersonateThread
SSDT 85E6BE48 ZwLoadDriver
SSDT 85BF1C18 ZwMapViewOfSection
SSDT 85E7C870 ZwOpenEvent
SSDT 85BBC878 ZwOpenProcess
SSDT 85E7A070 ZwOpenProcessToken
SSDT 86CDE0C0 ZwOpenSection
SSDT 85BBC6E8 ZwOpenThread
SSDT 85BAE0B0 ZwProtectVirtualMemory
SSDT 85E9A268 ZwResumeThread
SSDT 85EAA070 ZwSetContextThread
SSDT 85BF1900 ZwSetInformationProcess
SSDT 85EB9C98 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA047160]
SSDT 85C291F0 ZwSuspendProcess
SSDT 85E88790 ZwSuspendThread
SSDT 86D04070 ZwTerminateProcess
SSDT 85C76070 ZwTerminateThread
SSDT 85E91BA0 ZwUnmapViewOfSection
SSDT 85BDD810 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A7786D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventSourceFlags 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventMessageFile C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventSourceFlags 1
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventMessageFile C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

I didn't run Chkdsk any more after that last post - but will run some more and post results later today.
Thank you again for your patience!!!

gilmore

2011-10-04, 21:18

Ran the chdsk thing two more times. It doesn't give me a list to post. Seemed to run like the other times. Upon rebooting, it comes up with the blue screen and runs a series of tasks. Is there something particular I should be looking for?

Jack&Jill

2011-10-05, 02:39

Hello gilmore :),

For Chkdsk, did you notice any errors from the most recent runs? There will not be any logs, and no need to run it any more.

Do you have a parental control program called WebWatcher? I see another two such programs; ComputerTime 4.0.1 and Norton Safety Minder. Having one too many similar programs might caused conflict and slow down the computer. This could be a possible source of your problem.

I suggest you to choose one to keep and uninstall the rest.

--------------------

From your earlier DDS log:
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: webkins.com\www

Please remove all websites from the Trusted Zone in Internet Explorer as a security precaution. Have a look at the following article on how to do it.

Security zones: adding or removing websites (http://windows.microsoft.com/en-US/windows-vista/Security-zones-adding-or-removing-websites)

--------------------

Please uninstall the following programs:
URL Assistant
Viewpoint Media Player
Vuze Remote Toolbar

--------------------

Please download ERUNT© by Lars Hederer from one of the links below and save it to your desktop.

Link 1 (http://aumha.org/downloads/erunt-setup.exe)
Link 2 (http://download.cnet.com/ERUNT/3000-2242_4-49213.html)
Link 3 (http://majorgeeks.com/Erunt_d1267.html)

Backup your registry with ERUNT

Double click on erunt-setup.exe and run the installation setup.
Follow the setup instructions until you reach Select Additional Tasks, uncheck (untick) Create NTREGOPT desktop icon.
Continue until you get prompted to run ERUNT at startup. Choose No.
Next, make sure Launch ERUNT is checked (ticked) and click Finish.
Click OK when ERUNT is launched, and accept all default setting. ERUNT will then backup the registry.

--------------------

Please download OTM© by Old Timer from one of the links below and save it to your desktop.

Link 1 (http://oldtimer.geekstogo.com/OTM.exe)
Link 2 (http://www.itxassociates.com/OT-Tools/OTM.exe)

Double click OTM.exe to run it.
Copy and paste the following text into the white box under Paste Instructions for Items to be Moved:

:files
C:\Documents and Settings\Madison\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000750
C:\Documents and Settings\Madison\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000779

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{ef99bd32-c1fb-11d2-892f-0090271d4f88}"=-

:commands
[CREATERESTOREPOINT]
[emptytemp]

Click the red MoveIt! button. Everything on the desktop may disappear, this is normal. Please wait until the tool completes its routine.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
The results can also be found in C:\_OTM\MovedFiles folder, the log file being named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed.

--------------------

Please post back:
1. any errors from Chkdsk?
2. input on WebWatcher
3. OTM log

gilmore

2011-10-06, 13:47

I unistalled Webwatcher and Norton Safety Reminder. I need to keep Computer Time to keep the peace in the house : ) I will eventually need to install another program to WebWatcher, any recomendations? I need a program that will record my kids activities, user friendly, and also kick them off after a selected period of time. I didn't realize that webwatcher and computer time would conflict with each other.
I removed the sites from the trusted zones.
I uninstalled the URL assistant and the viewpoint Media Player. BUT, I could not find the Vuze Remote Tool Bar. Am I missing something?
Ran the ERUNT.
Thank you!!!

Below are the results of the OTM:

All processes killed
========== FILES ==========
C:\Documents and Settings\Madison\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000750 moved successfully.
C:\Documents and Settings\Madison\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000779 moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef99bd32-c1fb-11d2-892f-0090271d4f88}\ deleted successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point (68719476736)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56545 bytes

User: All Users

User: Dad
->Temp folder emptied: 339565 bytes
->Temporary Internet Files folder emptied: 51779 bytes
->Java cache emptied: 69804256 bytes
->FireFox cache emptied: 5423610 bytes
->Flash cache emptied: 24798 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56545 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: Julie Goodwin
->Temp folder emptied: 27818374 bytes
->Temporary Internet Files folder emptied: 2311030 bytes
->Java cache emptied: 59379075 bytes
->FireFox cache emptied: 43065119 bytes
->Google Chrome cache emptied: 47351500 bytes
->Apple Safari cache emptied: 4757504 bytes
->Flash cache emptied: 229603 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Madison
->Temp folder emptied: 1277231 bytes
->Temporary Internet Files folder emptied: 7843990 bytes
->Java cache emptied: 68203253 bytes
->FireFox cache emptied: 318597378 bytes
->Google Chrome cache emptied: 258167146 bytes
->Apple Safari cache emptied: 994304 bytes
->Flash cache emptied: 258082 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 593214 bytes
->Flash cache emptied: 405 bytes

User: Owner

User: PJG
->Temp folder emptied: 2059885 bytes
->Temporary Internet Files folder emptied: 49624 bytes
->FireFox cache emptied: 68422347 bytes
->Flash cache emptied: 61133 bytes

User: Sean
->Temp folder emptied: 401679 bytes
->Temporary Internet Files folder emptied: 1495886 bytes
->Java cache emptied: 79246286 bytes
->FireFox cache emptied: 332586299 bytes
->Google Chrome cache emptied: 110520663 bytes
->Apple Safari cache emptied: 3692544 bytes
->Flash cache emptied: 29074 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 139140509 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 153518646 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33493110 bytes
RecycleBin emptied: 761 bytes

Total Files Cleaned = 1,756.00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 10062011_063000

gilmore

2011-10-06, 13:50

I knew I forgot something!
The Chkdsk. I ran again. Upon reboot, it runs through verifying the file storage, indexes, and security descriptors. Then another screen with things comes up and then goes away faster than I can read/copy it. It doesn't say "errors" at least not that I can see.

Jack&Jill

2011-10-07, 02:03

Hello gilmore :),

For parental controls, I used the Windows 7 built-in version. I am not familiar with third party parental controls, but some that you can consider are K9 Web Protection (http://www1.k9webprotection.com/) or Windows Live Family Safety 2011 (http://explore.live.com/windows-live-family-safety).

Here (http://www.microsoft.com/security/family-safety/childsafety-steps.aspx) is an article from Microsoft on child safety.

In general, having two security programs doing the same thing will reduce effectiveness and take up a lot of resources. You should only choose one of the parental control programs that you feel works best.

Vuze Remote Tool Bar should be uninstalled from the browser.

--------------------

Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.

Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Java(TM) 6 Update 15

Go to the Java SE download page. Click here. (http://www.java.com/en/download/manual.jsp)
Under the Windows title, click on Windows 7, XP Offline (32-bit) or Windows 7, XP Offline (64-bit) and save the file to your desktop.
Close any programs you may have running, especially your web browser.
Then, from your desktop, double click on the download to install the newest version. Reboot your computer.

--------------------

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Adobe Reader 9.4.5

Go to the Adobe download page. Click here. (http://get.adobe.com/reader/)
If your OS is not the same as stated, click on Do you have a different language or operating system? link.
Under the Select an operating system title, choose the OS that you have.
Change the language at the Select a language title.
Next, select the version of the reader at the Select a Version title.
Uncheck (untick) to opt out of Google Chrome installation.
Click the Download now button to proceed. Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.
If your OS is the same, uncheck (untick) to opt out of McAfee Security Scan Plus installation.
Click Download to proceed. Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.

Alternatively, you can try Foxit Reader Portable (http://download.cnet.com/Foxit-Reader-Portable/3000-18497_4-75157356.html) or Nuance PDF Reader (http://download.cnet.com/Nuance-PDF-Reader/3000-18497_4-75128752.html).

--------------------

Thunderbird is outdated as well and should be updated:
Mozilla Thunderbird (3.1.11)

Please rerun DDS and post back its logs.

--------------------

Please post back:
1. fresh DDS logs
2. how is the computer now?

gilmore

2011-10-07, 06:14

I think I uninstalled the Vuse toolbar - I had to do a search for the file and then delete.
I updated Java and Adobe. Forgot to update Mozilla, will do now.
Computer seems to be running a little faster.

Here is the DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_27
Run by Julie G at 22:57:29 on 2011-10-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.507 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\SoftwareTime\ComputerTime\bin\STProxy.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe
C:\Program Files\SoftwareTime\ComputerTime\bin\stka32.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\QuickTime\QTTask.exe
D:\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2953735
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKCU-RunOnce
mRun: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-Run
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [PCLEUSBTip] c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-RunOnce
StartupFolder: c:\docume~1\julieg~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\STProxy.dll
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://rescam1.b2science.org/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F815C68-606F-4179-9E43-F7E95177B20C} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\julie goodwin\application data\mozilla\firefox\profiles\yrou326h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2953735&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - CyberDefender-TB Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2953735&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2953735&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.gopher - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: d:\mozilla plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R2 ComputerTimeServer;ComputerTime Server;c:\program files\softwaretime\computertime\bin\fbserver.exe [2010-10-12 3780608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-20 10448]
R2 STProxy;STProxy;c:\program files\softwaretime\computertime\bin\STProxy.exe [2011-3-9 3035136]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
R2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-12-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-12-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-12-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-12-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-12-26 25704]
S2 gupdate1c9b9f9fa17bde8;Google Update Service (gupdate1c9b9f9fa17bde8);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2007-5-30 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2011-10-07 03:41:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-07 03:41:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-06 11:30:00 -------- dc----w- C:\_OTM
2011-10-04 04:26:19 -------- d-----w- c:\program files\ESET
2011-09-26 14:00:25 -------- d-----w- c:\documents and settings\julie goodwin\application data\Malwarebytes
2011-09-26 13:58:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-26 13:58:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-26 13:58:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 13:39:52 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-09-26 13:39:30 -------- d-----w- c:\program files\common files\Authentium
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-19 03:15:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-08-25 23:43:48 11817800 -c----w- c:\program files\GoogleEarth.exe
2002-07-26 22:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 22:58:53.14 ===============

gilmore

2011-10-07, 06:59

Mozilla updated.
PS- I notice that a software/program/toolbar called CyberDefender has taken over the firefox and IE home page. I am not quite sure how it got there - maybe I didn't check or uncheck something when running the scans? Or maybe my kids clicked on something? I have tried to unistall in add/remove programs, but I can't find it there. I did a search online on how to remove and it says to use an unistaller program??? Any suggestions?

Jack&Jill

2011-10-08, 04:21

Hello gilmore :),

There are a few things that I would like some clarification from you before making further moves.

Did you install AVSDK5 and do you know what is it?

Previously you had Norton Security Suite, did you uninstall it?

I see from your installed programs list that the Firefox version is 7, but somehow in the running process it is C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe. Older versions have security vulnerabilities. To be sure that you are having and using the correct one, please uninstall Firefox fully, then get the latest one from here (http://www.mozilla.org/en-US/firefox/new/).

gilmore

2011-10-09, 19:48

I don't think I install AVSDK5 and I don't know what it is. Did a search - looks like a virus or worm???
I must have uninstalled the Norton Security Suite when I unistalled the other Norton program. Is that ok?
Deleted firefox from the C drive and add/remove programs and reinstalled.

Jack&Jill

2011-10-10, 13:10

Hello gilmore :),

Do you have other user accounts that have Administrator rights?

AVSDK5 appears legitimate and seems to be linked with the CyberDefender, but I am not familiar with it. Since you did not install it, it is OK to remove it. Please uninstall AVSDK5 through the Control Panel.

After you have removed Norton Security Suite, your computer does not have any protection. If you have the license, you can put it back, or choose from one of these:

Avast (http://www.avast.com/eng/download-avast-home.html)
Microsoft Security Essentials (http://www.microsoft.com/security_essentials/)

AV is a very critical part of your system to keep the it safe and clean. Without it, a computer can easily get infected. You should only select one of these two, and keep only one installed.

Please rerun DDS and post back its logs.

gilmore

2011-10-10, 18:41

I did have one other user as an adminstrator - but have now changed that to a limited account
I thought I got rid of the cyberdefender by going through the my computer and locating the file. It was not in my add/remove programs. Then the cyberdefender still appeared on the IE, so I re-installed IE and it seems to have fixed it.
I must have had a "brain glitch" because I forgot that I did uninstall the Norton program. I did this because our new isp is Macafee. I installed Mcafee. When installing, it found the malwarebytes and asked to uninstall because it would interfere - so I uninstalled.

Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_27
Run by Julie G at 11:28:57 on 2011-10-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.525 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\SoftwareTime\ComputerTime\bin\STProxy.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\QuickTime\QTTask.exe
D:\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\SoftwareTime\ComputerTime\bin\stka32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111010110833.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKCU-RunOnce
mRun: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-Run
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [PCLEUSBTip] c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-RunOnce
StartupFolder: c:\docume~1\julieg~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\STProxy.dll
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://rescam1.b2science.org/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F815C68-606F-4179-9E43-F7E95177B20C} : DhcpNameServer = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\julie goodwin\application data\mozilla\firefox\profiles\07mj6jjm.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: d:\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-10-10 84200]
R2 ComputerTimeServer;ComputerTime Server;c:\program files\softwaretime\computertime\bin\fbserver.exe [2010-10-12 3780608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-20 10448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-10 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-10 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-10 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-10-10 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-10-10 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-10 148520]
R2 STProxy;STProxy;c:\program files\softwaretime\computertime\bin\STProxy.exe [2011-3-9 3035136]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
R2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-10 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-10 153280]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-10-10 88736]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-12-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-12-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-12-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-12-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-12-26 25704]
S2 0288811318262942mcinstcleanup;McAfee Application Installer Cleanup (0288811318262942);c:\docume~1\julieg~1\locals~1\temp\028881~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\julieg~1\locals~1\temp\028881~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9b9f9fa17bde8;Google Update Service (gupdate1c9b9f9fa17bde8);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2007-5-30 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-10 52320]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-10 314088]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-10-10 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-10 84488]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2011-10-10 16:07:42 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-07 03:41:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-07 03:41:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-06 11:30:00 -------- dc----w- C:\_OTM
2011-10-04 04:26:19 -------- d-----w- c:\program files\ESET
2011-09-26 14:00:25 -------- d-----w- c:\documents and settings\julie g\application data\Malwarebytes
2011-09-26 13:58:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-26 13:39:52 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-09-26 13:39:30 -------- d-----w- c:\program files\common files\Authentium
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-19 03:15:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-08-25 23:43:48 11817800 -c----w- c:\program files\GoogleEarth.exe
2002-07-26 22:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JS-75NCB3 rev.10.02E04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xF763E000]<< >>UNKNOWN [0xF762E000]<< >>UNKNOWN [0xF7487000]<< >>UNKNOWN [0x806E5000]<< >>UNKNOWN [0xF7BC6000]<< >>UNKNOWN [0xF787E000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86D45AB8]
\Driver\Disk[0x86D8CA08] -> IRP_MJ_CREATE -> 0xF7644BB0
3 [0xF763EFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP1T0L0-17[0x86D81D98]
\Driver\atapi[0x86DC8B30] -> IRP_MJ_CREATE -> 0xF74916F2
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0xF748E864
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:30:30.29 ===============

Jack&Jill

2011-10-11, 02:01

Hello gilmore :),

The McAfee package you got seems to be disabled. And you got infected when the security programs are down.

AVSDK5 is still around and Thunderbird has not been updated.

I need to make something clear here. You need to follow my instructions and not make any changes to the computer, otherwise it will be a long process to get you clean.

When security programs are not active, you may get new infections if you continue to use the computer and go online, just like what had happened.

Can you stick with me on this?

If this is a contraint for you, then you may need to find alternative channels to get the computer in tip top condition. If you wish to continue here, please continue the next step.

--------------------

Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here. (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)

Alternatively, you may get the zip version (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract the file to the desktop.
Double click on TDSSKiller.exe to execute it.
Press Start scan to begin.
If anything is found, please change all the actions to Skip only. <-- Important, please select Skip only, DO NOT proceed other actions.
Then click on Continue at the lower right corner.
You may be prompted to reboot your computer, please consent.
Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
Please post the contents of this log.

--------------------

Please post back:
1. whether to continue
2. if yes, TDSSKiller log

gilmore

2011-10-11, 05:19

Hello-
I should have installed McAfee a few months ago when we switched isp's. The whole time I was doing the install, I had in the back of my mind that I shouldn't be installing at this time because of what I read in the forum/ or maybe it was the "before you post". But, I still knew I needed the anti-virus software on the computer and felt that antivirus-software would be ok to install. Maybe I should have just left Norton on - but, we no longer subscribe to Norton. Anyways, I guess I should have waited. Sorry about that - I'm not trying to jerk you around or make things more compliccated - really, I'm not.
I did the TDSSKiller.exe and copied and pasted results below. It didn't seem to find anything, so the "skip" part never came into play.
I'm confused about the AVSDK5 - is it a virus/worm? I also thought I updated Mozilla Thunderbird. I had trouble locating how to update, but finally figured it out - or at least I thought I did. It is not a program I use. My son downloaded. I can't recall the version numbers right now, but I remember when I updated it, it looked like the same version - but, there was not a way to click on the higher number type versions. Does that make sense?
I had the anti-virus disabled while running DDS - was that ok? I thought that I needed to disable while running the DDS.

22:01:09.0109 5124 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
22:01:09.0593 5124 ============================================================
22:01:09.0593 5124 Current date / time: 2011/10/10 22:01:09.0593
22:01:09.0593 5124 SystemInfo:
22:01:09.0593 5124
22:01:09.0593 5124 OS Version: 5.1.2600 ServicePack: 3.0
22:01:09.0593 5124 Product type: Workstation
22:01:09.0593 5124 ComputerName: HOMESCHOOL
22:01:09.0593 5124 UserName: Julie Goodwin
22:01:09.0593 5124 Windows directory: C:\WINDOWS
22:01:09.0593 5124 System windows directory: C:\WINDOWS
22:01:09.0593 5124 Processor architecture: Intel x86
22:01:09.0593 5124 Number of processors: 2
22:01:09.0593 5124 Page size: 0x1000
22:01:09.0593 5124 Boot type: Normal boot
22:01:09.0593 5124 ============================================================
22:01:11.0015 5124 Initialize success
22:01:13.0156 4156 ============================================================
22:01:13.0156 4156 Scan started
22:01:13.0156 4156 Mode: Manual;
22:01:13.0156 4156 ============================================================
22:01:14.0062 4156 Abiosdsk - ok
22:01:14.0125 4156 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:01:14.0125 4156 abp480n5 - ok
22:01:14.0187 4156 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:01:14.0187 4156 ACPI - ok
22:01:14.0234 4156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:01:14.0234 4156 ACPIEC - ok
22:01:14.0265 4156 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:01:14.0265 4156 adpu160m - ok
22:01:14.0296 4156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:01:14.0296 4156 aec - ok
22:01:14.0359 4156 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
22:01:14.0359 4156 AFD - ok
22:01:14.0421 4156 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:01:14.0421 4156 agp440 - ok
22:01:14.0437 4156 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:01:14.0437 4156 agpCPQ - ok
22:01:14.0453 4156 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:01:14.0453 4156 Aha154x - ok
22:01:14.0484 4156 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:01:14.0484 4156 aic78u2 - ok
22:01:14.0500 4156 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:01:14.0500 4156 aic78xx - ok
22:01:14.0515 4156 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:01:14.0515 4156 AliIde - ok
22:01:14.0578 4156 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:01:14.0578 4156 alim1541 - ok
22:01:14.0593 4156 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:01:14.0593 4156 amdagp - ok
22:01:14.0656 4156 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:01:14.0656 4156 amsint - ok
22:01:14.0687 4156 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:01:14.0687 4156 asc - ok
22:01:14.0703 4156 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:01:14.0703 4156 asc3350p - ok
22:01:14.0718 4156 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:01:14.0718 4156 asc3550 - ok
22:01:14.0781 4156 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:01:14.0781 4156 AsyncMac - ok
22:01:14.0796 4156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:01:14.0796 4156 atapi - ok
22:01:14.0812 4156 Atdisk - ok
22:01:14.0875 4156 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:01:14.0875 4156 Atmarpc - ok
22:01:14.0953 4156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:01:14.0953 4156 audstub - ok
22:01:14.0984 4156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:01:14.0984 4156 Beep - ok
22:01:15.0062 4156 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
22:01:15.0062 4156 bvrp_pci - ok
22:01:15.0078 4156 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:01:15.0078 4156 cbidf - ok
22:01:15.0093 4156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:01:15.0093 4156 cbidf2k - ok
22:01:15.0109 4156 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:01:15.0109 4156 CCDECODE - ok
22:01:15.0140 4156 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:01:15.0140 4156 cd20xrnt - ok
22:01:15.0171 4156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:01:15.0171 4156 Cdaudio - ok
22:01:15.0234 4156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:01:15.0234 4156 Cdfs - ok
22:01:15.0250 4156 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:01:15.0250 4156 Cdrom - ok
22:01:15.0312 4156 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
22:01:15.0312 4156 cfwids - ok
22:01:15.0312 4156 Changer - ok
22:01:15.0359 4156 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:01:15.0359 4156 CmdIde - ok
22:01:15.0390 4156 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:01:15.0406 4156 Cpqarray - ok
22:01:15.0437 4156 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:01:15.0437 4156 dac2w2k - ok
22:01:15.0453 4156 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:01:15.0453 4156 dac960nt - ok
22:01:15.0515 4156 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
22:01:15.0515 4156 DCamUSBEMPIA - ok
22:01:15.0562 4156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:01:15.0562 4156 Disk - ok
22:01:15.0609 4156 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:01:15.0625 4156 DLABOIOM - ok
22:01:15.0640 4156 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:01:15.0640 4156 DLACDBHM - ok
22:01:15.0687 4156 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
22:01:15.0687 4156 DLADResN - ok
22:01:15.0703 4156 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:01:15.0703 4156 DLAIFS_M - ok
22:01:15.0921 4156 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:01:15.0921 4156 DLAOPIOM - ok
22:01:16.0046 4156 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:01:16.0046 4156 DLAPoolM - ok
22:01:16.0062 4156 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:01:16.0062 4156 DLARTL_N - ok
22:01:16.0078 4156 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:01:16.0078 4156 DLAUDFAM - ok
22:01:16.0093 4156 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:01:16.0093 4156 DLAUDF_M - ok
22:01:16.0140 4156 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:01:16.0156 4156 dmboot - ok
22:01:16.0265 4156 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:01:16.0265 4156 dmio - ok
22:01:16.0328 4156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:01:16.0328 4156 dmload - ok
22:01:16.0390 4156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:01:16.0390 4156 DMusic - ok
22:01:16.0421 4156 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:01:16.0421 4156 dpti2o - ok
22:01:16.0468 4156 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:01:16.0468 4156 drmkaud - ok
22:01:16.0500 4156 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:01:16.0500 4156 DRVMCDB - ok
22:01:16.0515 4156 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:01:16.0515 4156 DRVNDDM - ok
22:01:16.0640 4156 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
22:01:16.0640 4156 DSproct - ok
22:01:16.0687 4156 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
22:01:16.0687 4156 dsunidrv - ok
22:01:16.0750 4156 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:01:16.0750 4156 E100B - ok
22:01:16.0812 4156 emAudio (ffa45148a2d5d05dbb3c0997e579fc9c) C:\WINDOWS\system32\drivers\emAudio.sys
22:01:16.0812 4156 emAudio - ok
22:01:16.0890 4156 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
22:01:16.0890 4156 FANTOM - ok
22:01:16.0953 4156 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:01:16.0953 4156 Fastfat - ok
22:01:17.0015 4156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:01:17.0015 4156 Fdc - ok
22:01:17.0062 4156 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
22:01:17.0062 4156 FiltUSBEMPIA - ok
22:01:17.0125 4156 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:01:17.0125 4156 Fips - ok
22:01:17.0156 4156 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:01:17.0156 4156 Flpydisk - ok
22:01:17.0187 4156 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:01:17.0203 4156 FltMgr - ok
22:01:17.0234 4156 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:01:17.0234 4156 Fs_Rec - ok
22:01:17.0250 4156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:01:17.0250 4156 Ftdisk - ok
22:01:17.0375 4156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:01:17.0375 4156 GEARAspiWDM - ok
22:01:17.0437 4156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:01:17.0437 4156 Gpc - ok
22:01:17.0515 4156 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:01:17.0515 4156 HDAudBus - ok
22:01:17.0593 4156 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:01:17.0593 4156 HidUsb - ok
22:01:17.0656 4156 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:01:17.0656 4156 hpn - ok
22:01:17.0687 4156 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:01:17.0687 4156 HSFHWBS2 - ok
22:01:17.0781 4156 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:01:17.0781 4156 HSF_DP - ok
22:01:17.0859 4156 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:01:17.0859 4156 HTTP - ok
22:01:17.0921 4156 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:01:17.0921 4156 i2omgmt - ok
22:01:17.0953 4156 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:01:17.0953 4156 i2omp - ok
22:01:17.0984 4156 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:01:17.0984 4156 i8042prt - ok
22:01:18.0046 4156 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:01:18.0062 4156 ialm - ok
22:01:18.0125 4156 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:01:18.0125 4156 Imapi - ok
22:01:18.0171 4156 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:01:18.0171 4156 ini910u - ok
22:01:18.0218 4156 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:01:18.0234 4156 IntelIde - ok
22:01:18.0281 4156 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:01:18.0281 4156 intelppm - ok
22:01:18.0312 4156 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:01:18.0312 4156 Ip6Fw - ok
22:01:18.0343 4156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:01:18.0343 4156 IpFilterDriver - ok
22:01:18.0390 4156 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:01:18.0406 4156 IpInIp - ok
22:01:18.0468 4156 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:01:18.0484 4156 IpNat - ok
22:01:18.0515 4156 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:01:18.0515 4156 IPSec - ok
22:01:18.0578 4156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:01:18.0578 4156 IRENUM - ok
22:01:18.0640 4156 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:01:18.0640 4156 isapnp - ok
22:01:18.0718 4156 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:01:18.0718 4156 Kbdclass - ok
22:01:18.0750 4156 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:01:18.0750 4156 kbdhid - ok
22:01:18.0812 4156 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:01:18.0812 4156 kmixer - ok
22:01:18.0859 4156 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:01:18.0859 4156 KSecDD - ok
22:01:18.0890 4156 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
22:01:18.0890 4156 LBeepKE - ok
22:01:18.0890 4156 lbrtfdc - ok
22:01:18.0937 4156 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
22:01:18.0937 4156 LHidFilt - ok
22:01:18.0984 4156 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
22:01:18.0984 4156 LMouFilt - ok
22:01:19.0031 4156 LUsbFilt (0c62957912d4df1e4ba9795e6be3ed38) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
22:01:19.0031 4156 LUsbFilt - ok
22:01:19.0093 4156 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
22:01:19.0093 4156 MarvinBus - ok
22:01:19.0109 4156 MBAMSwissArmy - ok
22:01:19.0171 4156 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:01:19.0171 4156 mdmxsdk - ok
22:01:19.0234 4156 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\WINDOWS\system32\drivers\mfeapfk.sys
22:01:19.0234 4156 mfeapfk - ok
22:01:19.0296 4156 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
22:01:19.0296 4156 mfeavfk - ok
22:01:19.0312 4156 mfeavfk01 - ok
22:01:19.0343 4156 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
22:01:19.0343 4156 mfebopk - ok
22:01:19.0406 4156 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
22:01:19.0406 4156 mfefirek - ok
22:01:19.0500 4156 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\WINDOWS\system32\drivers\mfehidk.sys
22:01:19.0500 4156 mfehidk - ok
22:01:19.0609 4156 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
22:01:19.0609 4156 mfendisk - ok
22:01:19.0609 4156 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
22:01:19.0609 4156 mfendiskmp - ok
22:01:19.0656 4156 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
22:01:19.0656 4156 mferkdet - ok
22:01:19.0718 4156 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
22:01:19.0718 4156 mfetdi2k - ok
22:01:19.0765 4156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:01:19.0765 4156 mnmdd - ok
22:01:19.0812 4156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:01:19.0812 4156 Modem - ok
22:01:19.0843 4156 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:01:19.0843 4156 MODEMCSA - ok
22:01:19.0859 4156 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:01:19.0859 4156 Mouclass - ok
22:01:19.0875 4156 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:01:19.0875 4156 mouhid - ok
22:01:19.0921 4156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:01:19.0921 4156 MountMgr - ok
22:01:19.0968 4156 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:01:19.0968 4156 mraid35x - ok
22:01:20.0031 4156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:01:20.0031 4156 MRxDAV - ok
22:01:20.0093 4156 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:01:20.0109 4156 MRxSmb - ok
22:01:20.0156 4156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:01:20.0156 4156 Msfs - ok
22:01:20.0218 4156 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:01:20.0218 4156 MSKSSRV - ok
22:01:20.0281 4156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:01:20.0281 4156 MSPCLOCK - ok
22:01:20.0296 4156 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:01:20.0296 4156 MSPQM - ok
22:01:20.0343 4156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:01:20.0343 4156 mssmbios - ok
22:01:20.0421 4156 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:01:20.0421 4156 MSTEE - ok
22:01:20.0453 4156 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:01:20.0453 4156 Mup - ok
22:01:20.0500 4156 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:01:20.0500 4156 NABTSFEC - ok
22:01:20.0531 4156 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:01:20.0546 4156 NDIS - ok
22:01:20.0578 4156 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:01:20.0578 4156 NdisIP - ok
22:01:20.0625 4156 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:01:20.0625 4156 NdisTapi - ok
22:01:20.0703 4156 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:01:20.0703 4156 Ndisuio - ok
22:01:20.0781 4156 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:01:20.0781 4156 NdisWan - ok
22:01:20.0828 4156 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:01:20.0828 4156 NDProxy - ok
22:01:20.0859 4156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:01:20.0859 4156 NetBIOS - ok
22:01:20.0921 4156 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:01:20.0921 4156 NetBT - ok
22:01:21.0015 4156 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:01:21.0015 4156 Npfs - ok
22:01:21.0078 4156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:01:21.0078 4156 Ntfs - ok
22:01:21.0109 4156 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:01:21.0109 4156 Null - ok
22:01:21.0203 4156 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:01:21.0218 4156 nv - ok
22:01:21.0250 4156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:01:21.0250 4156 NwlnkFlt - ok
22:01:21.0281 4156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:01:21.0281 4156 NwlnkFwd - ok
22:01:21.0343 4156 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:01:21.0343 4156 Parport - ok
22:01:21.0390 4156 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:01:21.0390 4156 PartMgr - ok
22:01:21.0437 4156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:01:21.0437 4156 ParVdm - ok
22:01:21.0484 4156 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:01:21.0484 4156 PCI - ok
22:01:21.0500 4156 PCIDump - ok
22:01:21.0531 4156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:01:21.0531 4156 PCIIde - ok
22:01:21.0593 4156 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
22:01:21.0593 4156 PCLEPCI - ok
22:01:21.0656 4156 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:01:21.0656 4156 Pcmcia - ok
22:01:21.0671 4156 PDCOMP - ok
22:01:21.0687 4156 PDFRAME - ok
22:01:21.0703 4156 PDRELI - ok
22:01:21.0718 4156 PDRFRAME - ok
22:01:21.0734 4156 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:01:21.0750 4156 perc2 - ok
22:01:21.0765 4156 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:01:21.0765 4156 perc2hib - ok
22:01:21.0843 4156 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:01:21.0843 4156 PptpMiniport - ok
22:01:21.0921 4156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:01:21.0921 4156 PSched - ok
22:01:21.0953 4156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:01:21.0953 4156 Ptilink - ok
22:01:21.0984 4156 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:01:21.0984 4156 PxHelp20 - ok
22:01:22.0031 4156 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:01:22.0031 4156 ql1080 - ok
22:01:22.0046 4156 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:01:22.0046 4156 Ql10wnt - ok
22:01:22.0062 4156 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:01:22.0062 4156 ql12160 - ok
22:01:22.0078 4156 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:01:22.0078 4156 ql1240 - ok
22:01:22.0093 4156 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:01:22.0093 4156 ql1280 - ok
22:01:22.0171 4156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:01:22.0171 4156 RasAcd - ok
22:01:22.0234 4156 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:01:22.0234 4156 Rasl2tp - ok
22:01:22.0281 4156 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:01:22.0281 4156 RasPppoe - ok
22:01:22.0343 4156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:01:22.0343 4156 Raspti - ok
22:01:22.0406 4156 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:01:22.0406 4156 Rdbss - ok
22:01:22.0437 4156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:01:22.0437 4156 RDPCDD - ok
22:01:22.0500 4156 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:01:22.0500 4156 rdpdr - ok
22:01:22.0546 4156 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:01:22.0562 4156 RDPWD - ok
22:01:22.0593 4156 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:01:22.0593 4156 redbook - ok
22:01:22.0687 4156 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
22:01:22.0687 4156 RsFx0102 - ok
22:01:22.0765 4156 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
22:01:22.0765 4156 ScanUSBEMPIA - ok
22:01:22.0843 4156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:01:22.0843 4156 Secdrv - ok
22:01:22.0921 4156 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:01:22.0921 4156 serenum - ok
22:01:22.0984 4156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:01:22.0984 4156 Serial - ok
22:01:23.0046 4156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:01:23.0062 4156 Sfloppy - ok
22:01:23.0078 4156 Simbad - ok
22:01:23.0140 4156 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:01:23.0140 4156 sisagp - ok
22:01:23.0203 4156 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:01:23.0203 4156 SLIP - ok
22:01:23.0234 4156 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:01:23.0234 4156 Sparrow - ok
22:01:23.0296 4156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:01:23.0296 4156 splitter - ok
22:01:23.0343 4156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:01:23.0343 4156 sr - ok
22:01:23.0406 4156 SRS_SSCFilter (25ecea986742275ecb23a1cb6bc87a61) C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
22:01:23.0406 4156 SRS_SSCFilter - ok
22:01:23.0515 4156 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:01:23.0515 4156 Srv - ok
22:01:23.0609 4156 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
22:01:23.0625 4156 STHDA - ok
22:01:23.0703 4156 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
22:01:23.0703 4156 StillCam - ok
22:01:23.0765 4156 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:01:23.0765 4156 streamip - ok
22:01:23.0828 4156 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:01:23.0828 4156 swenum - ok
22:01:23.0890 4156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:01:23.0890 4156 swmidi - ok
22:01:23.0921 4156 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:01:23.0937 4156 symc810 - ok
22:01:23.0953 4156 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:01:23.0953 4156 symc8xx - ok
22:01:23.0968 4156 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:01:23.0968 4156 sym_hi - ok
22:01:23.0984 4156 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:01:23.0984 4156 sym_u3 - ok
22:01:24.0046 4156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:01:24.0046 4156 sysaudio - ok
22:01:24.0109 4156 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:01:24.0125 4156 Tcpip - ok
22:01:24.0171 4156 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:01:24.0171 4156 TDPIPE - ok
22:01:24.0250 4156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:01:24.0250 4156 TDTCP - ok
22:01:24.0312 4156 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:01:24.0312 4156 TermDD - ok
22:01:24.0375 4156 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
22:01:24.0375 4156 tmcomm - ok
22:01:24.0406 4156 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:01:24.0406 4156 TosIde - ok
22:01:24.0468 4156 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:01:24.0468 4156 Udfs - ok
22:01:24.0500 4156 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:01:24.0500 4156 ultra - ok
22:01:24.0578 4156 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:01:24.0578 4156 Update - ok
22:01:24.0734 4156 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:01:24.0734 4156 USBAAPL - ok
22:01:24.0812 4156 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:01:24.0812 4156 usbccgp - ok
22:01:24.0875 4156 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:01:24.0875 4156 usbehci - ok
22:01:24.0937 4156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:01:24.0937 4156 usbhub - ok
22:01:25.0000 4156 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
22:01:25.0000 4156 USBIO - ok
22:01:25.0062 4156 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:01:25.0062 4156 usbprint - ok
22:01:25.0125 4156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:01:25.0125 4156 usbscan - ok
22:01:25.0171 4156 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:01:25.0171 4156 USBSTOR - ok
22:01:25.0234 4156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:01:25.0234 4156 usbuhci - ok
22:01:25.0296 4156 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:01:25.0296 4156 VgaSave - ok
22:01:25.0328 4156 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:01:25.0328 4156 viaagp - ok
22:01:25.0390 4156 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:01:25.0390 4156 ViaIde - ok
22:01:25.0453 4156 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:01:25.0453 4156 VolSnap - ok
22:01:25.0500 4156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:01:25.0500 4156 Wanarp - ok
22:01:25.0515 4156 wanatw - ok
22:01:25.0578 4156 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:01:25.0593 4156 Wdf01000 - ok
22:01:25.0609 4156 WDICA - ok
22:01:25.0703 4156 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:01:25.0703 4156 wdmaud - ok
22:01:25.0750 4156 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:01:25.0750 4156 winachsf - ok
22:01:25.0859 4156 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:01:25.0859 4156 WpdUsb - ok
22:01:25.0890 4156 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:01:25.0890 4156 WS2IFSL - ok
22:01:25.0953 4156 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
22:01:25.0953 4156 WsAudio_DeviceS(1) - ok
22:01:25.0968 4156 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
22:01:25.0968 4156 WsAudio_DeviceS(2) - ok
22:01:25.0984 4156 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
22:01:25.0984 4156 WsAudio_DeviceS(3) - ok
22:01:26.0000 4156 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
22:01:26.0000 4156 WsAudio_DeviceS(4) - ok
22:01:26.0015 4156 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
22:01:26.0015 4156 WsAudio_DeviceS(5) - ok
22:01:26.0093 4156 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:01:26.0093 4156 WSTCODEC - ok
22:01:26.0156 4156 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:01:26.0156 4156 WudfPf - ok
22:01:26.0203 4156 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
22:01:26.0203 4156 \Device\Harddisk0\DR0 - ok
22:01:26.0203 4156 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR5
22:01:26.0406 4156 \Device\Harddisk1\DR5 - ok
22:01:26.0421 4156 Boot (0x1200) (401a310729643eec1ca00f824bb41875) \Device\Harddisk0\DR0\Partition0
22:01:26.0421 4156 \Device\Harddisk0\DR0\Partition0 - ok
22:01:26.0453 4156 Boot (0x1200) (3b2ecb9f78d7d5c54e202848546aaf71) \Device\Harddisk0\DR0\Partition1
22:01:26.0453 4156 \Device\Harddisk0\DR0\Partition1 - ok
22:01:26.0453 4156 Boot (0x1200) (f2df6bd7eb2bd2aec5bf4f4c6159c1fe) \Device\Harddisk1\DR5\Partition0
22:01:26.0453 4156 \Device\Harddisk1\DR5\Partition0 - ok
22:01:26.0453 4156 ============================================================
22:01:26.0453 4156 Scan finished
22:01:26.0453 4156 ============================================================
22:01:26.0468 4120 Detected object count: 0
22:01:26.0468 4120 Actual detected object count: 0
22:03:10.0265 5120 Deinitialize success

Jack&Jill

2011-10-11, 07:34

Hello gilmore :),

Sorry about that - I'm not trying to jerk you around or make things more compliccated - really, I'm not.
No worries, I am just trying to ensure we stay on track and get it done more effectively :).

Like I have said, I am not familiar with AVSDK5 althought it appears legitimate. If you did not install it in the first place, why not remove it?

The current Thunderbird version is 7.01 whereas yours is at 3.1.11. That is way outdated. You can check for updates via one of the pull down menu title. If I am not mistaken, it is under Help. Alternatively, you can uninstall it, then download the latest version, but this may have an impact on the data.

It is OK to have Antivirus running when scanning with DDS, unless we face a problem.

--------------------

Please repeat the TDSSKiller step, but this time I need you to Change parameters before starting the scan. Check (tick) both Verify driver digital signatures and Detect TDLFS file system (there should be total 4 options checked). Click OK, then start the scan.

Rerun aswMBR as well.

Double click the aswMBR.exe file to run it. If you are asked to download an antivirus software, please allow.
Click on the Scan button to start. The program will launch a scan.
When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
Please post the contents of the log in your next reply.

--------------------

Please post back:
1. new TDSSKiller log
2. aswMBR log

gilmore

2011-10-12, 04:09

Hi-
I ran the TDSKiller and aswMBR.exe. Reports below:

Like I have said, I am not familiar with AVSDK5 although it appears legitimate. If you did not install it in the first place, why not remove it?

I can't find AVSDK in order to delete it. I have looked under control panel - add/remove programs.

The current Thunderbird version is 7.01 whereas yours is at 3.1.11. That is way outdated. You can check for updates via one of the pull down menu title. If I am not mistaken, it is under Help. Alternatively, you can uninstall it, then download the latest version, but this may have an impact on the data.

We really don't need Thunderbird - can I just delete?

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-11 20:41:11
-----------------------------
20:41:11.281 OS Version: Windows 5.1.2600 Service Pack 3
20:41:11.281 Number of processors: 2 586 0x409
20:41:11.281 ComputerName: HOMESCHOOL UserName:
20:41:11.984 Initialize success
20:42:39.500 AVAST engine defs: 11101102
20:42:51.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
20:42:51.218 Disk 0 Vendor: WDC_WD1600JS-75NCB3 10.02E04 Size: 152587MB BusType: 3
20:42:53.234 Disk 0 MBR read successfully
20:42:53.234 Disk 0 MBR scan
20:42:53.265 Disk 0 unknown MBR code
20:42:53.265 Disk 0 scanning sectors +312496380
20:42:53.359 Disk 0 scanning C:\WINDOWS\system32\drivers
20:43:11.593 Service scanning
20:43:12.875 Modules scanning
20:43:20.546 Disk 0 trace - called modules:
20:43:20.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:43:20.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d4aab8]
20:43:20.562 3 CLASSPNP.SYS[f763efd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86dd2b00]
20:43:21.390 AVAST engine scan C:\WINDOWS
20:43:53.968 AVAST engine scan C:\WINDOWS\system32
20:46:32.531 AVAST engine scan C:\WINDOWS\system32\drivers
20:46:58.687 AVAST engine scan C:\Documents and Settings\Julie G
20:49:58.171 AVAST engine scan C:\Documents and Settings\All Users
20:52:52.656 Scan finished successfully
21:02:57.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Julie G\Desktop\MBR.dat"
21:02:57.875 The log file has been saved successfully to "C:\Documents and Settings\Julie G\Desktop\aswMBR 10 11 2011.txt"

20:29:56.0171 3532 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
20:29:57.0000 3532 ============================================================
20:29:57.0000 3532 Current date / time: 2011/10/11 20:29:57.0000
20:29:57.0000 3532 SystemInfo:
20:29:57.0000 3532
20:29:57.0000 3532 OS Version: 5.1.2600 ServicePack: 3.0
20:29:57.0000 3532 Product type: Workstation
20:29:57.0000 3532 ComputerName: HOMESCHOOL
20:29:57.0000 3532 UserName: Julie G
20:29:57.0000 3532 Windows directory: C:\WINDOWS
20:29:57.0000 3532 System windows directory: C:\WINDOWS
20:29:57.0000 3532 Processor architecture: Intel x86
20:29:57.0000 3532 Number of processors: 2
20:29:57.0000 3532 Page size: 0x1000
20:29:57.0000 3532 Boot type: Normal boot
20:29:57.0000 3532 ============================================================
20:29:59.0062 3532 Initialize success
20:30:36.0750 0796 ============================================================
20:30:36.0750 0796 Scan started
20:30:36.0750 0796 Mode: Manual; SigCheck; TDLFS;
20:30:36.0750 0796 ============================================================
20:30:37.0921 0796 Abiosdsk - ok
20:30:37.0968 0796 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:30:41.0140 0796 abp480n5 - ok
20:30:41.0484 0796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:30:41.0750 0796 ACPI - ok
20:30:41.0781 0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:30:41.0953 0796 ACPIEC - ok
20:30:41.0984 0796 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:30:42.0250 0796 adpu160m - ok
20:30:42.0265 0796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:30:42.0437 0796 aec - ok
20:30:42.0500 0796 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
20:30:42.0703 0796 AFD - ok
20:30:42.0796 0796 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:30:42.0968 0796 agp440 - ok
20:30:43.0046 0796 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:30:43.0234 0796 agpCPQ - ok
20:30:43.0250 0796 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:30:43.0406 0796 Aha154x - ok
20:30:43.0421 0796 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:30:43.0687 0796 aic78u2 - ok
20:30:43.0734 0796 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:30:44.0015 0796 aic78xx - ok
20:30:44.0046 0796 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:30:44.0281 0796 AliIde - ok
20:30:44.0343 0796 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:30:44.0515 0796 alim1541 - ok
20:30:44.0531 0796 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:30:44.0718 0796 amdagp - ok
20:30:44.0781 0796 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:30:44.0984 0796 amsint - ok
20:30:45.0078 0796 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:30:45.0359 0796 asc - ok
20:30:45.0406 0796 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:30:45.0625 0796 asc3350p - ok
20:30:45.0703 0796 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:30:45.0937 0796 asc3550 - ok
20:30:46.0015 0796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:30:46.0171 0796 AsyncMac - ok
20:30:46.0203 0796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:30:46.0375 0796 atapi - ok
20:30:46.0390 0796 Atdisk - ok
20:30:46.0453 0796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:30:46.0609 0796 Atmarpc - ok
20:30:46.0671 0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:30:46.0843 0796 audstub - ok
20:30:46.0906 0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:30:47.0078 0796 Beep - ok
20:30:47.0156 0796 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
20:30:47.0234 0796 bvrp_pci ( UnsignedFile.Multi.Generic ) - warning
20:30:47.0234 0796 bvrp_pci - detected UnsignedFile.Multi.Generic (1)
20:30:47.0281 0796 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:30:47.0453 0796 cbidf - ok
20:30:47.0468 0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:30:47.0640 0796 cbidf2k - ok
20:30:47.0671 0796 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:30:47.0828 0796 CCDECODE - ok
20:30:47.0843 0796 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:30:48.0062 0796 cd20xrnt - ok
20:30:48.0093 0796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:30:48.0281 0796 Cdaudio - ok
20:30:48.0343 0796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:30:48.0500 0796 Cdfs - ok
20:30:48.0562 0796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:30:48.0734 0796 Cdrom - ok
20:30:48.0796 0796 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
20:30:48.0921 0796 cfwids - ok
20:30:49.0000 0796 Changer - ok
20:30:49.0031 0796 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:30:49.0218 0796 CmdIde - ok
20:30:49.0250 0796 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:30:49.0453 0796 Cpqarray - ok
20:30:49.0484 0796 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:30:49.0687 0796 dac2w2k - ok
20:30:49.0718 0796 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:30:49.0953 0796 dac960nt - ok
20:30:50.0015 0796 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
20:30:50.0171 0796 DCamUSBEMPIA - ok
20:30:50.0234 0796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:30:50.0390 0796 Disk - ok
20:30:50.0468 0796 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
20:30:50.0484 0796 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
20:30:50.0484 0796 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
20:30:50.0531 0796 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
20:30:50.0578 0796 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
20:30:50.0578 0796 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
20:30:50.0609 0796 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
20:30:50.0671 0796 DLADResN ( UnsignedFile.Multi.Generic ) - warning
20:30:50.0671 0796 DLADResN - detected UnsignedFile.Multi.Generic (1)
20:30:50.0703 0796 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
20:30:50.0734 0796 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
20:30:50.0734 0796 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
20:30:50.0750 0796 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
20:30:50.0828 0796 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
20:30:50.0828 0796 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
20:30:50.0875 0796 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
20:30:51.0000 0796 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
20:30:51.0000 0796 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
20:30:51.0046 0796 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
20:30:51.0140 0796 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
20:30:51.0140 0796 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
20:30:51.0171 0796 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
20:30:51.0203 0796 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
20:30:51.0203 0796 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
20:30:51.0218 0796 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
20:30:51.0312 0796 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
20:30:51.0312 0796 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
20:30:51.0390 0796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:30:51.0609 0796 dmboot - ok
20:30:51.0718 0796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:30:51.0890 0796 dmio - ok
20:30:51.0921 0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:30:52.0093 0796 dmload - ok
20:30:52.0156 0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:30:52.0312 0796 DMusic - ok
20:30:52.0343 0796 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:30:52.0531 0796 dpti2o - ok
20:30:52.0609 0796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:30:52.0781 0796 drmkaud - ok
20:30:52.0828 0796 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
20:30:52.0906 0796 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
20:30:52.0906 0796 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
20:30:52.0921 0796 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:30:53.0000 0796 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
20:30:53.0000 0796 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
20:30:53.0140 0796 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:30:53.0156 0796 DSproct ( UnsignedFile.Multi.Generic ) - warning
20:30:53.0156 0796 DSproct - detected UnsignedFile.Multi.Generic (1)
20:30:53.0218 0796 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
20:30:53.0328 0796 dsunidrv - ok
20:30:53.0343 0796 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:30:53.0421 0796 E100B - ok
20:30:53.0484 0796 emAudio (ffa45148a2d5d05dbb3c0997e579fc9c) C:\WINDOWS\system32\drivers\emAudio.sys
20:30:53.0640 0796 emAudio - ok
20:30:53.0750 0796 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
20:30:53.0890 0796 FANTOM ( UnsignedFile.Multi.Generic ) - warning
20:30:53.0890 0796 FANTOM - detected UnsignedFile.Multi.Generic (1)
20:30:53.0953 0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:30:54.0187 0796 Fastfat - ok
20:30:54.0250 0796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:30:54.0468 0796 Fdc - ok
20:30:54.0531 0796 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
20:30:54.0656 0796 FiltUSBEMPIA - ok
20:30:54.0734 0796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:30:54.0921 0796 Fips - ok
20:30:54.0953 0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:30:55.0140 0796 Flpydisk - ok
20:30:55.0203 0796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:30:55.0390 0796 FltMgr - ok
20:30:55.0421 0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:30:55.0609 0796 Fs_Rec - ok
20:30:55.0656 0796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:30:55.0875 0796 Ftdisk - ok
20:30:55.0968 0796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:30:56.0093 0796 GEARAspiWDM - ok
20:30:56.0156 0796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:30:56.0343 0796 Gpc - ok
20:30:56.0421 0796 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:30:56.0765 0796 HDAudBus - ok
20:30:56.0890 0796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:30:57.0203 0796 HidUsb - ok
20:30:57.0234 0796 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:30:57.0625 0796 hpn - ok
20:30:57.0687 0796 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:30:57.0953 0796 HSFHWBS2 - ok
20:30:58.0046 0796 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:30:58.0390 0796 HSF_DP - ok
20:30:58.0500 0796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:30:58.0609 0796 HTTP - ok
20:30:58.0718 0796 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:30:58.0968 0796 i2omgmt - ok
20:30:59.0000 0796 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:30:59.0250 0796 i2omp - ok
20:30:59.0281 0796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:30:59.0531 0796 i8042prt - ok
20:30:59.0625 0796 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:31:00.0000 0796 ialm - ok
20:31:00.0078 0796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:31:00.0343 0796 Imapi - ok
20:31:00.0390 0796 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:31:00.0750 0796 ini910u - ok
20:31:00.0812 0796 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:31:01.0046 0796 IntelIde - ok
20:31:01.0109 0796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:31:01.0343 0796 intelppm - ok
20:31:01.0375 0796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:31:01.0625 0796 Ip6Fw - ok
20:31:01.0703 0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:31:01.0937 0796 IpFilterDriver - ok
20:31:02.0015 0796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:31:02.0234 0796 IpInIp - ok
20:31:02.0281 0796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:31:02.0531 0796 IpNat - ok
20:31:02.0578 0796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:31:02.0843 0796 IPSec - ok
20:31:02.0937 0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:31:03.0140 0796 IRENUM - ok
20:31:03.0203 0796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:31:03.0359 0796 isapnp - ok
20:31:03.0500 0796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:31:03.0656 0796 Kbdclass - ok
20:31:03.0687 0796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:31:03.0828 0796 kbdhid - ok
20:31:03.0890 0796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:31:04.0046 0796 kmixer - ok
20:31:04.0078 0796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:31:04.0234 0796 KSecDD - ok
20:31:04.0328 0796 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
20:31:04.0484 0796 LBeepKE - ok
20:31:04.0500 0796 lbrtfdc - ok
20:31:04.0562 0796 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
20:31:04.0656 0796 LHidFilt - ok
20:31:04.0687 0796 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
20:31:04.0843 0796 LMouFilt - ok
20:31:04.0906 0796 LUsbFilt (0c62957912d4df1e4ba9795e6be3ed38) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
20:31:05.0000 0796 LUsbFilt - ok
20:31:05.0062 0796 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
20:31:05.0093 0796 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
20:31:05.0093 0796 MarvinBus - detected UnsignedFile.Multi.Generic (1)
20:31:05.0109 0796 MBAMSwissArmy - ok
20:31:05.0171 0796 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:31:05.0250 0796 mdmxsdk - ok
20:31:05.0312 0796 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\WINDOWS\system32\drivers\mfeapfk.sys
20:31:05.0406 0796 mfeapfk - ok
20:31:05.0468 0796 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
20:31:05.0609 0796 mfeavfk - ok
20:31:05.0656 0796 mfeavfk01 - ok
20:31:05.0687 0796 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
20:31:05.0765 0796 mfebopk - ok
20:31:05.0828 0796 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
20:31:06.0000 0796 mfefirek - ok
20:31:06.0093 0796 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\WINDOWS\system32\drivers\mfehidk.sys
20:31:06.0312 0796 mfehidk - ok
20:31:06.0390 0796 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
20:31:06.0484 0796 mfendisk - ok
20:31:06.0484 0796 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
20:31:06.0500 0796 mfendiskmp - ok
20:31:06.0578 0796 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
20:31:06.0671 0796 mferkdet - ok
20:31:06.0750 0796 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
20:31:06.0875 0796 mfetdi2k - ok
20:31:06.0968 0796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:31:07.0125 0796 mnmdd - ok
20:31:07.0187 0796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:31:07.0343 0796 Modem - ok
20:31:07.0375 0796 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:31:07.0593 0796 MODEMCSA - ok
20:31:07.0609 0796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:31:07.0781 0796 Mouclass - ok
20:31:07.0781 0796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:31:07.0953 0796 mouhid - ok
20:31:08.0015 0796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:31:08.0171 0796 MountMgr - ok
20:31:08.0250 0796 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:31:08.0484 0796 mraid35x - ok
20:31:08.0531 0796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:31:08.0703 0796 MRxDAV - ok
20:31:08.0765 0796 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:31:09.0015 0796 MRxSmb - ok
20:31:09.0109 0796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:31:09.0281 0796 Msfs - ok
20:31:09.0359 0796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:31:09.0531 0796 MSKSSRV - ok
20:31:09.0625 0796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:31:09.0796 0796 MSPCLOCK - ok
20:31:09.0812 0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:31:09.0968 0796 MSPQM - ok
20:31:10.0031 0796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:31:10.0187 0796 mssmbios - ok
20:31:10.0250 0796 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:31:10.0421 0796 MSTEE - ok
20:31:10.0468 0796 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:31:10.0609 0796 Mup - ok
20:31:10.0703 0796 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:31:10.0859 0796 NABTSFEC - ok
20:31:10.0937 0796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:31:11.0093 0796 NDIS - ok
20:31:11.0125 0796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:31:11.0281 0796 NdisIP - ok
20:31:11.0343 0796 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:31:11.0484 0796 NdisTapi - ok
20:31:11.0546 0796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:31:11.0718 0796 Ndisuio - ok
20:31:11.0796 0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:31:12.0046 0796 NdisWan - ok
20:31:12.0078 0796 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:31:12.0312 0796 NDProxy - ok
20:31:12.0375 0796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:31:12.0656 0796 NetBIOS - ok
20:31:12.0734 0796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:31:12.0968 0796 NetBT - ok
20:31:13.0046 0796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:31:13.0203 0796 Npfs - ok
20:31:13.0265 0796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:31:13.0468 0796 Ntfs - ok
20:31:13.0500 0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:31:13.0671 0796 Null - ok
20:31:13.0765 0796 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:31:14.0031 0796 nv - ok
20:31:14.0109 0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:31:14.0250 0796 NwlnkFlt - ok
20:31:14.0328 0796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:31:14.0500 0796 NwlnkFwd - ok
20:31:14.0562 0796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:31:14.0750 0796 Parport - ok
20:31:14.0937 0796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:31:15.0125 0796 PartMgr - ok
20:31:15.0203 0796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:31:15.0421 0796 ParVdm - ok
20:31:15.0703 0796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:31:15.0953 0796 PCI - ok
20:31:16.0078 0796 PCIDump - ok
20:31:16.0125 0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:31:16.0281 0796 PCIIde - ok
20:31:16.0343 0796 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
20:31:16.0484 0796 PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
20:31:16.0484 0796 PCLEPCI - detected UnsignedFile.Multi.Generic (1)
20:31:16.0578 0796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:31:16.0734 0796 Pcmcia - ok
20:31:16.0750 0796 PDCOMP - ok
20:31:16.0765 0796 PDFRAME - ok
20:31:16.0781 0796 PDRELI - ok
20:31:16.0796 0796 PDRFRAME - ok
20:31:16.0843 0796 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:31:17.0062 0796 perc2 - ok
20:31:17.0093 0796 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:31:17.0250 0796 perc2hib - ok
20:31:17.0343 0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:31:17.0500 0796 PptpMiniport - ok
20:31:17.0562 0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:31:17.0828 0796 PSched - ok
20:31:17.0875 0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:31:18.0031 0796 Ptilink - ok
20:31:18.0093 0796 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:31:18.0125 0796 PxHelp20 - ok
20:31:18.0171 0796 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:31:18.0312 0796 ql1080 - ok
20:31:18.0343 0796 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:31:18.0500 0796 Ql10wnt - ok
20:31:18.0515 0796 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:31:18.0671 0796 ql12160 - ok
20:31:18.0687 0796 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:31:18.0859 0796 ql1240 - ok
20:31:18.0890 0796 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:31:19.0046 0796 ql1280 - ok
20:31:19.0078 0796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:31:19.0234 0796 RasAcd - ok
20:31:19.0281 0796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:31:19.0437 0796 Rasl2tp - ok
20:31:19.0500 0796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:31:19.0656 0796 RasPppoe - ok
20:31:19.0687 0796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:31:19.0843 0796 Raspti - ok
20:31:19.0906 0796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:31:20.0062 0796 Rdbss - ok
20:31:20.0093 0796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:31:20.0234 0796 RDPCDD - ok
20:31:20.0312 0796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:31:20.0453 0796 rdpdr - ok
20:31:20.0515 0796 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:31:20.0750 0796 RDPWD - ok
20:31:20.0843 0796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:31:21.0000 0796 redbook - ok
20:31:21.0078 0796 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
20:31:21.0281 0796 RsFx0102 - ok
20:31:21.0359 0796 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
20:31:21.0484 0796 ScanUSBEMPIA - ok
20:31:21.0593 0796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:31:21.0765 0796 Secdrv - ok
20:31:21.0843 0796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:31:22.0000 0796 serenum - ok
20:31:22.0062 0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:31:22.0234 0796 Serial - ok
20:31:22.0296 0796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:31:22.0468 0796 Sfloppy - ok
20:31:22.0484 0796 Simbad - ok
20:31:22.0546 0796 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:31:22.0718 0796 sisagp - ok
20:31:22.0812 0796 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:31:22.0968 0796 SLIP - ok
20:31:23.0031 0796 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:31:23.0140 0796 Sparrow - ok
20:31:23.0187 0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:31:23.0359 0796 splitter - ok
20:31:23.0406 0796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:31:23.0562 0796 sr - ok
20:31:23.0640 0796 SRS_SSCFilter (25ecea986742275ecb23a1cb6bc87a61) C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
20:31:23.0859 0796 SRS_SSCFilter - ok
20:31:23.0968 0796 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:31:24.0171 0796 Srv - ok
20:31:24.0265 0796 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
20:31:24.0484 0796 STHDA - ok
20:31:24.0593 0796 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:31:24.0812 0796 StillCam - ok
20:31:24.0875 0796 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:31:25.0031 0796 streamip - ok
20:31:25.0093 0796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:31:25.0250 0796 swenum - ok
20:31:25.0312 0796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:31:25.0515 0796 swmidi - ok
20:31:25.0609 0796 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:31:25.0875 0796 symc810 - ok
20:31:25.0921 0796 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:31:26.0140 0796 symc8xx - ok
20:31:26.0156 0796 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:31:26.0343 0796 sym_hi - ok
20:31:26.0421 0796 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:31:26.0656 0796 sym_u3 - ok
20:31:26.0734 0796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:31:26.0890 0796 sysaudio - ok
20:31:26.0968 0796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:31:27.0078 0796 Tcpip - ok
20:31:27.0140 0796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:31:27.0296 0796 TDPIPE - ok
20:31:27.0390 0796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:31:27.0578 0796 TDTCP - ok
20:31:27.0687 0796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:31:27.0843 0796 TermDD - ok
20:31:27.0906 0796 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
20:31:28.0015 0796 tmcomm - ok
20:31:28.0046 0796 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:31:28.0203 0796 TosIde - ok
20:31:28.0281 0796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:31:28.0453 0796 Udfs - ok
20:31:28.0500 0796 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:31:28.0671 0796 ultra - ok
20:31:28.0750 0796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:31:28.0937 0796 Update - ok
20:31:29.0015 0796 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:31:29.0250 0796 USBAAPL - ok
20:31:29.0312 0796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:31:29.0500 0796 usbccgp - ok
20:31:29.0546 0796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:31:29.0703 0796 usbehci - ok
20:31:29.0828 0796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:31:29.0984 0796 usbhub - ok
20:31:30.0062 0796 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
20:31:30.0140 0796 USBIO ( UnsignedFile.Multi.Generic ) - warning
20:31:30.0140 0796 USBIO - detected UnsignedFile.Multi.Generic (1)
20:31:30.0203 0796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:31:30.0375 0796 usbprint - ok
20:31:30.0421 0796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:31:30.0609 0796 usbscan - ok
20:31:30.0718 0796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:31:30.0906 0796 USBSTOR - ok
20:31:31.0078 0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:31:31.0281 0796 usbuhci - ok
20:31:31.0359 0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:31:31.0562 0796 VgaSave - ok
20:31:31.0734 0796 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:31:31.0984 0796 viaagp - ok
20:31:32.0062 0796 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:31:32.0328 0796 ViaIde - ok
20:31:32.0531 0796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:31:32.0890 0796 VolSnap - ok
20:31:33.0093 0796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:31:33.0359 0796 Wanarp - ok
20:31:33.0484 0796 wanatw - ok
20:31:33.0593 0796 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:31:33.0890 0796 Wdf01000 - ok
20:31:33.0953 0796 WDICA - ok
20:31:34.0031 0796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:31:34.0296 0796 wdmaud - ok
20:31:34.0359 0796 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:31:34.0531 0796 winachsf - ok
20:31:34.0671 0796 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:31:34.0859 0796 WpdUsb - ok
20:31:34.0984 0796 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:31:35.0234 0796 WS2IFSL - ok
20:31:35.0296 0796 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
20:31:35.0421 0796 WsAudio_DeviceS(1) - ok
20:31:35.0453 0796 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
20:31:35.0578 0796 WsAudio_DeviceS(2) - ok
20:31:35.0625 0796 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
20:31:35.0750 0796 WsAudio_DeviceS(3) - ok
20:31:35.0796 0796 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
20:31:35.0953 0796 WsAudio_DeviceS(4) - ok
20:31:35.0968 0796 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
20:31:36.0109 0796 WsAudio_DeviceS(5) - ok
20:31:36.0187 0796 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:31:36.0453 0796 WSTCODEC - ok
20:31:36.0593 0796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:31:36.0718 0796 WudfPf - ok
20:31:36.0765 0796 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
20:31:37.0500 0796 \Device\Harddisk0\DR0 - ok
20:31:37.0515 0796 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR5
20:31:37.0890 0796 \Device\Harddisk1\DR5 - ok
20:31:37.0921 0796 Boot (0x1200) (401a310729643eec1ca00f824bb41875) \Device\Harddisk0\DR0\Partition0
20:31:37.0937 0796 \Device\Harddisk0\DR0\Partition0 - ok
20:31:37.0968 0796 Boot (0x1200) (3b2ecb9f78d7d5c54e202848546aaf71) \Device\Harddisk0\DR0\Partition1
20:31:37.0984 0796 \Device\Harddisk0\DR0\Partition1 - ok
20:31:38.0000 0796 Boot (0x1200) (f2df6bd7eb2bd2aec5bf4f4c6159c1fe) \Device\Harddisk1\DR5\Partition0
20:31:38.0000 0796 \Device\Harddisk1\DR5\Partition0 - ok
20:31:38.0000 0796 ============================================================
20:31:38.0000 0796 Scan finished
20:31:38.0000 0796 ============================================================
20:31:38.0109 2080 Detected object count: 17
20:31:38.0109 2080 Actual detected object count: 17
20:32:20.0546 2080 bvrp_pci ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0546 2080 bvrp_pci ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0546 2080 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0546 2080 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0546 2080 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0546 2080 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0546 2080 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0546 2080 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0546 2080 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0546 2080 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0546 2080 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0546 2080 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0546 2080 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0546 2080 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0562 2080 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0562 2080 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0562 2080 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0562 2080 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0562 2080 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0562 2080 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0562 2080 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0562 2080 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0562 2080 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0562 2080 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0562 2080 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0562 2080 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0578 2080 FANTOM ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0578 2080 FANTOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0578 2080 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0578 2080 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0578 2080 PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0578 2080 PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:20.0578 2080 USBIO ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:20.0578 2080 USBIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:23.0312 4044 Deinitialize success

Jack&Jill

2011-10-12, 05:38

Hello gilmore :),

Please go ahead and uninstall Thunderbird if you do not need it.

For AVSDK5, please try AppRemover (http://www.appremover.com/) to remove security programs or their leftovers from incomplete uninstallation. In case it does not work, give Revo Uninstalller (http://www.revouninstaller.com/revo_uninstaller_free_download.html) a shot.

The earlier detection from DDS could be caused by one of your existing program, so it is nothing to be alarmed about. Things are looking good so far. One more scan, and we should be good to go.

--------------------

Do an online scan with Panda ActiveScan.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here (http://www.pandasecurity.com/activescan/index/) to go to Panda ActiveScan page.
Click on Scan now. The default setting is a Full scan.
You will be prompted to install an ActiveX Control from Panda. Please install.
Components of the scanner will be downloaded and updated as well. Then, scanning will commence.
When finished, the scan results will be shown. Click on the small icon besides Export to: and save the log to your desktop.
Post the contents of this log in your reply.

--------------------

Please post back:
1. Panda ActiveScan result
2. how is the computer now?

gilmore

2011-10-12, 16:36

I uninstalled Thunderbird.
The AppRemover removed the ASVDK5 - I think. It still seems to be under the Authentium file.
The Panda Active Scan won't fully install until I remove McAfee. I tried turning off McAfee and then install Panda - but that didn't work either. Should I go ahead and uninstall McAfee? I can always install later.

Jack&Jill

2011-10-12, 16:46

Hello gilmore :),

Try the following. It is not advisable to be unprotected. If the following scan have the same issue, then we consider uninstalling McAfee.

Do an online scan with BitDefender QuickScan.
Please be patient as scanning may take some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here (http://quickscan.bitdefender.com/) to go to BitDefender QuickScan page.
For Firefox users:
Click on Free Scan Now. You will be prompted to install a plug-in. Please Allow. In case you get stuck, please refresh the page to try again.
A Software Installation window will appear. Click Install Now and the plugin will be installed as an Add-on.
Restart Firefox when done. Go back to the BitDefender QuickScan page again and click on Free Scan Now and proceed accordingly.
For Internet Explorer users:
Click on Free Scan Now. You will be prompted to install an ActiveX control. Please install.
The page will refresh. Click on Free Scan Now again and proceed accordingly.
When scan has completed, click on View report and a Notepad log shall open.
If there are any infections found, you will get a warning and the link to the report will be displayed as the number of infections. Click on it.
Post back the contents of this report. It can also be found at C:\Documents and Settings\<username>\Application Data\QuickScan, <username> is the Windows log-in name.

--------------------

Please post back:
1. BitDefender QuickScan result
2. how is the computer now?

gilmore

2011-10-14, 03:52

Hi-
I disabled the McAffe to run the BitDefender. Report below.
The computer seems to be running ok. Maybe it's my imagination, but McAffe seems to slow things down. Would you recomend a better virus protection?
Thank you for your help!

QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Thu Oct 13 20:48:28 2011
Machine ID: A8EF9231

No infection found.
-------------------

Processes
---------
hpwuSchd Application 3772 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
AVSDK5 872 C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
AVSDK5 552 C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
AVSDK5 1328 C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
Bonjour 292 C:\Program Files\Bonjour\mDNSResponder.exe
Canon Camera Access Library 8 2560 C:\Program Files\Canon\CAL\CALMAIN.exe
ComputerTime Firebird SQL Server 344 C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe
ComputerTime™ 4004 C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe
ComputerTime™ 2480 C:\Program Files\SoftwareTime\ComputerTime\bin\stka32.exe
Default Manager 3856 C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
Firefox 4852 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 1696 C:\Program Files\Mozilla Firefox\plugin-container.exe
iTunes 3488 C:\Program Files\iPod\bin\iPodService.exe
iTunes 3548 D:\iTunesHelper.exe
Java(TM) Platform SE 6 U27 796 C:\Program Files\Java\jre6\bin\jqs.exe
Java(TM) Platform SE Auto Updater 2 0 2804 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Logitech SetPoint 2764 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
Logitech SetPoint 3532 C:\Program Files\Logitech\SetPointP\SetPoint.exe
McAfee Integrated Security Platform 912 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
McAfee SecurityCenter 1448 C:\Program Files\McAfee.com\Agent\mcagent.exe
McAfee SecurityCenter 3936 C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
Messenger 2544 C:\Program Files\Messenger\msmsgs.exe
Microsoft Search Enhancement Pack 1740 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
Microsoft SQL Server 2032 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
Microsoft SQL Server 1676 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
Microsoft® Windows® Operating System 1960 C:\WINDOWS\system32\spoolsv.exe
MobileDeviceService 276 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Pinnacle USB Tip 324 C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
QuickTime 3544 C:\Program Files\QuickTime\QTTask.exe
STProxy.exe 496 C:\Program Files\SoftwareTime\ComputerTime\bin\STProxy.exe
SYSCORE 760 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
SYSCORE 1316 C:\WINDOWS\system32\mfevtps.exe
VSCORE 676 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
(verified) Microsoft® Windows® Operating System 3256 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3292 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 980 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 2404 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 1060 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 3264 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 1048 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 920 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1284 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 148 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 240 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1588 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1456 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1792 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1004 C:\WINDOWS\system32\winlogon.exe

Network activity
----------------
Process fbserver.exe (344) connected on port 1046 --> 192.168.1.66
Process fbserver.exe (344) connected on port 1047 --> 192.168.1.66
Process fbserver.exe (344) connected on port 1049 --> 192.168.1.66
Process STProxy.exe (496) connected on port 80 (HTTP) --> 69.171.224.12
Process STProxy.exe (496) connected on port 80 (HTTP) --> 74.125.225.36
Process STProxy.exe (496) connected on port 443 (HTTP over SSL) --> 209.85.225.95
Process STProxy.exe (496) connected on port 80 (HTTP) --> 63.236.252.122
Process STProxy.exe (496) connected on port 80 (HTTP) --> 198.63.194.33
Process ctmn32.exe (4004) connected on port 30013 --> 192.168.1.66
Process ctmn32.exe (4004) connected on port 30013 --> 192.168.1.66
Process ctmn32.exe (4004) connected on port 30013 --> 192.168.1.66

Process fbserver.exe (344) listens on ports: 30013
Process McSvHost.exe (912) listens on ports: 6646
Process svchost.exe (1456) listens on ports: 135 (RPC)

Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuschd2.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
AUTOBACK.EXE C:\Program Files\ERUNT\AUTOBACK.EXE
ComputerTime™ C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe
Default Manager C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
HP Digital Imaging C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe
Intel(R) Common User Interface C:\WINDOWS\system32\igfxdev.dll
iTunes D:\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Logitech SetPoint C:\Program Files\Logitech\SetPointP\SetPoint.exe
McAfee SecurityCenter C:\Program Files\McAfee.com\Agent\mcagent.exe
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Pinnacle USB Tip C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe
Pinnacle USB Tip C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
QuickTime C:\Program Files\QuickTime\QTTask.exe
Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
(verified) Google Update C:\Documents and Settings\Madison\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(verified) Google Update C:\Documents and Settings\Sean\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Bing Bar c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BitDefender QuickScan C:\Documents and Settings\Julie Goodwin\Application Data\Mozilla\Firefox\Profiles\07mj6jjm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
CA Web Scanner C:\WINDOWS\Downloaded Program Files\webscan.dll
CpnMgr Module C:\WINDOWS\Downloaded Program Files\CpnMgr.dll
Drive Letter Access Component c:\windows\system32\dla\dlashx_w.dll
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
Google Update C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
InoculateIT C:\WINDOWS\Downloaded Program Files\arclib.dll
InoculateIT C:\WINDOWS\Downloaded Program Files\vete.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
Java(TM) Platform SE 6 U27 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U27 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java(TM) Platform SE 6 U27 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
McAfee SiteAdvisor c:\program files\mcafee\siteadvisor\mcieplg.dll
McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\McContentMgr.dll
McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\McHealthCheck.dll
McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\McLogMgr.dll
McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\McPlugins.dll
McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\McProdMgr.dll
McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\MVT.dll
McAfee Virtual Technician C:\WINDOWS\Downloaded Program Files\Uploader.exe
Media Go Detector C:\Program Files\Sony\Media Go\npmediago.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft Search Enhancement Pack c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
Microsoft® Windows Live OneCare C:\WINDOWS\Downloaded Program Files\wlscBase.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\MSWSOCK.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
NPEvery Plugin C:\Program Files\Internet Explorer\plugins\NPEvery.dll
npitunes.dll D:\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
OTOY Playback Control C:\WINDOWS\Downloaded Program Files\OTOYAX.dll
Picasa C:\Program Files\Picasa2\npPicasa2.dll
Picasa C:\Program Files\Picasa2\npPicasa3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
STProxy.dll C:\WINDOWS\system32\STProxy.dll
unagiuninst.exe C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
Unity Player C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
VSCORE C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111010110833.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Missing files
-------------
File not found: C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"MMTray"

File not found: c:\program files\vuze_remote\tbvuze.dll
--> HKLM\Software\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32\"(default)"
--> HKLM\Software\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32\"(default)"

File not found: none
--> HKCU\Control Panel\Desktop\"SCRNSAVE.EXE"

Scan
----
MD5: f4a569f89a90205a095965ae628625e1 C:\Documents and Settings\Julie Goodwin\Application Data\Mozilla\Firefox\Profiles\07mj6jjm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: 37bc9e0e4b3657b54037777135569d1e C:\Program Files\Bonjour\mdnsNSP.dll
MD5: f2060a34c8a75bc24a9222eb4f8c07bd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 5753532c476b83119d85aa43b1b10ab3 C:\Program Files\Canon\CAL\CALMAIN.exe
MD5: 8c4ac22616e77925135c221c46dc6307 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: d855b0e63ecafe9ebd086af6691e0016 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL
MD5: 749cf03badc40453f61fd7025e2ba2f5 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: d30dd708f05fb85ef2c53727ed3573d2 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
MD5: 38711bb50d27b7145186f61ce31b3336 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
MD5: 9e515554a3ea7b70c975f61971c6977d C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
MD5: 7ef0c8a9a1a57756f4868e3693173c08 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 258d35f5f5f5f3f6045488ecdc14faab C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: dc70310b3d079d667b67f0c7067209f3 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: f14a3cf12522c2b48b55e2045dab80ef C:\Program Files\Common Files\Authentium\AntiVirus5\AmpVseApi.dll
MD5: 9bbf1a3a0abf6cc9e0e390e1e9944ae6 C:\Program Files\Common Files\Authentium\AntiVirus5\vseampc.dll
MD5: 9c2f3a9b54316c0a3f53e3272484b17c C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
MD5: 33dbfbc551be96534a8bebddb866846b C:\Program Files\Common Files\Authentium\AntiVirus5\vseapi.dll
MD5: 00d15ff1e8363f7876396970d913cf26 C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
MD5: 68cc16e23f3b71918c0a003a046cef47 C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
MD5: 6e3245df783e58375b3465f03274743e C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: ab097d0f93b30a6d79d430422ac6a7e8 C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
MD5: f65b397164cc4a9b192e2d50b48cf3a7 c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
MD5: c13772cefd0274078f1e23b13e5d9431 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALAPI.DLL
MD5: ec2466a391a059a90941e5c4ce3c3a55 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALHID.DLL
MD5: 48cfca56c72dfd1dae75eb1ad4dba256 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALHPP.DLL
MD5: 42ac64ebb0c0ed81dd27893dbf9b68e7 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALITCH.DLL
MD5: d779c18f315fa720bbd281bee382b92f C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
MD5: 8ba43aaddace300b980078611b00da64 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMOU.DLL
MD5: 7308e01961426700c11a6aafeb04aba6 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMW.DLL
MD5: b358c3525173aa102398c78afa1a43a2 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALUSB.DLL
MD5: cc039c83ae3a0e14fbec803b1fb7b7f5 c:\Program Files\Common Files\Mcafee\Core\mccoreps.dll
MD5: 4ffbfbbbc0a65b302db1958e340629b7 c:\Program Files\Common Files\Mcafee\Core\McEvtBrk.dll
MD5: 19e346239e2ee5a27bd6b3ba76419920 c:\Program Files\Common Files\Mcafee\HackerWatch\HWAPI.dll
MD5: 026e96d5ef16994f5bd7773a1656da30 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll
MD5: b26a3ea976e6fd5c03c65f6e5824ad7c C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
MD5: 872901f4724dc2991f09fb47c426d949 C:\Program Files\Common Files\Mcafee\MNA\McNASvc.dll
MD5: e52784c250a13a1e9261f02b98d45e87 C:\Program Files\Common Files\McAfee\MSC\LangSel.dll
MD5: 4847ce730f5d12478cb5dcaebeb0953d C:\Program Files\Common Files\Mcafee\MSC\mcbrwsr2.dll
MD5: 56a4020083d63559b7ac94b67283e106 C:\Program Files\Common Files\McAfee\MSC\McRtMui.dll
MD5: 444f4ca5b252a785477ea55898535e93 c:\Program Files\Common Files\Mcafee\MSC\mcutil\10,5,155,0\mcutil.dll
MD5: 01438651636e4cf7f8231f6ff78cca31 C:\Program Files\Common Files\Mcafee\MSC\sqlite3.dll
MD5: 198ffdb4a8353a879ec983a556ff99ce C:\Program Files\Common Files\Mcafee\NMC\McDisc.dll
MD5: f2b397ce1118cefe497c9e5b8332b250 c:\Program Files\Common Files\Mcafee\NMC\McMPFEvt.dll
MD5: 3edcffa7b3af717b8ac70e6de6a03a81 C:\Program Files\Common Files\Mcafee\NMC\McNDSv.dll
MD5: 41c6cebb623537cb5c616e5c7d416271 C:\Program Files\Common Files\Mcafee\NMC\McNmcSrv.dll
MD5: f2861f8954d464f84c407a06a8d41d2f C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
MD5: a6dcd516f8c9e1dd3eac10ba97ea42c1 C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
MD5: 37621cfba438cec2fee8ef98bd7a5ad5 C:\Program Files\Common Files\McAfee\SystemCore\FTL.Dll
MD5: 7860f4a87c63491921b10b3339067e8f C:\Program Files\Common Files\McAfee\SystemCore\LockDown.dll
MD5: 2452c9ca7a81941f4323e1481e218040 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.dll
MD5: f2861f8954d464f84c407a06a8d41d2f C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
MD5: 3cb6ee2df564bd4dd143789597924174 C:\Program Files\Common Files\McAfee\SystemCore\mfeapfa.dll
MD5: f7ae524c2b106ce2186f1e6e0fd6d1d2 C:\Program Files\Common Files\McAfee\SystemCore\mfeavfa.dll
MD5: a6dcd516f8c9e1dd3eac10ba97ea42c1 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
MD5: 6a2371edead5d7351363ccb526ede02c C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll
MD5: 29c9737f86f3841f53e5bf0b469ee812 C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll
MD5: 731f2817f989f31e1438a29528d64a10 C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll
MD5: 3b13e3967ad0f878ea70ddbe21d0c8ba C:\Program Files\Common Files\McAfee\SystemCore\mytilus3.dll
MD5: e0f4211a6a3068b96a2fcb65bb979b70 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_server.dll
MD5: 9ce0ae7e1cac5deaecd021333dfc004b C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_worker.dll
MD5: 86aba316b68e49a78c4556350cc182f5 C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111010110833.dll
MD5: fe80901578e7e3da70299a5aeb2b7fbd C:\Program Files\DellSupport\brkrsvc.exe
MD5: 413f2d5f9d802688242c23b38f767ecb C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
MD5: e00de20f0f6bed5cd2160247ddc9443b C:\Program Files\ERUNT\AUTOBACK.EXE
MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: c097df5cd7dcb95e0d95644a993ac7ec c:\program files\google\google toolbar\googletoolbar_32.dll
MD5: a953e104137df406b70477d60bc29008 c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
MD5: 0d54bde041a1b094adb33648dce3fcfa C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
MD5: c39790ba091f3f9ec7dfe5c2e4598df0 C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe
MD5: 9da26b773bd04b867a8e9f427cd048fc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
MD5: 9ed96215111b42bd0ef0c9bbddf8d0c9 C:\Program Files\Internet Explorer\plugins\NPEvery.dll
MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: b84a28b3984185eda8867541af14cddb C:\Program Files\iPod\bin\iPodService.exe
MD5: 84cb60e2abc023e81fdf5c335568fb94 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
MD5: 14c7e5cef764ae4708e820f61d048319 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
MD5: 6f158c6029d841a5f37708cc2bbf3362 c:\program files\java\jre6\bin\jp2ssv.dll
MD5: 91061352084424820ac6268808cb8ee3 C:\Program Files\Java\jre6\bin\jqs.exe
MD5: 41700402834f793a8c06731e5cfba62a C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 79ac29dbbda1f2e11a827ccbcfed5563 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: 00a5be5e57554259aee0085e4d4564e4 C:\Program Files\Logitech\SetPointP\KemMon.dll
MD5: 989a94f43eaddaec6be9182042a36f6a C:\Program Files\Logitech\SetPointP\kemutb.dll
MD5: bb76055c45b3a6c384cb8bc133aac0e9 C:\Program Files\Logitech\SetPointP\KemUtil.dll
MD5: edc69acfd2f60fe166e5285d476d1093 C:\Program Files\Logitech\SetPointP\KemWnd.dll
MD5: f116c79083ab038ab81b4d72191d12df C:\Program Files\Logitech\SetPointP\KemXML.dll
MD5: 209007b506f241a536a712a31c6fb506 C:\Program Files\Logitech\SetPointP\kgame.dll
MD5: e5b8e3ad6d60b7d0651c01d9987cb700 C:\Program Files\Logitech\SetPointP\khalwrapper.dll
MD5: d035404558b22ce7e99df6aa2d698a1d C:\Program Files\Logitech\SetPointP\LCabHandler.dll
MD5: 8369523d9255ce856e021da13def9cc0 C:\Program Files\Logitech\SetPointP\Macros\MacroAppSwitch.dll
MD5: f01dd27627fe882c9e59654367450d43 C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MD5: 0b995761f50b8a1f771716ac64444ade C:\Program Files\Logitech\SetPointP\Macros\MacroMedia.dll
MD5: 15373bdb125d7faf27d301565bf2a1c6 C:\Program Files\Logitech\SetPointP\SetPoint.exe
MD5: 4d2028d26e8ae8a827953fdc7a8d4a5c C:\Program Files\Logitech\SetPointP\SetPointCOM.dll
MD5: 49d461ea2b450fbc5242d20b548887f9 C:\Program Files\Logitech\SetPointP\WebBrowserSupport.dll
MD5: f906f057a4b6c7bce2bc8ed5845fb95d C:\Program Files\McAfee.com\Agent\mcagent.exe
MD5: 9388cada7c74c35e0e4455690f4dc638 c:\Program Files\McAfee.com\Agent\mcupdate.exe
MD5: c83e54c40274ae69eb41950b6ac5ab7d c:\Program Files\McAfee\MPF\FWJsRes.dll
MD5: 8581978ee35de1e0926513989c8eee4d c:\Program Files\McAfee\MPF\MpfApi.dll
MD5: d4c827c9c8ef6cee75a4f79ffa6ab6f8 c:\Program Files\McAfee\MPF\MpfEvt.dll
MD5: 6ed8e018924dfd9c7f32550b6d9a630a c:\Program Files\McAfee\MPF\MpfShm.dll
MD5: 3e7e83981808c2c83a602c7fea86aa00 c:\Program Files\McAfee\MPF\MpfSvc.dll
MD5: 98d39eb2c83e6e25621e6dada978d918 c:\Program Files\McAfee\MPF\MpfSvcPS.dll
MD5: 5ca17512ae97cceefa798edccc724a0c C:\Program Files\McAfee\MPF\Twerp.dll
MD5: 564ba7cffbcf8d2da2e366f9ffb5caa5 c:\Program Files\McAfee\MSC\McDBMgr.dll
MD5: 6b5222735bd07e9fca754e7942121277 c:\Program Files\McAfee\MSC\McGsShm.dll
MD5: b20b0ed458ed4011bf3e26094ffa7a57 c:\Program Files\McAfee\MSC\McIPTShm.dll
MD5: ef7c7c84846d736b28336870ea62dda4 C:\Program Files\McAfee\MSC\mclwapi.dll
MD5: 5e6f953adf328787a72e1a66781b4f1b c:\Program Files\McAfee\MSC\mcmispps.dll
MD5: a67abe653e6b16bedb4e5bc715263e5d c:\Program Files\McAfee\MSC\McMscShm.dll
MD5: dd54dbac21865e100769b000b6a0bb70 c:\Program Files\McAfee\MSC\mcmscsub.dll
MD5: 39a124d0e42145f07b6bb0e8c5347160 C:\Program Files\McAfee\MSC\McOemRes.dll
MD5: 83a595ee1ffd980349ec65c6c20c5302 C:\Program Files\McAfee\MSC\mcprlalt.dll
MD5: 6a041734e9758314978f4ab8b30a36b1 C:\Program Files\McAfee\MSC\mcprlres.dll
MD5: 16e20469b258f4456d27f75d29a2cbe6 c:\Program Files\McAfee\MSC\mcregobj\10,5,177,0\mcregobj.dll
MD5: 7b6270197e611fd8256631ea3b1bbaf2 c:\Program Files\McAfee\MSC\mcsubmgr\10,5,177,0\mcsubmgr.dll
MD5: 3ea746c9df8708098913bbacaa13822c c:\Program Files\McAfee\MSC\mcuicfg.dll
MD5: a68f4b488601c19d221e94e4017571e7 c:\Program Files\McAfee\MSC\McUpdShm.dll
MD5: 7cdeb836a3a30d87090c3a5eebaf162b C:\Program Files\McAfee\MSC\mscjsres.dll
MD5: 3cbd9a22f92f7677559a49fe78b25711 c:\Program Files\McAfee\MSC\mscuild.dll
MD5: 297c3c9f3b1cc22b80e342896db454ca C:\Program Files\McAfee\MSC\OemUI.dll
MD5: 058161224e92cf7f75eb41f8b7c8dd44 c:\Program Files\McAfee\MSC\oemuild.dll
MD5: 00a2083bd077c1300ae9493bad920416 c:\program files\mcafee\siteadvisor\mcieplg.dll
MD5: 80e806c7e7da5737074abc7424950feb c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll
MD5: af1a0573ed0e7f4766f886eaf7833ebe c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MD5: b692147daa8b917f2ec2871d9b8dba72 c:\Program Files\McAfee\SiteAdvisor\SaSSHMod.dll
MD5: a6360992070cd80dacc07e36c8633ed6 c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll
MD5: 43143131cc9b35e39ece5f56041fb20a c:\Program Files\McAfee\VirusScan\McOasShm.dll
MD5: ada83a989d5822daa5e2f62fdf118ac6 C:\Program Files\McAfee\VirusScan\mcods.exe
MD5: e1c614ed8c0d8d00a2c43c8ca36aac79 c:\Program Files\McAfee\VirusScan\mcodsax.dll
MD5: 2e842a2e2b26ac313adb90f8f023ce94 c:\Program Files\McAfee\VirusScan\McVsPs.dll
MD5: d6c5ead34e0a6eac2c37a6d3e3219b68 c:\Program Files\McAfee\VirusScan\MVsCfg.dll
MD5: 835d37a2726cd1d12bf404744674a5d4 c:\Program Files\McAfee\VirusScan\mvslog.dll
MD5: 74879b44cfa435600baf83ac2a5832e5 c:\Program Files\McAfee\VirusScan\NaiAnn.dll
MD5: 032c2db3daa2fe4a0459828e2fcaf123 c:\Program Files\McAfee\VirusScan\NaiAnnPs.dll
MD5: 1c1573f21ce68c358fcaeefe604fb1df c:\Program Files\McAfee\VirusScan\VSJsRes.dll
MD5: 72c6518ba1a06f8925a8aa0e38bad65f C:\Program Files\McAfee\VirusScan\vsores.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: c3e42cbf8215171a524d123a54ae3233 C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
MD5: e31e4e9f644fbfe79dca532d9781f71d C:\Program Files\Microsoft SQL Server\100\Shared\instapi10.dll
MD5: f1761c8fb2b25a32c6d63e36bb88c3ae C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
MD5: 99de6acfa5ca83fad6a765c81c6f129f C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
MD5: 637a0f23f9012358e92e6f99835494d1 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
MD5: 070812b5fcd46f5a22af74ebf6a81e06 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss_xp.dll
MD5: 0fb5aa33d26f7212963d832083cd0c5c C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\BatchParser.dll
MD5: b88613be5b9939bd5dd63f9e196413ad C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\opends60.dll
MD5: 080a55a56119b0effa809565a32ed8c3 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll
MD5: eb2fd937449b7aceb39372f875eb8e78 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
MD5: d5afe08b548af0e80b0c6e421d81475c C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlos.dll
MD5: b5d37852d666e863e8051c1001548328 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
MD5: 331e7bde228914574fc9ae6cd520dafa C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
MD5: 2a8da7e170010beae7aecdfdca10b626 c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
MD5: 8a3314f8e2d828c689a1afabaadf1453 C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 4e5585800b561fbef64b27425365a36f C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 8ea8b096ce1c336e031fc91f50fd2c79 C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: d45b94e37b589d44602c8cd23d5846f2 C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 201d1419f982e4e99491730800f93f8a C:\Program Files\Mozilla Firefox\MOZCPP19.dll
MD5: 6769fa99f14b0a3a076c9b5c37c612ad C:\Program Files\Mozilla Firefox\MOZCRT19.dll
MD5: fa5c3b89009e6eeeb8ce5b5d522c8d86 C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: ffdf182c96bd0a9fd3bc63bc7ebd29d9 C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: c47e54508c4fd350d5aed0934e5f7ec5 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 95bfebc87318a69daf90a451d8c41d9e C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 8f6e5bf3249385755a27216ba875fe54 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 5bfb3f3f690a279c0487a43a4959c58f C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 8986675ef2d7f77a4ae2ec43e7e14cbb C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 328a247f9fc842e09f271ef53247c0f2 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: e5daea8e7689a547a1edab4768934498 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 83f4ba8b8cda4f063aa2002955a508a9 C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 19b4bddd14eda48ec07aace52b56c5c6 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: fb38afc34dfb91c2b589a7bf535f21f9 C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: 4265870f374c9a2be39d1ca6111200be C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 428013e8625ddc3a220a2cb77c82a448 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: 3799b05efbc4f0a4b430ddec09791c88 C:\Program Files\Mozilla Firefox\xul.dll
MD5: 372d3f4c91dfe752c0ae18a0a2655cc2 c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
MD5: 625d0a824f513ce1cabb8861e97f2142 C:\Program Files\Picasa2\npPicasa2.dll
MD5: 45d7f2fabdfd500e3c35dc068b552544 C:\Program Files\Picasa2\npPicasa3.dll
MD5: b42fe6e0251174b93b950dce9cb72262 C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe
MD5: b42fe6e0251174b93b950dce9cb72262 C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll
MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe
MD5: e2b8c15caab06c6389184f23bac5ad6f C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
MD5: 3d304c8a8aa570169d87b0fc1701a864 C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
MD5: 4b2f61dca7db661570828dce5d302525 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
MD5: ee79116370a5b2980c9e4c543315fc98 C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe
MD5: ec73542cfd81d4936d3703c14a1285b5 c:\program files\softwaretime\computertime\bin\ctproxy.dll
MD5: 26b4554cf06d9bef14a148a751a70813 C:\Program Files\SoftwareTime\ComputerTime\bin\fbclient.dll
MD5: 6d87da60cc6d16530b63e66ba14e15c9 C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe
MD5: 3e279b6da1d53e2131c50320e2f64c92 C:\Program Files\SoftwareTime\ComputerTime\bin\icudt30.dll
MD5: 39de7f7d147693167faee1774a1f0994 C:\Program Files\SoftwareTime\ComputerTime\bin\icuuc30.dll
MD5: fbcaa89a0467f8572633843d5550f361 C:\Program Files\SoftwareTime\ComputerTime\bin\stka32.exe
MD5: bfb8b52ec8c9c10e2037993a16e8ba8c C:\Program Files\SoftwareTime\ComputerTime\bin\STProxy.exe
MD5: 8f8b4c3d7e5d3d051a4942f5cea28f24 C:\Program Files\SoftwareTime\ComputerTime\bin\STUpdater.dll
MD5: a52cf2bd90c36c10155c1a0f93b52e7e C:\Program Files\Sony\Media Go\npmediago.dll
MD5: 84715535f8c1296b855ba02bd2c0b237 C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
MD5: 9388cada7c74c35e0e4455690f4dc638 C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 14800d86a62ddef4677444b786bd2363 C:\WINDOWS\Downloaded Program Files\arclib.dll
MD5: 759a6cc61bede26b4224e4a9c337bbc0 C:\WINDOWS\Downloaded Program Files\CpnMgr.dll
MD5: d8fb851a9fbd62352fd74283f9c14c77 C:\WINDOWS\Downloaded Program Files\isusweb.dll
MD5: 4af2bedfc339108f42fbda45238a3f34 C:\WINDOWS\Downloaded Program Files\McContentMgr.dll
MD5: 80a6e8d88f47bdebe7076d979d5442b3 C:\WINDOWS\Downloaded Program Files\McHealthCheck.dll
MD5: 061c34a890af71d44c13d801dfb7db27 C:\WINDOWS\Downloaded Program Files\McLogMgr.dll
MD5: 13f38e890318d6239f7d18adac882f2c C:\WINDOWS\Downloaded Program Files\McPlugins.dll
MD5: b98f891ee1433069bf05e9f65d432f1e C:\WINDOWS\Downloaded Program Files\McProdMgr.dll
MD5: 5765282a4e450fe12d6f0e089c4a30ba C:\WINDOWS\Downloaded Program Files\MVT.dll
MD5: be3d9b33f73c8a26274aa8ce6dbb43fe C:\WINDOWS\Downloaded Program Files\OTOYAX.dll
MD5: 6f678556a6fce04fc94f3435f6313705 C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
MD5: 9deb8c5bf6aeca9db194cace96ff0d71 C:\WINDOWS\Downloaded Program Files\Uploader.exe
MD5: 003436c12cec3af36a6e409e9e91ef08 C:\WINDOWS\Downloaded Program Files\vete.dll
MD5: 76ea3abece61fba3c07f61e42bb0ca48 C:\WINDOWS\Downloaded Program Files\webscan.dll
MD5: 17536c890df63ab4644eb111c28128f5 C:\WINDOWS\Downloaded Program Files\wlscBase.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: e2318e8514abf50e3ecedab9465a90a1 C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: be369da2dda97258303abf1b36b40fa4 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: 2a9e427681169f02274ad8c17d52fa2d C:\WINDOWS\system32\CSRSRV.dll
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: e2d0de31442390c35e3163c87cb6a9eb C:\WINDOWS\System32\DLA\DLABOIOM.SYS
MD5: 83545593e297f50a8e2524b4c071a153 C:\WINDOWS\System32\DLA\DLADResN.SYS
MD5: 96e01d901cdc98c7817155cc057001bf C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
MD5: 0a60a39cc5e767980a31ca5d7238dfa9 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
MD5: 9fe2b72558fc808357f427fd83314375 C:\WINDOWS\System32\DLA\DLAPoolM.SYS
MD5: 8ef6619212e5500022ab22ff11e68d3b c:\windows\system32\dla\dlashx_w.dll
MD5: e7d105ed1e694449d444a9933df8e060 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
MD5: f08e1dafac457893399e03430a6a1397 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
MD5: 603dc4d0bb6ac2f34cb15c6495aa02b5 C:\WINDOWS\system32\dlbtcoms.exe
MD5: a18c0d1fcbb684dcb57a98b02bad6bc2 C:\WINDOWS\system32\dlbtlmpm.DLL
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 C:\WINDOWS\System32\dnsrslvr.dll
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 7fd604cd7a7a0ff8975af61bdf64c577 C:\WINDOWS\system32\drivers\cfwids.sys
MD5: d979bebcf7edcc9c9ee1857d1a68c67b C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
MD5: 7ee0852ae8907689df25049dcd2342e8 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
MD5: fd0f95981fef9073659d8ec58e40aa3c C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
MD5: b4869d320428cdc5ec4d7f5e808e99b5 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
MD5: dfeabb7cfffadea4a912ab95bdc3177a C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
MD5: 95974e66d3de4951d29e28e8bc0b644c C:\WINDOWS\system32\DRIVERS\e100b325.sys
MD5: ffa45148a2d5d05dbb3c0997e579fc9c C:\WINDOWS\system32\drivers\emAudio.sys
MD5: 5118ea8a2f55fa4d4295516500b78229 C:\WINDOWS\system32\DRIVERS\emDevice.sys
MD5: 6f87e4706f59463b74bc4fad0f67338f C:\WINDOWS\system32\DRIVERS\emFilter.sys
MD5: f5a633609777c212ec5ff19927fc5955 C:\WINDOWS\system32\DRIVERS\emScan.sys
MD5: e3b0cd18146f9d51a34969e9bc2458d2 C:\WINDOWS\system32\DRIVERS\fantom.sys
MD5: f59ed5a43b988a18ef582bb07b2327a7 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
MD5: 60e1604729a15ef4a3b05f298427b3b1 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
MD5: 77e4ff0b73bc0aeaaf39bf0c8104231f C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
MD5: ca63fe81705ad660e482bef210bf2c73 C:\WINDOWS\System32\Drivers\LBeepKE.sys
MD5: 63d3b1d3cd267fcc186a0146b80d453b C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
MD5: 0c62957912d4df1e4ba9795e6be3ed38 C:\WINDOWS\System32\Drivers\LUsbFilt.Sys
MD5: 269c14d512b74cc28d2812ff7d1eb066 C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
MD5: eeaea6514ba7c9d273b5e87c4e1aab30 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
MD5: 688b626fca708ee9eb161cad1f7363a9 C:\WINDOWS\system32\drivers\mfeapfk.sys
MD5: dbf6e1b388d5c070d438c61adb990c30 C:\WINDOWS\system32\drivers\mfeavfk.sys
MD5: a528b15e330edb83ea649be318d841d5 C:\WINDOWS\system32\drivers\mfebopk.sys
MD5: c7da1b8003c89acedaa13768f7a1c622 C:\WINDOWS\system32\drivers\mfefirek.sys
MD5: 44184f32392fa2e94d08d056ce750d56 C:\WINDOWS\system32\drivers\mfehidk.sys
MD5: b1728195877b18ce63cf0cd00b2871eb C:\WINDOWS\system32\DRIVERS\mfendisk.sys
MD5: ce1711f7c3f72f6762abd241dcfd5ee1 C:\WINDOWS\system32\drivers\mferkdet.sys
MD5: 25e12c68b49a64ffc873603dfd578236 C:\WINDOWS\system32\drivers\mfetdi2k.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: 1bebe7de8508a02650cdce45c664c2a2 C:\WINDOWS\system32\drivers\pclepci.sys
MD5: fedd2710b75be3ecf078adace790c423 C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
MD5: a9573045baa16eab9b1085205b82f1ed C:\WINDOWS\system32\DRIVERS\serscan.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 2a2dc39623adef8ab3703ab9fac4b440 C:\WINDOWS\system32\drivers\sthda.sys
MD5: 4dc436421c9d745d7e8c37f956701c78 C:\WINDOWS\system32\drivers\tmcomm.sys
MD5: 83cafcb53201bbac04d822f32438e244 C:\WINDOWS\System32\Drivers\usbaapl.sys
MD5: f90d8f845095fcd6924e3d751c04e442 C:\WINDOWS\System32\Drivers\usbio.sys
MD5: 4160cbe59d9b5be22e4c3897e8db9d56 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
MD5: 4160cbe59d9b5be22e4c3897e8db9d56 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
MD5: 4160cbe59d9b5be22e4c3897e8db9d56 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
MD5: 4160cbe59d9b5be22e4c3897e8db9d56 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
MD5: 4160cbe59d9b5be22e4c3897e8db9d56 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
MD5: dfd01abc9fcca5733741f26d6db1b79e C:\WINDOWS\system32\Dxtmsft.dll
MD5: 42d692401a0e80b46b05ed746d468fc4 C:\WINDOWS\system32\Dxtrans.dll
MD5: f4f3eae16ae6fd93e1f22df295e2a7fc C:\WINDOWS\system32\E_FLBFIA.DLL
MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dll
MD5: 303a63f4b913aa5d8998161cb77a8ce7 C:\WINDOWS\system32\feclient.dll
MD5: eb53460ce1aaa176e573b2a65027290f C:\WINDOWS\system32\HPDiscoPM5412.dll
MD5: 059d29ce8f93c0fa0e3da4e04db7033d C:\WINDOWS\system32\hpinksts5412LM.dll
MD5: fecf7a0cf46b3a8b6644c6b1a939916a C:\WINDOWS\system32\HPScanMiniDrv_OJ6500_E710nz.dll
MD5: d8d3aa6187f3af7756947a19402aafe2 C:\WINDOWS\system32\ieframe.dll
MD5: 80c92437b61d65e397d6ea0a763b8cac C:\WINDOWS\system32\iertutil.dll
MD5: 18c288f56f1d670682d64807914413bf C:\WINDOWS\system32\igfxdev.dll
MD5: f7b098a08efcf4ab4247264c0ac225d2 C:\WINDOWS\system32\JScript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 0723fd1aa71f1222b95503794e30d7c7 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MD5: 15a9294b81d0ff0e4ac75276c13fd04b C:\WINDOWS\system32\mdimon.dll
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\system32\MFC71.DLL
MD5: 6991a9ea5e74e6035b8dab17a7572cf3 C:\WINDOWS\system32\mfevtps.exe
MD5: 69a5adf546505f4c69ef3046bf798b49 C:\WINDOWS\system32\MPRUI.dll
MD5: 330e0015b751fafb53b6f73d30a4bbf1 C:\WINDOWS\system32\msfeedssync.exe
MD5: 56a67300c652cdf66e575b707f8b9397 C:\WINDOWS\system32\mshtml.dll
MD5: 249dce3cd85d97faabf1e22919db8eb7 C:\WINDOWS\system32\mshtmled.dll
MD5: 8c22083ed515dc94d575438662f0be6a C:\WINDOWS\system32\msi.dll
MD5: 25912cc032cb14c299cec9d2034a49f4 C:\WINDOWS\system32\MSVCR71.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\MSWSOCK.dll
MD5: 20fd44370267ccd0a64a1b31861c21d2 C:\WINDOWS\system32\netmsg.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\netshell.dll
MD5: 1414e666316ca7d9823dbd2d4ada5971 C:\WINDOWS\system32\NETUI2.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: 3b72fe1ea1a2b5976cc1cdbb278122a7 C:\WINDOWS\system32\pngfilt.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll
MD5: f0a0ebf086597e645bc14b0d98f8ba58 C:\WINDOWS\system32\scrrun.dll
MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll
MD5: e73f18195ccf4aaaa87b2d22e83f791c C:\WINDOWS\system32\serwvdrv.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 5b6f82bcb5e228822e2ed259dde1024f C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBTPP5C.dll
MD5: 063457262374b224226710d8db74c37c C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll
MD5: 0bf58fb1f9f894e464564b104bbb9c6b C:\WINDOWS\system32\STProxy.dll
MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\t2embed.dll
MD5: ec2ad9ac452e0a8d976fb1b1718517ce C:\WINDOWS\system32\umdmxfrm.dll
MD5: da01583e2fe34e2f670167506fa5f1d3 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 142e08e570d8fcd87e845f1463c1aece C:\WINDOWS\system32\VBScript.dll
MD5: f731f37bce6d6e43140822683087e3ee C:\WINDOWS\system32\webcheck.dll
MD5: d7dcfb4d0c58ffb569de93e1681fd37a C:\WINDOWS\system32\WgaLogon.dll
MD5: 3688e2bbe543cc753809e462c3553188 C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 95cf3446911a6e25ee4086df8a45b2aa C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll
MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll
MD5: 7facb452456ef5c053af3ee4b228fe0d C:\WINDOWS\system32\XPOB2RES.DLL
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 95decd7ee37e740f4176baf60897a92f C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll
MD5: ba0f6dcc3181a4e3cbb02ec41153bb72 D:\iTunesHelper.dll
MD5: 53d96678fb89f056d5285101481297d9 D:\iTunesHelper.exe
MD5: 99aaa6c83d40be9db1ba81141b2aebc8 D:\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 562814461db20253b42bb806c994d20d D:\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 7f8aefd3bbc0f30c42c59fd27a828dcf D:\Mozilla Plugins\npitunes.dll

No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.02 MB sent, 1.36 KB recvd
Scanned 811 files and modules - 51 seconds

==============================================================================

Jack&Jill

2011-10-14, 06:52

Hello gilmore :),

Some great and free antivirus for you to choose from, but you need to uninstall McAfee first.

Avast (http://www.avast.com/eng/download-avast-home.html)
Microsoft Security Essentials (http://www.microsoft.com/security_essentials/)

You should only select one of these two, and keep only one installed.

Things are definitely looking better, but AVSDK5 is still around. I am afraid it might conflict with your existing antivirus so we must remove it. Please check again with AppRemover (http://www.appremover.com/) and / or Revo Uninstalller (http://www.revouninstaller.com/revo_uninstaller_free_download.html). If both could not properly remove it, we will have to do it manually.

--------------------

Please backup the registry with ERUNT.

Run OTM again

Double click OTM.exe to run it.
Copy and paste the following text into the white box under Paste Instructions for Items to be Moved:

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MMTray"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

:commands
[CREATERESTOREPOINT]
[emptytemp]

Click the red MoveIt! button. Everything on the desktop may disappear, this is normal. Please wait until the tool completes its routine.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
The results can also be found in C:\_OTM\MovedFiles folder, the log file being named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed.

--------------------

Please post back:
1. how did the removal of AVSDK5 go
2. OTM log

Jack&Jill

2011-10-18, 09:10

Hello gilmore :),

Are you still with me?

gilmore

2011-10-18, 17:20

Yes - just returned home last night. I will get to this this afternoon or evening. Sorry for the delay.

gilmore

2011-10-21, 06:15

Sorry for my very long delay.
I uninstalled McAffe and installed Avast on the free trail.
I am trying to remove the AVSDK5. The Appremover did not have anything.
Revo has two things that might be the AVSDK5:
AVS Update Manager 1.0
AVS4You software navigator 1.3
I wanted to check with you before I uninstalled these.
I will run the Erunt after I hear from you.
Thank you for your patience!

Jack&Jill

2011-10-21, 16:48

Hello gilmore :),

They do not appear to be related. Please skip the steps from the previous instructions.

Rerun DDS and post back the latest results.

gilmore

2011-10-21, 17:23

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_27
Run by Julie Goodwin at 10:16:22 on 2011-10-21
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKCU-RunOnce
mRun: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-Run
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [PCLEUSBTip] c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-RunOnce
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\STProxy.dll
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://rescam1.b2science.org/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F815C68-606F-4179-9E43-F7E95177B20C} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\julie goodwin\application data\mozilla\firefox\profiles\07mj6jjm.default\
FF - plugin: c:\documents and settings\julie goodwin\application data\mozilla\firefox\profiles\07mj6jjm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: d:\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R? FANTOM;LEGO MINDSTORMS NXT Driver
R? gupdate1c9b9f9fa17bde8;Google Update Service (gupdate1c9b9f9fa17bde8)
R? gupdatem;Google Update Service (gupdatem)
R? MBAMSwissArmy;MBAMSwissArmy
R? MSSQLServerADHelper100;SQL Active Directory Helper Service
R? Revoflt;Revoflt
R? RsFx0102;RsFx0102 Driver
R? SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS)
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? ComputerTimeServer;ComputerTime Server
S? LBeepKE;Logitech Beep Suppression Driver
S? STProxy;STProxy
S? vseamps;vseamps
S? vsedsps;vsedsps
S? vseqrts;vseqrts
S? WsAudio_DeviceS(1);WsAudio_DeviceS(1)
S? WsAudio_DeviceS(2);WsAudio_DeviceS(2)
S? WsAudio_DeviceS(3);WsAudio_DeviceS(3)
S? WsAudio_DeviceS(4);WsAudio_DeviceS(4)
S? WsAudio_DeviceS(5);WsAudio_DeviceS(5)
.
=============== Created Last 30 ================
.
2011-10-21 03:57:19 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-21 03:56:54 41184 ----a-w- c:\windows\avastSS.scr
2011-10-21 03:56:39 -------- d-----w- c:\program files\AVAST Software
2011-10-21 03:56:39 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-10-14 01:48:22 -------- d-----w- c:\documents and settings\julie goodwin\application data\QuickScan
2011-10-12 13:49:32 -------- d-----w- c:\documents and settings\julie goodwin\local settings\application data\VS Revo Group
2011-10-12 13:49:09 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-10-12 13:49:06 -------- d-----w- c:\program files\VS Revo Group
2011-10-07 03:41:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-07 03:41:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-06 11:30:00 -------- dc----w- C:\_OTM
2011-10-04 04:26:19 -------- d-----w- c:\program files\ESET
2011-09-26 16:41:20 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 16:41:14 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
2011-09-26 14:00:25 -------- d-----w- c:\documents and settings\julie goodwin\application data\Malwarebytes
2011-09-26 13:58:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-26 13:39:52 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-09-26 13:39:30 -------- d-----w- c:\program files\common files\Authentium
.
==================== Find3M ====================
.
2011-10-21 03:28:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-17 21:32:17 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32:16 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32:15 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec
2006-08-25 23:43:48 11817800 -c----w- c:\program files\GoogleEarth.exe
2002-07-26 22:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 10:22:38.17 ===============

Jack&Jill

2011-10-22, 06:45

Hello gilmore :),

Are you still experiencing any problems?

We will remove AVSDK5 after this step.

--------------------

Please download SystemLook© by jpshortstuff from one of the links below and save it to your desktop.

Link 1 - 32-bit version (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link 2 - 32-bit version (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double click on SystemLook.exe to run it.
Copy and paste the following text into the main textfield:

:filefind
*AVSDK5*
Authentium
vse*

:folderfind
*AVSDK5*
Authentium
vse*

:regfind
*AVSDK5*
Authentium
vse*

Click the Look button to start the scan. This might take a while.
When finished, a Notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your desktop as SystemLook.txt.

--------------------

Please post back:
1. any more problems?
2. SystemLook result

gilmore

2011-10-22, 15:03

The computer is ok. Firefox seems to loose connection half way through loading a page. Restarting firefox seems to help.

SystemLook 30.07.11 by jpshortstuff
Log created at 07:48 on 22/10/2011 by Julie Goodwin
Administrator - Elevation successful

========== filefind ==========

Searching for "*AVSDK5*"
No files found.

Searching for "Authentium"
No files found.

Searching for "vse*"
C:\Program Files\Common Files\Authentium\AntiVirus5\vseampc.dll -ra---- 88616 bytes [21:46 08/04/2010] [21:46 08/04/2010] 9BBF1A3A0ABF6CC9E0E390E1E9944AE6
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -ra---- 117288 bytes [21:46 08/04/2010] [21:46 08/04/2010] 9C2F3A9B54316C0A3F53E3272484B17C
C:\Program Files\Common Files\Authentium\AntiVirus5\vseapi.dll -ra---- 76328 bytes [21:46 08/04/2010] [21:46 08/04/2010] 33DBFBC551BE96534A8BEBDDB866846B
C:\Program Files\Common Files\Authentium\AntiVirus5\vsecapi.dll -ra---- 322088 bytes [21:46 08/04/2010] [21:46 08/04/2010] E257C24572AC23454FC6DBA59772BDB3
C:\Program Files\Common Files\Authentium\AntiVirus5\vsecdspc.dll -ra---- 170536 bytes [21:46 08/04/2010] [21:46 08/04/2010] 1FE2630126C0FB2CFED8597C314AF46C
C:\Program Files\Common Files\Authentium\AntiVirus5\vsecqrt.dll --a---- 162344 bytes [21:46 08/04/2010] [21:46 08/04/2010] 45A9122B6F86C62E0E1B41626B0EC246
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedspc.dll -ra---- 100904 bytes [21:46 08/04/2010] [21:46 08/04/2010] 7C5FC636CFC1D8746B13C7DB8D3D5EA3
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -ra---- 117288 bytes [21:46 08/04/2010] [21:46 08/04/2010] 00D15FF1E8363F7876396970D913CF26
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrt.dll --a---- 88616 bytes [21:46 08/04/2010] [21:46 08/04/2010] F425DA85DDDED82E17B63ED0C93B2E18
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe --a---- 154152 bytes [21:46 08/04/2010] [21:46 08/04/2010] 68CC16E23F3B71918C0A003A046CEF47
C:\Program Files\Common Files\Authentium\AntiVirus5\vsestmio.dll -ra---- 59944 bytes [21:46 08/04/2010] [21:46 08/04/2010] 2044E709B071A00B8926A247767AA229
C:\Program Files\Common Files\Microsoft Shared\MSEnv\vsext.olb --a--c- 1028 bytes [09:36 29/07/2008] [09:36 29/07/2008] 0503B7488382FC7D7FDC365C29660661
C:\Program Files\HP\HP Officejet 6500 E710n-z\data\bmp\vset_answer.png --a---- 6707 bytes [02:13 26/06/2009] [02:13 26/06/2009] C645DFF8C0545890058DA82CFB7AC034
C:\Program Files\HP\HP Officejet 6500 E710n-z\data\bmp\vset_base.png --a---- 13828 bytes [02:13 26/06/2009] [02:13 26/06/2009] DB383E951DB8B59DB1B11BA3D15E23A7
C:\Program Files\HP\HP Officejet 6500 E710n-z\data\bmp\vset_computer.png --a---- 8137 bytes [02:13 26/06/2009] [02:13 26/06/2009] 30556019FDBBD130AB97E5F8D78691AF
C:\Program Files\HP\HP Officejet 6500 E710n-z\data\bmp\vset_connector_1.png --a---- 805 bytes [02:13 26/06/2009] [02:13 26/06/2009] D5DBB7DB9B313E36170563BE6B3179EE
C:\Program Files\HP\HP Officejet 6500 E710n-z\data\bmp\vset_connector_2.png --a---- 3446 bytes [02:13 26/06/2009] [02:13 26/06/2009] 577362D893E37DD64CD45C6AE4755056
C:\Program Files\HP\HP Officejet 6500 E710n-z\data\bmp\vset_connector_3.png --a---- 3443 bytes [02:13 26/06/2009] [02:13 26/06/2009] CCD616564CF1A035BEB3E6EB8488D8CF
C:\Program Files\HP\HP Officejet 6500 E710n-z\data\bmp\vset_dialup_modem.png --a---- 3976 bytes [02:13 26/06/2009] [02:13 26/06/2009] 17F6E2FC3F736A0EE3D180A4F08D0740
C:\Program Files\HP\HP Officejet 6500 E710n-z\data\bmp\vset_dsl.png --a---- 4956 bytes [02:13 26/06/2009] [02:13 26/06/2009] 399A0B5DBA932C2D24E2A36A5DC1A266
C:\Program Files\HP\HP Officejet 6500 E710n-z\data\bmp\vset_dsl_modem.png --a---- 7178 bytes [02:13 26/06/2009] [02:13 26/06/2009] 251788FBBCD3584C47E0C4C331ECBCD5
C:\Program Files\HP\HP Officejet 6500 E710n-z\data\bmp\vset_phone.png --a---- 7677 bytes [02:13 26/06/2009] [02:13 26/06/2009] 5375A86ADDE6B86E365AA4CAEF7FFD4B
C:\Program Files\HP\HP Officejet 6500 E710n-z\data\bmp\vset_zoom.png --a---- 5481 bytes [02:13 26/06/2009] [02:13 26/06/2009] D1F286875EAB5DFA2AE610136A8BD6FD
C:\Program Files\HP\HP Officejet 6500 E710n-z\data\bmp\vset_zoom_ext.png --a---- 5503 bytes [02:13 26/06/2009] [02:13 26/06/2009] 609E6DDF00A4B32DD46D7769D2CFCD48

========== folderfind ==========

Searching for "*AVSDK5*"
No folders found.

Searching for "Authentium"
C:\Program Files\Common Files\Authentium d------ [13:39 26/09/2011]

Searching for "vse*"
C:\Program Files\Common Files\Microsoft Shared\DevHelp\VSExpress d------ [19:22 01/02/2010]
C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\VSExpress_9.0 d------ [19:29 01/02/2010]

========== regfind ==========

Searching for "*AVSDK5*"
No data found.

Searching for "Authentium"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB8BED3-9CBE-43A8-9797-E1DECEFCEF32}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DD994A0-7EB0-4778-8E6B-23C8640919BE}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42C0AB1E-AA62-4C9C-BC16-B5D0ED048246}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{497EAC25-ACDE-4055-915B-DCE4F823DDB1}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecqrt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51E81757-4A6E-4AC3-97BB-A8F614468B88}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecdspc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57A7B74E-FF6C-4484-B4A1-B827D643136C}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AA70A80-805A-4549-BB01-CA92D88A37CF}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B84163F-D976-4D24-8539-F0A1BB705E5A}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecqrt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CEABEA4-3E67-427E-807B-261C3A5D5248}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecqrt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86127759-BF79-4748-9C34-E4730737A3C4}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecqrt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{944ED91D-AE7E-4391-B916-E3B49A0CAF08}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecdspc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD6D5B3D-6B6E-4055-8CD3-20030C3B45D1}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecqrt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7F93E07-63F9-4594-835F-8C48E871BA83}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA14A330-3FC9-4D20-A010-E1F51822A059}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF29DD21-8A74-405B-8DE2-0E226EA6B876}\InprocServer32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7AFE0FDA-F567-43AD-9C46-2CA1A62A1562}\1.0\0\win32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7AFE0FDA-F567-43AD-9C46-2CA1A62A1562}\1.0\HELPDIR]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CC839999-0F3A-4123-AAE0-CAD9BE5E19DC}\1.0\0\win32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecqrt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CC839999-0F3A-4123-AAE0-CAD9BE5E19DC}\1.0\HELPDIR]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F8B1795E-DF6E-4AF7-A152-FDFE163919DD}\1.0\0\win32]
@="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecdspc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Common Files\Authentium\AntiVirus5\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Common Files\Authentium\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Common Files\Authentium\AntiVirus5\ampmf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Common Files\Authentium\AntiVirus5\ampse\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\101396687DD35BA468DC0880FF218CFE]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C0B48F3C6EB9B04996D0F406A410FAE]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\antiviri.def"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\21299BF3A51024446A9A425A42BCDEE7]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A333077BC2E1584284838F2ECAE2314]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="02:\SOFTWARE\Authentium\AntiVirus5\InstalledProducts\AVSDK5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C9DE63D04CBE9448A8726992B73AF22]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\vsedspc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2EDFD6F1AEC34F14DA9AF6D568A4F650]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\aiio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3436F5BB1BCB6D34984B3654595708BD]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\aivse000.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38DBFB287018E3248BA362E9C82D2994]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\aivsec.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C1F09B0924CD4F4387CDA49A782C09D]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\aise.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3F2B23EBAE3394A438E6D5C10E602820]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\antivirv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\432884754A1DC914E9071C51F289F134]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\DPInst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CD6C6A2298080B489C68D75F5E21DF7]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\ampmf\amp.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F8FD942BE41452479837D617845E4B2]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\aicam.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B7829E402A89EC46BF885B9B3BBA5DA]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79B8AA18248E0474C9259C1FC501671D]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\ampse\ampse.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BCF6D31F0156D544834723E418241F7]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\vsestmio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E24DCF95BC576E4AA53F5811974C107]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\aivsecon.def"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8011ACA1CAFA49542A715825C9D9F92D]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8EC7D182ACAC4314C9F7AF1A802AAF5D]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\aiscan.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\948CF7E6CC7AD694FAA2A6078FF0C0EF]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\vseapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9736A6A5549746C4E9F0FB9ABCB824A4]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A6E723742B5FF743AF1DCBA3130495D]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecqrt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A26B48D23715E514CBEFDCB036D17301]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\vsecdspc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C26973F2BA25D194F9D038EFE38EE52C]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\vseampc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFBD50F2AB57E5C47B42DD4A3C52CB24]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\aidef.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8406BBBD7B55BA4695C7A644D1D93EF]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\AmpVseApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F47D0614D4C44AD4A89493AD30C9B088]
"A4DABD03D6ABD9F4A80BF2C6B760214A"="C:\Program Files\Common Files\Authentium\AntiVirus5\antivir.def"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A4DABD03D6ABD9F4A80BF2C6B760214A\InstallProperties]
"HelpLink"="http://www.authentium.com/support/documentation.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A4DABD03D6ABD9F4A80BF2C6B760214A\InstallProperties]
"InstallLocation"="C:\Program Files\Common Files\Authentium\AntiVirus5\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A4DABD03D6ABD9F4A80BF2C6B760214A\InstallProperties]
"Publisher"="Authentium, Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A4DABD03D6ABD9F4A80BF2C6B760214A\InstallProperties]
"URLInfoAbout"="www.authentium.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A4DABD03D6ABD9F4A80BF2C6B760214A\InstallProperties]
"URLUpdateInfo"="www.authentium.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}]
"HelpLink"="http://www.authentium.com/support/documentation.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}]
"InstallLocation"="C:\Program Files\Common Files\Authentium\AntiVirus5\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}]
"Publisher"="Authentium, Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}]
"URLInfoAbout"="www.authentium.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}]
"URLUpdateInfo"="www.authentium.com"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AMPSE\Parameters]
"DefinitionFilesDir"="\??\C:\Program Files\Common Files\Authentium\AntiVirus5\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vseamps]
"ImagePath"=""C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsedsps]
"ImagePath"=""C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vseqrts]
"ImagePath"=""C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AMPSE\Parameters]
"DefinitionFilesDir"="\??\C:\Program Files\Common Files\Authentium\AntiVirus5\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vseamps]
"ImagePath"=""C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vsedsps]
"ImagePath"=""C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vseqrts]
"ImagePath"=""C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMPSE\Parameters]
"DefinitionFilesDir"="\??\C:\Program Files\Common Files\Authentium\AntiVirus5\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vseamps]
"ImagePath"=""C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsedsps]
"ImagePath"=""C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vseqrts]
"ImagePath"=""C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe""

Searching for "vse*"
No data found.

-= EOF =-

Jack&Jill

2011-10-24, 17:09

Hello gilmore :),

To be sure we get everything, I need you to run SystemLook again.

Repeat SystemLook

Double click on SystemLook.exe to run it.
Copy and paste the following text into the main textfield:

:filefind
*command*

:folderfind
*command*

:regfind
*command*

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}] /s

Click the Look button to start the scan. This might take a while.
When finished, a Notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your desktop as SystemLook.txt.

gilmore

2011-10-24, 20:24

SystemLook 30.07.11 by jpshortstuff
Log created at 13:14 on 24/10/2011 by Julie Goodwin
Administrator - Elevation successful

========== filefind ==========

Searching for "*command*"
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk --a---- 1459 bytes [21:51 11/04/2011] [18:04 10/08/2004] 203FE80767BC2BCC385C65D479491FD9
C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual C++ 2008 Express Edition\Visual Studio Tools\Visual Studio 2008 Command Prompt.lnk --a---- 1695 bytes [19:26 01/02/2010] [19:26 01/02/2010] F412D844DF98161781EF093264F946F7
C:\Documents and Settings\Dad\Start Menu\Programs\Accessories\Command Prompt.lnk --a---- 1459 bytes [16:07 12/08/2006] [18:04 10/08/2004] 203FE80767BC2BCC385C65D479491FD9
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Command Prompt.lnk --a--c- 1459 bytes [18:04 10/08/2004] [18:04 10/08/2004] 203FE80767BC2BCC385C65D479491FD9
C:\Documents and Settings\Guest\Start Menu\Programs\Accessories\Command Prompt.lnk --a--c- 1459 bytes [16:25 04/10/2006] [18:04 10/08/2004] 203FE80767BC2BCC385C65D479491FD9
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif --a--c- 159 bytes [18:45 30/01/2010] [18:45 30/01/2010] FF164EABA285C2E614EBFD967FEF9732
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_calculator_gif.gif --a--c- 317 bytes [18:45 30/01/2010] [18:45 30/01/2010] E7ACB20C8E56B1EFAD7DED3DC4DE35F5
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_excel_gif.gif --a--c- 111 bytes [18:45 30/01/2010] [18:45 30/01/2010] 68D5FB9046516B872BEB1AADF30EA86B
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_MsAccess_gif.gif --a--c- 95 bytes [18:45 30/01/2010] [18:45 30/01/2010] 095BEB6B08F7F24F33F56C56096BFD12
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_msnmessenger_gif.gif --a--c- 305 bytes [18:45 30/01/2010] [18:45 30/01/2010] A3E464E993C0C45AF0D94BD84AE3C5F8
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_notepad_gif.gif --a--c- 405 bytes [18:45 30/01/2010] [18:45 30/01/2010] 077089FFB4BF6554C885B0F49A4BE6C5
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_office_gif.gif --a--c- 155 bytes [18:45 30/01/2010] [18:45 30/01/2010] 9882F9A7CFAD12AC3CCBA0B17D4EE1DF
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_OutlookExpress_gif.gif --a--c- 411 bytes [18:45 30/01/2010] [18:45 30/01/2010] 4F7BC53CDB2B21F96C251C1F1AC19BAF
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_Outlook_gif.gif --a--c- 127 bytes [18:45 30/01/2010] [18:45 30/01/2010] 6ECB8335D7BDE23A66A49235DEEA9BF5
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_paint_gif.gif --a--c- 420 bytes [18:45 30/01/2010] [18:45 30/01/2010] 42EBAF2F8410D0967D65522B561FED25
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_powerpoint_gif.gif --a--c- 127 bytes [18:45 30/01/2010] [18:45 30/01/2010] 268465ED967348C69F50412768DE13C6
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_RegistryEditor_gif.gif --a--c- 142 bytes [18:45 30/01/2010] [18:45 30/01/2010] D8F68ED8F0AF6D52089C29343EB66A6C
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_winword_gif.gif --a--c- 125 bytes [18:45 30/01/2010] [18:45 30/01/2010] CD58F4779A272B7C41D0830BA80B772C
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_WMPlayer_gif.gif --a--c- 433 bytes [18:45 30/01/2010] [18:45 30/01/2010] 0E1907FEDB863CE6BB19A4580DC6B418
C:\Documents and Settings\Julie Goodwin\Start Menu\Programs\Accessories\Command Prompt.lnk --a---- 1555 bytes [22:10 11/08/2006] [06:00 01/10/2008] D4B86F86B9C4C59558CD07FF2B3558F2
C:\Documents and Settings\Madison\Start Menu\Programs\Accessories\Command Prompt.lnk --a---- 1459 bytes [16:08 12/08/2006] [18:04 10/08/2004] 203FE80767BC2BCC385C65D479491FD9
C:\Documents and Settings\PJG\Start Menu\Programs\Accessories\Command Prompt.lnk --a---- 1459 bytes [19:15 13/09/2011] [18:04 10/08/2004] 203FE80767BC2BCC385C65D479491FD9
C:\Documents and Settings\Sean\My Documents\Media Go\AutoBackup\PSP\Licenses\UP0005-NPUH90008_00-RTYPECOMMANDDEMO.rif --a---- 152 bytes [22:03 20/07/2010] [15:55 02/07/2010] 8EF0F11B4BD46D51FFB5E3733C7954B3
C:\Documents and Settings\Sean\Start Menu\Programs\Accessories\Command Prompt.lnk --a---- 1555 bytes [16:09 12/08/2006] [17:53 25/02/2009] CDEE64853468D82A670D184EA2BC05F4
C:\i386\Command Prompt.lnk --a--c- 1459 bytes [14:58 12/08/2006] [18:04 10/08/2004] 203FE80767BC2BCC385C65D479491FD9
C:\i386\command.com --a--c- 50620 bytes [14:58 12/08/2006] [10:00 04/08/2004] BE67D29CA914DE072D9971E3FFFC4050
C:\i386\Windows XP Menu Command.wav --a--c- 1404 bytes [15:08 12/08/2006] [10:00 04/08/2004] 53A172DDBD16AA7ACCEAD0F5B263B70F
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\CamerawindowCommand.dll --a--c- 86016 bytes [18:50 07/09/2005] [18:50 07/09/2005] 3B5B40658046B7348709B05DDA971BE4
C:\Program Files\Canon\CameraWindow\CameraWindowMC\CamerawindowCommandMC.dll --a--c- 90112 bytes [00:45 21/10/2005] [00:45 21/10/2005] E0F976CA3ECAF89D13ED94E714ED5F75
C:\Program Files\Canon\CameraWindow\CameraWindowMC\MyCamSettingsCommand.dll --a--c- 77824 bytes [18:50 07/09/2005] [18:50 07/09/2005] D62F32E1DDA3F25865DF17025D5F8733
C:\Program Files\Canon\RAW Image Task\RAWImageCommand.dll --a--c- 32768 bytes [19:27 06/10/2005] [19:27 06/10/2005] 0D33A5F9C32B82A830BC39CC6BEC0D7D
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbCommands.dll --a--c- 466944 bytes [13:59 16/11/2005] [13:59 16/11/2005] 556CBEDC866184777D48E7EA0EA5CEA2
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbCommands2.dll --a--c- 200817 bytes [14:02 16/11/2005] [14:02 16/11/2005] 29488A58E962CF321CAD08DE812549F2
C:\Program Files\Canon\ZoomBrowser EX\Program\ZBUI_Commands.dll --a--c- 905314 bytes [13:54 16/11/2005] [13:54 16/11/2005] 7EE14B27928AC1F7673AECACB173DB99
C:\Program Files\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\Microsoft.VisualStudio.CommandBars.dll --a--c- 69632 bytes [16:06 30/07/2008] [16:06 30/07/2008] 5F8AA17A2AA78CF039EF35193BE80D56
C:\Program Files\Daniusoft\Media Converter Ultimate\CommandQTPlayer.exe --a--c- 221696 bytes [02:00 30/12/2009] [20:06 22/12/2009] 75A42605BBDA22D7329241284C22E309
C:\Program Files\GIMP 2\share\gimp\2.0\help\en\gimp-layer-text-commands.html --a---- 6630 bytes [18:25 07/04/2011] [11:05 01/10/2009] F5FA8D39A20EF2274C58E00A119799AD
C:\Program Files\GIMP 2\share\gimp\2.0\help\en\images\menus\layer-text-commands.png --a---- 7439 bytes [18:26 07/04/2011] [00:28 14/10/2009] 6B1D6785DA1AF12A872754F597FA3932
C:\Program Files\Microsoft SQL Server\100\DTS\PipelineComponents\CommandDest.dll --a--c- 167960 bytes [00:28 11/07/2008] [00:28 11/07/2008] 9B125AE29FDDF115F34347018D43511D
C:\Program Files\Microsoft Visual Studio 9.0\VB\Snippets\1033\WPF\RoutedCommand.snippet --a--c- 1687 bytes [18:04 25/07/2007] [18:04 25/07/2007] 1E2B033A1124B7172ED895DFF788A261
C:\Program Files\Microsoft Visual Studio 9.0\VB\Snippets\1033\WPF\RoutedCommandHandlers.snippet --a--c- 2289 bytes [18:04 25/07/2007] [18:04 25/07/2007] 73C196C95AC7C1A80A0F333DC87BB57C
C:\Program Files\SoundSpectrum\WhiteCap\Resources\PythonLibraries\distutils\command\command_template --a--c- 719 bytes [01:02 05/04/2009] [01:02 05/04/2009] EA570E708A8B80CF49DEF0277E4D9956
C:\Program Files\TeenCoder_ComputerProgramming\Student\TeenCoder\ComputerProgramming\Chapter Sample Programs\chapter07\CommandLine\chapter07_CommandLine.c --a--c- 1701 bytes [06:43 11/12/2008] [18:58 01/02/2010] 2CAB46380CE9B1D3E0D9F596D2990956
C:\Program Files\TeenCoder_ComputerProgramming\Student\TeenCoder\ComputerProgramming\Chapter Sample Programs\chapter07\CommandLine\chapter07_CommandLine.vcproj --a--c- 4213 bytes [03:04 02/07/2008] [18:58 01/02/2010] 5FBB9EC293D3008E760BA6CA42557546
C:\Program Files\TeenCoder_ComputerProgramming\Teacher\TeenCoder\ComputerProgramming\Chapter Sample Programs\chapter07\CommandLine\chapter07_CommandLine.c --a--c- 1701 bytes [06:43 11/12/2008] [18:59 01/02/2010] 2CAB46380CE9B1D3E0D9F596D2990956
C:\Program Files\TeenCoder_ComputerProgramming\Teacher\TeenCoder\ComputerProgramming\Chapter Sample Programs\chapter07\CommandLine\chapter07_CommandLine.vcproj --a--c- 4213 bytes [03:04 02/07/2008] [18:59 01/02/2010] 5FBB9EC293D3008E760BA6CA42557546
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_1.txt --a--c- 18630 bytes [20:24 10/02/2003] [20:24 10/02/2003] 2EF8024FEF5B4B26B36DFC51B6AA0EF8
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_a.txt --a--c- 15935 bytes [20:24 10/02/2003] [20:24 10/02/2003] 287360560A1C3DA4CB93C45FA72F9B75
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_b.txt --a--c- 7546 bytes [20:24 10/02/2003] [20:24 10/02/2003] 9BB6E13FA4C89B2D9ADAA89BF176BF77
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_c.txt --a--c- 37118 bytes [20:24 10/02/2003] [20:24 10/02/2003] 6A822A23E34DBC9FC15492C4445F0360
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_d.txt --a--c- 115022 bytes [20:24 10/02/2003] [20:24 10/02/2003] 02B71835A4CAF5A6F93DFCE1A90A1004
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_e.txt --a--c- 8957 bytes [20:24 10/02/2003] [20:24 10/02/2003] 759220CBDB0A46EA47F61C375346B6D1
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_f.txt --a--c- 36800 bytes [20:24 10/02/2003] [20:24 10/02/2003] 5B16CD00CE3645AF0ED2C38DE55DE953
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_g.txt --a--c- 9019 bytes [20:24 10/02/2003] [20:24 10/02/2003] 8C9FAFA4152BB28532177730039B871A
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_i.txt --a--c- 9317 bytes [20:24 10/02/2003] [20:24 10/02/2003] FAB91B23AB3536E92A3A1149F8879119
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_l.txt --a--c- 3708 bytes [20:24 10/02/2003] [20:24 10/02/2003] F575173FB81F03E5782F93D14C0926CF
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_m.txt --a--c- 29795 bytes [20:24 10/02/2003] [20:24 10/02/2003] 2D6BDB37919B10FB788034572CB4EA99
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_n.txt --a--c- 18380 bytes [20:24 10/02/2003] [20:24 10/02/2003] 7001A4E55B799BE24868B1BD46EC2AD6
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_o.txt --a--c- 23564 bytes [20:24 10/02/2003] [20:24 10/02/2003] 93102D3BC70AE0173CFE94534ED48C43
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_p-q.txt --a--c- 10253 bytes [20:24 10/02/2003] [20:24 10/02/2003] 0A4F432117FC6E03F7487AD84E9028BE
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_r.txt --a--c- 50552 bytes [20:24 10/02/2003] [20:24 10/02/2003] D96C7B28C8E32A50704F6A4F35A3AF20
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_s.txt --a--c- 30068 bytes [20:24 10/02/2003] [20:24 10/02/2003] F4B1C7D073D6C69339382434BD9A2B75
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_t.txt --a--c- 7940 bytes [20:24 10/02/2003] [20:24 10/02/2003] 5803BDAC1FF9FA620FBDDB344497B175
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Macros\PSCommands_u-z.txt --a--c- 11285 bytes [20:24 10/02/2003] [20:24 10/02/2003] F4CF95D8B9AE61C96D703CA4C4140A54
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_a.txt --a--c- 14985 bytes [20:24 10/02/2003] [20:24 10/02/2003] F8D8225C3BBE35AC4B773F4A5FCB7758
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_b.txt --a--c- 22029 bytes [20:24 10/02/2003] [20:24 10/02/2003] 60EC95FB12DCE5CC50EA61BFB3B5DC6F
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_c.txt --a--c- 27803 bytes [20:24 10/02/2003] [20:24 10/02/2003] 1833933A4D11F8512AEC07387CC7DD4A
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_d.txt --a--c- 23345 bytes [20:24 10/02/2003] [20:24 10/02/2003] 7B2068FDEFECBE539EC5973FF63B23C0
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_e.txt --a--c- 21877 bytes [20:24 10/02/2003] [20:24 10/02/2003] 95A6326CDBD352DB8A78DF184C04C333
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_f.txt --a--c- 10285 bytes [20:24 10/02/2003] [20:24 10/02/2003] F81410BA85A3AFD387DC7FEDB97A3D27
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_g.txt --a--c- 2156 bytes [20:24 10/02/2003] [20:24 10/02/2003] 31235ACBED1E321F753CAA0CCF781DD0
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_h.txt --a--c- 1078 bytes [20:24 10/02/2003] [20:24 10/02/2003] 08236FA0BD157BA9879642D994FC5A4B
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_i.txt --a--c- 1959 bytes [20:24 10/02/2003] [20:24 10/02/2003] AA9269C8B23334B487CB7168EBE19E6B
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_j.txt --a--c- 351 bytes [20:24 10/02/2003] [20:24 10/02/2003] 4A8EBF59B0186413825ED9B4BDCD719A
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_k.txt --a--c- 1227 bytes [20:24 10/02/2003] [20:24 10/02/2003] B5DA1D3CF01F4574B4D153F59C64D371
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_l.txt --a--c- 4246 bytes [20:24 10/02/2003] [20:24 10/02/2003] 4DCEED7FB7B298E98A88FDA979E6B4C1
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_m.txt --a--c- 7628 bytes [20:24 10/02/2003] [20:24 10/02/2003] 8247825F62EC22082693F58C8DA0F2F4
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_n.txt --a--c- 1017 bytes [20:24 10/02/2003] [20:24 10/02/2003] 9DB595E96420C923A655158C96F57323
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_o.txt --a--c- 15237 bytes [20:24 10/02/2003] [20:24 10/02/2003] EBE03CD2D72C2BE96ABEE973E6910504
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_p.txt --a--c- 20863 bytes [20:24 10/02/2003] [20:24 10/02/2003] CA1F0FCE96960874584029A02DFE0476
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_q.txt --a--c- 2487 bytes [20:24 10/02/2003] [20:24 10/02/2003] 3B38778D1B4CB2BC027E354AA10BD5BF
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_r.txt --a--c- 4822 bytes [20:24 10/02/2003] [20:24 10/02/2003] DB35566E3C83E8F097EC806C2FC0DB5E
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_s-set.txt --a--c- 79462 bytes [20:24 10/02/2003] [20:24 10/02/2003] 8A5EA280C32A6536115E588587049E47
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_sf-sz.txt --a--c- 20641 bytes [20:24 10/02/2003] [20:24 10/02/2003] E9B8AA78C72EE5A56CA4657D2EDE2177
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_t.txt --a--c- 7193 bytes [20:24 10/02/2003] [20:24 10/02/2003] F0157F6862829C48D87116195DA8B17A
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_u-v.txt --a--c- 1684 bytes [20:24 10/02/2003] [20:24 10/02/2003] 7B48B5B1CFBB7D881AAD15AB3F773831
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\Presentations\Macros\PRcommands_w-z.txt --a--c- 3167 bytes [20:24 10/02/2003] [20:24 10/02/2003] 151A4FD1F0976068EACCA766EE6D54B9
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_a.txt --a--c- 827 bytes [20:50 10/02/2003] [20:50 10/02/2003] FC45CBBA6C4EAF6078A77F88B6E10B78
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_b.txt --a--c- 20883 bytes [20:50 10/02/2003] [20:50 10/02/2003] 89C47439FCCD45DF5447925E84633E18
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_c.txt --a--c- 7829 bytes [20:50 10/02/2003] [20:50 10/02/2003] FA52F472582AF8CB4A9873DC49E63E7D
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_d.txt --a--c- 6437 bytes [20:50 10/02/2003] [20:50 10/02/2003] 51BE9B48158DCD9789A405BD2B6782C6
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_e.txt --a--c- 501 bytes [20:50 10/02/2003] [20:50 10/02/2003] D12DB7F2F0DBE6302C3007B0F7881CE2
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_f.txt --a--c- 7209 bytes [20:50 10/02/2003] [20:50 10/02/2003] 18DCBF816C6283C1C399E961817FFDDC
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_g.txt --a--c- 3922 bytes [20:50 10/02/2003] [20:50 10/02/2003] E9D8129CF1049318536DB4C41015B0F3
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_h.txt --a--c- 1446 bytes [20:50 10/02/2003] [20:50 10/02/2003] CF8F734A1E33C827523AD2CA0B37CC0D
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_i.txt --a--c- 2578 bytes [20:50 10/02/2003] [20:50 10/02/2003] 3E02555F64D26E180F90E562E78CBC06
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_j-k.txt --a--c- 428 bytes [20:50 10/02/2003] [20:50 10/02/2003] CF247F3C58A1F97ADCC7C624E699B85D
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_l.txt --a--c- 3856 bytes [20:50 10/02/2003] [20:50 10/02/2003] 2A00EAC593FAB9E4DCAC31809E9A8B60
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_m.txt --a--c- 723 bytes [20:50 10/02/2003] [20:50 10/02/2003] 865911FB56E5AB101CB17CFE0128D4A2
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_n-o.txt --a--c- 750 bytes [20:50 10/02/2003] [20:50 10/02/2003] 3C3A6CE9CBE2EDA60D1EF854A183295B
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_p.txt --a--c- 5531 bytes [20:50 10/02/2003] [20:50 10/02/2003] 040CE0B75EE32DEFA7F63A1862D12C36
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_q-r.txt --a--c- 1541 bytes [20:50 10/02/2003] [20:50 10/02/2003] 74B9C18BAC097C6869CA74574E62CD4E
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_s.txt --a--c- 5371 bytes [20:50 10/02/2003] [20:50 10/02/2003] 89E25FAEB537186AF70B5755DD06A461
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_t.txt --a--c- 5886 bytes [20:50 10/02/2003] [20:50 10/02/2003] 6F7D6DF3AC118FD5ABDCB6835B725144
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_u-v.txt --a--c- 3285 bytes [20:50 10/02/2003] [20:50 10/02/2003] DE17871ABDF47D675699233E8BA014A0
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_1_w-z.txt --a--c- 2488 bytes [20:50 10/02/2003] [20:50 10/02/2003] 088AC64139D27FD77FB5B5662AD942F7
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_a.txt --a--c- 15800 bytes [20:50 10/02/2003] [20:50 10/02/2003] 00C97072FD7EAFC6A68E66D4FAB9E089
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_b.txt --a--c- 51509 bytes [20:50 10/02/2003] [20:50 10/02/2003] C2F34B9C7229763FF70092B4FCA65AD8
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_c.txt --a--c- 18249 bytes [20:50 10/02/2003] [20:50 10/02/2003] C30923DD6C94A6E2F5CA3261F8B89E68
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_d.txt --a--c- 25830 bytes [20:50 10/02/2003] [20:50 10/02/2003] FF3C1E16A06A53A66A6C8EF6730E3DE9
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_e.txt --a--c- 7810 bytes [20:50 10/02/2003] [20:50 10/02/2003] 5FE1320BDB6AED778630D45449AC4698
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_f.txt --a--c- 30094 bytes [20:50 10/02/2003] [20:50 10/02/2003] 42D3DEE501BC349EF2247777B280EC54
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_g.txt --a--c- 11789 bytes [20:50 10/02/2003] [20:50 10/02/2003] C8630CD03D065AA7D2BDD2DFAF668C21
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_h.txt --a--c- 9957 bytes [20:50 10/02/2003] [20:50 10/02/2003] 84AF7ECABC6FFEEDCB577477E1E587ED
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_i.txt --a--c- 14827 bytes [20:50 10/02/2003] [20:50 10/02/2003] B8D55489927423F553C2AB00CA90C048
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_j-k.txt --a--c- 2123 bytes [20:50 10/02/2003] [20:50 10/02/2003] EAD84D1CF378DE4FC0FD2E569BA66D8C
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_l.txt --a--c- 24333 bytes [20:50 10/02/2003] [20:50 10/02/2003] 48EA1B9B15F910B3D62CF70DA2F5E0C5
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_m.txt --a--c- 26153 bytes [20:50 10/02/2003] [20:50 10/02/2003] 1E5B2AB2DE486B5BDC706E9CCA1C12ED
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_n.txt --a--c- 397 bytes [20:50 10/02/2003] [20:50 10/02/2003] 5882BFE50083A9B7691E4B0128AE4CBF
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_o.txt --a--c- 28006 bytes [20:50 10/02/2003] [20:50 10/02/2003] 6551ACA0254E9074E1BB0FCFB7231431
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_p-pref.txt --a--c- 48471 bytes [20:50 10/02/2003] [20:50 10/02/2003] 3B69BB46CC6B96889C0112F0D89849EF
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_pr-pz.txt --a--c- 16993 bytes [20:50 10/02/2003] [20:50 10/02/2003] 554F46BCB3820723664EB2075C0586D8
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_q.txt --a--c- 6203 bytes [20:50 10/02/2003] [20:50 10/02/2003] 4421985F81F6E89A53C55543F58573E3
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_r.txt --a--c- 11759 bytes [20:50 10/02/2003] [20:50 10/02/2003] B2620062958726A9FBC733950B031A40
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_s-sel.txt --a--c- 13822 bytes [20:50 10/02/2003] [20:50 10/02/2003] 5F34F3529DB19D8FA18AF6BA2AF711B0
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_set-sg.txt --a--c- 33963 bytes [20:50 10/02/2003] [20:50 10/02/2003] C2240A24111A70C59793D682703F7536
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_sh-sz.txt --a--c- 30063 bytes [20:50 10/02/2003] [20:50 10/02/2003] 578EE1EB717159434ECCE2553CEA2BF9
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_t-tab.txt --a--c- 48394 bytes [20:50 10/02/2003] [20:50 10/02/2003] 17C556C4E7B13C498E5EDAF5005F7F4E
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_tb-tz.txt --a--c- 24596 bytes [20:50 10/02/2003] [20:50 10/02/2003] 9997BA436E8C9A724694EE1C07041CC3
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_u-v.txt --a--c- 3906 bytes [20:50 10/02/2003] [20:50 10/02/2003] 4B157CBCD541348FF0288CBD62244712
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_w.txt --a--c- 17035 bytes [20:50 10/02/2003] [20:50 10/02/2003] CFD640F30B8FEA4BD36D5D78A8E00F4A
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\WordPerfect\Macros\WPcommands_x-z.txt --a--c- 678 bytes [20:50 10/02/2003] [20:50 10/02/2003] F1B02EA7456B84F9BA794200D931CA54
C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommandBars.dll --a--c- 69632 bytes [19:23 01/02/2010] [19:23 01/02/2010] 5F8AA17A2AA78CF039EF35193BE80D56
C:\WINDOWS\Media\Windows XP Menu Command.wav --a--c- 1404 bytes [17:51 10/08/2004] [10:00 04/08/2004] 53A172DDBD16AA7ACCEAD0F5B263B70F
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConsumerCommands.xml --a--c- 666 bytes [16:00 02/07/2001] [16:00 02/07/2001] 328DACC2C53BDA708F40C56F646022B4
C:\WINDOWS\speech\Xcommand.dll --a--c- 128000 bytes [20:19 12/01/1999] [20:19 12/01/1999] 198C46362E9E7742F7EFAFD936624BED
C:\WINDOWS\system32\command.com ------- 50620 bytes [17:50 10/08/2004] [10:00 04/08/2004] BE67D29CA914DE072D9971E3FFFC4050
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Command Prompt.lnk --a--c- 1459 bytes [18:07 10/08/2004] [18:04 10/08/2004] 203FE80767BC2BCC385C65D479491FD9

========== folderfind ==========

Searching for "*command*"
C:\Program Files\Setup NetZero\fscommand d------ [16:04 22/08/2006]
C:\Program Files\SoundSpectrum\WhiteCap\Resources\PythonLibraries\distutils\command d------ [21:32 08/04/2010]
C:\Program Files\TeenCoder_ComputerProgramming\Student\TeenCoder\ComputerProgramming\Chapter Sample Programs\chapter07\CommandLine d------ [18:58 01/02/2010]
C:\Program Files\TeenCoder_ComputerProgramming\Teacher\TeenCoder\ComputerProgramming\Chapter Sample Programs\chapter07\CommandLine d------ [18:59 01/02/2010]
C:\Program Files\WordPerfect Office 12\Shared\Help\Accessibility\PerfectScript\Command center d------ [13:07 09/08/2006]
C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.CommandBars d------ [19:26 01/02/2010]

========== regfind ==========

Searching for "*command*"
No data found.

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="5.2.9"
"HelpLink"="http://www.authentium.com/support/documentation.html"
"HelpTelephone"=""
"InstallDate"="20110926"
"InstallLocation"="C:\Program Files\Common Files\Authentium\AntiVirus5\"
"InstallSource"="C:\DOCUME~1\JULIEG~1\LOCALS~1\Temp\cd11.tmp\2009 codebase\installers\cdinstaller16\bin\runtime\build_script\TEMPONLYSOURCE\AUTH\x86\"
"ModifyPath"="MsiExec.exe /X{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}"
"NoModify"= 0x0000000001 (1)
"Publisher"="Authentium, Inc"
"Readme"=""
"Size"=""
"EstimatedSize"= 0x0000001b61 (7009)
"SystemComponent"= 0x0000000001 (1)
"UninstallString"="MsiExec.exe /X{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}"
"URLInfoAbout"="www.authentium.com"
"URLUpdateInfo"="www.authentium.com"
"VersionMajor"= 0x0000000005 (5)
"VersionMinor"= 0x0000000002 (2)
"WindowsInstaller"= 0x0000000001 (1)
"Version"= 0x0005020009 (84017161)
"Language"= 0x0000000409 (1033)
"DisplayName"="AVSDK5"

-= EOF =-

Jack&Jill

2011-10-25, 04:07

Hello gilmore :),

Thanks for hanging on there.

Repeat SystemLook

Double click on SystemLook.exe to run it.
Copy and paste the following text into the main textfield:

:regfind
*{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}]*

Click the Look button to start the scan. This might take a while.
When finished, a Notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your desktop as SystemLook.txt.

--------------------

To remove AVSDK5, lets try the simple way first.

Go to Start > Run.... Copy and paste the following text into the white box:

MsiExec.exe /X {30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4} /qn /l* "%userprofile%\desktop\uninstall.log"
Click OK.
Follow the prompts. A log will be created on the desktop when done, named uninstall.log.
Please post the contents of this log.

--------------------

Please post back:
1. SystemLook log
2. uninstall log

gilmore

2011-10-26, 05:56

SystemLook 30.07.11 by jpshortstuff
Log created at 22:52 on 25/10/2011 by Julie Goodwin
Administrator - Elevation successful

========== regfind ==========

Searching for "*{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}]*"
No data found.

-= EOF =-

=== Logging started: 10/25/2011 22:54:15 ===
Action start 22:54:15: INSTALL.
Action start 22:54:15: WiseGetIeVersion.
Action ended 22:54:15: WiseGetIeVersion. Return value 1.
Action start 22:54:15: AppSearch.
Action ended 22:54:15: AppSearch. Return value 1.
Action start 22:54:15: FindRelatedProducts.
Action ended 22:54:15: FindRelatedProducts. Return value 0.
Action start 22:54:15: WiseUpgradeCheckEx.
Action ended 22:54:15: WiseUpgradeCheckEx. Return value 1.
Action start 22:54:15: WiseUpgradeCheck.
Action ended 22:54:15: WiseUpgradeCheck. Return value 1.
Action start 22:54:15: LaunchConditions.
Action ended 22:54:15: LaunchConditions. Return value 1.
Action start 22:54:15: WiseSetProfilesFolder.
Action ended 22:54:15: WiseSetProfilesFolder. Return value 1.
Action start 22:54:15: ValidateProductID.
Action ended 22:54:15: ValidateProductID. Return value 1.
Action start 22:54:15: CostInitialize.
Action ended 22:54:16: CostInitialize. Return value 1.
Action start 22:54:16: FileCost.
Action ended 22:54:16: FileCost. Return value 1.
Action start 22:54:16: IsolateComponents.
Action ended 22:54:16: IsolateComponents. Return value 1.
Action start 22:54:16: CostFinalize.
Action ended 22:54:16: CostFinalize. Return value 1.
Action start 22:54:16: SetODBCFolders.
Action ended 22:54:16: SetODBCFolders. Return value 1.
Action start 22:54:16: MigrateFeatureStates.
Action ended 22:54:16: MigrateFeatureStates. Return value 0.
Action start 22:54:16: SetARPINSTALLLOCATION.
Action ended 22:54:16: SetARPINSTALLLOCATION. Return value 1.
Action start 22:54:16: InstallValidate.
Info 1603. The file C:\Program Files\Common Files\Authentium\AntiVirus5\vseapi.dll is being held in use by the following process: Name: vseqrts, Id: 2236, Window Title: '(not determined yet)'. Close that application and retry.
Info 1603. The file C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe is being held in use by the following process: Name: vsedsps, Id: 2156, Window Title: '(not determined yet)'. Close that application and retry.
Info 1603. The file C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe is being held in use by the following process: Name: vseamps, Id: 2196, Window Title: '(not determined yet)'. Close that application and retry.
Info 1603. The file C:\Program Files\Common Files\Authentium\AntiVirus5\vseampc.dll is being held in use by the following process: Name: vseqrts, Id: 2236, Window Title: '(not determined yet)'. Close that application and retry.
Info 1603. The file C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe is being held in use by the following process: Name: vseqrts, Id: 2236, Window Title: '(not determined yet)'. Close that application and retry.
Info 1603. The file C:\Program Files\Common Files\Authentium\AntiVirus5\AmpVseApi.dll is being held in use by the following process: Name: vseamps, Id: 2196, Window Title: '(not determined yet)'. Close that application and retry.
Action ended 22:54:26: InstallValidate. Return value 1.
Action start 22:54:26: CheckExistingProducts.
DEBUG: Error 2769: Custom Action CheckExistingProducts did not close 1 MSIHANDLEs.
Internal Error 2769. CheckExistingProducts, 1
Action ended 22:54:26: CheckExistingProducts. Return value 1.
Action start 22:54:26: RemoveExistingProducts.
Action ended 22:54:26: RemoveExistingProducts. Return value 0.
Action start 22:54:26: InstallInitialize.
Action ended 22:54:27: InstallInitialize. Return value 1.
Action start 22:54:27: Legacy_ProcessUninstallAmpDriver.C0BB2772_51B4_402D_8BA8_71283A6DEDF3.
Action ended 22:54:27: Legacy_ProcessUninstallAmpDriver.C0BB2772_51B4_402D_8BA8_71283A6DEDF3. Return value 1.
Action start 22:54:27: Legacy_ProcessInstallAmpDriver.C0BB2772_51B4_402D_8BA8_71283A6DEDF3.
Action ended 22:54:27: Legacy_ProcessInstallAmpDriver.C0BB2772_51B4_402D_8BA8_71283A6DEDF3. Return value 1.
Action start 22:54:27: SendBeginUpdate.
Action ended 22:54:27: SendBeginUpdate. Return value 1.
Action start 22:54:27: ProcessComponents.
Action ended 22:54:27: ProcessComponents. Return value 1.
Action start 22:54:27: UnpublishComponents.
Action ended 22:54:27: UnpublishComponents. Return value 1.
Action start 22:54:27: MsiUnpublishAssemblies.
Action ended 22:54:27: MsiUnpublishAssemblies. Return value 1.
Action start 22:54:27: UnpublishFeatures.
Action ended 22:54:27: UnpublishFeatures. Return value 1.
Action start 22:54:27: StopServices.
Action ended 22:54:27: StopServices. Return value 1.
Action start 22:54:27: AV5StopAmpDriver.C0BB2772_51B4_402D_8BA8_71283A6DEDF3.
Action ended 22:54:27: AV5StopAmpDriver.C0BB2772_51B4_402D_8BA8_71283A6DEDF3. Return value 1.
Action start 22:54:27: Legacy_UninstallAmpDriver.C0BB2772_51B4_402D_8BA8_71283A6DEDF3.
Action ended 22:54:27: Legacy_UninstallAmpDriver.C0BB2772_51B4_402D_8BA8_71283A6DEDF3. Return value 1.
Action start 22:54:27: DeleteServices.
Action ended 22:54:27: DeleteServices. Return value 1.
Action start 22:54:27: UnregisterComPlus.
Action ended 22:54:27: UnregisterComPlus. Return value 1.
Action start 22:54:27: SelfUnregModules.
Action ended 22:54:27: SelfUnregModules. Return value 1.
Action start 22:54:27: UnregisterTypeLibraries.
Action ended 22:54:27: UnregisterTypeLibraries. Return value 1.
Action start 22:54:27: RemoveODBC.
Action ended 22:54:27: RemoveODBC. Return value 1.
Action start 22:54:27: UnregisterFonts.
Action ended 22:54:27: UnregisterFonts. Return value 1.
Action start 22:54:27: RemoveRegistryValues.
Action ended 22:54:27: RemoveRegistryValues. Return value 1.
Action start 22:54:27: UnregisterClassInfo.
Action ended 22:54:27: UnregisterClassInfo. Return value 1.
Action start 22:54:27: UnregisterExtensionInfo.
Action ended 22:54:27: UnregisterExtensionInfo. Return value 1.
Action start 22:54:27: UnregisterProgIdInfo.
Action ended 22:54:27: UnregisterProgIdInfo. Return value 1.
Action start 22:54:27: UnregisterMIMEInfo.
Action ended 22:54:27: UnregisterMIMEInfo. Return value 1.
Action start 22:54:27: RemoveIniValues.
Action ended 22:54:27: RemoveIniValues. Return value 1.
Action start 22:54:27: RemoveShortcuts.
Action ended 22:54:27: RemoveShortcuts. Return value 1.
Action start 22:54:27: RemoveEnvironmentStrings.
Action ended 22:54:27: RemoveEnvironmentStrings. Return value 1.
Action start 22:54:27: RemoveDuplicateFiles.
Action ended 22:54:27: RemoveDuplicateFiles. Return value 1.
Action start 22:54:27: RemoveFiles.
Action ended 22:54:27: RemoveFiles. Return value 1.
Action start 22:54:27: RemoveFolders.
Action ended 22:54:27: RemoveFolders. Return value 1.
Action start 22:54:27: CreateFolders.
Action ended 22:54:27: CreateFolders. Return value 1.
Action start 22:54:27: MoveFiles.
Action ended 22:54:27: MoveFiles. Return value 1.
Action start 22:54:27: InstallFiles.
Action ended 22:54:27: InstallFiles. Return value 1.
Action start 22:54:27: PatchFiles.
Action ended 22:54:27: PatchFiles. Return value 0.
Action start 22:54:27: DuplicateFiles.
Action ended 22:54:27: DuplicateFiles. Return value 1.
Action start 22:54:27: BindImage.
Action ended 22:54:27: BindImage. Return value 1.
Action start 22:54:27: CreateShortcuts.
Action ended 22:54:27: CreateShortcuts. Return value 1.
Action start 22:54:27: RegisterClassInfo.
Action ended 22:54:27: RegisterClassInfo. Return value 1.
Action start 22:54:27: RegisterExtensionInfo.
Action ended 22:54:27: RegisterExtensionInfo. Return value 1.
Action start 22:54:27: RegisterProgIdInfo.
Action ended 22:54:27: RegisterProgIdInfo. Return value 1.
Action start 22:54:27: RegisterMIMEInfo.
Action ended 22:54:27: RegisterMIMEInfo. Return value 1.
Action start 22:54:27: WriteRegistryValues.
Action ended 22:54:27: WriteRegistryValues. Return value 1.
Action start 22:54:27: WriteIniValues.
Action ended 22:54:27: WriteIniValues. Return value 1.
Action start 22:54:27: WriteEnvironmentStrings.
Action ended 22:54:27: WriteEnvironmentStrings. Return value 1.
Action start 22:54:27: RegisterFonts.
Action ended 22:54:27: RegisterFonts. Return value 1.
Action start 22:54:27: InstallODBC.
Action ended 22:54:27: InstallODBC. Return value 0.
Action start 22:54:27: RegisterTypeLibraries.
Action ended 22:54:27: RegisterTypeLibraries. Return value 1.
Action start 22:54:27: SelfRegModules.
Action ended 22:54:27: SelfRegModules. Return value 1.
Action start 22:54:27: RegisterComPlus.
Action ended 22:54:27: RegisterComPlus. Return value 1.
Action start 22:54:27: InstallServices.
Action ended 22:54:27: InstallServices. Return value 1.
Action start 22:54:27: StartServices.
Action ended 22:54:27: StartServices. Return value 1.
Action start 22:54:27: RegisterUser.
Action ended 22:54:27: RegisterUser. Return value 0.
Action start 22:54:27: RegisterProduct.
Action ended 22:54:27: RegisterProduct. Return value 1.
Action start 22:54:27: PublishComponents.
Action ended 22:54:27: PublishComponents. Return value 1.
Action start 22:54:27: MsiPublishAssemblies.
Action ended 22:54:27: MsiPublishAssemblies. Return value 1.
Action start 22:54:27: PublishFeatures.
Action ended 22:54:27: PublishFeatures. Return value 1.
Action start 22:54:27: PublishProduct.
Action ended 22:54:27: PublishProduct. Return value 1.
Action start 22:54:27: InstallFinalize.
Action ended 22:54:37: InstallFinalize. Return value 1.
Action start 22:54:37: LogReboot.
Action ended 22:54:37: LogReboot. Return value 1.
Action ended 22:54:37: INSTALL. Return value 1.
Property(S): Description = AVSDK5 32-bit COM
Property(S): DiskPrompt = [ProductName] [1]
Property(S): UpgradeCode = {E7A82D32-C3A5-40C6-8369-834B631B8876}
Property(S): InstallMode = Custom
Property(S): ProductCode = {30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}
Property(S): ProductName = AVSDK5
Property(S): ProductVersion = 5.2.9
Property(S): Manufacturer = Authentium, Inc
Property(S): ARPURLINFOABOUT = www.authentium.com
Property(S): ReinstallFileOlderVersion = o
Property(S): ReinstallRepair = r
Property(S): ErrorDialog = ErrorDialog
Property(S): Accept = No
Property(S): _WiseDebugMode = 0
Property(S): ProductID = none
Property(S): ARPURLUPDATEINFO = www.authentium.com
Property(S): SecureCustomProperties = INSTALLDIR;UPGRADE_AUTHENTIUM;UPGRADE_AVSDK2;UPGRADE_CSAV;IEVERSION;DEFS
Property(S): PIDTemplate = 12345<###-%%%%%%%>@@@@@
Property(S): WiseInitSpaceError = Could not create temporary file, not enough free temporary disk space. Please free up disk space and rerun this installation.
Property(S): WiseInitPrefix = Initializing
Property(S): ApplicationUsers = AllUsers
Property(S): DefaultUIFont = Arial10
Property(S): _WiseDialogSuffix = Setup
Property(S): WiseInitAdminError = You must have administrator rights to run this installation. Please login as an administrator and re-run this installation.
Property(S): WiseCRLF =

Property(S): APPS_TEST = 1
Property(S): WiseInitExistError = %s Version %s is already installed. You must uninstall the existing version before installing %s Version %s. Do you want to uninstall the existing version of %s?
Property(S): ProductLanguage = 1033
Property(S): INSTALLLEVEL = 3
Property(S): WiseInitSuffix = Wizard...
Property(S): WiseEditorVersion = 7.3.0.250
Property(S): AVDllRegLocation = SOFTWARE\Authentium\AntiVirus5
Property(S): PALMUSERS = 0
Property(S): MaintenanceMode = Modify
Property(S): WiseInitLangDefault = English,1033
Property(S): _WiseDialogFontDefault = {&MSSansSerif8}
Property(S): _WiseDialogTitleFontDefault = {&Arial8}
Property(S): ReinstallFileVersion = o
Property(S): MsiHiddenProperties = WISE_SQL_CONN_STR
Property(S): ALLUSERS = 1
Property(S): ARPNOMODIFY = 1
Property(S): ARPHELPLINK = http://www.authentium.com/support/documentation.html
Property(S): ARPSYSTEMCOMPONENT = 1
Property(S): TARGETDIR = G:\
Property(S): StartMenuFolder = C:\Documents and Settings\All Users\Start Menu\
Property(S): ProgramMenuFolder = C:\Documents and Settings\All Users\Start Menu\Programs\
Property(S): INSTALLDIR = C:\Program Files\Common Files\Authentium\AntiVirus5\
Property(S): INSTALLDIR32 = C:\Program Files\Common Files\Authentium\AntiVirus5\
Property(S): WindowsFolder = C:\WINDOWS\
Property(S): WinSxS = C:\WINDOWS\
Property(S): CommonAppDataFolder = C:\Documents and Settings\All Users\Application Data\
Property(S): ProfilesFolder = C:\Documents and Settings\
Property(S): NetHoodFolder = C:\Documents and Settings\Julie Goodwin\NetHood\
Property(S): FontsFolder = C:\WINDOWS\Fonts\
Property(S): ProgramFiles64Folder = G:\
Property(S): CommonFiles64Folder = G:\
Property(S): SystemFolder = C:\WINDOWS\system32\
Property(S): System16Folder = C:\WINDOWS\system\
Property(S): LocalAppDataFolder = C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\
Property(S): Authentium = C:\Program Files\Common Files\Authentium\
Property(S): GAC = G:\
Property(S): CommonFilesFolder = C:\Program Files\Common Files\
Property(S): CAVfolder = C:\Program Files\Common Files\Authentium\AntiVirus5\000\
Property(S): StartupFolder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Property(S): DesktopFolder = C:\Documents and Settings\All Users\Desktop\
Property(S): TempFolder = C:\DOCUME~1\JULIEG~1\LOCALS~1\Temp\
Property(S): WWWROOT = G:\
Property(S): ProgramFilesFolder = C:\Program Files\
Property(S): RecentFolder = C:\Documents and Settings\Julie Goodwin\Recent\
Property(S): System64Folder = C:\WINDOWS\
Property(S): PrintHoodFolder = C:\Documents and Settings\Julie Goodwin\PrintHood\
Property(S): VersionNT = 501
Property(S): USERNAME =
Property(S): COMPANYNAME =
Property(S): Installed = 2010/04/08 15:53:46
Property(S): ARPINSTALLLOCATION = C:\Program Files\Common Files\Authentium\AntiVirus5\
Property(S): INSTALLDIR.17E2EF38_2E1F_452C_8F93_F8EC9BCACF8E = C:\Program Files\Common Files\Authentium\AntiVirus5\
Property(S): INSTALLDIR.BD92E6C2_D7D5_4E89_9C2F_94260872EF88 = C:\Program Files\Common Files\Authentium\AntiVirus5\
Property(S): INSTALLDIR.DE58E3A5_700E_48BA_8066_D1FAB63E5CA6 = C:\Program Files\Common Files\Authentium\AntiVirus5\
Property(S): ampmf.C0BB2772_51B4_402D_8BA8_71283A6DEDF3 = C:\Program Files\Common Files\Authentium\AntiVirus5\ampmf\
Property(S): ampse.C0BB2772_51B4_402D_8BA8_71283A6DEDF3 = C:\Program Files\Common Files\Authentium\AntiVirus5\ampse\
Property(S): INSTALLDIR.0F47F3DF_D363_4023_A123_227C1EE64D53 = C:\Program Files\Common Files\Authentium\AntiVirus5\
Property(S): INSTALLDIR.C0BB2772_51B4_402D_8BA8_71283A6DEDF3 = C:\Program Files\Common Files\Authentium\AntiVirus5\
Property(S): ampapix.C0BB2772_51B4_402D_8BA8_71283A6DEDF3 = C:\Program Files\Common Files\Authentium\AntiVirus5\ampapix\
Property(S): SystemFolder.C0BB2772_51B4_402D_8BA8_71283A6DEDF3 = C:\WINDOWS\system32\
Property(S): DriverFolder.C0BB2772_51B4_402D_8BA8_71283A6DEDF3 = C:\WINDOWS\system32\Drivers\
Property(S): Legacy_UninstallAmpDriver.C0BB2772_51B4_402D_8BA8_71283A6DEDF3 = DriverFolder=C:\WINDOWS\system32\Drivers\
Property(S): Legacy_InstallAmpDriver.C0BB2772_51B4_402D_8BA8_71283A6DEDF3 = DriverFolder=C:\WINDOWS\system32\Drivers\;ampFolder=C:\Program Files\Common Files\Authentium\AntiVirus5\ampmf\;ampseFolder=C:\Program Files\Common Files\Authentium\AntiVirus5\ampse\
Property(S): DRIVERVERSION.C0BB2772_51B4_402D_8BA8_71283A6DEDF3 = AMPMF
Property(S): INSTALLDIR.F488618B_2D9C_4D44_819E_BB3E70FE4134 = C:\Program Files\Common Files\Authentium\AntiVirus5\
Property(S): INSTALLDIR.F65ED9BA_4942_4096_8143_D1CEF01CCE05 = C:\Program Files\Common Files\Authentium\AntiVirus5\
Property(S): INSTALLDIR.64606A93_EE39_4108_9393_8DCDDDD79F61 = C:\Program Files\Common Files\Authentium\AntiVirus5\
Property(S): INSTALLDIR.54984205_1427_4282_B7D6_396655017CEC = C:\Program Files\Common Files\Authentium\AntiVirus5\
Property(S): MsiLogFileLocation = C:\Documents and Settings\Julie Goodwin\desktop\uninstall.log
Property(S): PackageCode = {E72896B8-FCA1-4168-87C5-6C45A2117BA3}
Property(S): ProductState = 5
Property(S): REMOVE = ALL
Property(S): CURRENTDIRECTORY = C:\Documents and Settings\Julie Goodwin
Property(S): CLIENTUILEVEL = 3
Property(S): CLIENTPROCESSID = 3416
Property(S): PRODUCTLANGUAGE = 1033
Property(S): VersionDatabase = 200
Property(S): VersionMsi = 4.05
Property(S): WindowsBuild = 2600
Property(S): ServicePackLevel = 3
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 1
Property(S): MsiNTSuitePersonal = 1
Property(S): WindowsVolume = C:\
Property(S): RemoteAdminTS = 1
Property(S): AppDataFolder = C:\Documents and Settings\Julie Goodwin\Application Data\
Property(S): FavoritesFolder = C:\Documents and Settings\Julie Goodwin\Favorites\
Property(S): PersonalFolder = C:\Documents and Settings\Julie Goodwin\My Documents\
Property(S): SendToFolder = C:\Documents and Settings\Julie Goodwin\SendTo\
Property(S): TemplateFolder = C:\Documents and Settings\All Users\Templates\
Property(S): MyPicturesFolder = C:\Documents and Settings\Julie Goodwin\My Documents\My Pictures\
Property(S): AdminToolsFolder = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): Intel = 15
Property(S): PhysicalMemory = 1014
Property(S): VirtualMemory = 1952
Property(S): AdminUser = 1
Property(S): LogonUser = Julie Goodwin
Property(S): UserSID = S-1-5-21-445805364-3330646574-2944345798-1006
Property(S): UserLanguageID = 1033
Property(S): ComputerName = HOMESCHOOL
Property(S): SystemLanguageID = 1033
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 26
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 22:54:37
Property(S): Date = 10/25/2011
Property(S): MsiNetAssemblySupport = 2.0.50727.3053
Property(S): MsiWin32AssemblySupport = 5.1.2600.5512
Property(S): RedirectedDllSupport = 2
Property(S): Privileged = 1
Property(S): DATABASE = C:\WINDOWS\Installer\250263.msi
Property(S): OriginalDatabase = C:\WINDOWS\Installer\250263.msi
Property(S): UILevel = 2
Property(S): Preselected = 1
Property(S): ACTION = INSTALL
Property(S): IEVERSION = 700
Property(S): IEVERSIONEX = 7.0.5730.11
Property(S): ROOTDRIVE = G:\
Property(S): CostingComplete = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
MSI (s) (48:3C) [22:54:37:421]: Product: AVSDK5 -- Removal completed successfully.

MSI (s) (48:3C) [22:54:37:421]: Windows Installer removed the product. Product Name: AVSDK5. Product Version: 5.2.9. Product Language: 1033. Removal success or error status: 0.

=== Logging stopped: 10/25/2011 22:54:37 ===

Jack&Jill

2011-10-26, 15:18

Hello gilmore :),

It appears AVSDK5 got removed, although there seems to be some hiccups along the way. Could you confirm it is uninstalled?

Please run DDS again and post both logs.

gilmore

2011-10-30, 00:25

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_27
Run by Julie Goodwin at 17:17:09 on 2011-10-29
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKCU-RunOnce
mRun: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-Run
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [PCLEUSBTip] c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-RunOnce
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\STProxy.dll
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://rescam1.b2science.org/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F815C68-606F-4179-9E43-F7E95177B20C} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\julie goodwin\application data\mozilla\firefox\profiles\07mj6jjm.default\
FF - plugin: c:\documents and settings\julie goodwin\application data\mozilla\firefox\profiles\07mj6jjm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: d:\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R? FANTOM;LEGO MINDSTORMS NXT Driver
R? gupdate1c9b9f9fa17bde8;Google Update Service (gupdate1c9b9f9fa17bde8)
R? gupdatem;Google Update Service (gupdatem)
R? MBAMSwissArmy;MBAMSwissArmy
R? MSSQLServerADHelper100;SQL Active Directory Helper Service
R? Revoflt;Revoflt
R? RsFx0102;RsFx0102 Driver
R? SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS)
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? ComputerTimeServer;ComputerTime Server
S? LBeepKE;Logitech Beep Suppression Driver
S? STProxy;STProxy
S? WsAudio_DeviceS(1);WsAudio_DeviceS(1)
S? WsAudio_DeviceS(2);WsAudio_DeviceS(2)
S? WsAudio_DeviceS(3);WsAudio_DeviceS(3)
S? WsAudio_DeviceS(4);WsAudio_DeviceS(4)
S? WsAudio_DeviceS(5);WsAudio_DeviceS(5)
.
=============== Created Last 30 ================
.
2011-10-26 04:42:08 527208 ------w- c:\windows\system32\HPDiscoPM5412.dll
2011-10-21 03:57:19 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-21 03:56:54 41184 ----a-w- c:\windows\avastSS.scr
2011-10-21 03:56:39 -------- d-----w- c:\program files\AVAST Software
2011-10-21 03:56:39 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-10-14 01:48:22 -------- d-----w- c:\documents and settings\julie goodwin\application data\QuickScan
2011-10-12 13:49:32 -------- d-----w- c:\documents and settings\julie goodwin\local settings\application data\VS Revo Group
2011-10-12 13:49:09 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-10-12 13:49:06 -------- d-----w- c:\program files\VS Revo Group
2011-10-07 03:41:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-07 03:41:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-06 11:30:00 -------- dc----w- C:\_OTM
2011-10-04 04:26:19 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2011-10-21 03:28:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 13:38:49 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-17 21:32:17 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32:16 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32:15 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec
2006-08-25 23:43:48 11817800 -c----w- c:\program files\GoogleEarth.exe
2002-07-26 22:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 17:23:37.40 ===============

Jack&Jill

2011-10-30, 03:29

Hello gilmore :),

AVSDK5 has been taken care of. I guess that's it. Lets do some housekeeping before I give you some security recommendations in the next step.

You should always keep your Java updated to the latest version too.

To set for automatic updates of Java, Go to Start > Control Panel.
Double click on the Java icon to open the Java Control Panel.
Click on the Update tab.
Make sure the option Check for Updates Automatically is ticked.
You can also update Java manually via the Update Now button, then continue accordingly.
Click on OK when you are done.

--------------------

Please backup the registry with ERUNT.

Rerun OTM

Double click OTM.exe to run it.
Copy and paste the following text into the white box under Paste Instructions for Items to be Moved:

:files
c:\program files\vuze_remote
c:\windows\system32\drivers\CDAVFS.sys
C:\Program Files\Common Files\Authentium
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}"=-
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MMTray"=-

:commands
[CREATERESTOREPOINT]
[emptytemp]

Click the red MoveIt! button. Everything on the desktop may disappear, this is normal. Please wait until the tool completes its routine.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
The results can also be found in C:\_OTM\MovedFiles folder, the log file being named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed.

--------------------

Please post back:
1. OTM log

gilmore

2011-10-30, 17:04

Hi-
I did the java update. The Erunt. But, when I ran the OTM, I had problems. First, without copying and pasting the instructions, it seemed to run itself before ever giving the "move it" page. Then I got the "move it" page to work. I copied and pasted the instructions. It seemed to run fine, but then I got an error message. The log was not created.

Jack&Jill

2011-10-31, 00:58

Hello gilmore :),

Could you explain in more details about the error message? The OTM step is just to clear off some leftovers, so we could either continue troubleshooting or just move on to the security recommendations and close the topic. If you no longer have any problems, I suggest the latter. What do you say?

gilmore

2011-10-31, 16:36

There were two error messages. They were small boxes - don't remember exactly what they said. The first had to do with an error in removing something. The second said that the log could not be created.
If you recommend to clean up the left overs, then lets keep troubleshooting. I had run the OTM in the past, so I think I did everything correctly, it's strange that I got those two messages.
Or, if this is normal and you don't think the error messages are a big deal - then lets continue with the security recomendations.

Jack&Jill

2011-11-01, 00:55

Hello gilmore :),

We go for the security recommendations.

Please delete these manually:
c:\program files\vuze_remote
c:\windows\system32\drivers\CDAVFS.sys
C:\Program Files\Common Files\Authentium
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote

--------------------

Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.

Run OTM by double clicking on OTM.exe. Click on CleanUp, proceed to reboot if prompted.
Delete the aswMBR, MiniToolBox, Rootkit Unhooker, GMER, TDSSKiller and SystemLook files on your desktop.
Delete any logs on the desktop.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows XP (http://www.bleepingcomputer.com/tutorials/tutorial35.html) to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Purge System Restore, for this one time only. A recovery feature will only be useful if it is clean from malwares. See Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html) for some detail explanations.

3. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.

4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool (http://www.malwarebytes.org/mbam.php), totally free but for real-time protection you will have to pay a small one-time fee.

5. Install WinPatrol, a great protection program (http://www.winpatrol.com/) that helps you monitor for unwanted files or applications.

6. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm) for this purpose.

7. Install Web of Trust (WOT). WOT (http://www.mywot.com/) keeps you from dangerous websites with warnings and blockings.

8. Protect your computer from removable or USB drive infections with MCShield (http://amf.mycity.rs/programs/mc/mcshield/), an effective method to prevent malware from spreading.

9. Keep all your softwares updated. Visit Secunia Software Inspector (http://secunia.com/software_inspector/) to find out if any updates required.

10. Also look up:
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766)
PC Safety and Security - What Do I Need? By Glaswegian (http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html)
How to prevent malware: By miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
So how did I get infected in the first place? By Tony Klein (http://forums.spybot.info/showthread.php?t=279)
Microsoft Online Safety (http://www.microsoft.com/protect/default.aspx)

Stay safe.

Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)

Jack&Jill

2011-11-04, 10:57

As your problems appear to have been resolved, this topic is now closed.

We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)