PDA

View Full Version : Win32:Evo-gen virus?



Trancidonia
2014-03-01, 07:17
Hi, I'm Trancidonia.
I was here a few years ago which I am very thankful for the fix of my old gear, but apparently I had lost both my password or username, i had made a new one.


I have 3 PCs in my home at the moment but I'm going to focus 1 PCs at a time since i understand the valuable time of volunteers.

I suspect my current pc, call it PC1(Cindy) are infected by virus since everyday my Avast! have being telling me things are being placed into the quarantine zone/virus chest.:confused:
even after I deleted them from the virus chest, they keep showing up with a behavior of random jumbled up names as .gif file or any other image files such as png, jpg, and bmp located in the temporary files(i tried to delete the temporary folder itself too) it still popup soon after.

it also content another virus which only consist of a letter x which is in the system32 folder. It also pop back up soon after I deleted it from my Avast! virus chest.


I have the log uploaded in the attachment.
thank you. much appreciated

p.s. The last time when i was here, there was a requirement for a HijackThis log, but I do not see a requirement in the "BEFORE you POST" thread.
should I get a HijackThis log?:confused:

Edit: No, thank you. :)


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_06
Run by User at 10:33:35 on 2014-03-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.894 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = www.bing.com
uWindow Title = Windows Internet Explorer provided by Yahoo!7
uSearch Bar = www.bing.com
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
uDefault_Page_URL = hxxp://au.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Gamesbar: {7ffa5f54-1c4f-46de-8576-c271a0dd482f} - c:\program files\iplay_en\encyclopediabritannicagamesbarX.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Gamesbar: {7ffa5f54-1c4f-46de-8576-c271a0dd482f} - c:\program files\iplay_en\encyclopediabritannicagamesbarX.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "d:\working\work\daemon tools lite\DTLite.exe" -autorun
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {309E27CA-1FDC-4AD2-A3AA-0FF47085E5A6} - hxxp://192.168.1.144/IEPlugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260025901187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260026980718
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://192.168.1.144/vcredist_x86.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B6DDFB53-6BC9-4B06-8CDE-B73327CE27D9} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\iepg7k6a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\iepg7k6a.default\extensions\{7ffa5f54-1c4f-46de-8576-c271a0dd482f}\components\dtTransparency.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-7 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-7 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-1-7 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-1-7 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2014-1-7 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-1-7 50344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-1-9 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-1-9 1042272]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 WTabletServicePro;Wacom Professional Service;c:\program files\tablet\wacom\WTabletServicePro.exe [2014-1-22 531224]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-1-9 171416]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-5 1684736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-18 78136]
S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2014-1-22 12088]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-16 235696]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2014-1-22 76600]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2014-1-22 13112]
.
=============== Created Last 30 ================
.
2014-02-14 05:22:56 -------- d-----w- c:\documents and settings\user\application data\.StarMade
2014-02-13 06:07:17 -------- d-----w- c:\program files\McAfee Security Scan
.
==================== Find3M ====================
.
2014-02-21 04:35:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 04:35:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:59:09 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-01-24 00:44:17 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-24 00:44:16 43152 ----a-w- c:\windows\avastSS.scr
2014-01-22 07:50:04 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-01-07 06:31:01 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-07 06:31:01 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-16 05:31:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-12-16 05:31:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-12-04 16:35:55 1604376 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2013-12-04 16:35:55 1596696 ----a-w- c:\windows\system32\Wacom_Touch_Tablet.dll
2013-12-04 16:35:55 1483032 ----a-w- c:\windows\system32\Wintab32.dll
2013-12-04 16:35:54 1479960 ----a-w- c:\windows\system32\WacomMT.dll
.
============= FINISH: 10:34:04.19 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-01 10:34:27
-----------------------------
10:34:27.603 OS Version: Windows 5.1.2600 Service Pack 3
10:34:27.603 Number of processors: 2 586 0x170A
10:34:27.603 ComputerName: CINDY UserName: User
10:34:27.837 Initialize success
10:34:30.712 AVAST engine defs: 14022803
10:34:35.603 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
10:34:35.603 Disk 0 Vendor: WDC_WD1600AAJS-08L7A0 03.03E03 Size: 152627MB BusType: 3
10:34:35.712 Disk 0 MBR read successfully
10:34:35.712 Disk 0 MBR scan
10:34:35.712 Disk 0 Windows XP default MBR code
10:34:35.728 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
10:34:35.728 Disk 0 Partition - 00 0F Extended LBA 76308 MB offset 156280320
10:34:35.744 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76308 MB offset 156280383
10:34:35.744 Disk 0 scanning sectors +312560640
10:34:35.806 Disk 0 scanning C:\WINDOWS\system32\drivers
10:34:43.478 Service scanning
10:34:55.072 Modules scanning
10:35:01.962 Module: C:\WINDOWS\System32\Drivers\atapi.sys **SUSPICIOUS**
10:35:03.166 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
10:35:03.744 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
10:35:03.744 Disk 0 trace - called modules:
10:35:03.759 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
10:35:03.759 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a550ab8]
10:35:03.759 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a5cc270]
10:35:03.759 5 ACPI.sys[f74dc620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8a4dc940]
10:35:04.025 AVAST engine scan C:\
12:14:45.666 Scan finished successfully
12:20:34.259 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
12:20:34.259 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

Juliet
2014-03-01, 15:18
Hi and welcome

This XP machine is very vulnerable to exploits since it has no service pack installed.
Have you not allowed Windows update to update your computer?

If we try to remove malicious items from the computer, without the proper security in place....I'm afraid we wont be able to keep it clean.

Also, as of April 14th, Microsoft will no longer support Windows XP.


http://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php). Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Trancidonia
2014-03-03, 04:53
Hi and welcome

This XP machine is very vulnerable to exploits since it has no service pack installed.
Have you not allowed Windows update to update your computer?

If we try to remove malicious items from the computer, without the proper security in place....I'm afraid we wont be able to keep it clean.

Also, as of April 14th, Microsoft will no longer support Windows XP.


http://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php). Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Thank you for such a fast reply!
I will update it to window 7 soon hopefully by the end of march.
but for now, I have did what you have instructed.

The report log after the scan and fix from MBAM will be attach below.

Juliet
2014-03-03, 13:18
Read over this article, http://forums.pcpitstop.com/index.php?/topic/202746-windows-xp-users-who-want-to-save-their-machines/

I gave you a wrong date for when Microsoft ends support....the correct date is April 8, 2014


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)



~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)

(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Trancidonia
2014-03-04, 03:36
Thank you for such a speedy reply
I have ran both Rkill and FRST,
my pc seems clean, thank you for the link regarding Window XP

I'll be attaching both log from FRST below,
Should I re-scan and provide the log from DDS and aswMBR?

Juliet
2014-03-04, 14:58
Please if you can copy and paste the logs into the topic it makes it easier to read.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
HKU\S-1-5-21-1844237615-776561741-725345543-1003\...\MountPoints2: {ecb18650-5587-11e3-bd27-4061860ac8cb} - F:\SysAnti.exe
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKLM - Gamesbar - {7ffa5f54-1c4f-46de-8576-c271a0dd482f} - C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll ()
FF Extension: Gamesbar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Extensions\{7ffa5f54-1c4f-46de-8576-c271a0dd482f} [2012-11-22]
CHR HKLM\...\Chrome\Extension: [aohddidmgooofkgohkbkaohadkolgejj] - C:\Documents and Settings\User\Local Settings\Application Data\Youdao\Dict\Application\stable\YDChromeTextExtractor.crx [2012-02-28]
2014-03-03 10:08 - 2012-12-24 13:05 - 00000000 ____D () C:\Documents and Settings\User\Application Data\SogouExplorer
C:\Documents and Settings\User\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\User\Local Settings\Temp\SkypeSetup.exe
EasyBits GO (HKCU\...\Game Organizer) (Version: - EasyBits Media)
Gamesbar (HKLM\...\iplay_en) (Version: 3.2.0.37 - Visicom Media inc.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:81405BF2
Reboot:
end


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~`

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.



Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.

Please post:
Fixlog.txt
C:\AdwCleaner[S1].txt
JRT.txt

Trancidonia
2014-03-05, 04:24
Ok

here are the logs, but during the 2nd phrase adwcleaner hangs, i restarted my pc a few times only to found out that I have to turn off all my anti virus to avoid the "cleaning process" hangs. so the log would be AdwCleaner[s4] instead.


anyway here are the logs
Fixlog


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2014 01
Ran by User at 2014-03-05 09:02:01 Run:1
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-1844237615-776561741-725345543-1003\...\MountPoints2: {ecb18650-5587-11e3-bd27-4061860ac8cb} - F:\SysAnti.exe
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKLM - Gamesbar - {7ffa5f54-1c4f-46de-8576-c271a0dd482f} - C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll ()
FF Extension: Gamesbar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Extensions\{7ffa5f54-1c4f-46de-8576-c271a0dd482f} [2012-11-22]
CHR HKLM\...\Chrome\Extension: [aohddidmgooofkgohkbkaohadkolgejj] - C:\Documents and Settings\User\Local Settings\Application Data\Youdao\Dict\Application\stable\YDChromeTextExtractor.crx [2012-02-28]
2014-03-03 10:08 - 2012-12-24 13:05 - 00000000 ____D () C:\Documents and Settings\User\Application Data\SogouExplorer
C:\Documents and Settings\User\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\User\Local Settings\Temp\SkypeSetup.exe
EasyBits GO (HKCU\...\Game Organizer) (Version: - EasyBits Media)
Gamesbar (HKLM\...\iplay_en) (Version: 3.2.0.37 - Visicom Media inc.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:81405BF2
Reboot:
end
*****************

HKU\S-1-5-21-1844237615-776561741-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecb18650-5587-11e3-bd27-4061860ac8cb} => Key deleted successfully.
HKCR\CLSID\{ecb18650-5587-11e3-bd27-4061860ac8cb} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7ffa5f54-1c4f-46de-8576-c271a0dd482f} => Value deleted successfully.
HKCR\CLSID\{7ffa5f54-1c4f-46de-8576-c271a0dd482f} => Key deleted successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Extensions\{7ffa5f54-1c4f-46de-8576-c271a0dd482f} => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\aohddidmgooofkgohkbkaohadkolgejj => Key deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Youdao\Dict\Application\stable\YDChromeTextExtractor.crx => Moved successfully.
C:\Documents and Settings\User\Application Data\SogouExplorer => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\ose00000.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\SkypeSetup.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":81405BF2" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog ====


The AdwCleaner[S4] log

# AdwCleaner v3.020 - Report created 05/03/2014 at 10:09:17
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - CINDY
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\GamesBar
File Deleted : C:\END

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\???????\?????.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5059 octets] - [05/03/2014 09:33:28]
AdwCleaner[R1].txt - [5178 octets] - [05/03/2014 09:41:57]
AdwCleaner[R2].txt - [5284 octets] - [05/03/2014 09:54:42]
AdwCleaner[R3].txt - [5416 octets] - [05/03/2014 09:59:06]
AdwCleaner[R4].txt - [5476 octets] - [05/03/2014 10:02:12]
AdwCleaner[R5].txt - [5595 octets] - [05/03/2014 10:08:42]
AdwCleaner[S0].txt - [345 octets] - [05/03/2014 09:35:16]
AdwCleaner[S1].txt - [345 octets] - [05/03/2014 09:43:24]
AdwCleaner[S2].txt - [332 octets] - [05/03/2014 09:55:21]
AdwCleaner[S3].txt - [345 octets] - [05/03/2014 10:03:14]
AdwCleaner[S4].txt - [5517 octets] - [05/03/2014 10:09:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [5577 octets] ##########



and finally the Jrt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by User on 05/03/2014 at 10:13:46.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/03/2014 at 10:16:40.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



thank you very much

Juliet
2014-03-05, 13:59
thank you very much

Your welcome.

Found quite a bit, let's proceed.
How's the computer now?


Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

Trancidonia
2014-03-06, 04:45
the PC are now just normal
but less bugs are showing up now,
the "x" are still around tho but less frequent

I tried to run TFC but it hangs at "stopping running process"
and I have to restart manual a few times.
I have no idea what's causing the hang neither does stopping all anti-virus programmes help.

Please advice. :C

Juliet
2014-03-06, 12:24
Try to continue with the online scanner.

Trancidonia
2014-03-07, 05:25
here's are the log from the online scanner

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\31AHJ45N\czkbby[1].png Win32/Conficker.X worm
C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbarX.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Cache\A\7A\AF0E8d01 a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\FRST\Quarantine\{7ffa5f54-1c4f-46de-8576-c271a0dd482f}05-03-2014_09-02-01\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\FRST\Quarantine\{7ffa5f54-1c4f-46de-8576-c271a0dd482f}05-03-2014_09-02-01\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\FRST\Quarantine\{7ffa5f54-1c4f-46de-8576-c271a0dd482f}05-03-2014_09-02-01\encyclopediabritannicagamesbarX.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\FRST\Quarantine\{7ffa5f54-1c4f-46de-8576-c271a0dd482f}05-03-2014_09-02-01\temp.zip a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Program Files\iplay_en\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Program Files\iplay_en\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Program Files\iplay_en\uninstall.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application

Juliet
2014-03-07, 13:27
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\31AHJ45N\czkbby[1].png
C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbar.dll
C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbarX.dll
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Cache\A\7A\AF0E8d01C:\Program Files\iplay_en\dtuser.exe
C:\Program Files\iplay_en\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom.
C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll
C:\Program Files\iplay_en\uninstall.exe
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

please post the log.

Did this help?

Trancidonia
2014-03-08, 06:52
thank you for such a speedy respond
here are the log (fixlog.txt)


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2014 01
Ran by User at 2014-03-08 12:38:59 Run:2
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\31AHJ45N\czkbby[1].png
C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbar.dll
C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbarX.dll
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Cache\A\7A\AF0E8d01C:\Program Files\iplay_en\dtuser.exe
C:\Program Files\iplay_en\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom.
C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll
C:\Program Files\iplay_en\uninstall.exe
Reboot:
end
*****************

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\31AHJ45N\czkbby[1].png => Moved successfully.
C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbar.dll => Moved successfully.
C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbarX.dll => Moved successfully.
"C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Cache\A\7A\AF0E8d01C:\Program Files\iplay_en\dtuser.exe" => File/Directory not found.
"C:\Program Files\iplay_en\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom." => File/Directory not found.
C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll => Moved successfully.
C:\Program Files\iplay_en\uninstall.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====


I'm not sure if it helps, but my Avast still say a rootkit is found
goes by the name "SVC:jcjymt > C:\WINDOWS\...\lvuwppj.dll" Wing32:Evo-gen[Susp] and ask me what action I should take.

Juliet
2014-03-08, 14:14
the file path wasn't complete. We'll have to do some digging around.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Place ComboFix.exe on your Desktop <--Important

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

Trancidonia
2014-03-10, 03:47
sorry for the late reply
here's the log from combofix



ComboFix 14-03-05.01 - User 10/03/2014 9:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1051 [GMT 8:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-02-10 to 2014-03-10 )))))))))))))))))))))))))))))))
.
.
2014-03-07 02:22 . 2014-03-07 02:22 -------- d-----w- c:\program files\ESET
2014-03-05 02:13 . 2014-03-05 02:13 -------- d-----w- c:\windows\ERUNT
2014-03-05 01:33 . 2014-03-05 02:09 -------- d-----w- C:\AdwCleaner
2014-03-04 01:29 . 2014-03-08 04:38 -------- d-----w- C:\FRST
2014-03-03 05:59 . 2014-03-03 05:59 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2014-03-03 02:28 . 2014-03-03 02:28 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Skype
2014-03-03 02:28 . 2014-03-03 02:28 -------- d-----w- c:\program files\Common Files\Skype
2014-03-03 01:58 . 2014-03-03 01:58 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2014-03-03 01:57 . 2014-03-03 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-03-03 01:57 . 2014-03-03 01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-03 01:57 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-01 02:32 . 2014-03-01 02:32 -------- d-----w- c:\program files\ERUNT
2014-02-14 05:22 . 2014-02-14 05:37 -------- d-----w- c:\documents and settings\User\Application Data\.StarMade
2014-02-13 06:07 . 2014-02-13 06:07 -------- d-----w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 04:35 . 2013-12-16 05:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 04:35 . 2011-12-30 02:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 23:59 . 2014-01-07 06:31 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-01-24 00:44 . 2014-01-07 06:31 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-24 00:44 . 2014-01-07 06:31 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-24 00:44 . 2014-01-07 06:31 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-24 00:44 . 2014-01-07 06:31 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-01-24 00:44 . 2014-01-07 06:31 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-24 00:44 . 2014-01-07 06:31 43152 ----a-w- c:\windows\avastSS.scr
2014-01-22 07:50 . 2014-01-22 07:31 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-01-07 06:31 . 2014-01-07 06:31 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-07 06:31 . 2014-01-07 06:31 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-16 05:31 . 2009-12-05 14:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-12-16 05:31 . 2009-12-05 14:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2006-02-28 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2006-02-28 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2006-02-28 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2006-02-28 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2006-02-28 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2006-02-28 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
[-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
.
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
[-] 2006-02-28 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2006-02-28 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-02-28 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2006-02-28 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2006-02-28 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
[-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll
[-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2006-02-28 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie8\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
[-] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2006-02-28 . FD99AD515CBCA109A3D0832F3482DDA1 . 3049472 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll
[-] 2006-02-20 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2006-02-28 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2006-02-28 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
[-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2006-02-28 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2006-02-28 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2006-02-28 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2006-02-28 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2006-02-28 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2006-02-28 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2006-02-28 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie8\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[-] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
[-] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2006-02-28 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2006-02-28 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2006-02-28 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2006-02-28 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll
[-] 2006-02-28 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2006-02-28 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2006-02-28 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2006-02-28 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\system32\ntdll.dll
[-] 2006-02-28 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
.
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
[-] 2006-02-28 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2006-02-28 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2006-02-28 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2006-02-28 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2006-02-28 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2006-02-28 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2006-02-28 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2006-02-28 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 14:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2006-02-28 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll
[-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
[-] 2006-02-28 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2006-02-28 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2006-02-28 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2006-02-28 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2006-02-28 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2006-02-28 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2006-02-28 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2006-02-28 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[-] 2006-02-28 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2006-02-28 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-02-28 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2006-02-28 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-02-28 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2006-02-28 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2013-04-01 1500440]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-24 00:44 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\working\Work\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-24 144784]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-24 3767096]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-12-16 295512]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0220404]
IME file REG_SZ CSBIG5P.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0230804]
Ime File REG_SZ SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210804]
IME file REG_SZ CSGBP.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 09:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-03-02 03:14 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 08:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-06-03 12:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-19 03:08 159744 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-19 03:08 135168 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImeGuardCom]
2013-01-18 05:18 268920 ----a-w- c:\program files\SogouInput\Components\AddressSearch\1.0.0.1152\SGImeGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-02-28 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 12:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2008-10-01 10:43 548864 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 14:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2009-04-15 15:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-19 03:07 131072 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 17:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2009-04-15 15:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-07-20 03:12 18670592 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-12-14 19:23 75520 ----a-w- c:\program files\Java\jre1.5.0_11\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-12-16 05:31 295512 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\PinyinUp.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\SGDownload.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\ImeUtil.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\SGTool.exe"=
"c:\\Program Files\\SogouInput\\Components\\SogouComMgr.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Working\\Work\\Adobe\\Adobe Illustrator CS6\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"d:\\Working\\Work\\Adobe\\Adobe Photoshop CS6\\Photoshop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9440:TCP"= 9440:TCP:urzhc
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [07/01/2014 2:31 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [07/01/2014 2:31 PM 180248]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/01/2014 2:31 PM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/01/2014 2:31 PM 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [07/01/2014 2:31 PM 67824]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 3:19 PM 39056]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [09/01/2014 11:02 AM 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [09/01/2014 11:02 AM 1042272]
R2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe [22/01/2014 4:26 PM 531224]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [03/03/2014 9:57 AM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [03/03/2014 9:57 AM 701512]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [09/01/2014 11:02 AM 171416]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10:58 AM 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23/10/2013 8:15 AM 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/12/2009 10:31 PM 1684736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18/10/2011 2:43 AM 78136]
S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [22/01/2014 4:26 PM 12088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/03/2014 9:57 AM 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [16/01/2014 8:39 AM 235696]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [22/01/2014 4:26 PM 76600]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [22/01/2014 4:27 PM 13112]
S4 jcjymt;Shell Boot;c:\windows\system32\svchost.exe -k netsvcs [28/02/2006 8:00 PM 14336]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yttdynkza
jcjymt
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-05 01:21 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-07 20:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16 04:35]
.
2014-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
2014-03-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-07 00:44]
.
2014-03-10 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-01-09 02:57]
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 02:48]
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 02:48]
.
2014-03-09 c:\windows\Tasks\Norton Security Scan for User.job
- c:\progra~1\NORTON~2\Engine\403~1.27\Nss.exe [2013-12-16 07:10]
.
2014-03-10 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-776561741-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 09:13]
.
2014-03-10 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-776561741-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 09:13]
.
2014-01-09 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-01-09 02:49]
.
2014-01-09 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-01-09 02:51]
.
2014-03-10 c:\windows\Tasks\SogouImeMgr.job
- c:\progra~1\SOGOUI~1\SogouExe\SogouExe.exe [2013-03-11 07:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {309E27CA-1FDC-4AD2-A3AA-0FF47085E5A6} - hxxp://192.168.1.144/IEPlugin.cab
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://192.168.1.144/vcredist_x86.exe
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7ffa5f54-1c4f-46de-8576-c271a0dd482f} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-SearchEngineProtection - c:\program files\GamesBar\update\SearchEngineProtection.exe
AddRemove-iplay_en - c:\program files\iplay_en\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-10 09:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jcjymt]
"ServiceDll"="c:\windows\system32\lvuwppj.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-10 09:33:39
ComboFix-quarantined-files.txt 2014-03-10 01:33
.
Pre-Run: 59,437,510,656 bytes free
Post-Run: 59,591,168,000 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - D75379644FA3CCF4778264AEAA7107B3
8F558EB6672622401DA993E1E865C861

Juliet
2014-03-10, 14:31
Not much showing here but can remove a little.
Got to get service pack on this machine or it will in time become unusable.


Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:

C:\WINDOWS\System32\c:\windows\system32\lvuwppj.dll


Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~`

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.


Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

~~~~~~~~~~~~~~~~~~~~~

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.


Driver::
yttdynkza
jcjymt
NetSvc::
yttdynkza
jcjymt
ClearJavaCache::


Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.
http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/cf.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If there are internet issues afterward:

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.


Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

Trancidonia
2014-03-11, 04:00
hmm the online scanner doesnt seems to be able to read the file.

Virus Total seems to be stuck as "computing hash" phrase
jotti.org progress bar doesn't even show anything
VirScan however gave me "ERROR: Failed to find flength file!"


I then proceed with the Defogger
here are the Defogger log

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:38 on 11/03/2014 (User)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


Here are the Combofix with the scrips


ComboFix 14-03-05.01 - User 11/03/2014 9:46.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1365 [GMT 8:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2014-02-11 to 2014-03-11 )))))))))))))))))))))))))))))))
.
.
2014-03-11 00:24 . 2012-06-02 07:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2014-03-07 02:22 . 2014-03-07 02:22 -------- d-----w- c:\program files\ESET
2014-03-05 02:13 . 2014-03-05 02:13 -------- d-----w- c:\windows\ERUNT
2014-03-05 01:33 . 2014-03-05 02:09 -------- d-----w- C:\AdwCleaner
2014-03-04 01:29 . 2014-03-08 04:38 -------- d-----w- C:\FRST
2014-03-03 05:59 . 2014-03-03 05:59 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2014-03-03 02:28 . 2014-03-03 02:28 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Skype
2014-03-03 02:28 . 2014-03-03 02:28 -------- d-----w- c:\program files\Common Files\Skype
2014-03-03 01:58 . 2014-03-03 01:58 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2014-03-03 01:57 . 2014-03-03 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-03-03 01:57 . 2014-03-03 01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-03 01:57 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-01 02:32 . 2014-03-01 02:32 -------- d-----w- c:\program files\ERUNT
2014-02-14 05:22 . 2014-02-14 05:37 -------- d-----w- c:\documents and settings\User\Application Data\.StarMade
2014-02-13 06:07 . 2014-02-13 06:07 -------- d-----w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 04:35 . 2013-12-16 05:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 04:35 . 2011-12-30 02:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 23:59 . 2014-01-07 06:31 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-01-24 00:44 . 2014-01-07 06:31 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-24 00:44 . 2014-01-07 06:31 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-24 00:44 . 2014-01-07 06:31 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-24 00:44 . 2014-01-07 06:31 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-01-24 00:44 . 2014-01-07 06:31 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-24 00:44 . 2014-01-07 06:31 43152 ----a-w- c:\windows\avastSS.scr
2014-01-22 07:50 . 2014-01-22 07:31 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-01-07 06:31 . 2014-01-07 06:31 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-07 06:31 . 2014-01-07 06:31 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-16 05:31 . 2009-12-05 14:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-12-16 05:31 . 2009-12-05 14:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2006-02-28 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2006-02-28 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2006-02-28 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2006-02-28 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2006-02-28 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2006-02-28 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
[-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
.
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
[-] 2006-02-28 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2006-02-28 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-02-28 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2006-02-28 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2006-02-28 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
[-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll
[-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2006-02-28 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie8\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
[-] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2006-02-28 . FD99AD515CBCA109A3D0832F3482DDA1 . 3049472 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll
[-] 2006-02-20 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2006-02-28 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2006-02-28 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
[-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2006-02-28 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2006-02-28 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2006-02-28 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2006-02-28 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2006-02-28 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2006-02-28 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2006-02-28 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie8\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[-] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
[-] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2006-02-28 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2006-02-28 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2006-02-28 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2006-02-28 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll
[-] 2006-02-28 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2006-02-28 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2006-02-28 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2006-02-28 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\system32\ntdll.dll
[-] 2006-02-28 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
.
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
[-] 2006-02-28 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2006-02-28 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2006-02-28 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2006-02-28 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2006-02-28 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2006-02-28 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2006-02-28 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2006-02-28 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 14:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2006-02-28 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll
[-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
[-] 2006-02-28 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2006-02-28 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2006-02-28 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2006-02-28 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2006-02-28 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2006-02-28 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2006-02-28 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2006-02-28 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[-] 2006-02-28 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2006-02-28 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-02-28 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2006-02-28 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-02-28 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2006-02-28 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2013-04-01 1500440]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-24 00:44 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-24 144784]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-24 3767096]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-12-16 295512]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0220404]
IME file REG_SZ CSBIG5P.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0230804]
Ime File REG_SZ SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210804]
IME file REG_SZ CSGBP.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 09:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-03-02 03:14 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 08:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-06-03 12:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-19 03:08 159744 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-19 03:08 135168 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImeGuardCom]
2013-01-18 05:18 268920 ----a-w- c:\program files\SogouInput\Components\AddressSearch\1.0.0.1152\SGImeGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-02-28 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 12:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2008-10-01 10:43 548864 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 14:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2009-04-15 15:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-19 03:07 131072 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 17:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2009-04-15 15:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-07-20 03:12 18670592 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-12-14 19:23 75520 ----a-w- c:\program files\Java\jre1.5.0_11\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-12-16 05:31 295512 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\PinyinUp.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\SGDownload.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\ImeUtil.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\SGTool.exe"=
"c:\\Program Files\\SogouInput\\Components\\SogouComMgr.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Working\\Work\\Adobe\\Adobe Illustrator CS6\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"d:\\Working\\Work\\Adobe\\Adobe Photoshop CS6\\Photoshop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9440:TCP"= 9440:TCP:urzhc
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [07/01/2014 2:31 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [07/01/2014 2:31 PM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/01/2014 2:31 PM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/01/2014 2:31 PM 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [07/01/2014 2:31 PM 67824]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 3:19 PM 39056]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [09/01/2014 11:02 AM 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [09/01/2014 11:02 AM 1042272]
R2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe [22/01/2014 4:26 PM 531224]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [03/03/2014 9:57 AM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [03/03/2014 9:57 AM 701512]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [09/01/2014 11:02 AM 171416]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10:58 AM 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23/10/2013 8:15 AM 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/12/2009 10:31 PM 1684736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18/10/2011 2:43 AM 78136]
S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [22/01/2014 4:26 PM 12088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/03/2014 9:57 AM 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [16/01/2014 8:39 AM 235696]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [22/01/2014 4:26 PM 76600]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [22/01/2014 4:27 PM 13112]
S4 jcjymt;Shell Boot;c:\windows\system32\svchost.exe -k netsvcs [28/02/2006 8:00 PM 14336]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-05 01:21 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-07 20:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16 04:35]
.
2014-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
2014-03-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-07 00:44]
.
2014-03-11 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-01-09 02:57]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 02:48]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 02:48]
.
2014-03-10 c:\windows\Tasks\Norton Security Scan for User.job
- c:\progra~1\NORTON~2\Engine\403~1.27\Nss.exe [2013-12-16 07:10]
.
2014-03-11 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-776561741-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 09:13]
.
2014-03-11 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-776561741-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 09:13]
.
2014-01-09 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-01-09 02:49]
.
2014-01-09 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-01-09 02:51]
.
2014-03-11 c:\windows\Tasks\SogouImeMgr.job
- c:\progra~1\SOGOUI~1\SogouExe\SogouExe.exe [2013-03-11 07:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {309E27CA-1FDC-4AD2-A3AA-0FF47085E5A6} - hxxp://192.168.1.144/IEPlugin.cab
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://192.168.1.144/vcredist_x86.exe
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-11 09:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jcjymt]
"ServiceDll"="c:\windows\system32\lvuwppj.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(376)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2014-03-11 09:49:18
ComboFix-quarantined-files.txt 2014-03-11 01:49
ComboFix2.txt 2014-03-10 01:33
.
Pre-Run: 59,477,909,504 bytes free
Post-Run: 59,478,372,352 bytes free
.
- - End Of File - - 81E8EC06B386ECEAA83D4C3C2806A4DB
8F558EB6672622401DA993E1E865C861


I do suspect the file "lvuwppj.dll" is the culprit tho,
Avast has being asking me if i were to delete it but when i check the Avast Virus Chest, it only shows an "x" instead of a file name.

Juliet
2014-03-11, 13:26
Thank you for the logs.

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

KillAll::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9440:TCP"=-
Driver::
jcjymt
Rootkit::
c:\windows\system32\lvuwppj.dll
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If there are internet issues afterward:

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.


Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

Please post this log when finished.


Your CryptoServices may not be running or it might be you will need to install a Service pack on this machine.

Please navigate your browser to this page:
http://support.microsoft.com/kb/822798

Scroll about half way down, and press the "Fixit" button. Download and run the Fixit repair.

Trancidonia
2014-03-12, 03:41
thank you for such a speedy reply
here are the log from ComboFix



I had also visit the Fixit place, and also found out my Windows version are Windows XP Service Pack 3 from the look of my System in the Control Panel. I wonder does this help?


ComboFix 14-03-05.01 - User 12/03/2014 8:44.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1342 [GMT 8:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2014-02-12 to 2014-03-12 )))))))))))))))))))))))))))))))
.
.
2014-03-11 00:24 . 2012-06-02 07:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2014-03-07 02:22 . 2014-03-07 02:22 -------- d-----w- c:\program files\ESET
2014-03-05 02:13 . 2014-03-05 02:13 -------- d-----w- c:\windows\ERUNT
2014-03-05 01:33 . 2014-03-05 02:09 -------- d-----w- C:\AdwCleaner
2014-03-04 01:29 . 2014-03-08 04:38 -------- d-----w- C:\FRST
2014-03-03 05:59 . 2014-03-03 05:59 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2014-03-03 02:28 . 2014-03-03 02:28 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Skype
2014-03-03 02:28 . 2014-03-03 02:28 -------- d-----w- c:\program files\Common Files\Skype
2014-03-03 01:58 . 2014-03-03 01:58 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2014-03-03 01:57 . 2014-03-03 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-03-03 01:57 . 2014-03-03 01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-03 01:57 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-01 02:32 . 2014-03-01 02:32 -------- d-----w- c:\program files\ERUNT
2014-02-14 05:22 . 2014-02-14 05:37 -------- d-----w- c:\documents and settings\User\Application Data\.StarMade
2014-02-13 06:07 . 2014-02-13 06:07 -------- d-----w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 04:35 . 2013-12-16 05:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 04:35 . 2011-12-30 02:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 23:59 . 2014-01-07 06:31 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-01-24 00:44 . 2014-01-07 06:31 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-24 00:44 . 2014-01-07 06:31 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-24 00:44 . 2014-01-07 06:31 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-24 00:44 . 2014-01-07 06:31 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-01-24 00:44 . 2014-01-07 06:31 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-24 00:44 . 2014-01-07 06:31 43152 ----a-w- c:\windows\avastSS.scr
2014-01-22 07:50 . 2014-01-22 07:31 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-01-07 06:31 . 2014-01-07 06:31 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-07 06:31 . 2014-01-07 06:31 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-16 05:31 . 2009-12-05 14:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-12-16 05:31 . 2009-12-05 14:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2006-02-28 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\sp3gdr\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\sp3qfe\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2006-02-28 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2006-02-28 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2006-02-28 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2006-02-28 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2006-02-28 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
[-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
.
[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
[-] 2006-02-28 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\sp3qfe\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\sp3gdr\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2006-02-28 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-02-28 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2006-02-28 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2006-02-28 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3gdr\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3qfe\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
[-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\sp3gdr\kernel32.dll
[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\sp3qfe\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll
[-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2006-02-28 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2014-02-05 . 516E371CC348141277A73EB9D3C25951 . 6021120 . . [8.00.6001.23562] . . c:\windows\SoftwareDistribution\Download\907b0b79dc3a251ab2313dc5216daff8\SP3QFE\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie8\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
[-] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2006-02-28 . FD99AD515CBCA109A3D0832F3482DDA1 . 3049472 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll
[-] 2006-02-20 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2006-02-28 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2006-02-28 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
[-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2006-02-28 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2006-02-28 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2006-02-28 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2006-02-28 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2006-02-28 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2006-02-28 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2006-02-28 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2014-02-05 . E09551776D365BCA891BBFFB31EE4B4C . 920064 . . [8.00.6001.23562] . . c:\windows\SoftwareDistribution\Download\907b0b79dc3a251ab2313dc5216daff8\SP3QFE\wininet.dll
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie8\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[-] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
[-] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2006-02-28 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2006-02-28 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2006-02-28 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\SoftwareDistribution\Download\87a056c425c12d77e4b0efe9fe3acd91\sp3qfe\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3gdr\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3qfe\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2006-02-28 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\SoftwareDistribution\Download\efc6606d13b2657017eb0460e00e68ef\sp3qfe\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll
[-] 2006-02-28 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\sp3gdr\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\sp3qfe\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2006-02-28 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2006-02-28 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2006-02-28 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3GDR\ntdll.dll
[-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntdll.dll
[-] 2009-02-09 . C06986B55981B355090DD34DE809E4BB . 714752 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntdll.dll
[-] 2009-02-09 . 2F868BFFBF50524653D7FE0D99AFB064 . 715264 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\system32\ntdll.dll
[-] 2006-02-28 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
.
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\sp3gdr\msctfime.ime
[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\sp3qfe\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
[-] 2006-02-28 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2006-02-28 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2006-02-28 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2006-02-28 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2006-02-28 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2006-02-28 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2006-02-28 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2006-02-28 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 14:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\SP3GDR\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2006-02-28 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll
[-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\SoftwareDistribution\Download\c08b665da8c22012f43cbfaa106605b3\sp3qfe\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3qfe\ntkrnlpa.exe
[-] 2012-04-11 . 0C9E44D256948FA68AE10D67984862CE . 2069120 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3gdr\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3GDR\ntkrnlpa.exe
[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3QFE\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
[-] 2006-02-28 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2006-02-28 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2006-02-28 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2006-02-28 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2006-02-28 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2006-02-28 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2006-02-28 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2006-02-28 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\SoftwareDistribution\Download\c08b665da8c22012f43cbfaa106605b3\sp3qfe\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3qfe\ntoskrnl.exe
[-] 2012-04-11 . 536168936EBF326E36C655EC5AE34B03 . 2192640 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3gdr\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3GDR\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[-] 2006-02-28 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2006-02-28 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-02-28 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2006-02-28 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-02-28 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2006-02-28 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll

Trancidonia
2014-03-12, 03:41
continue...


.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2013-04-01 1500440]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-24 00:44 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-24 144784]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-24 3767096]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-12-16 295512]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0220404]
IME file REG_SZ CSBIG5P.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0230804]
Ime File REG_SZ SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210804]
IME file REG_SZ CSGBP.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 09:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-03-02 03:14 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 08:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-06-03 12:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-19 03:08 159744 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-19 03:08 135168 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImeGuardCom]
2013-01-18 05:18 268920 ----a-w- c:\program files\SogouInput\Components\AddressSearch\1.0.0.1152\SGImeGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-02-28 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 12:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2008-10-01 10:43 548864 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 14:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2009-04-15 15:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-19 03:07 131072 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 17:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2009-04-15 15:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-07-20 03:12 18670592 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-12-14 19:23 75520 ----a-w- c:\program files\Java\jre1.5.0_11\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-12-16 05:31 295512 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\PinyinUp.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\SGDownload.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\ImeUtil.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\SGTool.exe"=
"c:\\Program Files\\SogouInput\\Components\\SogouComMgr.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Working\\Work\\Adobe\\Adobe Illustrator CS6\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"d:\\Working\\Work\\Adobe\\Adobe Photoshop CS6\\Photoshop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [07/01/2014 2:31 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [07/01/2014 2:31 PM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/01/2014 2:31 PM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/01/2014 2:31 PM 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [07/01/2014 2:31 PM 67824]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [03/03/2014 9:57 AM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [03/03/2014 9:57 AM 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 3:19 PM 39056]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [09/01/2014 11:02 AM 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [09/01/2014 11:02 AM 1042272]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10:58 AM 3275136]
R2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe [22/01/2014 4:26 PM 531224]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/03/2014 9:57 AM 22856]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [09/01/2014 11:02 AM 171416]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23/10/2013 8:15 AM 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/12/2009 10:31 PM 1684736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18/10/2011 2:43 AM 78136]
S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [22/01/2014 4:26 PM 12088]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [16/01/2014 8:39 AM 235696]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [22/01/2014 4:26 PM 76600]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [22/01/2014 4:27 PM 13112]
S4 jcjymt;Shell Boot;c:\windows\system32\svchost.exe -k netsvcs [28/02/2006 8:00 PM 14336]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-05 01:21 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-07 20:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16 04:35]
.
2014-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
2014-03-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-07 00:44]
.
2014-03-12 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-01-09 02:57]
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 02:48]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 02:48]
.
2014-03-11 c:\windows\Tasks\Norton Security Scan for User.job
- c:\progra~1\NORTON~2\Engine\403~1.27\Nss.exe [2013-12-16 07:10]
.
2014-03-12 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-776561741-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 09:13]
.
2014-03-12 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-776561741-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 09:13]
.
2014-01-09 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-01-09 02:49]
.
2014-01-09 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-01-09 02:51]
.
2014-03-12 c:\windows\Tasks\SogouImeMgr.job
- c:\progra~1\SOGOUI~1\SogouExe\SogouExe.exe [2013-03-11 07:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {309E27CA-1FDC-4AD2-A3AA-0FF47085E5A6} - hxxp://192.168.1.144/IEPlugin.cab
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://192.168.1.144/vcredist_x86.exe
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-12 08:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\progra~1\SOGOUI~1\650~1.918\SGTool.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Tablet\Wacom\Wacom_TabletUser.exe
c:\program files\Tablet\Wacom\Wacom_Tablet.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Tablet\Wacom\Wacom_TouchUser.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2014-03-12 08:50:19 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-12 00:50
ComboFix2.txt 2014-03-11 01:49
ComboFix3.txt 2014-03-10 01:33
.
Pre-Run: 58,303,565,824 bytes free
Post-Run: 58,313,965,568 bytes free
.
- - End Of File - - 3148FB99755AA247C535EDAEDC9223E6
8F558EB6672622401DA993E1E865C861

Juliet
2014-03-12, 11:31
Sorry to say, doesn't look like that Fix-It button fixed anything.
Your cryptsvc service is corrupted.

Let's attempt to manually start the service in the event it's just stopped and and not partially missing.

Click Start, click Run, type services.msc, and then click OK.
In the list of services, click Cryptsvc <--might not be there, if this happens please let me know
Make sure that the Status column displays Started and that the Startup Type column displays Automatic.

If the service is not set to Started or if the startup type for the Cryptsvc service is not set to Automatic, follow these steps:

Right-click Cryptsvc , and then click Properties.

In the Cryptsvc Properties dialog box, click the General tab, and then click Automatic in the Startup type list.

Click Start, click Apply, and then click OK.

~~~~~~~~~~~~~~~~~~~~

Please navigate your browser to this page:
http://support.microsoft.com/kb/822798

Scroll about half way down, and press the "Fixit" button. Download and run the Fixit repair.

Juliet
2014-03-12, 11:32
Forgot to ask, other then the service not running how is your computer?

Trancidonia
2014-03-13, 02:19
Hi juliet, thank you for asking,
after the post yesterday, I decided to check on my system.
it has Service Pack 3 and so I went on and update anything that is available at the Window Update website.


Cryptsvc seems to be there, with status column displays Started and Startup Type displays Automatic.
Maybe it only show up after I updated the system.

Viruses showsup less frequent now, I am not sure if my PC are now Clean, I am doing a full deep scan with Avast! at the moment to see if anything comes up. I will be running Spybots and aswMBR too for scanning purposes.

Juliet
2014-03-13, 03:31
OK
I'm interested in seeing the logs for Avast and aswMBR.

Trancidonia
2014-03-14, 06:57
here are the recent logs

This is the Log from Spybot

Search results from Spybot - Search & Destroy

13/03/2014 9:08:48 AM
Scan took 00:15:34.
37 items found.

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KW76MRQ6\skype.com\#ui\preferences.sol
Properties.size=217
Properties.md5=D2D3890B2C30ED4A4B228D762A0D7B29
Properties.filedate=1393833618
Properties.filedatetext=2014-03-03 16:00:17

Right Media: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (User): User) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: User (default)) (Browser: Cookie, nothing done)


Common Dialogs: [SBI $4E2AF2AC] History (46 files) (Registry Key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Internet Explorer\TypedURLs

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $656F1808] Search terms history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch

MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

MS Media Player: [SBI $1BDA487B] Last selected track index (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

MS Media Player: [SBI $6D2E50D8] Last selected node (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Office\12.0\Excel\File MRU

MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Office\12.0\Word\File MRU

MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Search Assistant\ACMru

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $F6D91293] Open with list - .AI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AI\OpenWithList

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\WinRAR\ArcHistory

WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1844237615-776561741-725345543-1003\Software\WinRAR\General\LastFolder

Cookie: [SBI $49804B54] Browser: Cookie (47) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (485) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (61) (Browser: History, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (181) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-01-09 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-02-12 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-01-09 Includes\Malware-005.sbi (*)
2014-01-09 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-02-12 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-02-12 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-01-15 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-02-12 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

Trancidonia
2014-03-14, 07:02
this is the log from aswMBR


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-13 09:20:20
-----------------------------
09:20:20.812 OS Version: Windows 5.1.2600 Service Pack 3
09:20:20.812 Number of processors: 2 586 0x170A
09:20:20.812 ComputerName: CINDY UserName: User
09:20:21.140 Initialize success
09:20:25.578 AVAST engine defs: 14031201
09:20:30.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
09:20:30.875 Disk 0 Vendor: WDC_WD1600AAJS-08L7A0 03.03E03 Size: 152627MB BusType: 3
09:20:30.953 Disk 0 MBR read successfully
09:20:30.953 Disk 0 MBR scan
09:20:30.968 Disk 0 Windows XP default MBR code
09:20:30.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
09:20:30.968 Disk 0 Partition - 00 0F Extended LBA 76308 MB offset 156280320
09:20:30.984 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76308 MB offset 156280383
09:20:30.984 Disk 0 scanning sectors +312560640
09:20:31.062 Disk 0 scanning C:\WINDOWS\system32\drivers
09:20:38.359 Service scanning
09:20:49.500 Modules scanning
09:20:53.859 Disk 0 trace - called modules:
09:20:53.875 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:20:53.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a52cab8]
09:20:53.890 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a59f510]
09:20:53.890 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8a530d98]
09:20:54.109 AVAST engine scan C:\
11:03:39.109 Scan finished successfully
11:11:38.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
11:11:38.375 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\1332014aswMBR.txt"




I don't know where to get the Log from Avast! antivirus.

Juliet
2014-03-14, 13:33
Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.




Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG

Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

Click the Start Scan button.


If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Please copy and paste its contents on your next reply.



~~~~~~~~~~~~~~~~~~~~~~~
Please open Farbar Recovery Scan Tool

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.

Trancidonia
2014-03-17, 03:47
alright, here are the logs

from TDSS

08:45:55.0422 0x0f78 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
08:46:04.0000 0x0f78 ============================================================
08:46:04.0000 0x0f78 Current date / time: 2014/03/17 08:46:04.0000
08:46:04.0000 0x0f78 SystemInfo:
08:46:04.0000 0x0f78
08:46:04.0000 0x0f78 OS Version: 5.1.2600 ServicePack: 3.0
08:46:04.0000 0x0f78 Product type: Workstation
08:46:04.0000 0x0f78 ComputerName: CINDY
08:46:04.0000 0x0f78 UserName: User
08:46:04.0000 0x0f78 Windows directory: C:\WINDOWS
08:46:04.0000 0x0f78 System windows directory: C:\WINDOWS
08:46:04.0000 0x0f78 Processor architecture: Intel x86
08:46:04.0000 0x0f78 Number of processors: 2
08:46:04.0000 0x0f78 Page size: 0x1000
08:46:04.0000 0x0f78 Boot type: Normal boot
08:46:04.0000 0x0f78 ============================================================
08:46:05.0812 0x0f78 KLMD registered as C:\WINDOWS\system32\drivers\65949890.sys
08:46:06.0031 0x0f78 System UUID: {FC881304-455B-FC7A-D520-55E44EBDF0DD}
08:46:06.0672 0x0f78 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:46:06.0672 0x0f78 ============================================================
08:46:06.0672 0x0f78 \Device\Harddisk0\DR0:
08:46:06.0672 0x0f78 MBR partitions:
08:46:06.0687 0x0f78 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
08:46:06.0703 0x0f78 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x950A63F, BlocksNum 0x950A5C1
08:46:06.0703 0x0f78 ============================================================
08:46:06.0718 0x0f78 C: <-> \Device\Harddisk0\DR0\Partition1
08:46:06.0734 0x0f78 D: <-> \Device\Harddisk0\DR0\Partition2
08:46:06.0734 0x0f78 ============================================================
08:46:06.0734 0x0f78 Initialize success
08:46:06.0734 0x0f78 ============================================================
08:46:11.0406 0x08f0 ============================================================
08:46:11.0406 0x08f0 Scan started
08:46:11.0406 0x08f0 Mode: Manual;
08:46:11.0406 0x08f0 ============================================================
08:46:11.0406 0x08f0 KSN ping started
08:46:14.0109 0x08f0 KSN ping finished: true
08:46:14.0781 0x08f0 ================ Scan system memory ========================
08:46:14.0781 0x08f0 Scan was interrupted by user!
08:46:14.0875 0x08f0 AV detected via SS1: avast! Antivirus, 5.0.150996957, enabled, updated
08:46:14.0875 0x08f0 Win FW state via NFM: enabled
08:46:17.0406 0x08f0 ============================================================
08:46:17.0406 0x08f0 Scan finished
08:46:17.0406 0x08f0 ============================================================
08:46:17.0406 0x06c0 Detected object count: 0
08:46:17.0406 0x06c0 Actual detected object count: 0
09:03:16.0172 0x028c ============================================================
09:03:16.0172 0x028c Scan started
09:03:16.0172 0x028c Mode: Manual; SigCheck; TDLFS;
09:03:16.0172 0x028c ============================================================
09:03:16.0172 0x028c KSN ping started
09:03:18.0843 0x028c KSN ping finished: true
09:03:19.0297 0x028c ================ Scan system memory ========================
09:03:19.0297 0x028c System memory - ok
09:03:19.0297 0x028c ================ Scan services =============================
09:03:19.0547 0x028c Abiosdsk - ok
09:03:19.0547 0x028c abp480n5 - ok
09:03:19.0593 0x028c [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:03:19.0843 0x028c ACPI - ok
09:03:19.0906 0x028c [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:03:19.0984 0x028c ACPIEC - ok
09:03:20.0031 0x028c [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:03:20.0047 0x028c AdobeFlashPlayerUpdateSvc - ok
09:03:20.0062 0x028c adpu160m - ok
09:03:20.0078 0x028c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:03:20.0156 0x028c aec - ok
09:03:20.0187 0x028c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:03:20.0203 0x028c AFD - ok
09:03:20.0203 0x028c Aha154x - ok
09:03:20.0218 0x028c aic78u2 - ok
09:03:20.0218 0x028c aic78xx - ok
09:03:20.0234 0x028c [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:03:20.0312 0x028c Alerter - ok
09:03:20.0328 0x028c [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
09:03:20.0375 0x028c ALG - ok
09:03:20.0375 0x028c AliIde - ok
09:03:20.0453 0x028c [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
09:03:20.0562 0x028c Ambfilt - ok
09:03:20.0562 0x028c amsint - ok
09:03:20.0640 0x028c [ 4B5AE15E5C73EB4DC8DBEC2788230D41, E3C69EBDFE979387EFB115971F68C9539BD9C6944F3AE4D356AA6AC814F19D76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
09:03:20.0656 0x028c Apple Mobile Device - ok
09:03:20.0703 0x028c [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:03:20.0750 0x028c AppMgmt - ok
09:03:20.0750 0x028c asc - ok
09:03:20.0750 0x028c asc3350p - ok
09:03:20.0765 0x028c asc3550 - ok
09:03:20.0859 0x028c [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:03:20.0906 0x028c aspnet_state - ok
09:03:20.0937 0x028c [ 7021F01CCAC1538CCF9AE004723AF033, 698B199D378426D9A07B01600BA265B8E8EDBEB29BEE223FB22592E59FB5B92E ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
09:03:20.0968 0x028c aswMonFlt - ok
09:03:21.0000 0x028c [ 98C18C78B0C3E7EFBDDA7BD0C35F5903, 92128EA70472EBA8804C2972DAA8557F460C2E082084E29B40CE93A05447592F ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
09:03:21.0015 0x028c aswRdr - ok
09:03:21.0015 0x028c [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
09:03:21.0031 0x028c aswRvrt - ok
09:03:21.0062 0x028c [ 8CD8710457FCC1CDE88CBFA3AA119B92, B750481B2D44E2D01DEF500276A7253731EDD2BCB117B083EE10FAA7A8FFF729 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
09:03:21.0125 0x028c aswSnx - ok
09:03:21.0140 0x028c [ C1F95C9481F46B96E23A276639C55AC9, 75F7BCF74E46E3A8EC9AF0DB5D7FCA280DCAF97BD932767DCBDE66E26BF0E7CE ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
09:03:21.0156 0x028c aswSP - ok
09:03:21.0172 0x028c [ E6390554DCB2A730702188547267093C, 1F97F23A2C1767ABD52041DFA0EF9065567CDB02B12F674CF4EE4E8FBA69773B ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
09:03:21.0187 0x028c aswTdi - ok
09:03:21.0203 0x028c [ 1B0662514A68C3A42E60D240C5ABEF28, 71301759C135895C72CAED297A669BA58B3F73E0B7E46DB981F6559D5D5E2B89 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
09:03:21.0218 0x028c aswVmm - ok
09:03:21.0250 0x028c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:03:21.0328 0x028c AsyncMac - ok
09:03:21.0343 0x028c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:03:21.0406 0x028c atapi - ok
09:03:21.0422 0x028c Atdisk - ok
09:03:21.0437 0x028c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:03:21.0515 0x028c Atmarpc - ok
09:03:21.0547 0x028c [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:03:21.0625 0x028c AudioSrv - ok
09:03:21.0656 0x028c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:03:21.0734 0x028c audstub - ok
09:03:21.0781 0x028c [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:03:21.0797 0x028c avast! Antivirus - ok
09:03:21.0828 0x028c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:03:21.0906 0x028c Beep - ok
09:03:21.0937 0x028c [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
09:03:22.0078 0x028c BITS - ok
09:03:22.0125 0x028c [ 3F56903E124E820AEECE6D471583C6C1, B3C045AFACC8A8F5DC289ADE9ACFB2FE7F9CA24A900BBAED47E2A63837208CB3 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:03:22.0140 0x028c Bonjour Service - ok
09:03:22.0156 0x028c [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
09:03:22.0187 0x028c Browser - ok
09:03:22.0203 0x028c catchme - ok
09:03:22.0218 0x028c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:03:22.0297 0x028c cbidf2k - ok
09:03:22.0297 0x028c cd20xrnt - ok
09:03:22.0312 0x028c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:03:22.0390 0x028c Cdaudio - ok
09:03:22.0422 0x028c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:03:22.0484 0x028c Cdfs - ok
09:03:22.0515 0x028c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:03:22.0609 0x028c Cdrom - ok
09:03:22.0609 0x028c Changer - ok
09:03:22.0640 0x028c [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:03:22.0703 0x028c CiSvc - ok
09:03:22.0734 0x028c [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:03:22.0812 0x028c ClipSrv - ok
09:03:22.0859 0x028c [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:03:22.0922 0x028c clr_optimization_v2.0.50727_32 - ok
09:03:22.0922 0x028c CmdIde - ok
09:03:22.0922 0x028c COMSysApp - ok
09:03:22.0937 0x028c Cpqarray - ok
09:03:22.0953 0x028c [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:03:23.0031 0x028c CryptSvc - ok
09:03:23.0062 0x028c [ 0D15988B79DE14C0EBF145A12137FEC6, 6778E38C32F5FA441BEFAB83A6DE944B59129ECF8C139AFD7A7CC968FB67A7AF ] CSDriver C:\WINDOWS\system32\drivers\CSDriver.sys
09:03:23.0078 0x028c CSDriver - detected UnsignedFile.Multi.Generic ( 1 )
09:03:25.0515 0x028c CSDriver ( UnsignedFile.Multi.Generic ) - warning
09:03:28.0047 0x028c dac2w2k - ok
09:03:28.0047 0x028c dac960nt - ok
09:03:28.0093 0x028c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:03:28.0125 0x028c DcomLaunch - ok
09:03:28.0140 0x028c [ D8522960163FA593694E441194A9A574, 719627E23858E0A73A5E9C03561A95C2004BD2351B1393AD37596CAEFD62BE30 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
09:03:28.0156 0x028c dg_ssudbus - ok
09:03:28.0187 0x028c [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:03:28.0265 0x028c Dhcp - ok
09:03:28.0281 0x028c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:03:28.0375 0x028c Disk - ok
09:03:28.0375 0x028c dmadmin - ok
09:03:28.0437 0x028c [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:03:28.0531 0x028c dmboot - ok
09:03:28.0531 0x028c [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:03:28.0609 0x028c dmio - ok
09:03:28.0625 0x028c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:03:28.0703 0x028c dmload - ok
09:03:28.0718 0x028c [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
09:03:28.0797 0x028c dmserver - ok
09:03:28.0812 0x028c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:03:28.0890 0x028c DMusic - ok
09:03:28.0906 0x028c [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:03:28.0906 0x028c Dnscache - ok
09:03:28.0953 0x028c [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:03:29.0031 0x028c Dot3svc - ok
09:03:29.0031 0x028c dpti2o - ok
09:03:29.0047 0x028c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:03:29.0109 0x028c drmkaud - ok
09:03:29.0140 0x028c [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:03:29.0203 0x028c EapHost - ok
09:03:29.0218 0x028c [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:03:29.0281 0x028c ERSvc - ok
09:03:29.0312 0x028c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
09:03:29.0328 0x028c Eventlog - ok
09:03:29.0359 0x028c [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
09:03:29.0375 0x028c EventSystem - ok
09:03:29.0422 0x028c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:03:29.0484 0x028c Fastfat - ok
09:03:29.0531 0x028c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:03:29.0562 0x028c FastUserSwitchingCompatibility - ok
09:03:29.0578 0x028c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
09:03:29.0656 0x028c Fdc - ok
09:03:29.0672 0x028c [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:03:29.0765 0x028c Fips - ok
09:03:29.0797 0x028c [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:03:29.0843 0x028c FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
09:03:32.0218 0x028c Detect skipped due to KSN trusted
09:03:32.0218 0x028c FLEXnet Licensing Service - ok
09:03:32.0234 0x028c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
09:03:32.0297 0x028c Flpydisk - ok
09:03:32.0328 0x028c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:03:32.0406 0x028c FltMgr - ok
09:03:32.0453 0x028c [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:03:32.0468 0x028c FontCache3.0.0.0 - ok
09:03:32.0484 0x028c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:03:32.0562 0x028c Fs_Rec - ok
09:03:32.0578 0x028c [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:03:32.0656 0x028c Ftdisk - ok
09:03:32.0687 0x028c [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:03:32.0703 0x028c GEARAspiWDM - ok
09:03:32.0718 0x028c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:03:32.0797 0x028c Gpc - ok
09:03:32.0890 0x028c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:03:32.0890 0x028c gupdate - ok
09:03:32.0922 0x028c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:03:32.0937 0x028c gupdatem - ok
09:03:32.0968 0x028c [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:03:33.0062 0x028c HDAudBus - ok
09:03:33.0109 0x028c [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:03:33.0172 0x028c helpsvc - ok
09:03:33.0203 0x028c [ 3ECDCDC7CFE63BF2F2F736703CCD7628, AE124D27B89ACAB5BF0ED0F26C15047AC0F8546FE5108B898B0D7797C4514158 ] hidkmdf C:\WINDOWS\system32\DRIVERS\hidkmdf.sys
09:03:33.0218 0x028c hidkmdf - ok
09:03:33.0218 0x028c HidServ - ok
09:03:33.0250 0x028c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:03:33.0328 0x028c HidUsb - ok
09:03:33.0343 0x028c [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:03:33.0437 0x028c hkmsvc - ok
09:03:33.0437 0x028c hpn - ok
09:03:33.0468 0x028c [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:03:33.0500 0x028c HTTP - ok
09:03:33.0531 0x028c [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:03:33.0625 0x028c HTTPFilter - ok
09:03:33.0640 0x028c i2omgmt - ok
09:03:33.0640 0x028c i2omp - ok
09:03:33.0672 0x028c [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:03:33.0750 0x028c i8042prt - ok
09:03:33.0922 0x028c [ 0F68E2EC713F132FFB19E45415B09679, B1439A5D157F9FF54E803581D2B86411DB079242D837617021A4A0BC195E67BB ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:03:34.0203 0x028c ialm - ok
09:03:34.0359 0x028c [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:03:34.0422 0x028c idsvc - ok
09:03:34.0437 0x028c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:03:34.0515 0x028c Imapi - ok
09:03:34.0531 0x028c [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
09:03:34.0625 0x028c ImapiService - ok
09:03:34.0640 0x028c ini910u - ok
09:03:34.0812 0x028c [ 3A3A539D7DB808FAD3B55740474A6D02, D56B4550BF53B990104BEF73A321FDCC455E9C4F66609986258EBB05883C19F8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:03:35.0125 0x028c IntcAzAudAddService - ok
09:03:35.0156 0x028c IntelIde - ok
09:03:35.0187 0x028c [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:03:35.0250 0x028c intelppm - ok
09:03:35.0265 0x028c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:03:35.0343 0x028c Ip6Fw - ok
09:03:35.0375 0x028c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:03:35.0437 0x028c IpFilterDriver - ok
09:03:35.0468 0x028c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:03:35.0547 0x028c IpInIp - ok
09:03:35.0562 0x028c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:03:35.0640 0x028c IpNat - ok
09:03:35.0672 0x028c [ 31116E352808019E69ECA58D1A6C66B0, 4178CCEC9ABBD494132B1AE5A73EB66C84848EA455BAE6ED47D3AA7FA405115C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:03:35.0703 0x028c iPod Service - ok
09:03:35.0718 0x028c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:03:35.0797 0x028c IPSec - ok
09:03:35.0812 0x028c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:03:35.0859 0x028c IRENUM - ok
09:03:35.0890 0x028c [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:03:35.0953 0x028c isapnp - ok
09:03:35.0968 0x028c jcjymt - ok
09:03:35.0984 0x028c [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:03:36.0062 0x028c Kbdclass - ok
09:03:36.0078 0x028c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:03:36.0156 0x028c kmixer - ok
09:03:36.0172 0x028c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:03:36.0187 0x028c KSecDD - ok
09:03:36.0218 0x028c [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:03:36.0234 0x028c lanmanserver - ok
09:03:36.0265 0x028c [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:03:36.0281 0x028c lanmanworkstation - ok
09:03:36.0297 0x028c lbrtfdc - ok
09:03:36.0328 0x028c [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:03:36.0406 0x028c LmHosts - ok
09:03:36.0437 0x028c [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
09:03:36.0453 0x028c MBAMProtector - ok
09:03:36.0515 0x028c [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:03:36.0547 0x028c MBAMScheduler - ok
09:03:36.0578 0x028c [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:03:36.0625 0x028c MBAMService - ok
09:03:36.0703 0x028c [ 8566E3E7E14517C3142F9EBAF68C3CF4, 1E7A279B8EF1FA8C4D7DB0B72E031DDC39D82FC694A22808BD6C76EF98BB7BF1 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
09:03:36.0718 0x028c McComponentHostService - ok
09:03:36.0781 0x028c [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:03:36.0812 0x028c MDM - ok
09:03:36.0843 0x028c [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:03:36.0937 0x028c Messenger - ok
09:03:37.0015 0x028c [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:03:37.0031 0x028c Microsoft Office Groove Audit Service - ok
09:03:37.0062 0x028c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:03:37.0125 0x028c mnmdd - ok
09:03:37.0156 0x028c [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:03:37.0234 0x028c mnmsrvc - ok
09:03:37.0250 0x028c [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:03:37.0312 0x028c Modem - ok
09:03:37.0359 0x028c [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
09:03:37.0468 0x028c Monfilt - ok
09:03:37.0500 0x028c [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:03:37.0578 0x028c Mouclass - ok
09:03:37.0593 0x028c [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:03:37.0656 0x028c mouhid - ok
09:03:37.0672 0x028c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:03:37.0750 0x028c MountMgr - ok
09:03:37.0781 0x028c [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:03:37.0797 0x028c MozillaMaintenance - ok
09:03:37.0797 0x028c mraid35x - ok
09:03:37.0812 0x028c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:03:37.0875 0x028c MRxDAV - ok
09:03:37.0922 0x028c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:03:37.0953 0x028c MRxSmb - ok
09:03:37.0984 0x028c [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:03:38.0062 0x028c MSDTC - ok
09:03:38.0078 0x028c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:03:38.0156 0x028c Msfs - ok
09:03:38.0156 0x028c MSIServer - ok
09:03:38.0172 0x028c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:03:38.0250 0x028c MSKSSRV - ok
09:03:38.0265 0x028c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:03:38.0328 0x028c MSPCLOCK - ok
09:03:38.0343 0x028c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:03:38.0437 0x028c MSPQM - ok
09:03:38.0453 0x028c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:03:38.0515 0x028c mssmbios - ok
09:03:38.0547 0x028c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:03:38.0562 0x028c Mup - ok
09:03:38.0593 0x028c [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:03:38.0750 0x028c napagent - ok
09:03:38.0797 0x028c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:03:38.0875 0x028c NDIS - ok
09:03:38.0906 0x028c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:03:38.0922 0x028c NdisTapi - ok
09:03:38.0937 0x028c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:03:39.0015 0x028c Ndisuio - ok
09:03:39.0047 0x028c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:03:39.0125 0x028c NdisWan - ok
09:03:39.0140 0x028c [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:03:39.0312 0x028c NDProxy - ok
09:03:39.0343 0x028c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:03:39.0422 0x028c NetBIOS - ok
09:03:39.0437 0x028c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:03:39.0515 0x028c NetBT - ok
09:03:39.0547 0x028c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
09:03:39.0625 0x028c NetDDE - ok
09:03:39.0640 0x028c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:03:39.0703 0x028c NetDDEdsdm - ok
09:03:39.0734 0x028c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:03:39.0797 0x028c Netlogon - ok
09:03:39.0828 0x028c [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
09:03:39.0922 0x028c Netman - ok
09:03:40.0000 0x028c [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:03:40.0015 0x028c NetTcpPortSharing - ok
09:03:40.0031 0x028c [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
09:03:40.0062 0x028c Nla - ok
09:03:40.0078 0x028c [ C82F4CC10AD315B6D6BCB14D0A7CAD66, 7B12A7CB54DF475A4CCD23228A822FE29A04CF2850D64FCFA80DEFE3003074B1 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
09:03:40.0109 0x028c nmwcd - ok
09:03:40.0140 0x028c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:03:40.0203 0x028c Npfs - ok
09:03:40.0234 0x028c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:03:40.0343 0x028c Ntfs - ok
09:03:40.0359 0x028c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:03:40.0422 0x028c NtLmSsp - ok
09:03:40.0484 0x028c [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:03:40.0593 0x028c NtmsSvc - ok
09:03:40.0609 0x028c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
09:03:40.0687 0x028c Null - ok
09:03:40.0703 0x028c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:03:40.0781 0x028c NwlnkFlt - ok
09:03:40.0781 0x028c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:03:40.0859 0x028c NwlnkFwd - ok
09:03:40.0937 0x028c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:03:40.0968 0x028c odserv - ok
09:03:41.0000 0x028c [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:03:41.0015 0x028c ose - ok
09:03:41.0031 0x028c [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:03:41.0093 0x028c Parport - ok
09:03:41.0109 0x028c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:03:41.0172 0x028c PartMgr - ok
09:03:41.0203 0x028c [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:03:41.0265 0x028c ParVdm - ok
09:03:41.0281 0x028c [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:03:41.0359 0x028c PCI - ok
09:03:41.0359 0x028c PCIDump - ok
09:03:41.0375 0x028c [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:03:41.0437 0x028c PCIIde - ok
09:03:41.0468 0x028c [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:03:41.0531 0x028c Pcmcia - ok
09:03:41.0531 0x028c PDCOMP - ok
09:03:41.0531 0x028c PDFRAME - ok
09:03:41.0547 0x028c PDRELI - ok
09:03:41.0547 0x028c PDRFRAME - ok
09:03:41.0562 0x028c perc2 - ok
09:03:41.0562 0x028c perc2hib - ok
09:03:41.0593 0x028c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
09:03:41.0593 0x028c PlugPlay - ok
09:03:41.0625 0x028c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:03:41.0687 0x028c PolicyAgent - ok
09:03:41.0703 0x028c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:03:41.0765 0x028c PptpMiniport - ok
09:03:41.0781 0x028c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:03:42.0015 0x028c ProtectedStorage - ok
09:03:42.0031 0x028c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:03:42.0093 0x028c PSched - ok
09:03:42.0109 0x028c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:03:42.0187 0x028c Ptilink - ok
09:03:42.0218 0x028c [ 1962166E0CEB740704F30FA55AD3D509, 22C21907D7FDCA2CBBE1EC0479D83DDD4C4FCBC07C8791A2F62414EC5E85E488 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:03:42.0218 0x028c PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )
09:03:44.0984 0x028c Detect skipped due to KSN trusted
09:03:44.0984 0x028c PxHelp20 - ok
09:03:45.0000 0x028c ql1080 - ok
09:03:45.0000 0x028c Ql10wnt - ok
09:03:45.0000 0x028c ql12160 - ok
09:03:45.0015 0x028c ql1240 - ok
09:03:45.0015 0x028c ql1280 - ok
09:03:45.0031 0x028c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:03:45.0093 0x028c RasAcd - ok
09:03:45.0125 0x028c [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:03:45.0203 0x028c RasAuto - ok
09:03:45.0218 0x028c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:03:45.0297 0x028c Rasl2tp - ok
09:03:45.0343 0x028c [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:03:45.0406 0x028c RasMan - ok
09:03:45.0437 0x028c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:03:45.0500 0x028c RasPppoe - ok
09:03:45.0500 0x028c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:03:45.0578 0x028c Raspti - ok
09:03:45.0593 0x028c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:03:45.0672 0x028c Rdbss - ok
09:03:45.0687 0x028c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:03:45.0750 0x028c RDPCDD - ok
09:03:45.0765 0x028c [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:03:45.0843 0x028c rdpdr - ok
09:03:45.0875 0x028c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:03:45.0890 0x028c RDPWD - ok
09:03:45.0937 0x028c [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:03:46.0000 0x028c RDSessMgr - ok
09:03:46.0078 0x028c [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
09:03:46.0078 0x028c RealNetworks Downloader Resolver Service - ok
09:03:46.0109 0x028c [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:03:46.0187 0x028c redbook - ok
09:03:46.0218 0x028c [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:03:46.0297 0x028c RemoteAccess - ok
09:03:46.0328 0x028c [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:03:46.0406 0x028c RemoteRegistry - ok
09:03:46.0468 0x028c [ 8CFCA7E2FD4B57C2BEF929C1C1A4C56E, B56D18C70658AE2842AD684FB378CC7805612050A4ED222103F54A38FB22BBA6 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
09:03:46.0484 0x028c RichVideo - ok
09:03:46.0484 0x028c [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
09:03:46.0562 0x028c RpcLocator - ok
09:03:46.0593 0x028c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
09:03:46.0640 0x028c RpcSs - ok
09:03:46.0656 0x028c [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:03:46.0734 0x028c RSVP - ok
09:03:46.0765 0x028c [ 79B4FE884C18DD82D5449F6B6026D092, 434D2D39D20279B566B7C7E5367034DF981B2C8F5F16B0BF94360CE7B6BA0ADC ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:03:46.0781 0x028c RTLE8023xp - ok
09:03:46.0812 0x028c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
09:03:46.0890 0x028c SamSs - ok
09:03:46.0890 0x028c [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:03:46.0968 0x028c SCardSvr - ok
09:03:47.0000 0x028c [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:03:47.0078 0x028c Schedule - ok
09:03:47.0234 0x028c [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
09:03:47.0422 0x028c SDScannerService - ok
09:03:47.0515 0x028c [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
09:03:47.0578 0x028c SDUpdateService - ok
09:03:47.0593 0x028c [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
09:03:47.0609 0x028c SDWSCService - ok
09:03:47.0640 0x028c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:03:47.0687 0x028c Secdrv - ok
09:03:47.0718 0x028c [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:03:47.0797 0x028c seclogon - ok
09:03:47.0812 0x028c [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
09:03:47.0890 0x028c SENS - ok
09:03:47.0922 0x028c [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:03:48.0000 0x028c serenum - ok
09:03:48.0015 0x028c [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:03:48.0093 0x028c Serial - ok
09:03:48.0125 0x028c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:03:48.0187 0x028c Sfloppy - ok
09:03:48.0234 0x028c [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:03:48.0312 0x028c SharedAccess - ok
09:03:48.0328 0x028c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:03:48.0359 0x028c ShellHWDetection - ok
09:03:48.0375 0x028c Simbad - ok
09:03:48.0547 0x028c [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:03:48.0703 0x028c Skype C2C Service - ok
09:03:48.0781 0x028c [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:03:48.0797 0x028c SkypeUpdate - ok
09:03:48.0812 0x028c Sparrow - ok
09:03:48.0859 0x028c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:03:48.0937 0x028c splitter - ok
09:03:48.0968 0x028c [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:03:48.0984 0x028c Spooler - ok
09:03:48.0984 0x028c sptd - ok
09:03:49.0015 0x028c [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:03:49.0062 0x028c sr - ok
09:03:49.0109 0x028c [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
09:03:49.0156 0x028c srservice - ok
09:03:49.0187 0x028c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:03:49.0250 0x028c Srv - ok
09:03:49.0297 0x028c [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:03:49.0343 0x028c SSDPSRV - ok
09:03:49.0375 0x028c [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:03:49.0484 0x028c stisvc - ok
09:03:49.0515 0x028c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:03:49.0593 0x028c swenum - ok
09:03:49.0672 0x028c [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:03:49.0734 0x028c SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
09:03:52.0109 0x028c Detect skipped due to KSN trusted
09:03:52.0109 0x028c SwitchBoard - ok
09:03:52.0125 0x028c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:03:52.0203 0x028c swmidi - ok
09:03:52.0218 0x028c SwPrv - ok
09:03:52.0218 0x028c symc810 - ok
09:03:52.0234 0x028c symc8xx - ok
09:03:52.0234 0x028c sym_hi - ok
09:03:52.0250 0x028c sym_u3 - ok
09:03:52.0265 0x028c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:03:52.0343 0x028c sysaudio - ok
09:03:52.0375 0x028c [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:03:52.0453 0x028c SysmonLog - ok
09:03:52.0484 0x028c [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:03:52.0562 0x028c TapiSrv - ok
09:03:52.0609 0x028c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:03:52.0656 0x028c Tcpip - ok
09:03:52.0922 0x028c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:03:53.0000 0x028c TDPIPE - ok
09:03:53.0015 0x028c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:03:53.0093 0x028c TDTCP - ok
09:03:53.0109 0x028c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:03:53.0187 0x028c TermDD - ok
09:03:53.0218 0x028c [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
09:03:53.0312 0x028c TermService - ok
09:03:53.0343 0x028c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
09:03:53.0359 0x028c Themes - ok
09:03:53.0390 0x028c [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
09:03:53.0422 0x028c TlntSvr - ok
09:03:53.0422 0x028c TosIde - ok
09:03:53.0453 0x028c [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:03:53.0547 0x028c TrkWks - ok
09:03:53.0562 0x028c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:03:53.0625 0x028c Udfs - ok
09:03:53.0625 0x028c ultra - ok
09:03:53.0656 0x028c [ C81B8635DEE0D3EF5F64B3DD643023A5, 6D7438A5FB7168352099F726BD0980AD398A7CFE929B8D2BD362B238C1540D85 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
09:03:53.0672 0x028c UMWdf - ok
09:03:53.0718 0x028c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:03:53.0828 0x028c Update - ok
09:03:53.0859 0x028c [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
09:03:53.0890 0x028c upnphost - ok
09:03:53.0922 0x028c [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
09:03:53.0984 0x028c UPS - ok
09:03:54.0031 0x028c [ 1DF89C499BF45D878B87EBD4421D462D, 37FE229C128DA2C3380944EDFA8E6117CB4B36D99EEFB2AEB1DD4E0890B49A17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
09:03:54.0047 0x028c USBAAPL - ok
09:03:54.0078 0x028c [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:03:54.0093 0x028c usbccgp - ok
09:03:54.0109 0x028c [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:03:54.0125 0x028c usbehci - ok
09:03:54.0140 0x028c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:03:54.0218 0x028c usbhub - ok
09:03:54.0265 0x028c [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:03:54.0375 0x028c usbprint - ok
09:03:54.0406 0x028c [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:03:54.0422 0x028c usbscan - ok
09:03:54.0468 0x028c [ 84C44D720655A8AA475E57A9E764D675, 2D450199338A217FBD951317812A74223E8B477974C7634667E8896316C3FEA0 ] usbser C:\WINDOWS\system32\drivers\usbser.sys
09:03:54.0515 0x028c usbser - ok
09:03:54.0593 0x028c [ E748D50B3B2EC7F40A2BA67FB094CF01, 35F1F255AA40C11A1379553DDA09470CA39DDE39569CF0DB800AAF2448A7FDE1 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
09:03:54.0640 0x028c UsbserFilt - ok
09:03:54.0687 0x028c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:03:54.0765 0x028c USBSTOR - ok
09:03:54.0797 0x028c [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:03:54.0875 0x028c usbuhci - ok
09:03:54.0906 0x028c [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E, CFA47A71403419CA7C94333B4F7766DFC97C5DCDBC3AD1B106044B93C979A5C5 ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
09:03:54.0953 0x028c usb_rndisx - ok
09:03:54.0968 0x028c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:03:55.0047 0x028c VgaSave - ok
09:03:55.0047 0x028c ViaIde - ok
09:03:55.0062 0x028c [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:03:55.0156 0x028c VolSnap - ok
09:03:55.0218 0x028c [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
09:03:55.0297 0x028c VSS - ok
09:03:55.0328 0x028c [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
09:03:55.0390 0x028c W32Time - ok
09:03:55.0422 0x028c [ 2C405B2D6CFD8289BE10198B8DEE94EC, 69683519EBDA32F06C30DFFC6779AD75CF31132CBC8D74AB649C6C4B4BED5B02 ] WacHidRouter C:\WINDOWS\system32\DRIVERS\wachidrouter.sys
09:03:55.0422 0x028c WacHidRouter - ok
09:03:55.0453 0x028c [ E4224671E773CCF3D5D386992B31A460, 310313701564D0D9220E0D3AF98180D852727B0A7FAB135419C8B5933CF13332 ] wacomrouterfilter C:\WINDOWS\system32\DRIVERS\wacomrouterfilter.sys
09:03:55.0453 0x028c wacomrouterfilter - ok
09:03:55.0484 0x028c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:03:55.0562 0x028c Wanarp - ok
09:03:55.0593 0x028c [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:03:55.0640 0x028c Wdf01000 - ok
09:03:55.0640 0x028c WDICA - ok
09:03:55.0656 0x028c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:03:55.0734 0x028c wdmaud - ok
09:03:55.0765 0x028c [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
09:03:55.0828 0x028c WebClient - ok
09:03:55.0890 0x028c [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:03:55.0968 0x028c winmgmt - ok
09:03:56.0015 0x028c [ A477391B7A8B0A0DAABADB17CF533A4B, 9B1929B5BBF2738BA3D402809FCB8DAA09EF4727F860567895D5E73EBE43E627 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:03:56.0047 0x028c WmdmPmSN - ok
09:03:56.0078 0x028c [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:03:56.0109 0x028c Wmi - ok
09:03:56.0125 0x028c [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:03:56.0218 0x028c WmiApSrv - ok
09:03:56.0234 0x028c [ C1B3D9D75C3FB735F5FA3A5806ADED57, E81D46549C4AB73CB1285A849046655CC5F680EB7ACE7A13A9E4B55B864C33BD ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
09:03:56.0250 0x028c WpdUsb - ok
09:03:56.0265 0x028c [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:03:56.0343 0x028c WS2IFSL - ok
09:03:56.0359 0x028c [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:03:56.0453 0x028c wscsvc - ok
09:03:56.0515 0x028c [ 0DA0AB21B1990CEB4C5FE1242486CF5C, 84D37921C57305AC847D93641BA0674BC5894DC1B945AEC95CC18C7158792A32 ] WTabletServicePro C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
09:03:56.0531 0x028c WTabletServicePro - ok
09:03:56.0562 0x028c [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:03:56.0656 0x028c wuauserv - ok
09:03:56.0687 0x028c [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:03:56.0781 0x028c WZCSVC - ok
09:03:56.0812 0x028c [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:03:56.0906 0x028c xmlprov - ok
09:03:56.0937 0x028c [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:03:56.0984 0x028c YahooAUService - ok
09:03:56.0984 0x028c ================ Scan global ===============================
09:03:57.0015 0x028c [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
09:03:57.0062 0x028c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
09:03:57.0078 0x028c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
09:03:57.0109 0x028c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
09:03:57.0109 0x028c [ Global ] - ok
09:03:57.0109 0x028c ================ Scan MBR ==================================
09:03:57.0125 0x028c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:03:57.0375 0x028c \Device\Harddisk0\DR0 - ok
09:03:57.0375 0x028c ================ Scan VBR ==================================
09:03:57.0375 0x028c [ D76CB178CA04CC588C0D08A4A5C68A4A ] \Device\Harddisk0\DR0\Partition1
09:03:57.0406 0x028c \Device\Harddisk0\DR0\Partition1 - ok
09:03:57.0406 0x028c [ 2F05094CA035E3A01DA02133961CBBA6 ] \Device\Harddisk0\DR0\Partition2
09:03:57.0406 0x028c \Device\Harddisk0\DR0\Partition2 - ok
09:03:57.0406 0x028c Waiting for KSN requests completion. In queue: 49
09:03:58.0406 0x028c Waiting for KSN requests completion. In queue: 49
09:03:59.0406 0x028c Waiting for KSN requests completion. In queue: 49
09:04:00.0422 0x028c AV detected via SS1: avast! Antivirus, 5.0.150996957, enabled, updated
09:04:00.0422 0x028c Win FW state via NFM: enabled
09:04:02.0953 0x028c ============================================================
09:04:02.0953 0x028c Scan finished
09:04:02.0953 0x028c ============================================================
09:04:02.0953 0x0b6c Detected object count: 1
09:04:02.0953 0x0b6c Actual detected object count: 1
09:04:26.0375 0x0b6c CSDriver ( UnsignedFile.Multi.Generic ) - skipped by user
09:04:26.0375 0x0b6c CSDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:13:25.0125 0x084c ============================================================
09:13:25.0125 0x084c Scan started
09:13:25.0125 0x084c Mode: Manual; SigCheck; TDLFS;
09:13:25.0125 0x084c ============================================================
09:13:25.0125 0x084c KSN ping started
09:13:27.0468 0x084c KSN ping finished: true
CONT....

Trancidonia
2014-03-17, 03:48
Cont...


09:13:27.0922 0x084c ================ scan system memory ========================
09:13:27.0922 0x084c system memory - ok
09:13:27.0922 0x084c ================ scan services =============================
09:13:28.0172 0x084c abiosdsk - ok
09:13:28.0172 0x084c abp480n5 - ok
09:13:28.0218 0x084c [ 8fd99680a539792a30e97944fdaecf17, 594f8e0c3695400b0c09a797af6bdfac6f750ecd67d0ee803914c572b1dcc43c ] acpi c:\windows\system32\drivers\acpi.sys
09:13:28.0375 0x084c acpi - ok
09:13:28.0406 0x084c [ 9859c0f6936e723e4892d7141b1327d5, 5e8f6a2fc4df2e5e92a1d66ecc2810e08b42b64e9cd0df4ad3f78ea8558b90af ] acpiec c:\windows\system32\drivers\acpiec.sys
09:13:28.0484 0x084c acpiec - ok
09:13:28.0531 0x084c [ 9d96b0d5855fd1b98023b3eec9f06786, e4c79233158be8aa4e9c6dd71585e5d2703a5156531eb3d692d7d81bc443e844 ] adobeflashplayerupdatesvc c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
09:13:28.0547 0x084c adobeflashplayerupdatesvc - ok
09:13:28.0562 0x084c adpu160m - ok
09:13:28.0578 0x084c [ 8bed39e3c35d6a489438b8141717a557, 1b5796e56b0927360ce0759641b1151828bc0a9e45620d2b2d880491f5ce33d0 ] aec c:\windows\system32\drivers\aec.sys
09:13:28.0672 0x084c aec - ok
09:13:28.0703 0x084c [ 1e44bc1e83d8fd2305f8d452db109cf9, cf5ec07e0b589fa2a4701c6cfd69e893fc3abf274ad57ae3c13ffe49063b02c8 ] afd c:\windows\system32\drivers\afd.sys
09:13:28.0703 0x084c afd - ok
09:13:28.0718 0x084c aha154x - ok
09:13:28.0718 0x084c aic78u2 - ok
09:13:28.0718 0x084c aic78xx - ok
09:13:28.0750 0x084c [ a9a3daa780ca6c9671a19d52456705b4, 67c959144b57ae0bbf1d82dbed197f32cdb06fecd883a80c441a0202fe83fab4 ] alerter c:\windows\system32\alrsvc.dll
09:13:28.0812 0x084c alerter - ok
09:13:28.0843 0x084c [ 8c515081584a38aa007909cd02020b3d, a5e13ca10f702928e0de84c74d0ea8accb117fd76fbabc55220c75c4ffd596dc ] alg c:\windows\system32\alg.exe
09:13:28.0890 0x084c alg - ok
09:13:28.0890 0x084c aliide - ok
09:13:28.0968 0x084c [ f6af59d6eee5e1c304f7f73706ad11d8, f5d39ef40cdb5102a84c8594cfc54ddbd5060e193e6d07421a9003d2abc63e30 ] ambfilt c:\windows\system32\drivers\ambfilt.sys
09:13:29.0047 0x084c ambfilt - ok
09:13:29.0062 0x084c amsint - ok
09:13:29.0125 0x084c [ 4b5ae15e5c73eb4dc8dbec2788230d41, e3c69ebdfe979387efb115971f68c9539bd9c6944f3ae4d356aa6ac814f19d76 ] apple mobile device c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
09:13:29.0140 0x084c apple mobile device - ok
09:13:29.0187 0x084c [ d8849f77c0b66226335a59d26cb4edc6, 4990031453204c57e36e850252a39b05d6ecdab9e71a8136fb4900f17e59c9ca ] appmgmt c:\windows\system32\appmgmts.dll
09:13:29.0234 0x084c appmgmt - ok
09:13:29.0234 0x084c asc - ok
09:13:29.0234 0x084c asc3350p - ok
09:13:29.0250 0x084c asc3550 - ok
09:13:29.0328 0x084c [ 0e5e4957549056e2bf2c49f4f6b601ad, f7f19fdc906b719a3516d30a9b4a2262c8cc5b36b94e3d4195c345ec4610ff2b ] aspnet_state c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
09:13:29.0343 0x084c aspnet_state - ok
09:13:29.0359 0x084c [ 7021f01ccac1538ccf9ae004723af033, 698b199d378426d9a07b01600ba265b8e8edbeb29bee223fb22592e59fb5b92e ] aswmonflt c:\windows\system32\drivers\aswmonflt.sys
09:13:29.0375 0x084c aswmonflt - ok
09:13:29.0406 0x084c [ 98c18c78b0c3e7efbdda7bd0c35f5903, 92128ea70472eba8804c2972daa8557f460c2e082084e29b40ce93a05447592f ] aswrdr c:\windows\system32\drivers\aswrdr.sys
09:13:29.0422 0x084c aswrdr - ok
09:13:29.0422 0x084c [ f385467df95d0a73775cb3b076b8b969, d427a5f4fb4d1dab04afc29e7ec510844f907abba053538995e65747bad37422 ] aswrvrt c:\windows\system32\drivers\aswrvrt.sys
09:13:29.0437 0x084c aswrvrt - ok
09:13:29.0453 0x084c [ 8cd8710457fcc1cde88cbfa3aa119b92, b750481b2d44e2d01def500276a7253731edd2bcb117b083ee10faa7a8fff729 ] aswsnx c:\windows\system32\drivers\aswsnx.sys
09:13:29.0484 0x084c aswsnx - ok
09:13:29.0500 0x084c [ c1f95c9481f46b96e23a276639c55ac9, 75f7bcf74e46e3a8ec9af0db5d7fca280dcaf97bd932767dcbde66e26bf0e7ce ] aswsp c:\windows\system32\drivers\aswsp.sys
09:13:29.0515 0x084c aswsp - ok
09:13:29.0547 0x084c [ e6390554dcb2a730702188547267093c, 1f97f23a2c1767abd52041dfa0ef9065567cdb02b12f674cf4ee4e8fba69773b ] aswtdi c:\windows\system32\drivers\aswtdi.sys
09:13:29.0562 0x084c aswtdi - ok
09:13:29.0562 0x084c [ 1b0662514a68c3a42e60d240c5abef28, 71301759c135895c72caed297a669ba58b3f73e0b7e46db981f6559d5d5e2b89 ] aswvmm c:\windows\system32\drivers\aswvmm.sys
09:13:29.0578 0x084c aswvmm - ok
09:13:29.0609 0x084c [ b153affac761e7f5fcfa822b9c4e97bc, 7e60f572a6b3c6219e3c86225aa37243affd74337db7f108b04778042e5cc959 ] asyncmac c:\windows\system32\drivers\asyncmac.sys
09:13:29.0687 0x084c asyncmac - ok
09:13:29.0703 0x084c [ 9f3a2f5aa6875c72bf062c712cfa2674, b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9 ] atapi c:\windows\system32\drivers\atapi.sys
09:13:29.0765 0x084c atapi - ok
09:13:29.0765 0x084c atdisk - ok
09:13:29.0797 0x084c [ 9916c1225104ba14794209cfa8012159, 5d6f05f715c52a16d05cae15c3dfe77a139a7f27f7ae710ec9a10f9ee05115a1 ] atmarpc c:\windows\system32\drivers\atmarpc.sys
09:13:29.0875 0x084c atmarpc - ok
09:13:29.0890 0x084c [ def7a7882bec100fe0b2ce2549188f9d, 462c95b63d0a1058291a2dc8cbfcb13d7d74ccd1ca43b613a7eb43d49e3276f8 ] audiosrv c:\windows\system32\audiosrv.dll
09:13:29.0968 0x084c audiosrv - ok
09:13:30.0000 0x084c [ d9f724aa26c010a217c97606b160ed68, 329b5118f2409731d06fdae85b6add64a048292801bcb3546651ceb303111695 ] audstub c:\windows\system32\drivers\audstub.sys
09:13:30.0078 0x084c audstub - ok
09:13:30.0125 0x084c [ cc42f104172b4a62793083d380867317, 0b09823419b328e29eb9ffbd033b3295590e414f31e7b37f11f62bd4b7ebaf06 ] avast! Antivirus c:\program files\avast software\avast\avastsvc.exe
09:13:30.0140 0x084c avast! Antivirus - ok
09:13:30.0187 0x084c [ da1f27d85e0d1525f6621372e7b685e9, 5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d ] beep c:\windows\system32\drivers\beep.sys
09:13:30.0250 0x084c beep - ok
09:13:30.0281 0x084c [ 574738f61fca2935f5265dc4e5691314, 3c7ccf064397186c3a3863dd2370ab6414a61b330097dca4f299ca7bbaa3d1b4 ] bits c:\windows\system32\qmgr.dll
09:13:30.0359 0x084c bits - ok
09:13:30.0390 0x084c [ 3f56903e124e820aeece6d471583c6c1, b3c045afacc8a8f5dc289ade9acfb2fe7f9ca24a900bbaed47e2a63837208cb3 ] bonjour service c:\program files\bonjour\mdnsresponder.exe
09:13:30.0406 0x084c bonjour service - ok
09:13:30.0437 0x084c [ cfd4e51402da9838b5a04ae680af54a0, 5378f42b195b5832b00a05ad64e00473a45ffb86ac25c57241f26ea82b149fe1 ] browser c:\windows\system32\browser.dll
09:13:30.0453 0x084c browser - ok
09:13:30.0468 0x084c catchme - ok
09:13:30.0484 0x084c [ 90a673fc8e12a79afbed2576f6a7aaf9, bde7858a3457db979fedd8577fa6321bf72848e4a7bf9f173c78a6a10cbb3ebe ] cbidf2k c:\windows\system32\drivers\cbidf2k.sys
09:13:30.0562 0x084c cbidf2k - ok
09:13:30.0562 0x084c cd20xrnt - ok
09:13:30.0578 0x084c [ c1b486a7658353d33a10cc15211a873b, aa4dd9e7aae5aab1146b360b17001f975d2f29a1281cf7b13e7136480410f347 ] cdaudio c:\windows\system32\drivers\cdaudio.sys
09:13:30.0656 0x084c cdaudio - ok
09:13:30.0687 0x084c [ c885b02847f5d2fd45a24e219ed93b32, b26b2f8e3a831e2b65eb0c5195b0645cd50e22615ce79c9b0b391cd563b121db ] cdfs c:\windows\system32\drivers\cdfs.sys
09:13:30.0750 0x084c cdfs - ok
09:13:30.0781 0x084c [ 1f4260cc5b42272d71f79e570a27a4fe, b51c2a3ed3c309953d0ea45869c8e464c10f2533dade9e0286af674979098d1d ] cdrom c:\windows\system32\drivers\cdrom.sys
09:13:30.0859 0x084c cdrom - ok
09:13:30.0859 0x084c changer - ok
09:13:30.0875 0x084c [ 1cfe720eb8d93a7158a4ebc3ab178bde, 65d2a9d9a88f38d4af323134c151ba0f4b3cd0f6a134af86e7ac9d07319f1726 ] cisvc c:\windows\system32\cisvc.exe
09:13:30.0937 0x084c cisvc - ok
09:13:30.0968 0x084c [ 34cbe729f38138217f9c80212a2a0c82, a9fd7a758d12e0818a11beef1ce772fefa8373e92ef6c0da8628cd4572cc9a43 ] clipsrv c:\windows\system32\clipsrv.exe
09:13:31.0031 0x084c clipsrv - ok
09:13:31.0062 0x084c [ d87acaed61e417bba546ced5e7e36d9c, 14ac6034a5bc0fb2a1afdad42bef4de641556e54ad30d0c46765660a4be55462 ] clr_optimization_v2.0.50727_32 c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
09:13:31.0078 0x084c clr_optimization_v2.0.50727_32 - ok
09:13:31.0078 0x084c cmdide - ok
09:13:31.0078 0x084c comsysapp - ok
09:13:31.0093 0x084c cpqarray - ok
09:13:31.0140 0x084c [ 3d4e199942e29207970e04315d02ad3b, 0825960894cf9c86cc8775bdd2a262948a09ca495aa7fe9f210faf49e7086383 ] cryptsvc c:\windows\system32\cryptsvc.dll
09:13:31.0203 0x084c cryptsvc - ok
09:13:31.0234 0x084c [ 0d15988b79de14c0ebf145a12137fec6, 6778e38c32f5fa441befab83a6de944b59129ecf8c139afd7a7cc968fb67a7af ] csdriver c:\windows\system32\drivers\csdriver.sys
09:13:31.0234 0x084c csdriver - detected unsignedfile.multi.generic ( 1 )
09:13:31.0234 0x084c csdriver ( unsignedfile.multi.generic ) - warning
09:13:31.0234 0x084c force sending object to p2p due to detect: C:\windows\system32\drivers\csdriver.sys
09:13:34.0156 0x084c object send p2p result: True
09:13:36.0687 0x084c dac2w2k - ok
09:13:36.0687 0x084c dac960nt - ok
09:13:36.0734 0x084c [ 6b27a5c03dfb94b4245739065431322c, 6aeac16ab4e0dfd25123aaf4d4181fee1b919b7b2793117006ce8cf30e826cfd ] dcomlaunch c:\windows\system32\rpcss.dll
09:13:36.0750 0x084c dcomlaunch - ok
09:13:36.0781 0x084c [ d8522960163fa593694e441194a9a574, 719627e23858e0a73a5e9c03561a95c2004bd2351b1393ad37596caefd62be30 ] dg_ssudbus c:\windows\system32\drivers\ssudbus.sys
09:13:36.0781 0x084c dg_ssudbus - ok
09:13:36.0812 0x084c [ 5e38d7684a49cacfb752b046357e0589, f192ad4190bcfb6939a5cbc91648fe63168af79a5e227a111dead6a92e42ab8d ] dhcp c:\windows\system32\dhcpcsvc.dll
09:13:36.0890 0x084c dhcp - ok
09:13:36.0922 0x084c [ 044452051f3e02e7963599fc8f4f3e25, 584bddb074618be76454cf90e74829cff588b5b5faeb793e2f7aad26352dd689 ] disk c:\windows\system32\drivers\disk.sys
09:13:37.0000 0x084c disk - ok
09:13:37.0015 0x084c dmadmin - ok
09:13:37.0062 0x084c [ d992fe1274bde0f84ad826acae022a41, c82bd6561a14f2932a761f5883a787b99031250ee5e9b7b5714aa045545c9b99 ] dmboot c:\windows\system32\drivers\dmboot.sys
09:13:37.0140 0x084c dmboot - ok
09:13:37.0156 0x084c [ 7c824cf7bbde77d95c08005717a95f6f, a73cb323b7a6410c3d3f258bf204e716adf8c84c9e4f6562c57ab73daed8ccde ] dmio c:\windows\system32\drivers\dmio.sys
09:13:37.0234 0x084c dmio - ok
09:13:37.0250 0x084c [ e9317282a63ca4d188c0df5e09c6ac5f, d41e002f555fe9015ef620975255f58bb79198ca1ff0e09ec950cb450ff77cf7 ] dmload c:\windows\system32\drivers\dmload.sys
09:13:37.0312 0x084c dmload - ok
09:13:37.0343 0x084c [ 57edec2e5f59f0335e92f35184bc8631, 61f6f0dc2d1a6c61d5ef0d5cc4be0ffc217f1e61fda3ea9f704709293656600f ] dmserver c:\windows\system32\dmserver.dll
09:13:37.0406 0x084c dmserver - ok
09:13:37.0422 0x084c [ 8a208dfcf89792a484e76c40e5f50b45, 4e40e2eb38c6254e7caa488200e89ee7debbba773890bc6a84313cc68178d54f ] dmusic c:\windows\system32\drivers\dmusic.sys
09:13:37.0484 0x084c dmusic - ok
09:13:37.0500 0x084c [ 5f7e24fa9eab896051ffb87f840730d2, 356eefdcd54decad0170b34b993e4bf80dd039e2b2922d7a8d09b84031e9fc7a ] dnscache c:\windows\system32\dnsrslvr.dll
09:13:37.0515 0x084c dnscache - ok
09:13:37.0547 0x084c [ 0f0f6e687e5e15579ef4da8dd6945814, 5c32d88119eb1465b2d719bee2e05888d1a73454b5e33f2d4928da710f8bfba3 ] dot3svc c:\windows\system32\dot3svc.dll
09:13:37.0609 0x084c dot3svc - ok
09:13:37.0609 0x084c dpti2o - ok
09:13:37.0609 0x084c [ 8f5fcff8e8848afac920905fbd9d33c8, c8c6fb97ab0871c8c88a2201525a5cf10d5131cb6980d32692ed7a8f58399ad5 ] drmkaud c:\windows\system32\drivers\drmkaud.sys
09:13:37.0687 0x084c drmkaud - ok
09:13:37.0703 0x084c [ 2187855a7703adef0cef9ee4285182cc, 8233cc11f637866c0074043835a785ea2b616739b6b1181b143a253cf2508cfd ] eaphost c:\windows\system32\eapsvc.dll
09:13:37.0765 0x084c eaphost - ok
09:13:37.0781 0x084c [ bc93b4a066477954555966d77fec9ecb, 27f5b780175ef46da102ee33f7f33559c8b40c077eea4405d579d9507f4b1c23 ] ersvc c:\windows\system32\ersvc.dll
09:13:37.0843 0x084c ersvc - ok
09:13:37.0875 0x084c [ 65df52f5b8b6e9bbd183505225c37315, 59c606977db40a3443dff0be2a4c761824881b22c9fdb3d23f6486db580e92a4 ] eventlog c:\windows\system32\services.exe
09:13:37.0906 0x084c eventlog - ok
09:13:37.0937 0x084c [ d4991d98f2db73c60d042f1aef79efae, 58af949eaebf4ff3e3314dfb66ce4198bf65f0836b68cd27a6ed319742ccccd2 ] eventsystem c:\windows\system32\es.dll
09:13:37.0953 0x084c eventsystem - ok
09:13:37.0984 0x084c [ 38d332a6d56af32635675f132548343e, e6909db836af679b4f4d62c7396d6c82769cc7abb8c919c2aabfe934fce268f6 ] fastfat c:\windows\system32\drivers\fastfat.sys
09:13:38.0062 0x084c fastfat - ok
09:13:38.0093 0x084c [ 99bc0b50f511924348be19c7c7313bbf, a1006c687bd352f700b140dc741515a0cdd9e1352c0fbd1ee410d404e344444b ] fastuserswitchingcompatibility c:\windows\system32\shsvcs.dll
09:13:38.0140 0x084c fastuserswitchingcompatibility - ok
09:13:38.0156 0x084c [ 92cdd60b6730b9f50f6a1a0c1f8cdc81, 8307a532ab4d05cbbce206dc2759497708bf5aaa880bd00f0e4f281d8578a1f5 ] fdc c:\windows\system32\drivers\fdc.sys
09:13:38.0218 0x084c fdc - ok
09:13:38.0234 0x084c [ d45926117eb9fa946a6af572fbe1caa3, 4c94ef009d778be0bdf8f812f026b96f91f641be30aa2531427a5e63dbd280da ] fips c:\windows\system32\drivers\fips.sys
09:13:38.0312 0x084c fips - ok
09:13:38.0343 0x084c [ 227846995afeefa70d328bf5334a86a5, b8ef22de552b44e7dc352742c775bb6b4992b653af4b66b231a60182ce7a7201 ] flexnet licensing service c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
09:13:38.0390 0x084c flexnet licensing service - detected unsignedfile.multi.generic ( 1 )
09:13:38.0390 0x084c detect skipped due to ksn trusted
09:13:38.0390 0x084c flexnet licensing service - ok
09:13:38.0406 0x084c [ 9d27e7b80bfcdf1cdd9b555862d5e7f0, 69c271ad5bcebfd8ae5a769bdd7ec51256da3a8adad5d12e5c0d13f4e82d8805 ] flpydisk c:\windows\system32\drivers\flpydisk.sys
09:13:38.0468 0x084c flpydisk - ok
09:13:38.0484 0x084c [ b2cf4b0786f8212cb92ed2b50c6db6b0, 280f5cf8a90f7bede73add0dd0f8952088133a7ca9a3d3b7041957e33b36845d ] fltmgr c:\windows\system32\drivers\fltmgr.sys
09:13:38.0547 0x084c fltmgr - ok
09:13:38.0609 0x084c [ 8ba7c024070f2b7fdd98ed8a4ba41789, 47585006f86b2c6016ec54250a416794792d1e4024ff229c120bc25b684af66a ] fontcache3.0.0.0 c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
09:13:38.0609 0x084c fontcache3.0.0.0 - ok
09:13:38.0625 0x084c [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a, ec635e071201a766845d48973772cbe0958942b4162f3f5f70660d114cc877e0 ] fs_rec c:\windows\system32\drivers\fs_rec.sys
09:13:38.0703 0x084c fs_rec - ok
09:13:38.0718 0x084c [ 6ac26732762483366c3969c9e4d2259d, ff2c9a23cc17f380093f0bea955b1925794271c2fea16b9b7639668e6999bae3 ] ftdisk c:\windows\system32\drivers\ftdisk.sys
09:13:38.0797 0x084c ftdisk - ok
09:13:38.0843 0x084c [ 8182ff89c65e4d38b2de4bb0fb18564e, 2acfa64d48bf7d25641ec5819c8722144284b8a8e071bf297c1881b07eeafe88 ] gearaspiwdm c:\windows\system32\drivers\gearaspiwdm.sys
09:13:38.0843 0x084c gearaspiwdm - ok
09:13:38.0875 0x084c [ 0a02c63c8b144bd8c86b103dee7c86a2, 7a3235dd3e1995dd72b212faeb3eca2a974434de9bf6d269ea11ba65a80e7e50 ] gpc c:\windows\system32\drivers\msgpc.sys
09:13:38.0953 0x084c gpc - ok
09:13:39.0031 0x084c [ f02a533f517eb38333cb12a9e8963773, 1f72cd1cf660766fa8f912e40b7323a0192a300b376186c10f6803dc5efe28df ] gupdate c:\program files\google\update\googleupdate.exe
09:13:39.0031 0x084c gupdate - ok
09:13:39.0047 0x084c [ f02a533f517eb38333cb12a9e8963773, 1f72cd1cf660766fa8f912e40b7323a0192a300b376186c10f6803dc5efe28df ] gupdatem c:\program files\google\update\googleupdate.exe
09:13:39.0062 0x084c gupdatem - ok
09:13:39.0093 0x084c [ 573c7d0a32852b48f3058cfd8026f511, bc384bba394afdcda1a9abc858c692aa84a1f0a31af3ddf7f38d120c027927fb ] hdaudbus c:\windows\system32\drivers\hdaudbus.sys
09:13:39.0172 0x084c hdaudbus - ok
09:13:39.0234 0x084c [ 4fcca060dfe0c51a09dd5c3843888bcd, d82417706b517f2610ddf7c86be03a72efa9a2a389df5c8f8adeab8144e2c80a ] helpsvc c:\windows\pchealth\helpctr\binaries\pchsvc.dll
09:13:39.0297 0x084c helpsvc - ok
09:13:39.0328 0x084c [ 3ecdcdc7cfe63bf2f2f736703ccd7628, ae124d27b89acab5bf0ed0f26c15047ac0f8546fe5108b898b0d7797c4514158 ] hidkmdf c:\windows\system32\drivers\hidkmdf.sys
09:13:39.0328 0x084c hidkmdf - ok
09:13:39.0328 0x084c hidserv - ok
09:13:39.0359 0x084c [ ccf82c5ec8a7326c3066de870c06daf1, 93395fa4c26b2e82dc8b7025ed3bcf583885e5d8c5f60cd6eeaa6335d6a126ec ] hidusb c:\windows\system32\drivers\hidusb.sys
09:13:39.0437 0x084c hidusb - ok
09:13:39.0453 0x084c [ 8878bd685e490239777bfe51320b88e9, c5c3ecf6b049b6736e35b39518a8f830b45c45a88ffe8e3a6b7922ad946597e2 ] hkmsvc c:\windows\system32\kmsvc.dll
09:13:39.0531 0x084c hkmsvc - ok
09:13:39.0531 0x084c hpn - ok
09:13:39.0562 0x084c [ f80a415ef82cd06ffaf0d971528ead38, 524d9e9201572929522f6805011783711b7c0f76308b924c89cf75f4b7a1fdf3 ] http c:\windows\system32\drivers\http.sys
09:13:39.0578 0x084c http - ok
09:13:39.0609 0x084c [ 6100a808600f44d999cebdef8841c7a3, 61a75118c327812c60622010985a2e80e79b6fd9030a5732390ee5426e4af6c9 ] httpfilter c:\windows\system32\w3ssl.dll
09:13:39.0687 0x084c httpfilter - ok
09:13:39.0703 0x084c i2omgmt - ok
09:13:39.0703 0x084c i2omp - ok
09:13:39.0734 0x084c [ 4a0b06aa8943c1e332520f7440c0aa30, db2452390ccfe67e0c5feb4fd42ca24abe2ddd40d0b22dd5f5b8f70416863918 ] i8042prt c:\windows\system32\drivers\i8042prt.sys
09:13:39.0812 0x084c i8042prt - ok
09:13:40.0000 0x084c [ 0f68e2ec713f132ffb19e45415b09679, b1439a5d157f9ff54e803581d2b86411db079242d837617021a4a0bc195e67bb ] ialm c:\windows\system32\drivers\igxpmp32.sys
09:13:40.0218 0x084c ialm - ok
09:13:40.0375 0x084c [ c01ac32dc5c03076cfb852cb5da5229c, a4d7749220b5bc965d96a267f1e02fe8284a230ba249109207bd4b9ea8dfac96 ] idsvc c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe
09:13:40.0422 0x084c idsvc - ok
09:13:40.0468 0x084c [ 083a052659f5310dd8b6a6cb05edcf8e, 48d39b03ffb6faa1529b774443ba12618ae3982d9f65a7b9d18f2269f78b31f4 ] imapi c:\windows\system32\drivers\imapi.sys
09:13:40.0547 0x084c imapi - ok
09:13:40.0578 0x084c [ 30deaf54a9755bb8546168cfe8a6b5e1, 3936228cd3125c763abfcb93e86e4b43838202bcc0913a28e84ac0263b43ee0d ] imapiservice c:\windows\system32\imapi.exe
09:13:40.0656 0x084c imapiservice - ok
09:13:40.0656 0x084c ini910u - ok
09:13:40.0859 0x084c [ 3a3a539d7db808fad3b55740474a6d02, d56b4550bf53b990104bef73a321fdcc455e9c4f66609986258ebb05883c19f8 ] intcazaudaddservice c:\windows\system32\drivers\rtkhdaud.sys
09:13:41.0062 0x084c intcazaudaddservice - ok
09:13:41.0078 0x084c intelide - ok
09:13:41.0109 0x084c [ 8c953733d8f36eb2133f5bb58808b66b, 555868f246d73652e998b0b1296476e42fceded30d646cc000f31ece4ebc25e6 ] intelppm c:\windows\system32\drivers\intelppm.sys
09:13:41.0172 0x084c intelppm - ok
09:13:41.0187 0x084c [ 3bb22519a194418d5fec05d800a19ad0, f6662f440950596dc1382dd1db5d7891ccea30a6062bea942c18445b5f0d8b16 ] ip6fw c:\windows\system32\drivers\ip6fw.sys
09:13:41.0265 0x084c ip6fw - ok
09:13:41.0281 0x084c [ 731f22ba402ee4b62748adaf6363c182, 5c3bebd008a5be4dc2f92076ff41a10ddc01e10ec7e6552213cfa11970811848 ] ipfilterdriver c:\windows\system32\drivers\ipfltdrv.sys
09:13:41.0359 0x084c ipfilterdriver - ok
09:13:41.0375 0x084c [ b87ab476dcf76e72010632b5550955f5, e6e74d3a86a7917a8baed44f8e97ccd2eb171e4e4b27e9907f60d1523faf319a ] ipinip c:\windows\system32\drivers\ipinip.sys
09:13:41.0453 0x084c ipinip - ok
09:13:41.0468 0x084c [ cc748ea12c6effde940ee98098bf96bb, af523e21c25d9a1715efea573e4f52af5d4fc9f28a2d613f5db629c186c439e0 ] ipnat c:\windows\system32\drivers\ipnat.sys
09:13:41.0531 0x084c ipnat - ok
09:13:41.0562 0x084c [ 31116e352808019e69eca58d1a6c66b0, 4178ccec9abbd494132b1ae5a73eb66c84848ea455bae6ed47d3aa7fa405115c ] ipod service c:\program files\ipod\bin\ipodservice.exe
09:13:41.0578 0x084c ipod service - ok
09:13:41.0609 0x084c [ 23c74d75e36e7158768dd63d92789a91, 394d296f38e7d8efd91a6eec301d9ce6af910e35eb9819f1a9e3363863aedfdc ] ipsec c:\windows\system32\drivers\ipsec.sys
09:13:41.0687 0x084c ipsec - ok
09:13:41.0703 0x084c [ c93c9ff7b04d772627a3646d89f7bf89, 805fa48e7a46d4f10240bf880a2468f53dea36e83004399228ab70db7d20544a ] irenum c:\windows\system32\drivers\irenum.sys
09:13:41.0734 0x084c irenum - ok
09:13:41.0765 0x084c [ 05a299ec56e52649b1cf2fc52d20f2d7, 2654619db3e6d6c385b63ab02f87d4241c4f0250cc31383d1b3586917166c2dc ] isapnp c:\windows\system32\drivers\isapnp.sys
09:13:41.0828 0x084c isapnp - ok
09:13:41.0843 0x084c jcjymt - ok
09:13:41.0859 0x084c [ 463c1ec80cd17420a542b7f36a36f128, e3b11ba26afeafb50b0fc168ea07f6049da6b88bcddeee20310602d7fc27a3a7 ] kbdclass c:\windows\system32\drivers\kbdclass.sys
09:13:41.0937 0x084c kbdclass - ok
09:13:41.0953 0x084c [ 692bcf44383d056aed41b045a323d378, 1a99dee83ffaf64e73067fc049c0a4ce07d94e4ae31efa17b38cefa9e41d67dc ] kmixer c:\windows\system32\drivers\kmixer.sys
09:13:42.0015 0x084c kmixer - ok
09:13:42.0047 0x084c [ b467646c54cc746128904e1654c750c1, 3bd71be3663ea23463d236d8a2a2e42dfa10c502bdb4b6e131faf0fba748219e ] ksecdd c:\windows\system32\drivers\ksecdd.sys
09:13:42.0062 0x084c ksecdd - ok
09:13:42.0093 0x084c [ 3a7c3cbe5d96b8ae96ce81f0b22fb527, 0044f03132596a494448cce5f3d6ecc12617bb4cf6bae348f79d4dc40acd6ee0 ] lanmanserver c:\windows\system32\srvsvc.dll
09:13:42.0109 0x084c lanmanserver - ok
09:13:42.0140 0x084c [ a8888a5327621856c0cec4e385f69309, b08b63300d824e35e31eeea2c4c086dfa2c2a964cedae512e74d3d88aadaa2c1 ] lanmanworkstation c:\windows\system32\wkssvc.dll
09:13:42.0156 0x084c lanmanworkstation - ok
09:13:42.0172 0x084c lbrtfdc - ok
09:13:42.0203 0x084c [ a7db739ae99a796d91580147e919cc59, edf4e039ba277b0e6d66feb0b28096e67d682c09dfc18ececf062d9dcfb75acf ] lmhosts c:\windows\system32\lmhsvc.dll
09:13:42.0281 0x084c lmhosts - ok
09:13:42.0312 0x084c [ 4470e3c1e0c3378e4cab137893c12c3a, ca8e66356f0e671d5454e561e7ead74de25dcf53be452369f96ecacfa8709489 ] mbamprotector c:\windows\system32\drivers\mbam.sys
09:13:42.0312 0x084c mbamprotector - ok
09:13:42.0390 0x084c [ 65085456fd9a74d7f1a999520c299ecb, ea564bc913ef1b8a4caa9242fc70f525b68cf1f3ca462f63b0b7215b93fe8530 ] mbamscheduler c:\program files\malwarebytes' anti-malware\mbamscheduler.exe
09:13:42.0406 0x084c mbamscheduler - ok
09:13:42.0437 0x084c [ e0d7732f2d2e24b2db3f67b6750295b8, aa5ca86af1acec900f60339016b3dc55472db40adb99186005a7abe67b7d66fc ] mbamservice c:\program files\malwarebytes' anti-malware\mbamservice.exe
09:13:42.0468 0x084c mbamservice - ok
09:13:42.0547 0x084c [ 8566e3e7e14517c3142f9ebaf68c3cf4, 1e7a279b8ef1fa8c4d7db0b72e031ddc39d82fc694a22808bd6c76ef98bb7bf1 ] mccomponenthostservice c:\program files\mcafee security scan\3.8.141\mcchsvc.exe
09:13:42.0562 0x084c mccomponenthostservice - ok
09:13:42.0625 0x084c [ 11f714f85530a2bd134074dc30e99fca, bdb5fd3b2df4add19b31965b3e789768b59e872b3ea85912b1ffb32b2af9d5d8 ] mdm c:\program files\common files\microsoft shared\vs7debug\mdm.exe
09:13:42.0640 0x084c mdm - ok
09:13:42.0672 0x084c [ 986b1ff5814366d71e0ac5755c88f2d3, e6af051174531c24b38e73987755d366abec595476c6d17793e8dccc73f55340 ] messenger c:\windows\system32\msgsvc.dll
09:13:42.0750 0x084c messenger - ok
09:13:42.0828 0x084c [ 123271bd5237ab991dc5c21fdf8835eb, 004f8f9228ee291a0e36ce33078d572d61733516f9aa5cfc832af204c6869e89 ] microsoft office groove audit service c:\program files\microsoft office\office12\grooveauditservice.exe
09:13:42.0843 0x084c microsoft office groove audit service - ok
09:13:42.0875 0x084c [ 4ae068242760a1fb6e1a44bf4e16afa6, 1fb771162b96aaf787ac24867b818df8511f0780bb094fa9a38c11d8dbfe68bc ] mnmdd c:\windows\system32\drivers\mnmdd.sys
09:13:42.0953 0x084c mnmdd - ok
09:13:42.0984 0x084c [ d18f1f0c101d06a1c1adf26eed16fcdd, ba0837c7780bd8262e143e2935afa63be59c3c39ef56cb8608eed0f50af070d4 ] mnmsrvc c:\windows\system32\mnmsrvc.exe
09:13:43.0047 0x084c mnmsrvc - ok
09:13:43.0078 0x084c [ dfcbad3cec1c5f964962ae10e0bcc8e1, b342cc9ec3729ab1ab4b5e2e99f890c1e0ca649162de91f6768ab857b719e97b ] modem c:\windows\system32\drivers\modem.sys
09:13:43.0140 0x084c modem - ok
09:13:43.0203 0x084c [ 9fa7207d1b1adead88ae8eed9cdbbaa5, 2ac3875b2e7d9b0692253a9867b940cf214de03574808b42c3702843bc1d5696 ] monfilt c:\windows\system32\drivers\monfilt.sys
09:13:43.0265 0x084c monfilt - ok
09:13:43.0297 0x084c [ 35c9e97194c8cfb8430125f8dbc34d04, 0c0fce6b0a23fb0ecb92e1663e1c72d2dd5b177d82e04782957690b69530db39 ] mouclass c:\windows\system32\drivers\mouclass.sys
09:13:43.0375 0x084c mouclass - ok
09:13:43.0406 0x084c [ b1c303e17fb9d46e87a98e4ba6769685, 161a45488522055d0f0474abeda04ddd0b5dac2411af9154b15190bbd66e7153 ] mouhid c:\windows\system32\drivers\mouhid.sys
09:13:43.0468 0x084c mouhid - ok
09:13:43.0500 0x084c [ a80b9a0bad1b73637dbcbba7df72d3fd, 2a5e15ed2c24c6c65ef2f7e1fd93374774076c9d8d451e4422561f4d269c012f ] mountmgr c:\windows\system32\drivers\mountmgr.sys
09:13:43.0562 0x084c mountmgr - ok
09:13:43.0593 0x084c [ 338037efa0e8e8699b2667d57b751574, 59e0d39806d0c4eb57913aa013242837fd39ad378726aee42d250cba87c1c3bf ] mozillamaintenance c:\program files\mozilla maintenance service\maintenanceservice.exe
09:13:43.0609 0x084c mozillamaintenance - ok
09:13:43.0609 0x084c mraid35x - ok
09:13:43.0625 0x084c [ 11d42bb6206f33fbb3ba0288d3ef81bd, 76abcfb62c5ac549f58c231f72a99882cdeb74928104b77fe52554765c2b1a22 ] mrxdav c:\windows\system32\drivers\mrxdav.sys
09:13:43.0687 0x084c mrxdav - ok
09:13:43.0734 0x084c [ 7d304a5eb4344ebeeab53a2fe3ffb9f0, db9b186f7076d7b94f45041af7b77c1ad2cab504d683b459c6cb1c22840ed170 ] mrxsmb c:\windows\system32\drivers\mrxsmb.sys
09:13:43.0750 0x084c mrxsmb - ok
09:13:43.0781 0x084c [ a137f1470499a205abbb9aafb3b6f2b1, fb4951727543030d9e6ed74149c3faace2ca9da8c1b5f616301b30b858c724e8 ] msdtc c:\windows\system32\msdtc.exe
09:13:43.0875 0x084c msdtc - ok
09:13:43.0890 0x084c [ c941ea2454ba8350021d774daf0f1027, c940e978c7b66a713a0fdab54b5f995df59d089afcd96221dd3222948cd49bbd ] msfs c:\windows\system32\drivers\msfs.sys
09:13:43.0953 0x084c msfs - ok
09:13:43.0968 0x084c msiserver - ok
09:13:43.0984 0x084c [ d1575e71568f4d9e14ca56b7b0453bf1, 4abe0e24786c0d39fa2b885447e56204ca6942fb175e534dce675d7bcf0b176a ] mskssrv c:\windows\system32\drivers\mskssrv.sys
09:13:44.0047 0x084c mskssrv - ok
09:13:44.0062 0x084c [ 325bb26842fc7ccc1fcce2c457317f3e, c07be560513b1fb91d756494f0ba4aeeb2e1998de0e1c21ee83db1183b0cee91 ] mspclock c:\windows\system32\drivers\mspclock.sys
09:13:44.0140 0x084c mspclock - ok
09:13:44.0156 0x084c [ bad59648ba099da4a17680b39730cb3d, 9ad4c7c94c186c8815d0bc75dcafb962158da6935a244ba243edddeb33f9816c ] mspqm c:\windows\system32\drivers\mspqm.sys
09:13:44.0234 0x084c mspqm - ok
09:13:44.0250 0x084c [ af5f4f3f14a8ea2c26de30f7a1e17136, ac93a1e4abb0d038b772e429015567e44cc2edb66c54dbe23a5f98176fac1520 ] mssmbios c:\windows\system32\drivers\mssmbios.sys
09:13:44.0312 0x084c mssmbios - ok
09:13:44.0343 0x084c [ de6a75f5c270e756c5508d94b6cf68f5, fcc972ddc36c2c44d836913f10004c2c33b11c54defff0c63e0fdf901d2f9261 ] mup c:\windows\system32\drivers\mup.sys
09:13:44.0359 0x084c mup - ok
09:13:44.0390 0x084c [ 0102140028fad045756796e1c685d695, 5335b8278418ca200e2772124f0602c3e15a5caf2d5cc59f6785dfaabf339b09 ] napagent c:\windows\system32\qagentrt.dll
09:13:44.0468 0x084c napagent - ok
09:13:44.0500 0x084c [ 1df7f42665c94b825322fae71721130d, fe0dcb728471465b39a42a7511f4133021fba5df88f88bcb5fe2ff34cfd713f9 ] ndis c:\windows\system32\drivers\ndis.sys
09:13:44.0578 0x084c ndis - ok
09:13:44.0593 0x084c [ 0109c4f3850dfbab279542515386ae22, 4f6db1e499ac853fd36fd603fbb6d3ac9bdceb298c7fe1fb59a9236cb46729b2 ] ndistapi c:\windows\system32\drivers\ndistapi.sys
09:13:44.0609 0x084c ndistapi - ok
09:13:44.0625 0x084c [ f927a4434c5028758a842943ef1a3849, b1aa3af150c05307461774925901789456b0cccd03a5e71ada4ab58455962bee ] ndisuio c:\windows\system32\drivers\ndisuio.sys
09:13:44.0703 0x084c ndisuio - ok
09:13:44.0734 0x084c [ edc1531a49c80614b2cfda43ca8659ab, 494042f790f33721328b4451e79842e21919681cc421a4f9633ec4d383e06097 ] ndiswan c:\windows\system32\drivers\ndiswan.sys
09:13:44.0812 0x084c ndiswan - ok
09:13:44.0828 0x084c [ 2f597bb467e05b1fe3830eabd821b8e0, 141497f5a49d47cce3c9289644f4bd838dcb238f6d8e847fc006652e21fe02ac ] ndproxy c:\windows\system32\drivers\ndproxy.sys
09:13:44.0843 0x084c ndproxy - ok
09:13:44.0859 0x084c [ 5d81cf9a2f1a3a756b66cf684911cdf0, 7989c36607caea17afa2c1c9904145ca0714a54b9f712d9d4c1ab140d0b2cc0c ] netbios c:\windows\system32\drivers\netbios.sys
09:13:44.0922 0x084c netbios - ok
09:13:44.0937 0x084c [ 74b2b2f5bea5e9a3dc021d685551bd3d, 7932b71f98b4122be88f576bf6d745a757ae378a48924b7f4358837b75640a82 ] netbt c:\windows\system32\drivers\netbt.sys
09:13:45.0000 0x084c netbt - ok
09:13:45.0031 0x084c [ b857ba82860d7ff85ae29b095645563b, 86ff0e4cdd9c394e8babd93a4d57e73ff9a779261717dec6e9cde99f1c6b0f4c ] netdde c:\windows\system32\netdde.exe
09:13:45.0109 0x084c netdde - ok
09:13:45.0109 0x084c [ b857ba82860d7ff85ae29b095645563b, 86ff0e4cdd9c394e8babd93a4d57e73ff9a779261717dec6e9cde99f1c6b0f4c ] netddedsdm c:\windows\system32\netdde.exe
09:13:45.0187 0x084c netddedsdm - ok
09:13:45.0203 0x084c [ bf2466b3e18e970d8a976fb95fc1ca85, f7794b5d12dc5d820a162850f4388e2aa80426ad07cb221799cf941c682ab501 ] netlogon c:\windows\system32\lsass.exe
09:13:45.0265 0x084c netlogon - ok
09:13:45.0312 0x084c [ 13e67b55b3abd7bf3fe7aae5a0f9a9de, 4e0a67b3cc897e80d4b342ffe8b7b4cc4f6ca2ef2d34c136027a098b2e1c6166 ] netman c:\windows\system32\netman.dll
09:13:45.0375 0x084c netman - ok
09:13:45.0453 0x084c [ d34612c5d02d026535b3095d620626ae, 1bbcccbf49eb8807240a77dcb43c25c21682073cc5356594e2c4f53ef36bf657 ] nettcpportsharing c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe
09:13:45.0468 0x084c nettcpportsharing - ok
09:13:45.0484 0x084c [ 943337d786a56729263071623bbb9de5, b631b47c869fe4acf46e4aa272435d9a9ca536e3349e3ffbb8602636fee7afd4 ] nla c:\windows\system32\mswsock.dll
09:13:45.0500 0x084c nla - ok
09:13:45.0531 0x084c [ c82f4cc10ad315b6d6bcb14d0a7cad66, 7b12a7cb54df475a4ccd23228a822fe29a04cf2850d64fcfa80defe3003074b1 ] nmwcd c:\windows\system32\drivers\ccdcmb.sys
09:13:45.0547 0x084c nmwcd - ok
09:13:45.0578 0x084c [ 3182d64ae053d6fb034f44b6def8034a, 4adfc76965ba2a5f488e71789a4e4ea702a74af42725f72130d1ca919406cf19 ] npfs c:\windows\system32\drivers\npfs.sys
09:13:45.0656 0x084c npfs - ok
09:13:45.0672 0x084c [ 78a08dd6a8d65e697c18e1db01c5cdca, e0e6f3ed05068e32f1d5c2d2b38cdef4536b8656db6756c66cf6b40b60c8f3da ] ntfs c:\windows\system32\drivers\ntfs.sys
09:13:45.0750 0x084c ntfs - ok
09:13:45.0765 0x084c [ bf2466b3e18e970d8a976fb95fc1ca85, f7794b5d12dc5d820a162850f4388e2aa80426ad07cb221799cf941c682ab501 ] ntlmssp c:\windows\system32\lsass.exe
09:13:45.0828 0x084c ntlmssp - ok
09:13:45.0890 0x084c [ 156f64a3345bd23c600655fb4d10bc08, 9611be411586e068d9297d77102db3be48aa67f1bad6f61a84f83fc3043fa9cd ] ntmssvc c:\windows\system32\ntmssvc.dll
09:13:45.0984 0x084c ntmssvc - ok
09:13:46.0000 0x084c [ 73c1e1f395918bc2c6dd67af7591a3ad, b21133a75253ec15e2dff66d3b480ab1a7e1a2360476c810e7aa55d0f0eb08d4 ] null c:\windows\system32\drivers\null.sys
09:13:46.0062 0x084c null - ok
09:13:46.0078 0x084c [ b305f3fad35083837ef46a0bbce2fc57, 9d0e0e666d652d0fc9eab97280a5d67aaf61d6b21929df7cf8ed72a367720464 ] nwlnkflt c:\windows\system32\drivers\nwlnkflt.sys
09:13:46.0140 0x084c nwlnkflt - ok
09:13:46.0156 0x084c [ c99b3415198d1aab7227f2c88fd664b9, dd8da4b5e804f134ab9233859544c025062902dfc3e8fb8a09a67337a4e73f55 ] nwlnkfwd c:\windows\system32\drivers\nwlnkfwd.sys
09:13:46.0218 0x084c nwlnkfwd - ok
09:13:46.0297 0x084c [ 785f487a64950f3cb8e9f16253ba3b7b, 02445344bd214370a6d48b1ca04921d8efcb13e676b5648266dd0e076c0822b6 ] odserv c:\program files\common files\microsoft shared\office12\odserv.exe
09:13:46.0312 0x084c odserv - ok
09:13:46.0359 0x084c [ 5a432a042dae460abe7199b758e8606c, 6e5d1f477d290905be27cebf9572bac6b05ffef2fad901d3c8e11f665f8b9a71 ] ose c:\program files\common files\microsoft shared\source engine\ose.exe
09:13:46.0375 0x084c ose - ok
09:13:46.0406 0x084c [ 5575faf8f97ce5e713d108c2a58d7c7c, 96d4595d19a78ccbe8b325a08780ac077ae5cc99642acd72fb47aeae8d344d3b ] parport c:\windows\system32\drivers\parport.sys
09:13:46.0468 0x084c parport - ok
09:13:46.0468 0x084c [ beb3ba25197665d82ec7065b724171c6, 7e71c13ba30cd95cee8a9cc85e6f48a01f30edeaadee69d80ae828bf97e5a5ca ] partmgr c:\windows\system32\drivers\partmgr.sys
09:13:46.0547 0x084c partmgr - ok
09:13:46.0562 0x084c [ 70e98b3fd8e963a6a46a2e6247e0bea1, 6771313ec41b3b5bfd398f60706e40be71617046880cc352dd110b001afc22a1 ] parvdm c:\windows\system32\drivers\parvdm.sys
09:13:46.0640 0x084c parvdm - ok
09:13:46.0640 0x084c [ a219903ccf74233761d92bef471a07b1, d4e6c360a1d2fca4d17c991b834d68bf20f5111dd06b1fab8b22984804cec269 ] pci c:\windows\system32\drivers\pci.sys
09:13:46.0718 0x084c pci - ok
09:13:46.0718 0x084c pcidump - ok
09:13:46.0734 0x084c [ ccf5f451bb1a5a2a522a76e670000ff0, d63f7e5a39653ec9cce94b7d84b2d3ebd4f54533bd65701020198724042c9257 ] pciide c:\windows\system32\drivers\pciide.sys
09:13:46.0797 0x084c pciide - ok
09:13:46.0843 0x084c [ 9e89ef60e9ee05e3f2eef2da7397f1c1, 0ba3db21dc7c641c181e2635b5c9b73965fdcdcd3ebbbe48fcfec1c8c987f617 ] pcmcia c:\windows\system32\drivers\pcmcia.sys
09:13:46.0906 0x084c pcmcia - ok
09:13:46.0906 0x084c pdcomp - ok
09:13:46.0906 0x084c pdframe - ok
09:13:46.0922 0x084c pdreli - ok
09:13:46.0922 0x084c pdrframe - ok
09:13:46.0922 0x084c perc2 - ok
09:13:46.0937 0x084c perc2hib - ok
09:13:46.0968 0x084c [ 65df52f5b8b6e9bbd183505225c37315, 59c606977db40a3443dff0be2a4c761824881b22c9fdb3d23f6486db580e92a4 ] plugplay c:\windows\system32\services.exe
09:13:46.0984 0x084c plugplay - ok
09:13:47.0015 0x084c [ bf2466b3e18e970d8a976fb95fc1ca85, f7794b5d12dc5d820a162850f4388e2aa80426ad07cb221799cf941c682ab501 ] policyagent c:\windows\system32\lsass.exe
09:13:47.0078 0x084c policyagent - ok
09:13:47.0093 0x084c [ efeec01b1d3cf84f16ddd24d9d9d8f99, c5f0c8c66a3af7e7bb04cede4ac5306f8387ab384a2107dc5be413aae968eff1 ] pptpminiport c:\windows\system32\drivers\raspptp.sys
09:13:47.0172 0x084c pptpminiport - ok
09:13:47.0172 0x084c [ bf2466b3e18e970d8a976fb95fc1ca85, f7794b5d12dc5d820a162850f4388e2aa80426ad07cb221799cf941c682ab501 ] protectedstorage c:\windows\system32\lsass.exe
09:13:47.0234 0x084c protectedstorage - ok
09:13:47.0250 0x084c [ 09298ec810b07e5d582cb3a3f9255424, 35473a1be25ac289474090eb0806ac6b3035dc33d1f3df97a14bf1e361ac6ac3 ] psched c:\windows\system32\drivers\psched.sys
09:13:47.0312 0x084c psched - ok
09:13:47.0328 0x084c [ 80d317bd1c3dbc5d4fe7b1678c60cadd, da76804b55d0cab3ddd01efc06673764ae4860693375c658b6063fb14af7f12c ] ptilink c:\windows\system32\drivers\ptilink.sys
09:13:47.0406 0x084c ptilink - ok
09:13:47.0422 0x084c [ 1962166e0ceb740704f30fa55ad3d509, 22c21907d7fdca2cbbe1ec0479d83ddd4c4fcbc07c8791a2f62414ec5e85e488 ] pxhelp20 c:\windows\system32\drivers\pxhelp20.sys
09:13:47.0422 0x084c pxhelp20 - detected unsignedfile.multi.generic ( 1 )
09:13:47.0422 0x084c detect skipped due to ksn trusted
09:13:47.0422 0x084c pxhelp20 - ok
09:13:47.0422 0x084c ql1080 - ok
09:13:47.0422 0x084c ql10wnt - ok
09:13:47.0437 0x084c ql12160 - ok
09:13:47.0437 0x084c ql1240 - ok
09:13:47.0453 0x084c ql1280 - ok
09:13:47.0468 0x084c [ fe0d99d6f31e4fad8159f690d68ded9c, 998685622abe631984b7e4dbf91ab3594b1f574378d75eb9f6265f4650470692 ] rasacd c:\windows\system32\drivers\rasacd.sys
09:13:47.0531 0x084c rasacd - ok
09:13:47.0547 0x084c [ ad188be7bdf94e8df4ca0a55c00a5073, c7d76cb579faebccc2873499441bacdd6bd6668acf5ed7f31862656e96e2b20c ] rasauto c:\windows\system32\rasauto.dll
09:13:47.0625 0x084c rasauto - ok
09:13:47.0640 0x084c [ 11b4a627bc9614b885c4969bfa5ff8a6, eae0a412a2b0f68919c32a96b3a08cc1a06585e4998819f5c9051745f63ff5ad ] rasl2tp c:\windows\system32\drivers\rasl2tp.sys
09:13:47.0718 0x084c rasl2tp - ok
09:13:47.0765 0x084c [ 76a9a3cbeadd68cc57cda5e1d7448235, 4afd048c5d2306ab8de46f3aa60ac0213333dda3b09a9e91f7585db6eb978ec8 ] rasman c:\windows\system32\rasmans.dll
09:13:47.0843 0x084c rasman - ok
09:13:47.0843 0x084c [ 5bc962f2654137c9909c3d4603587dee, a5ce5653d0105240f5e86cfaab89e7917d42d939e2f27a5a7d6979289ca651b8 ] raspppoe c:\windows\system32\drivers\raspppoe.sys
09:13:47.0906 0x084c raspppoe - ok
09:13:47.0922 0x084c [ fdbb1d60066fcfbb7452fd8f9829b242, 10a2dacf944bd000032eba8c095cb3d879cc55b28c377adf6e52e508e47444db ] raspti c:\windows\system32\drivers\raspti.sys
09:13:47.0984 0x084c raspti - ok
09:13:48.0000 0x084c [ 7ad224ad1a1437fe28d89cf22b17780a, 6645235ca27d671954e3557fa37082881c3d7d47492c71264cd8cb8d108ec801 ] rdbss c:\windows\system32\drivers\rdbss.sys
09:13:48.0062 0x084c rdbss - ok
09:13:48.0078 0x084c [ 4912d5b403614ce99c28420f75353332, 975341ecd660209987b5e5171b8315e032439e408cbe8a5986e67af767f373bb ] rdpcdd c:\windows\system32\drivers\rdpcdd.sys
09:13:48.0125 0x084c rdpcdd - ok
09:13:48.0140 0x084c [ 15cabd0f7c00c47c70124907916af3f1, 66b5c978b7fb6359ad8bac9f568fe9d469e358feab07b1f129ba9e85f1df723e ] rdpdr c:\windows\system32\drivers\rdpdr.sys
09:13:48.0218 0x084c rdpdr - ok
09:13:48.0250 0x084c [ 43af5212bd8fb5ba6eed9754358bd8f7, af330f61ceca4afa359ceabc5eb3227e6b56a9a2dce50701381d665122d7356d ] rdpwd c:\windows\system32\drivers\rdpwd.sys
09:13:48.0265 0x084c rdpwd - ok
09:13:48.0297 0x084c [ 3c37bf86641bda977c3bf8a840f3b7fa, ab9a6e54dba3f4561cd4837372becce0d73943d02e3288f944333039375ac08c ] rdsessmgr c:\windows\system32\sessmgr.exe
09:13:48.0359 0x084c rdsessmgr - ok
09:13:48.0406 0x084c [ 96efec24346a8eb1157e80523079addc, 7f8fc284029856c754e400b6c954369ffe27763c81d8f4af4e58bfdd44cbc24a ] realnetworks downloader resolver service c:\program files\realnetworks\realdownloader\rndlresolversvc.exe
09:13:48.0422 0x084c realnetworks downloader resolver service - ok
09:13:48.0453 0x084c [ f828dd7e1419b6653894a8f97a0094c5, e6150e1f598ba4cfedb8ff075bc0d576518c331b864388f1cae8812eff106ecf ] redbook c:\windows\system32\drivers\redbook.sys
09:13:48.0515 0x084c redbook - ok
09:13:48.0547 0x084c [ 7e699ff5f59b5d9de5390e3c34c67cf5, 3fcf0442d80ab181fed4303e570378736aa1f8718c0b8b70f689a1e45200ffe4 ] remoteaccess c:\windows\system32\mprdim.dll
09:13:48.0625 0x084c remoteaccess - ok
09:13:48.0656 0x084c [ 5b19b557b0c188210a56a6b699d90b8f, 0fa880b81ae615206fd1738b83428aaa491d54b24168339de6e87fde8c6c14b0 ] remoteregistry c:\windows\system32\regsvc.dll
09:13:48.0750 0x084c remoteregistry - ok
09:13:48.0828 0x084c [ 8cfca7e2fd4b57c2bef929c1c1a4c56e, b56d18c70658ae2842ad684fb378cc7805612050a4ed222103f54a38fb22bba6 ] richvideo c:\program files\cyberlink\shared files\richvideo.exe
09:13:48.0843 0x084c richvideo - ok
09:13:48.0843 0x084c [ aaed593f84afa419bbae8572af87cf6a, cc0ffc5a69394c8830dc66320da01a820bbf41ad7e57d0fc343561dc5ef9a360 ] rpclocator c:\windows\system32\locator.exe
09:13:48.0906 0x084c rpclocator - ok
09:13:48.0953 0x084c [ 6b27a5c03dfb94b4245739065431322c, 6aeac16ab4e0dfd25123aaf4d4181fee1b919b7b2793117006ce8cf30e826cfd ] rpcss c:\windows\system32\rpcss.dll
09:13:48.0968 0x084c rpcss - ok
09:13:48.0984 0x084c [ 471b3f9741d762abe75e9deea4787e47, d9ade42965ec22aeb4b2ad21d429c3c8232a60aa9853defda7aed86a13fe8623 ] rsvp c:\windows\system32\rsvp.exe
09:13:49.0047 0x084c rsvp - ok
09:13:49.0078 0x084c [ 79b4fe884c18dd82d5449f6b6026d092, 434d2d39d20279b566b7c7e5367034df981b2c8f5f16b0bf94360ce7b6ba0adc ] rtle8023xp c:\windows\system32\drivers\rtenicxp.sys
09:13:49.0125 0x084c rtle8023xp - ok
09:13:49.0140 0x084c [ bf2466b3e18e970d8a976fb95fc1ca85, f7794b5d12dc5d820a162850f4388e2aa80426ad07cb221799cf941c682ab501 ] samss c:\windows\system32\lsass.exe
09:13:49.0203 0x084c samss - ok
09:13:49.0203 0x084c [ 86d007e7a654b9a71d1d7d856b104353, 7b1de53d637a5fc9619d5d07c48927afec89d959207f6f2e2f45dd054eea04c7 ] scardsvr c:\windows\system32\scardsvr.exe
09:13:49.0297 0x084c scardsvr - ok
09:13:49.0312 0x084c [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa, 0b582f47bd70732bac48b8b86e5d06ce7f299a20e8177f3f2e6f28217c3fb605 ] schedule c:\windows\system32\schedsvc.dll
09:13:49.0390 0x084c schedule - ok
09:13:49.0562 0x084c [ 98ef79cc2b07398ac525f9ea1ae0366f, d0d5d69696ed339f363024af3271867f4c55572c67fd0f2aa27d24b37982e39a ] sdscannerservice c:\program files\spybot - search & destroy 2\sdfssvc.exe
09:13:49.0687 0x084c sdscannerservice - ok
09:13:49.0734 0x084c [ 14bf6b3ab327d519ed007cddc56f6900, 4e5dc4af45347c885e0e87f205ee1f95bb4713a0b581cd7317fbeee2a9628982 ] sdupdateservice c:\program files\spybot - search & destroy 2\sdupdsvc.exe
09:13:49.0781 0x084c sdupdateservice - ok
09:13:49.0797 0x084c [ 820ebe67ab99f033fde25b2692157991, a9e86fe6efd3cfd4ea1a26121c706335a6791cc6f81ee98ae2be7ea566ecfebb ] sdwscservice c:\program files\spybot - search & destroy 2\sdwscsvc.exe
09:13:49.0812 0x084c sdwscservice - ok
09:13:49.0859 0x084c [ 90a3935d05b494a5a39d37e71f09a677, f72733a69bc6e1a2bb91d7632ff3463c12563f60fdcc00a2cdd67ff20d479952 ] secdrv c:\windows\system32\drivers\secdrv.sys
09:13:49.0890 0x084c secdrv - ok
09:13:49.0906 0x084c [ cbe612e2bb6a10e3563336191eda1250, c331797dc3569f0e715766561de2562f60b924378842246c35d2b1cf867e9d96 ] seclogon c:\windows\system32\seclogon.dll
09:13:49.0968 0x084c seclogon - ok
09:13:50.0000 0x084c [ 7fdd5d0684eca8c1f68b4d99d124dcd0, 7105b026f966a992430f86c3698abe15ec73e4772f1a3e362e29fd5247a5dca6 ] sens c:\windows\system32\sens.dll
09:13:50.0078 0x084c sens - ok
09:13:50.0093 0x084c [ 0f29512ccd6bead730039fb4bd2c85ce, 4f98ae390d1b14a755700dd6cefb9cf921f0404af2145d2d7e5f52394f87c6a5 ] serenum c:\windows\system32\drivers\serenum.sys
09:13:50.0156 0x084c serenum - ok
09:13:50.0172 0x084c [ cca207a8896d4c6a0c9ce29a4ae411a7, 5999b39242283cd803319aadca171cccc6e2a40fb2fafa51b1d29f3ff2dd8d6c ] serial c:\windows\system32\drivers\serial.sys
09:13:50.0250 0x084c serial - ok
09:13:50.0265 0x084c [ 8e6b8c671615d126fdc553d1e2de5562, ceec0067514555d5ca489f50e3d7562fca8db8e952c3c878604c9277fc77959f ] sfloppy c:\windows\system32\drivers\sfloppy.sys
09:13:50.0328 0x084c sfloppy - ok
09:13:50.0375 0x084c [ 83f41d0d89645d7235c051ab1d9523ac, b681f33eeaa511d6a2dcb9fbaa407b739184c9ff6067c6b7e51f1fc37e9d4dd7 ] sharedaccess c:\windows\system32\ipnathlp.dll
09:13:50.0453 0x084c sharedaccess - ok
09:13:50.0468 0x084c [ 99bc0b50f511924348be19c7c7313bbf, a1006c687bd352f700b140dc741515a0cdd9e1352c0fbd1ee410d404e344444b ] shellhwdetection c:\windows\system32\shsvcs.dll
09:13:50.0484 0x084c shellhwdetection - ok
09:13:50.0484 0x084c simbad - ok
09:13:50.0672 0x084c [ 9f712b26ee3b0242de997a42fd302e2c, 12663eb108f158282a965ee70980627c2f2332ba7944d7de03b78e18beb87d26 ] skype c2c service c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe
09:13:50.0781 0x084c skype c2c service - ok
09:13:50.0859 0x084c [ 50d9949020e02b847cd48f1243fcb895, 5bdad5e44de5b412645142810c5fce4b2d9685f928ff4a6b836a9dce7725bd78 ] skypeupdate c:\program files\skype\updater\updater.exe
09:13:50.0875 0x084c skypeupdate - ok
09:13:50.0890 0x084c sparrow - ok
09:13:50.0922 0x084c [ ab8b92451ecb048a4d1de7c3ffcb4a9f, dd17733cbb370fca08f0296704d7cbeaca3c8f76d0abe4761c3b1ffdf7481d9e ] splitter c:\windows\system32\drivers\splitter.sys
09:13:51.0000 0x084c splitter - ok
09:13:51.0031 0x084c [ 60784f891563fb1b767f70117fc2428f, e0b07f08e60ffbad36c2e58180f4b2a16dca47716044cbe0213df7b74d742f1f ] spooler c:\windows\system32\spoolsv.exe
09:13:51.0031 0x084c spooler - ok
09:13:51.0031 0x084c sptd - ok
09:13:51.0062 0x084c [ 76bb022c2fb6902fd5bdd4f78fc13a5d, 6031cb2344d7277fc703480eb43cf856a0f8f818ea98ff26a2ca532336cd2dfa ] sr c:\windows\system32\drivers\sr.sys
09:13:51.0109 0x084c sr - ok
09:13:51.0140 0x084c [ 3805df0ac4296a34ba4bf93b346cc378, b57a14f1b7b0997e619ddd62b73157aa2399a9852166fb58139cbb358a88f6f3 ] srservice c:\windows\system32\srsvc.dll
09:13:51.0187 0x084c srservice - ok
09:13:51.0218 0x084c [ 47ddfc2f003f7f9f0592c6874962a2e7, 17c643bd4eb09b5666fe41817dc785be04a6e491ce79e8e5a702cdbd98e1bdd7 ] srv c:\windows\system32\drivers\srv.sys
09:13:51.0265 0x084c srv - ok
09:13:51.0312 0x084c [ 0a5679b3714edab99e357057ee88fca6, 01e1a101fff48402c77e385a78fef27876e04533b60eb1c18558a737e57e5fa8 ] ssdpsrv c:\windows\system32\ssdpsrv.dll
09:13:51.0375 0x084c ssdpsrv - ok
09:13:51.0406 0x084c [ 8bad69cbac032d4bbacfce0306174c30, 2aa0da710fcbff38fe8da91ee02e7a4503269347e61f8d3246fca3384bba2305 ] stisvc c:\windows\system32\wiaservc.dll
09:13:51.0515 0x084c stisvc - ok
09:13:51.0547 0x084c [ 3941d127aef12e93addf6fe6ee027e0f, ea1f0e32e1c5e90fa4aac421debbe086512340758d3217a6334e886bce638b51 ] swenum c:\windows\system32\drivers\swenum.sys
09:13:51.0625 0x084c swenum - ok
09:13:51.0703 0x084c [ f577910a133a592234ebaad3f3afa258, 36f514740ee2d2b2f7abfffa13d575233ec4ce774eb58bf889c09930fef1f443 ] switchboard c:\program files\common files\adobe\switchboard\switchboard.exe
09:13:51.0718 0x084c switchboard - detected unsignedfile.multi.generic ( 1 )
09:13:51.0718 0x084c detect skipped due to ksn trusted
09:13:51.0718 0x084c switchboard - ok
09:13:51.0734 0x084c [ 8ce882bcc6cf8a62f2b2323d95cb3d01, b408550a581f3da222355964afa4e976ad8471f0aa37573c42c4948ae5a23a3b ] swmidi c:\windows\system32\drivers\swmidi.sys
09:13:51.0797 0x084c swmidi - ok
09:13:51.0812 0x084c swprv - ok
09:13:51.0812 0x084c symc810 - ok
09:13:51.0828 0x084c symc8xx - ok
09:13:51.0828 0x084c sym_hi - ok
09:13:51.0828 0x084c sym_u3 - ok
09:13:51.0859 0x084c [ 8b83f3ed0f1688b4958f77cd6d2bf290, 546d3602183702b4f53e84413cfa2c933d64c8540378e54a8dcd148f3f36a2da ] sysaudio c:\windows\system32\drivers\sysaudio.sys
09:13:51.0922 0x084c sysaudio - ok
09:13:51.0953 0x084c [ c7abbc59b43274b1109df6b24d617051, 4384ca0aa6ce9b603cf7db775a3c721e46715d5b120b94fb57deadaade18535b ] sysmonlog c:\windows\system32\smlogsvc.exe
09:13:52.0015 0x084c sysmonlog - ok
09:13:52.0062 0x084c [ 3cb78c17bb664637787c9a1c98f79c38, f35c31f6b7f366cb949d1044b357c76dec9170441c5e559802794f62b72fd255 ] tapisrv c:\windows\system32\tapisrv.dll
09:13:52.0140 0x084c tapisrv - ok
09:13:52.0187 0x084c [ 9aefa14bd6b182d61e3119fa5f436d3d, ea29e49434585409272e7901af89771fe9d6e911a7dc44ab3c7020cff8a44552 ] tcpip c:\windows\system32\drivers\tcpip.sys
09:13:52.0218 0x084c tcpip - ok
09:13:52.0250 0x084c [ 6471a66807f5e104e4885f5b67349397, f35cbffb8bb235cce30ef94a5273333900dd49fd506bf9d55d99a320b8a53a5a ] tdpipe c:\windows\system32\drivers\tdpipe.sys
09:13:52.0312 0x084c tdpipe - ok
09:13:52.0328 0x084c [ c56b6d0402371cf3700eb322ef3aaf61, 7743fa4c734bce38efb1ca69bc17364d8421e2cd172f856f7e38e7ae1ee93f2f ] tdtcp c:\windows\system32\drivers\tdtcp.sys
09:13:52.0406 0x084c tdtcp - ok
09:13:52.0422 0x084c [ 88155247177638048422893737429d9e, b6d4e8691917946332c2208d01f8c8281978c1ad1e9951c5d99df0d49ac34b3b ] termdd c:\windows\system32\drivers\termdd.sys
09:13:52.0484 0x084c termdd - ok
09:13:52.0531 0x084c [ ff3477c03be7201c294c35f684b3479f, d6246521539ba4acd022d26983182f5e323d2ef1ea7c54265a248c43a1ce5202 ] termservice c:\windows\system32\termsrv.dll
09:13:52.0593 0x084c termservice - ok
09:13:52.0609 0x084c [ 99bc0b50f511924348be19c7c7313bbf, a1006c687bd352f700b140dc741515a0cdd9e1352c0fbd1ee410d404e344444b ] themes c:\windows\system32\shsvcs.dll
09:13:52.0625 0x084c themes - ok
09:13:52.0656 0x084c [ db7205804759ff62c34e3efd8a4cc76a, 13a4248f528ce98aca66898e56822e4fc49b11f491ff1f61a687ba601bf0a802 ] tlntsvr c:\windows\system32\tlntsvr.exe
09:13:52.0703 0x084c tlntsvr - ok
09:13:52.0703 0x084c toside - ok
09:13:52.0734 0x084c [ 55bca12f7f523d35ca3cb833c725f54e, 849fb1ae31b143b14b298bbc0d91230693d41deb95f46516878f53a7f4186c38 ] trkwks c:\windows\system32\trkwks.dll
09:13:52.0812 0x084c trkwks - ok
09:13:52.0859 0x084c [ 5787b80c2e3c5e2f56c2a233d91fa2c9, 3774905cf77954dfcecda5bcc7cde3d0ed72712bfaad85adae5246306447e46c ] udfs c:\windows\system32\drivers\udfs.sys
09:13:52.0922 0x084c udfs - ok
09:13:52.0922 0x084c ultra - ok
09:13:52.0953 0x084c [ c81b8635dee0d3ef5f64b3dd643023a5, 6d7438a5fb7168352099f726bd0980ad398a7cfe929b8d2bd362b238c1540d85 ] umwdf c:\windows\system32\wdfmgr.exe
09:13:52.0984 0x084c umwdf - ok
09:13:53.0015 0x084c [ 402ddc88356b1bac0ee3dd1580c76a31, 32a686595710336a6bfd54c03f552ae39439611662f84ef5d24193ae5665c6f3 ] update c:\windows\system32\drivers\update.sys
09:13:53.0109 0x084c update - ok
09:13:53.0140 0x084c [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91, 7746916db48e3f5b243b63c066596ad9037a494bf1ad935946dd04ac85d983df ] upnphost c:\windows\system32\upnphost.dll
09:13:53.0203 0x084c upnphost - ok
09:13:53.0218 0x084c [ 05365fb38fca1e98f7a566aaaf5d1815, 16843048ceec3daa3b953a12ff1ee339e86783a08f2a56da7f94ad9f9717d77d ] ups c:\windows\system32\ups.exe
09:13:53.0297 0x084c ups - ok
09:13:53.0343 0x084c [ 1df89c499bf45d878b87ebd4421d462d, 37fe229c128da2c3380944edfa8e6117cb4b36d99eefb2aeb1dd4e0890b49a17 ] usbaapl c:\windows\system32\drivers\usbaapl.sys
09:13:53.0343 0x084c usbaapl - ok
09:13:53.0375 0x084c [ 1b611611c28d2df25bc057d79c6f13fc, b0d86f63e44b40413bbae6402cc088046cfae082d41bbc2ed5a916293356b846 ] usbccgp c:\windows\system32\drivers\usbccgp.sys
09:13:53.0390 0x084c usbccgp - ok
09:13:53.0406 0x084c [ 4bac8df07f1d8434fc640e677a62204e, 76c1351af6752224bf59deee0f8665fe699f3dfd679f5bcd01c7d9383e6402a4 ] usbehci c:\windows\system32\drivers\usbehci.sys
09:13:53.0422 0x084c usbehci - ok
09:13:53.0453 0x084c [ 1ab3cdde553b6e064d2e754efe20285c, a99c4528c4227b1e96847614745aafacd3c5f1bdfe435214dbf78740ffb300fe ] usbhub c:\windows\system32\drivers\usbhub.sys
09:13:53.0531 0x084c usbhub - ok
09:13:53.0547 0x084c [ a717c8721046828520c9edf31288fc00, 1530bbe832edbb0974ad89d723a03ff7a0094b368992d73c2c3e62a181df1e0a ] usbprint c:\windows\system32\drivers\usbprint.sys
09:13:53.0625 0x084c usbprint - ok
09:13:53.0640 0x084c [ f8ede2b6928970dce3d5614c27d9e7f6, 6e5ebbc8b70c1d593634daf0c190deadfda18c3cbc8f552a76f156f3869ef05b ] usbscan c:\windows\system32\drivers\usbscan.sys
09:13:53.0656 0x084c usbscan - ok
09:13:53.0687 0x084c [ 84c44d720655a8aa475e57a9e764d675, 2d450199338a217fbd951317812a74223e8b477974c7634667e8896316c3fea0 ] usbser c:\windows\system32\drivers\usbser.sys
09:13:53.0703 0x084c usbser - ok
09:13:53.0718 0x084c [ e748d50b3b2ec7f40a2ba67fb094cf01, 35f1f255aa40c11a1379553dda09470ca39dde39569cf0db800aaf2448a7fde1 ] usbserfilt c:\windows\system32\drivers\usbser_lowerfltj.sys
09:13:53.0734 0x084c usbserfilt - ok
09:13:53.0765 0x084c [ a32426d9b14a089eaa1d922e0c5801a9, ed1dc52ee45f8ead3aec4b1f817bb25634141cf48295494c5947dce6cf7a9817 ] usbstor c:\windows\system32\drivers\usbstor.sys
09:13:53.0828 0x084c usbstor - ok
09:13:53.0859 0x084c [ 26496f9dee2d787fc3e61ad54821ffe6, 8be7ff647470b9a951cbb478faf83d657a15cc78037f42348a6b738f21d523da ] usbuhci c:\windows\system32\drivers\usbuhci.sys
09:13:53.0937 0x084c usbuhci - ok
09:13:53.0984 0x084c [ b4d7b7ad8a9f7c063c5cc3e2c1a0724e, cfa47a71403419ca7c94333b4f7766dfc97c5dcdbc3ad1b106044b93c979a5c5 ] usb_rndisx c:\windows\system32\drivers\usb8023x.sys
09:13:54.0000 0x084c usb_rndisx - ok
09:13:54.0015 0x084c [ 0d3a8fafceacd8b7625cd549757a7df1, b9cfdefcd66aa139f3dc2f967b184669532922563ad5a71769babdc4370d065e ] vgasave c:\windows\system32\drivers\vga.sys
09:13:54.0078 0x084c vgasave - ok
09:13:54.0078 0x084c viaide - ok
09:13:54.0093 0x084c [ 4c8fcb5cc53aab716d810740fe59d025, 010eac43dbed700b73e4fc908faaf9f6a0168ebbd5d86751e49bc33aaa18bfa4 ] volsnap c:\windows\system32\drivers\volsnap.sys
09:13:54.0172 0x084c volsnap - ok
09:13:54.0203 0x084c [ 7a9db3a67c333bf0bd42e42b8596854b, d31a9a3b1aaab373edd73b674102395212fcb616f829e938b7b2b7be7d4752c5 ] vss c:\windows\system32\vssvc.exe
09:13:54.0250 0x084c vss - ok
09:13:54.0265 0x084c [ 54af4b1d5459500ef0937f6d33b1914f, fa1876888bcb9c72a92369dbed4ff1a8666784523fb41e618fa0919490fcddb9 ] w32time c:\windows\system32\w32time.dll
09:13:54.0343 0x084c w32time - ok
09:13:54.0359 0x084c [ 2c405b2d6cfd8289be10198b8dee94ec, 69683519ebda32f06c30dffc6779ad75cf31132cbc8d74ab649c6c4b4bed5b02 ] wachidrouter c:\windows\system32\drivers\wachidrouter.sys
09:13:54.0375 0x084c wachidrouter - ok
09:13:54.0390 0x084c [ e4224671e773ccf3d5d386992b31a460, 310313701564d0d9220e0d3af98180d852727b0a7fab135419c8b5933cf13332 ] wacomrouterfilter c:\windows\system32\drivers\wacomrouterfilter.sys
09:13:54.0406 0x084c wacomrouterfilter - ok
09:13:54.0422 0x084c [ e20b95baedb550f32dd489265c1da1f6, 5589b2067e6c9fba290d8c5eaddc198ebaf39c50c3cd7d2bc5cda7cbfbc445e5 ] wanarp c:\windows\system32\drivers\wanarp.sys
09:13:54.0500 0x084c wanarp - ok
09:13:54.0531 0x084c [ d918617b46457b9ac28027722e30f647, 407284d3055dc11944d4ee7e4357e7cf9caf8ca40ca50633ab6fd4a82cb7eea6 ] wdf01000 c:\windows\system32\drivers\wdf01000.sys
09:13:54.0547 0x084c wdf01000 - ok
09:13:54.0547 0x084c wdica - ok
09:13:54.0578 0x084c [ 6768acf64b18196494413695f0c3a00f, 3a8f8586f1d997d19a8478345338d2aecd785aeabdb61531dd3f92003d3230a5 ] wdmaud c:\windows\system32\drivers\wdmaud.sys
09:13:54.0656 0x084c wdmaud - ok
09:13:54.0672 0x084c [ 77a354e28153ad2d5e120a5a8687bc06, 8b2d37a4443501c0a8e70bc2079be27f0a36fd07b561e6f68b40a72eabbc2dfe ] webclient c:\windows\system32\webclnt.dll
09:13:54.0750 0x084c webclient - ok
09:13:54.0812 0x084c [ 2d0e4ed081963804ccc196a0929275b5, e1d75c7d7233d81dfde13160b0c80138df8b35230d04fb79b367a52facf69bf8 ] winmgmt c:\windows\system32\wbem\wmisvc.dll
09:13:54.0875 0x084c winmgmt - ok
09:13:54.0906 0x084c [ a477391b7a8b0a0daabadb17cf533a4b, 9b1929b5bbf2738ba3d402809fcb8daa09ef4727f860567895d5e73ebe43e627 ] wmdmpmsn c:\windows\system32\mspmsnsv.dll
09:13:54.0922 0x084c wmdmpmsn - ok
09:13:54.0953 0x084c [ e76f8807070ed04e7408a86d6d3a6137, bfcf5361b7335760a7ae4b6958de516a27ac60aa09135a46f0b49f588fafe3a0 ] wmi c:\windows\system32\advapi32.dll
09:13:54.0984 0x084c wmi - ok
09:13:55.0015 0x084c [ e0673f1106e62a68d2257e376079f821, 12992f18c9653050b10dc61d12988067933fcfdf02123d3a7ef5de607a785ddc ] wmiapsrv c:\windows\system32\wbem\wmiapsrv.exe
09:13:55.0093 0x084c wmiapsrv - ok
09:13:55.0125 0x084c [ c1b3d9d75c3fb735f5fa3a5806aded57, e81d46549c4ab73cb1285a849046655cc5f680eb7ace7a13a9e4b55b864c33bd ] wpdusb c:\windows\system32\drivers\wpdusb.sys
09:13:55.0140 0x084c wpdusb - ok
09:13:55.0156 0x084c [ 6abe6e225adb5a751622a9cc3bc19ce8, 4061c5d0f051dff1730e2a3bfc1cca97b29602fc50f10f6b44d93b0d28f42024 ] ws2ifsl c:\windows\system32\drivers\ws2ifsl.sys
09:13:55.0234 0x084c ws2ifsl - ok
09:13:55.0250 0x084c [ 7c278e6408d1dce642230c0585a854d5, da46079a04f6e8e3441e4ae454aeac02b3e935de29ce7f6d4476f57867fcc12a ] wscsvc c:\windows\system32\wscsvc.dll
09:13:55.0328 0x084c wscsvc - ok
09:13:55.0390 0x084c [ 0da0ab21b1990ceb4c5fe1242486cf5c, 84d37921c57305ac847d93641ba0674bc5894dc1b945aec95cc18c7158792a32 ] wtabletservicepro c:\program files\tablet\wacom\wtabletservicepro.exe
09:13:55.0406 0x084c wtabletservicepro - ok
09:13:55.0437 0x084c [ 35321fb577cdc98ce3eb3a3eb9e4610a, c9a6f5cf282d8fcb3cdfcc4b306013480e78e1b664e1a60a4e27b161f9ffd4cd ] wuauserv c:\windows\system32\wuauserv.dll
09:13:55.0515 0x084c wuauserv - ok
09:13:55.0562 0x084c [ 81dc3f549f44b1c1fff022dec9ecf30b, 3d14bfea539f9ceb16555bd56c5e3c7c8f6692fc62c2789f8aaea1c042e63940 ] wzcsvc c:\windows\system32\wzcsvc.dll
09:13:55.0656 0x084c wzcsvc - ok
09:13:55.0687 0x084c [ 295d21f14c335b53cb8154e5b1f892b9, 9418477c2e3ea93e93d931a4edd4500da568fad6040204b5201d1080203b0bbc ] xmlprov c:\windows\system32\xmlprov.dll
09:13:55.0750 0x084c xmlprov - ok
09:13:55.0797 0x084c [ dd0042f0c3b606a6a8b92d49afb18ad6, 8d3be4c93d02af5f42ec46af598d6da40c61d467cb2fee5e222f9c1e7a84b852 ] yahooauservice c:\program files\yahoo!\softwareupdate\yahooauservice.exe
09:13:55.0812 0x084c yahooauservice - ok
09:13:55.0828 0x084c ================ scan global ===============================
09:13:55.0843 0x084c [ 42f1f4c0afb08410e5f02d4b13ebb623, 924c30587c51c0d1e1f47991969af492a644552e15f2480ea991dcb74a3e68d5 ] c:\windows\system32\basesrv.dll
09:13:55.0875 0x084c [ 69ae2b2e6968c316536e5b10b9702e63, d9c5da7a20dde69d91e72400c3f06f3cb099def42ea6c53fce076258a0c22391 ] c:\windows\system32\winsrv.dll
09:13:55.0922 0x084c [ 69ae2b2e6968c316536e5b10b9702e63, d9c5da7a20dde69d91e72400c3f06f3cb099def42ea6c53fce076258a0c22391 ] c:\windows\system32\winsrv.dll
09:13:55.0968 0x084c [ 65df52f5b8b6e9bbd183505225c37315, 59c606977db40a3443dff0be2a4c761824881b22c9fdb3d23f6486db580e92a4 ] c:\windows\system32\services.exe
09:13:55.0968 0x084c [ global ] - ok
09:13:55.0968 0x084c ================ scan mbr ==================================
09:13:55.0984 0x084c [ 8f558eb6672622401da993e1e865c861 ] \device\harddisk0\dr0
09:13:56.0218 0x084c \device\harddisk0\dr0 - ok
09:13:56.0218 0x084c ================ scan vbr ==================================
09:13:56.0234 0x084c [ d76cb178ca04cc588c0d08a4a5c68a4a ] \device\harddisk0\dr0\partition1
09:13:56.0250 0x084c \device\harddisk0\dr0\partition1 - ok
09:13:56.0265 0x084c [ 2f05094ca035e3a01da02133961cbba6 ] \device\harddisk0\dr0\partition2
09:13:56.0265 0x084c \device\harddisk0\dr0\partition2 - ok
09:13:56.0265 0x084c av detected via ss1: Avast! Antivirus, 5.0.150996957, enabled, updated
09:13:56.0281 0x084c win fw state via nfm: Enabled
09:13:58.0797 0x084c ============================================================
09:13:58.0797 0x084c scan finished
09:13:58.0797 0x084c ============================================================
09:13:58.0812 0x0adc detected object count: 1
09:13:58.0812 0x0adc actual detected object count: 1
09:28:28.0515 0x0adc csdriver ( unsignedfile.multi.generic ) - skipped by user
09:28:28.0515 0x0adc csdriver ( unsignedfile.multi.generic ) - user select action: Skip

Trancidonia
2014-03-17, 03:49
here's the log from FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by User (administrator) on CINDY on 17-03-2014 09:33:45
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe
(Microsoft Corporation) C:\WINDOWS\system32\calc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-09-29] (CyberLink Corp.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [144784 2008-03-25] (Sun Microsystems, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-24] (AVAST Software)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-1844237615-776561741-725345543-1003\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {32C67B6E-2A8F-4846-9D89-B00C3B0970C9} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {7660B246-140C-4DD7-AE53-2AEAEE58D163} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {309E27CA-1FDC-4AD2-A3AA-0FF47085E5A6} http://192.168.1.144/IEPlugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1394497364250
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} http://192.168.1.144/vcredist_x86.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B6DDFB53-6BC9-4B06-8CDE-B73327CE27D9}: [NameServer]208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default
FF NewTab: www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF Keyword.URL: https://www.google.com/search
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-17]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-17]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Documents and Settings\User\Local Settings\Application Data\Youdao\Dict\Application\stable\extensions\firefox
FF Extension: Youdao Word Capturer - C:\Documents and Settings\User\Local Settings\Application Data\Youdao\Dict\Application\stable\extensions\firefox [2012-04-19]

Chrome:
=======
CHR HomePage: hxxp://start.iplay.com/?o=shp
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX® Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (DivX® Content Upload Plugin) - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (AdBlock) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-07]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-07]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-02-22]
CHR Extension: (RealDownloader) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-01-03]
CHR Extension: (Auto Replay for YouTube™) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2014-02-11]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-01-22]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-03]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-07]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\User\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-03-14]

========================== Services (Whitelisted) =================

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-24] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [271760 2009-04-15] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S4 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [531224 2013-12-05] (Wacom Technology, Corp.)
S4 jcjymt; C:\WINDOWS\system32\lvuwppj.dll [X]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-24] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-07] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-24] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-24] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-07] ()
S3 CSDriver; C:\WINDOWS\system32\drivers\CSDriver.sys [40623 2002-05-24] (Beijing Chinese Star Cyber Technology Limited)
S3 hidkmdf; C:\WINDOWS\System32\DRIVERS\hidkmdf.sys [12088 2013-11-12] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S4 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [324096 2014-01-22] (Duplex Secure Ltd.)
S3 UsbserFilt; C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 WacHidRouter; C:\WINDOWS\System32\DRIVERS\wachidrouter.sys [76600 2013-11-12] (Wacom Technology)
S3 wacomrouterfilter; C:\WINDOWS\System32\DRIVERS\wacomrouterfilter.sys [13112 2013-11-12] (Wacom Technology)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-17 09:33 - 2014-03-17 09:33 - 00024919 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-03-17 09:33 - 2014-03-17 09:33 - 00000000 ____D () C:\Documents and Settings\User\Desktop\FRST-OlderVersion
2014-03-17 09:32 - 2014-03-17 09:33 - 01145856 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-03-17 09:31 - 2014-03-17 09:31 - 00123673 _____ () C:\Documents and Settings\User\Desktop\TDSS.TXT
2014-03-17 08:44 - 2014-03-17 08:34 - 04130656 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe
2014-03-17 08:23 - 2014-03-17 08:23 - 00010768 _____ () C:\Documents and Settings\User\Desktop\OCT PROFIT.xlsx
2014-03-14 16:14 - 2014-03-14 16:20 - 00016385 _____ () C:\Documents and Settings\User\Desktop\Container MENLITE KK.xlsx
2014-03-14 12:45 - 2014-03-14 12:45 - 00001779 _____ () C:\Documents and Settings\All Users\Desktop\Google Slides.lnk
2014-03-14 12:45 - 2014-03-14 12:45 - 00001777 _____ () C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
2014-03-14 12:45 - 2014-03-14 12:45 - 00001767 _____ () C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
2014-03-14 12:45 - 2014-03-14 12:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2014-03-14 12:15 - 2014-03-14 17:32 - 00015015 _____ () C:\Documents and Settings\User\Desktop\eurotrac container.xlsx
2014-03-14 12:13 - 2014-03-14 13:08 - 00018194 _____ () C:\Documents and Settings\User\Desktop\March Container list.xlsx
2014-03-14 11:37 - 2014-03-14 17:32 - 00014512 _____ () C:\Documents and Settings\User\Desktop\MSH ELECTRICAL KUCHING.xlsx
2014-03-13 17:31 - 2014-03-13 17:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2014-03-13 17:30 - 2014-03-13 17:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2014-03-13 17:24 - 2014-03-13 17:24 - 00006515 _____ () C:\WINDOWS\KB961118.log
2014-03-13 17:24 - 2014-03-13 17:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961118$
2014-03-13 16:58 - 2014-03-13 16:58 - 00013043 _____ () C:\Documents and Settings\User\Desktop\menlitekk1332014.xlsx
2014-03-13 11:54 - 2014-03-13 17:31 - 00014552 _____ () C:\WINDOWS\KB2345886.log
2014-03-13 11:49 - 2009-01-10 03:19 - 01089593 ____C () C:\WINDOWS\system32\dllcache\ntprint.cat
2014-03-12 17:47 - 2014-03-12 17:47 - 00000000 __SHD () C:\Documents and Settings\Default User\IETldCache
2014-03-12 17:19 - 2014-03-12 17:19 - 00008663 _____ () C:\WINDOWS\WgaNotify.log
2014-03-12 17:12 - 2014-03-12 17:12 - 00047839 _____ () C:\WINDOWS\KB951376-v2.log
2014-03-12 17:12 - 2014-03-12 17:12 - 00047383 _____ () C:\WINDOWS\KB2387149.log
2014-03-12 17:12 - 2014-03-12 17:12 - 00047298 _____ () C:\WINDOWS\KB946648.log
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952954$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2387149$
2014-03-12 17:11 - 2014-03-12 17:11 - 00047579 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00039909 _____ () C:\WINDOWS\KB2659262.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00039118 _____ () C:\WINDOWS\KB2564958.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00037061 _____ () C:\WINDOWS\KB2834886.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2758857$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2479943$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478971$
2014-03-12 17:10 - 2014-03-12 17:10 - 00040372 _____ () C:\WINDOWS\KB955759.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00039840 _____ () C:\WINDOWS\KB2536276-v2.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00038287 _____ () C:\WINDOWS\KB975558.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00037378 _____ () C:\WINDOWS\KB2296011.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00036734 _____ () C:\WINDOWS\KB2900986.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975558_WM8$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2585542$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2296011$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2115168$
2014-03-12 17:07 - 2014-03-12 17:08 - 00036746 _____ () C:\WINDOWS\KB2378111.log
2014-03-12 17:07 - 2014-03-12 17:07 - 00037450 _____ () C:\WINDOWS\KB2229593.log
2014-03-12 17:07 - 2014-03-12 17:07 - 00034098 _____ () C:\WINDOWS\KB2834902-v2.log
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974318$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969059$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961503$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951978$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834902-v2_WM10$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2655992$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2443105$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2378111_WM9$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2229593$
2014-03-12 17:06 - 2014-03-12 17:06 - 00035720 _____ () C:\WINDOWS\KB2686509.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00035638 _____ () C:\WINDOWS\KB2485663.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00033986 _____ () C:\WINDOWS\KB2862335.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00032558 _____ () C:\WINDOWS\KB954155.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982132$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978338$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975713$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954155_WM9$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950974$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2598479$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2485663$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2481109$
2014-03-12 17:05 - 2014-03-12 17:05 - 00037370 _____ () C:\WINDOWS\KB956572.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00032024 _____ () C:\WINDOWS\KB956844.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00030387 _____ () C:\WINDOWS\KB2904266.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00006814 _____ () C:\WINDOWS\system32\TZLog.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979687$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974112$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB972270$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956844$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956572$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2507938$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2483185$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2347290$
2014-03-12 17:04 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-03-12 17:04 - 2014-03-12 17:04 - 00031673 _____ () C:\WINDOWS\KB973869.log
2014-03-12 17:04 - 2014-03-12 17:04 - 00030789 _____ () C:\WINDOWS\KB2592799.log
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975025$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974571$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973869$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973507$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952004$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2719985$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2592799$
2014-03-12 17:03 - 2014-03-12 17:03 - 00031407 _____ () C:\WINDOWS\KB941569.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00030558 _____ () C:\WINDOWS\KB2535512.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00030068 _____ () C:\WINDOWS\KB950762.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00030008 _____ () C:\WINDOWS\KB2807986.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00029304 _____ () C:\WINDOWS\KB2570947.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977816$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB941569$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2570947$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$
2014-03-12 17:02 - 2014-03-12 17:02 - 00029747 _____ () C:\WINDOWS\KB973904.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00029244 _____ () C:\WINDOWS\KB952287.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00029204 _____ () C:\WINDOWS\KB2868038.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00028819 _____ () C:\WINDOWS\KB2603381.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00027615 _____ () C:\WINDOWS\KB2884256.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00025483 _____ () C:\WINDOWS\KB978695.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973904$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2884256$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2014-03-12 17:01 - 2014-03-12 17:01 - 00018599 _____ () C:\WINDOWS\KB952069.log
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974392$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973540_WM9$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971029$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952069_WM9$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2508429$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2506212$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2419632$
2014-03-12 16:58 - 2014-03-12 16:58 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft Help
2014-03-12 16:57 - 2014-03-12 16:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977914$
2014-03-12 16:56 - 2014-03-12 16:56 - 00021170 _____ () C:\WINDOWS\KB2698365.log
2014-03-12 16:56 - 2014-03-12 16:56 - 00019523 _____ () C:\WINDOWS\KB2723135-v2.log
2014-03-12 16:56 - 2014-03-12 16:56 - 00018901 _____ () C:\WINDOWS\KB981997.log
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981997$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979482$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979309$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978706$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978542$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973815$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960803$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2619339$
2014-03-12 16:55 - 2014-03-12 17:11 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-12 16:55 - 2014-03-12 16:55 - 00017169 _____ () C:\WINDOWS\KB2510531-IE8.log
2014-03-12 16:55 - 2014-03-12 16:55 - 00014801 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-03-12 16:55 - 2014-03-12 16:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-03-12 16:55 - 2014-03-12 16:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-03-12 16:55 - 2014-03-12 16:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2014-03-12 16:55 - 2014-03-12 16:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2509553$
2014-03-12 16:54 - 2014-03-12 16:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982665$
2014-03-12 16:54 - 2014-03-12 16:54 - 00018283 _____ () C:\WINDOWS\KB2393802.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00016668 _____ () C:\WINDOWS\KB923561.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00014913 _____ () C:\WINDOWS\KB2566454.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00014706 _____ () C:\WINDOWS\KB2661637.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00012513 _____ () C:\WINDOWS\KB2914368.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00011891 _____ () C:\WINDOWS\KB2423089.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975467$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968389$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB923561$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2661637$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2566454$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478960$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2423089$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2393802$
2014-03-12 16:25 - 2014-03-13 17:07 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-03-12 16:25 - 2014-03-12 16:25 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-03-12 16:24 - 2008-07-06 20:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2014-03-12 16:24 - 2008-07-06 20:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2014-03-12 16:24 - 2008-07-06 20:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2014-03-12 16:24 - 2008-07-06 20:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2014-03-12 16:24 - 2008-07-06 20:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2014-03-12 16:24 - 2008-07-06 20:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2014-03-12 16:24 - 2008-07-06 18:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2014-03-12 13:45 - 2014-02-24 19:46 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-03-12 13:45 - 2014-02-24 19:45 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-03-12 13:45 - 2014-02-24 19:45 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-03-12 13:45 - 2014-02-24 19:45 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-03-12 13:42 - 2014-03-12 17:06 - 00043516 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 13:42 - 2014-03-12 17:05 - 00041056 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 09:29 - 2014-03-13 08:03 - 00000000 ____D () C:\WINDOWS\system32\CatRoot2_20143138332
2014-03-12 08:50 - 2014-03-12 08:50 - 00065566 _____ () C:\ComboFix.txt
2014-03-12 08:43 - 2014-03-12 08:50 - 00000000 ____D () C:\ComboFix
2014-03-11 13:59 - 2014-03-12 17:12 - 00058203 _____ () C:\WINDOWS\KB952954.log
2014-03-11 13:59 - 2014-03-12 17:12 - 00056638 _____ () C:\WINDOWS\KB2868626.log
2014-03-11 13:58 - 2014-03-12 17:12 - 00057476 _____ () C:\WINDOWS\KB959426.log
2014-03-11 13:58 - 2010-09-18 14:53 - 00953856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc40u.dll
2014-03-11 13:57 - 2014-03-12 17:11 - 00057628 _____ () C:\WINDOWS\KB2712808.log
2014-03-11 13:57 - 2014-03-12 17:11 - 00057220 _____ () C:\WINDOWS\KB960859.log
2014-03-11 13:57 - 2014-03-12 17:11 - 00052441 _____ () C:\WINDOWS\KB2479943.log
2014-03-11 13:56 - 2014-03-12 17:11 - 00050547 _____ () C:\WINDOWS\KB2478971.log
2014-03-11 13:56 - 2014-03-12 17:11 - 00049789 _____ () C:\WINDOWS\KB2758857.log
2014-03-11 13:56 - 2014-03-12 17:11 - 00048227 _____ () C:\WINDOWS\KB2916036.log
2014-03-11 13:56 - 2011-07-15 21:29 - 00456320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mrxsmb.sys
2014-03-11 13:55 - 2014-03-12 17:11 - 00049465 _____ () C:\WINDOWS\KB2544893-v2.log
2014-03-11 13:55 - 2014-03-12 17:10 - 00050461 _____ () C:\WINDOWS\KB2585542.log
2014-03-11 13:55 - 2014-03-12 17:10 - 00049351 _____ () C:\WINDOWS\KB2631813.log
2014-03-11 13:55 - 2010-08-24 00:12 - 00617472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\comctl32.dll
2014-03-11 13:55 - 2008-06-13 19:05 - 00272128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bthport.sys
2014-03-11 13:54 - 2014-03-12 17:10 - 00049828 _____ () C:\WINDOWS\KB2691442.log
2014-03-11 13:54 - 2014-03-12 17:10 - 00048852 _____ () C:\WINDOWS\KB2115168.log
2014-03-11 13:54 - 2014-03-12 17:10 - 00046560 _____ () C:\WINDOWS\KB2847311.log
2014-03-11 13:51 - 2009-11-21 23:51 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2014-03-11 13:50 - 2014-03-12 17:07 - 00048217 _____ () C:\WINDOWS\KB974318.log
2014-03-11 13:50 - 2014-03-12 17:07 - 00047760 _____ () C:\WINDOWS\KB951978.log
2014-03-11 13:50 - 2014-03-12 17:07 - 00047696 _____ () C:\WINDOWS\KB2655992.log
2014-03-11 13:50 - 2014-03-12 17:07 - 00046784 _____ () C:\WINDOWS\KB2443105.log
2014-03-11 13:50 - 2014-03-12 17:07 - 00046776 _____ () C:\WINDOWS\KB969059.log
2014-03-11 13:50 - 2014-03-12 17:05 - 00044755 _____ () C:\WINDOWS\KB2780091.log
2014-03-11 13:50 - 2014-03-12 17:05 - 00039699 _____ () C:\WINDOWS\KB2876217.log
2014-03-11 13:50 - 2014-03-12 17:05 - 00038541 _____ () C:\WINDOWS\KB2864063.log
2014-03-11 13:50 - 2014-03-12 17:03 - 00038093 _____ () C:\WINDOWS\KB2859537.log
2014-03-11 13:50 - 2014-03-12 17:03 - 00037198 _____ () C:\WINDOWS\KB2876331.log
2014-03-11 13:50 - 2013-07-17 08:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2014-03-11 13:50 - 2013-07-17 08:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2014-03-11 13:50 - 2013-07-17 08:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2014-03-11 13:50 - 2013-07-03 10:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2014-03-11 13:49 - 2014-03-12 17:07 - 00046934 _____ () C:\WINDOWS\KB2802968.log
2014-03-11 13:49 - 2014-03-12 17:07 - 00046394 _____ () C:\WINDOWS\KB961503.log
2014-03-11 13:49 - 2014-03-12 17:06 - 00043846 _____ () C:\WINDOWS\KB2898715.log
2014-03-11 13:49 - 2014-03-12 17:03 - 00037127 _____ () C:\WINDOWS\KB2850869.log
2014-03-11 13:49 - 2014-03-12 17:02 - 00038496 _____ () C:\WINDOWS\KB2820917.log
2014-03-11 13:49 - 2014-03-12 17:01 - 00037685 _____ () C:\WINDOWS\KB2757638.log
2014-03-11 13:49 - 2014-03-12 16:56 - 00026436 _____ () C:\WINDOWS\KB2892075.log
2014-03-11 13:49 - 2014-03-11 14:03 - 00008340 _____ () C:\WINDOWS\KB2845187.log
2014-03-11 13:49 - 2013-02-12 08:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys
2014-03-11 13:49 - 2010-06-14 22:31 - 00744448 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\helpsvc.exe
2014-03-11 13:48 - 2014-03-12 17:07 - 00045847 _____ () C:\WINDOWS\KB950974.log
2014-03-11 13:48 - 2014-03-12 17:06 - 00046545 _____ () C:\WINDOWS\KB2481109.log
2014-03-11 13:48 - 2014-03-12 17:04 - 00037773 _____ () C:\WINDOWS\KB2862152.log
2014-03-11 13:48 - 2014-03-12 17:02 - 00035520 _____ () C:\WINDOWS\KB2893294.log
2014-03-11 13:48 - 2014-03-12 17:01 - 00030875 _____ () C:\WINDOWS\KB2749655.log
2014-03-11 13:48 - 2014-03-11 14:03 - 00008693 _____ () C:\WINDOWS\KB2893984.log
2014-03-11 13:48 - 2010-08-27 16:02 - 00119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\t2embed.dll
2014-03-11 13:48 - 2009-10-16 00:28 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fontsub.dll
2014-03-11 13:48 - 2008-05-08 22:02 - 00203136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rmcast.sys


cont..

Trancidonia
2014-03-17, 03:50
cont..


2014-03-11 13:47 - 2014-03-12 17:06 - 00044499 _____ () C:\WINDOWS\KB975713.log
2014-03-11 13:47 - 2014-03-12 17:06 - 00044236 _____ () C:\WINDOWS\KB2598479.log
2014-03-11 13:47 - 2014-03-12 17:06 - 00043626 _____ () C:\WINDOWS\KB2507938.log
2014-03-11 13:47 - 2014-03-12 17:06 - 00042993 _____ () C:\WINDOWS\KB982132.log
2014-03-11 13:47 - 2014-03-12 17:05 - 00041366 _____ () C:\WINDOWS\KB979687.log
2014-03-11 13:47 - 2014-03-12 17:04 - 00040487 _____ () C:\WINDOWS\KB2719985.log
2014-03-11 13:47 - 2014-03-12 17:01 - 00031934 _____ () C:\WINDOWS\KB2508429.log
2014-03-11 13:47 - 2014-03-12 17:01 - 00029748 _____ () C:\WINDOWS\KB971029.log
2014-03-11 13:47 - 2009-06-22 05:44 - 00153088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\triedit.dll
2014-03-11 13:47 - 2008-05-01 22:33 - 00331776 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msadce.dll
2014-03-11 13:46 - 2014-03-12 17:06 - 00042803 _____ () C:\WINDOWS\KB971657.log
2014-03-11 13:46 - 2014-03-12 17:04 - 00040163 _____ () C:\WINDOWS\KB952004.log
2014-03-11 13:46 - 2014-03-12 17:04 - 00039272 _____ () C:\WINDOWS\KB975025.log
2014-03-11 13:46 - 2014-03-12 17:01 - 00028261 _____ () C:\WINDOWS\KB2506212.log
2014-03-11 13:46 - 2014-03-12 16:57 - 00032934 _____ () C:\WINDOWS\KB977914.log
2014-03-11 13:45 - 2014-03-12 17:06 - 00042748 _____ () C:\WINDOWS\KB978338.log
2014-03-11 13:45 - 2014-03-12 17:05 - 00042142 _____ () C:\WINDOWS\KB974112.log
2014-03-11 13:45 - 2014-03-12 17:03 - 00037365 _____ () C:\WINDOWS\KB977816.log
2014-03-11 13:45 - 2014-03-12 17:01 - 00030109 _____ () C:\WINDOWS\KB2653956.log
2014-03-11 13:45 - 2014-03-12 17:01 - 00029624 _____ () C:\WINDOWS\KB974392.log
2014-03-11 13:45 - 2011-04-21 21:37 - 00105472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mup.sys
2014-03-11 13:45 - 2009-07-28 06:27 - 00128512 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dhtmled.ocx
2014-03-11 13:45 - 2009-03-06 22:22 - 00284160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pdh.dll
2014-03-11 13:45 - 2009-02-09 20:10 - 00617472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\advapi32.dll
2014-03-11 13:45 - 2009-02-09 20:10 - 00473600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fastprox.dll
2014-03-11 13:45 - 2009-02-09 20:10 - 00453120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiprvsd.dll
2014-03-11 13:45 - 2009-02-09 20:10 - 00401408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rpcss.dll
2014-03-11 13:45 - 2009-02-06 19:11 - 00110592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\services.exe
2014-03-11 13:45 - 2009-02-06 18:10 - 00227840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiprvse.exe
2014-03-11 13:44 - 2014-03-12 17:05 - 00039612 _____ () C:\WINDOWS\KB2483185.log
2014-03-11 13:44 - 2014-03-12 17:04 - 00037927 _____ () C:\WINDOWS\KB974571.log
2014-03-11 13:44 - 2014-03-12 17:04 - 00037499 _____ () C:\WINDOWS\KB973507.log
2014-03-11 13:44 - 2014-03-12 17:01 - 00036901 _____ () C:\WINDOWS\KB2419632.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00026484 _____ () C:\WINDOWS\KB2705219-v2.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00025809 _____ () C:\WINDOWS\KB2619339.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00025064 _____ () C:\WINDOWS\KB960803.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00024888 _____ () C:\WINDOWS\KB978542.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00024851 _____ () C:\WINDOWS\KB2727528.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00024765 _____ () C:\WINDOWS\KB978706.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00024759 _____ () C:\WINDOWS\KB979482.log
2014-03-11 13:43 - 2012-07-04 22:05 - 00139784 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rdpwd.sys
2014-03-11 13:43 - 2012-05-29 02:16 - 00536576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msado15.dll
2014-03-11 13:43 - 2010-06-18 21:36 - 03558912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\moviemk.exe
2014-03-11 13:42 - 2014-03-14 08:43 - 00089641 _____ () C:\WINDOWS\setupapi.log
2014-03-11 13:42 - 2014-03-12 16:56 - 00024365 _____ () C:\WINDOWS\KB973815.log
2014-03-11 13:42 - 2014-03-12 16:55 - 00026472 _____ () C:\WINDOWS\KB2676562.log
2014-03-11 13:42 - 2014-03-12 16:55 - 00025863 _____ () C:\WINDOWS\KB2509553.log
2014-03-11 13:42 - 2014-03-12 16:55 - 00025761 _____ () C:\WINDOWS\KB2813345.log
2014-03-11 13:42 - 2014-03-12 16:55 - 00021472 _____ () C:\WINDOWS\KB982665.log
2014-03-11 13:42 - 2013-11-06 09:03 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsp4res.dll
2014-03-11 13:42 - 2013-08-09 08:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2014-03-11 13:42 - 2013-08-09 08:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2014-03-11 13:42 - 2013-07-04 11:03 - 02149888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2014-03-11 13:42 - 2013-07-04 10:59 - 02193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2014-03-11 13:42 - 2013-07-04 10:08 - 02070144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2014-03-11 13:42 - 2013-07-04 10:08 - 02028544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2014-03-11 13:42 - 2010-12-09 23:15 - 00718336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntdll.dll
2014-03-11 13:42 - 2010-07-12 20:55 - 00218112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wordpad.exe
2014-03-11 13:42 - 2009-11-21 23:51 - 01206508 ____C () C:\WINDOWS\system32\dllcache\sysmain.sdb
2014-03-11 13:42 - 2009-03-18 19:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2014-03-11 13:41 - 2014-03-12 16:54 - 00020278 _____ () C:\WINDOWS\KB2620712.log
2014-03-11 13:41 - 2014-03-12 16:54 - 00019789 _____ () C:\WINDOWS\KB2584146.log
2014-03-11 13:41 - 2013-11-28 04:21 - 00040960 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndproxy.sys
2014-03-11 13:41 - 2012-01-12 03:06 - 00003072 ____N () C:\WINDOWS\system32\iacenc.dll
2014-03-11 13:41 - 2012-01-12 03:06 - 00003072 ____C () C:\WINDOWS\system32\dllcache\iacenc.dll
2014-03-11 13:41 - 2011-07-08 22:02 - 00010496 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndistapi.sys
2014-03-11 13:40 - 2014-03-12 16:54 - 00020582 _____ () C:\WINDOWS\KB975467.log
2014-03-11 13:39 - 2014-03-12 16:54 - 00021106 _____ () C:\WINDOWS\KB968389.log
2014-03-11 13:39 - 2010-10-11 22:59 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wab.exe
2014-03-11 13:36 - 2014-03-12 16:56 - 00023525 _____ () C:\WINDOWS\KB979309.log
2014-03-11 09:38 - 2014-03-11 09:38 - 00000174 _____ () C:\Documents and Settings\User\defogger_reenable
2014-03-11 08:24 - 2012-06-02 15:18 - 00275696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll
2014-03-11 08:24 - 2012-06-02 15:18 - 00017136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll.mui
2014-03-10 09:27 - 2014-03-10 09:27 - 00000000 _RSHD () C:\cmdcons
2014-03-10 09:27 - 2014-03-01 12:26 - 00000245 _____ () C:\Boot.bak
2014-03-10 09:27 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-03-10 09:25 - 2014-03-12 08:50 - 00000000 ____D () C:\Qoobox
2014-03-10 09:25 - 2014-03-10 09:32 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-10 09:25 - 2011-06-26 14:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-10 09:25 - 2010-11-08 01:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-10 09:25 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-10 09:25 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-10 09:25 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-10 09:25 - 2000-08-31 08:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-10 09:25 - 2000-08-31 08:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-10 09:25 - 2000-08-31 08:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-10 09:25 - 2000-08-31 08:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-08 14:58 - 2014-03-08 15:07 - 00011889 _____ () C:\Documents and Settings\User\Desktop\Book2a.xlsx
2014-03-07 17:58 - 2014-03-11 14:42 - 00000180 _____ () C:\hwsig.log
2014-03-07 10:22 - 2014-03-07 10:22 - 00000000 ____D () C:\Program Files\ESET
2014-03-06 14:57 - 2014-03-14 13:08 - 00054272 _____ () C:\Documents and Settings\User\Desktop\container - 6 3 2014.xls
2014-03-05 10:13 - 2014-03-05 10:13 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-05 09:33 - 2014-03-05 10:09 - 00000000 ____D () C:\AdwCleaner
2014-03-04 10:22 - 2014-03-04 17:57 - 00227455 _____ () C:\Documents and Settings\User\Desktop\CONTAINA - SCHEDULE.xlsx
2014-03-04 09:29 - 2014-03-17 09:33 - 00000000 ____D () C:\FRST
2014-03-03 13:59 - 2014-03-03 13:59 - 00000000 __SHD () C:\Documents and Settings\User\IECompatCache
2014-03-03 10:28 - 2014-03-03 10:28 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-03 10:28 - 2014-03-03 10:28 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Skype
2014-03-03 10:28 - 2014-03-03 10:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-03-03 09:58 - 2014-03-03 09:58 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Malwarebytes
2014-03-03 09:57 - 2014-03-03 09:57 - 00000796 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 09:57 - 2014-03-03 09:57 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-03 09:57 - 2014-03-03 09:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-03 09:57 - 2014-03-03 09:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-03 09:57 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-01 12:20 - 2014-03-13 11:11 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
2014-03-01 10:32 - 2014-03-01 10:32 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-01 10:32 - 2014-03-01 10:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-02-20 08:38 - 2014-02-20 08:43 - 00048640 _____ () C:\Documents and Settings\User\Desktop\2002020141_Bong_PriceComfirmation.xls
2014-02-19 14:34 - 2014-02-19 14:34 - 00940794 _____ () C:\WINDOWS\system32\LoopyMusic.wav
2014-02-19 14:34 - 2014-02-19 14:34 - 00146650 _____ () C:\WINDOWS\system32\BuzzingBee.wav
2014-02-17 12:20 - 2014-02-17 12:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-17 09:33 - 2014-03-17 09:33 - 00024919 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-03-17 09:33 - 2014-03-17 09:33 - 00000000 ____D () C:\Documents and Settings\User\Desktop\FRST-OlderVersion
2014-03-17 09:33 - 2014-03-17 09:32 - 01145856 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-03-17 09:33 - 2014-03-04 09:29 - 00000000 ____D () C:\FRST
2014-03-17 09:31 - 2014-03-17 09:31 - 00123673 _____ () C:\Documents and Settings\User\Desktop\TDSS.TXT
2014-03-17 09:21 - 2010-08-23 10:48 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 09:21 - 2010-08-23 10:48 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 08:44 - 2014-01-07 15:32 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-03-17 08:35 - 2013-12-16 13:08 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-17 08:34 - 2014-03-17 08:44 - 04130656 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe
2014-03-17 08:23 - 2014-03-17 08:23 - 00010768 _____ () C:\Documents and Settings\User\Desktop\OCT PROFIT.xlsx
2014-03-17 08:15 - 2009-12-05 22:25 - 01593223 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 08:13 - 2014-01-09 11:02 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-03-17 08:12 - 2013-12-16 13:32 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-776561741-725345543-1003.job
2014-03-17 08:12 - 2013-12-16 13:32 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-776561741-725345543-1003.job
2014-03-17 08:12 - 2012-03-30 11:09 - 00000430 _____ () C:\WINDOWS\Tasks\SogouImeMgr.job
2014-03-17 08:12 - 2009-12-06 06:20 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-17 08:12 - 2009-12-06 06:20 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-17 08:12 - 2009-12-05 22:29 - 00032616 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-17 08:12 - 2009-12-05 22:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-17 08:12 - 2006-02-28 20:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-14 17:53 - 2014-01-09 11:02 - 00327680 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-03-14 17:53 - 2009-12-05 22:29 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-03-14 17:32 - 2014-03-14 12:15 - 00015015 _____ () C:\Documents and Settings\User\Desktop\eurotrac container.xlsx
2014-03-14 17:32 - 2014-03-14 11:37 - 00014512 _____ () C:\Documents and Settings\User\Desktop\MSH ELECTRICAL KUCHING.xlsx
2014-03-14 16:20 - 2014-03-14 16:14 - 00016385 _____ () C:\Documents and Settings\User\Desktop\Container MENLITE KK.xlsx
2014-03-14 15:38 - 2013-12-16 13:33 - 00000438 ____H () C:\WINDOWS\Tasks\Norton Security Scan for User.job
2014-03-14 13:08 - 2014-03-14 12:13 - 00018194 _____ () C:\Documents and Settings\User\Desktop\March Container list.xlsx
2014-03-14 13:08 - 2014-03-06 14:57 - 00054272 _____ () C:\Documents and Settings\User\Desktop\container - 6 3 2014.xls
2014-03-14 12:45 - 2014-03-14 12:45 - 00001779 _____ () C:\Documents and Settings\All Users\Desktop\Google Slides.lnk
2014-03-14 12:45 - 2014-03-14 12:45 - 00001777 _____ () C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
2014-03-14 12:45 - 2014-03-14 12:45 - 00001767 _____ () C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
2014-03-14 12:45 - 2014-03-14 12:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2014-03-14 12:45 - 2010-08-23 10:48 - 00000000 ____D () C:\Program Files\Google
2014-03-14 12:45 - 2010-08-23 10:48 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Google
2014-03-14 11:39 - 2010-08-23 10:48 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Skype
2014-03-14 08:59 - 2009-12-08 14:11 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-14 08:43 - 2014-03-11 13:42 - 00089641 _____ () C:\WINDOWS\setupapi.log
2014-03-13 18:02 - 2009-12-06 06:18 - 00513832 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-13 17:32 - 2009-12-10 15:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-03-13 17:31 - 2014-03-13 17:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2014-03-13 17:31 - 2014-03-13 11:54 - 00014552 _____ () C:\WINDOWS\KB2345886.log
2014-03-13 17:31 - 2009-12-06 06:18 - 01081502 _____ () C:\WINDOWS\iis6.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00949960 _____ () C:\WINDOWS\FaxSetup.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00472217 _____ () C:\WINDOWS\ocgen.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00440535 _____ () C:\WINDOWS\tsoc.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00325654 _____ () C:\WINDOWS\comsetup.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00301710 _____ () C:\WINDOWS\msmqinst.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00196678 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00167075 _____ () C:\WINDOWS\netfxocm.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00066401 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00052889 _____ () C:\WINDOWS\ocmsn.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00048411 _____ () C:\WINDOWS\tabletoc.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00047942 _____ () C:\WINDOWS\msgsocm.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-13 17:30 - 2014-03-13 17:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2014-03-13 17:30 - 2009-12-06 06:18 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-13 17:30 - 2009-12-05 23:15 - 00207367 _____ () C:\WINDOWS\updspapi.log
2014-03-13 17:24 - 2014-03-13 17:24 - 00006515 _____ () C:\WINDOWS\KB961118.log
2014-03-13 17:24 - 2014-03-13 17:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961118$
2014-03-13 17:09 - 2009-12-05 22:24 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-13 17:09 - 2006-02-28 20:00 - 00000655 _____ () C:\WINDOWS\win.ini
2014-03-13 17:07 - 2014-03-12 16:25 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-03-13 16:58 - 2014-03-13 16:58 - 00013043 _____ () C:\Documents and Settings\User\Desktop\menlitekk1332014.xlsx
2014-03-13 11:54 - 2009-12-05 22:26 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-03-13 11:11 - 2014-03-01 12:20 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
2014-03-13 08:03 - 2014-03-12 09:29 - 00000000 ____D () C:\WINDOWS\system32\CatRoot2_20143138332
2014-03-13 07:53 - 2009-12-06 06:16 - 00000355 __RSH () C:\boot.ini
2014-03-13 07:53 - 2006-02-28 20:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-12 17:47 - 2014-03-12 17:47 - 00000000 __SHD () C:\Documents and Settings\Default User\IETldCache
2014-03-12 17:24 - 2009-12-05 22:29 - 00095440 _____ () C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-12 17:19 - 2014-03-12 17:19 - 00008663 _____ () C:\WINDOWS\WgaNotify.log
2014-03-12 17:19 - 2009-12-05 23:24 - 00048318 _____ () C:\WINDOWS\spupdsvc.log
2014-03-12 17:15 - 2009-12-06 06:17 - 03904496 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-12 17:12 - 2014-03-12 17:12 - 00047839 _____ () C:\WINDOWS\KB951376-v2.log
2014-03-12 17:12 - 2014-03-12 17:12 - 00047383 _____ () C:\WINDOWS\KB2387149.log
2014-03-12 17:12 - 2014-03-12 17:12 - 00047298 _____ () C:\WINDOWS\KB946648.log
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952954$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2387149$
2014-03-12 17:12 - 2014-03-11 13:59 - 00058203 _____ () C:\WINDOWS\KB952954.log
2014-03-12 17:12 - 2014-03-11 13:59 - 00056638 _____ () C:\WINDOWS\KB2868626.log
2014-03-12 17:12 - 2014-03-11 13:58 - 00057476 _____ () C:\WINDOWS\KB959426.log
2014-03-12 17:12 - 2009-12-05 22:23 - 00000000 ____D () C:\Program Files\Messenger
2014-03-12 17:11 - 2014-03-12 17:11 - 00047579 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00039909 _____ () C:\WINDOWS\KB2659262.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00039118 _____ () C:\WINDOWS\KB2564958.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00037061 _____ () C:\WINDOWS\KB2834886.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2758857$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2479943$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478971$
2014-03-12 17:11 - 2014-03-12 16:55 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-12 17:11 - 2014-03-11 13:57 - 00057628 _____ () C:\WINDOWS\KB2712808.log
2014-03-12 17:11 - 2014-03-11 13:57 - 00057220 _____ () C:\WINDOWS\KB960859.log
2014-03-12 17:11 - 2014-03-11 13:57 - 00052441 _____ () C:\WINDOWS\KB2479943.log
2014-03-12 17:11 - 2014-03-11 13:56 - 00050547 _____ () C:\WINDOWS\KB2478971.log
2014-03-12 17:11 - 2014-03-11 13:56 - 00049789 _____ () C:\WINDOWS\KB2758857.log
2014-03-12 17:11 - 2014-03-11 13:56 - 00048227 _____ () C:\WINDOWS\KB2916036.log
2014-03-12 17:11 - 2014-03-11 13:55 - 00049465 _____ () C:\WINDOWS\KB2544893-v2.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00040372 _____ () C:\WINDOWS\KB955759.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00039840 _____ () C:\WINDOWS\KB2536276-v2.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00038287 _____ () C:\WINDOWS\KB975558.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00037378 _____ () C:\WINDOWS\KB2296011.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00036734 _____ () C:\WINDOWS\KB2900986.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975558_WM8$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2585542$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2296011$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2115168$
2014-03-12 17:10 - 2014-03-11 13:55 - 00050461 _____ () C:\WINDOWS\KB2585542.log
2014-03-12 17:10 - 2014-03-11 13:55 - 00049351 _____ () C:\WINDOWS\KB2631813.log
2014-03-12 17:10 - 2014-03-11 13:54 - 00049828 _____ () C:\WINDOWS\KB2691442.log
2014-03-12 17:10 - 2014-03-11 13:54 - 00048852 _____ () C:\WINDOWS\KB2115168.log
2014-03-12 17:10 - 2014-03-11 13:54 - 00046560 _____ () C:\WINDOWS\KB2847311.log
2014-03-12 17:08 - 2014-03-12 17:07 - 00036746 _____ () C:\WINDOWS\KB2378111.log
2014-03-12 17:08 - 2009-12-05 22:24 - 00043638 _____ () C:\WINDOWS\wmsetup.log
2014-03-12 17:07 - 2014-03-12 17:07 - 00037450 _____ () C:\WINDOWS\KB2229593.log
2014-03-12 17:07 - 2014-03-12 17:07 - 00034098 _____ () C:\WINDOWS\KB2834902-v2.log
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974318$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969059$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961503$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951978$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834902-v2_WM10$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2655992$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2443105$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2378111_WM9$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2229593$
2014-03-12 17:07 - 2014-03-11 13:50 - 00048217 _____ () C:\WINDOWS\KB974318.log
2014-03-12 17:07 - 2014-03-11 13:50 - 00047760 _____ () C:\WINDOWS\KB951978.log
2014-03-12 17:07 - 2014-03-11 13:50 - 00047696 _____ () C:\WINDOWS\KB2655992.log
2014-03-12 17:07 - 2014-03-11 13:50 - 00046784 _____ () C:\WINDOWS\KB2443105.log
2014-03-12 17:07 - 2014-03-11 13:50 - 00046776 _____ () C:\WINDOWS\KB969059.log
2014-03-12 17:07 - 2014-03-11 13:49 - 00046934 _____ () C:\WINDOWS\KB2802968.log
2014-03-12 17:07 - 2014-03-11 13:49 - 00046394 _____ () C:\WINDOWS\KB961503.log
2014-03-12 17:07 - 2014-03-11 13:48 - 00045847 _____ () C:\WINDOWS\KB950974.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00035720 _____ () C:\WINDOWS\KB2686509.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00035638 _____ () C:\WINDOWS\KB2485663.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00033986 _____ () C:\WINDOWS\KB2862335.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00032558 _____ () C:\WINDOWS\KB954155.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982132$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978338$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975713$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954155_WM9$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950974$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2598479$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2485663$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2481109$
2014-03-12 17:06 - 2014-03-12 13:42 - 00043516 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 17:06 - 2014-03-11 13:49 - 00043846 _____ () C:\WINDOWS\KB2898715.log
2014-03-12 17:06 - 2014-03-11 13:48 - 00046545 _____ () C:\WINDOWS\KB2481109.log
2014-03-12 17:06 - 2014-03-11 13:47 - 00044499 _____ () C:\WINDOWS\KB975713.log
2014-03-12 17:06 - 2014-03-11 13:47 - 00044236 _____ () C:\WINDOWS\KB2598479.log
2014-03-12 17:06 - 2014-03-11 13:47 - 00043626 _____ () C:\WINDOWS\KB2507938.log
2014-03-12 17:06 - 2014-03-11 13:47 - 00042993 _____ () C:\WINDOWS\KB982132.log
2014-03-12 17:06 - 2014-03-11 13:46 - 00042803 _____ () C:\WINDOWS\KB971657.log
2014-03-12 17:06 - 2014-03-11 13:45 - 00042748 _____ () C:\WINDOWS\KB978338.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00037370 _____ () C:\WINDOWS\KB956572.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00032024 _____ () C:\WINDOWS\KB956844.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00030387 _____ () C:\WINDOWS\KB2904266.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00006814 _____ () C:\WINDOWS\system32\TZLog.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979687$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974112$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB972270$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956844$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956572$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2507938$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2483185$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2347290$
2014-03-12 17:05 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-03-12 17:05 - 2014-03-12 13:42 - 00041056 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 17:05 - 2014-03-11 13:50 - 00044755 _____ () C:\WINDOWS\KB2780091.log
2014-03-12 17:05 - 2014-03-11 13:50 - 00039699 _____ () C:\WINDOWS\KB2876217.log
2014-03-12 17:05 - 2014-03-11 13:50 - 00038541 _____ () C:\WINDOWS\KB2864063.log
2014-03-12 17:05 - 2014-03-11 13:47 - 00041366 _____ () C:\WINDOWS\KB979687.log
2014-03-12 17:05 - 2014-03-11 13:45 - 00042142 _____ () C:\WINDOWS\KB974112.log
2014-03-12 17:05 - 2014-03-11 13:44 - 00039612 _____ () C:\WINDOWS\KB2483185.log
2014-03-12 17:04 - 2014-03-12 17:04 - 00031673 _____ () C:\WINDOWS\KB973869.log
2014-03-12 17:04 - 2014-03-12 17:04 - 00030789 _____ () C:\WINDOWS\KB2592799.log
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975025$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974571$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973869$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973507$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952004$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2719985$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2592799$
2014-03-12 17:04 - 2014-03-11 13:48 - 00037773 _____ () C:\WINDOWS\KB2862152.log
2014-03-12 17:04 - 2014-03-11 13:47 - 00040487 _____ () C:\WINDOWS\KB2719985.log
2014-03-12 17:04 - 2014-03-11 13:46 - 00040163 _____ () C:\WINDOWS\KB952004.log
2014-03-12 17:04 - 2014-03-11 13:46 - 00039272 _____ () C:\WINDOWS\KB975025.log
2014-03-12 17:04 - 2014-03-11 13:44 - 00037927 _____ () C:\WINDOWS\KB974571.log
2014-03-12 17:04 - 2014-03-11 13:44 - 00037499 _____ () C:\WINDOWS\KB973507.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00031407 _____ () C:\WINDOWS\KB941569.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00030558 _____ () C:\WINDOWS\KB2535512.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00030068 _____ () C:\WINDOWS\KB950762.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00030008 _____ () C:\WINDOWS\KB2807986.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00029304 _____ () C:\WINDOWS\KB2570947.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977816$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB941569$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2570947$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$
2014-03-12 17:03 - 2014-03-11 13:50 - 00038093 _____ () C:\WINDOWS\KB2859537.log
2014-03-12 17:03 - 2014-03-11 13:50 - 00037198 _____ () C:\WINDOWS\KB2876331.log
2014-03-12 17:03 - 2014-03-11 13:49 - 00037127 _____ () C:\WINDOWS\KB2850869.log
2014-03-12 17:03 - 2014-03-11 13:45 - 00037365 _____ () C:\WINDOWS\KB977816.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00029747 _____ () C:\WINDOWS\KB973904.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00029244 _____ () C:\WINDOWS\KB952287.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00029204 _____ () C:\WINDOWS\KB2868038.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00028819 _____ () C:\WINDOWS\KB2603381.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00027615 _____ () C:\WINDOWS\KB2884256.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00025483 _____ () C:\WINDOWS\KB978695.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973904$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2884256$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2014-03-12 17:02 - 2014-03-11 13:49 - 00038496 _____ () C:\WINDOWS\KB2820917.log
2014-03-12 17:02 - 2014-03-11 13:48 - 00035520 _____ () C:\WINDOWS\KB2893294.log
2014-03-12 17:01 - 2014-03-12 17:01 - 00018599 _____ () C:\WINDOWS\KB952069.log
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974392$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973540_WM9$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971029$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952069_WM9$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2508429$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2506212$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2419632$
2014-03-12 17:01 - 2014-03-11 13:49 - 00037685 _____ () C:\WINDOWS\KB2757638.log
2014-03-12 17:01 - 2014-03-11 13:48 - 00030875 _____ () C:\WINDOWS\KB2749655.log
2014-03-12 17:01 - 2014-03-11 13:47 - 00031934 _____ () C:\WINDOWS\KB2508429.log
2014-03-12 17:01 - 2014-03-11 13:47 - 00029748 _____ () C:\WINDOWS\KB971029.log
2014-03-12 17:01 - 2014-03-11 13:46 - 00028261 _____ () C:\WINDOWS\KB2506212.log
2014-03-12 17:01 - 2014-03-11 13:45 - 00030109 _____ () C:\WINDOWS\KB2653956.log
2014-03-12 17:01 - 2014-03-11 13:45 - 00029624 _____ () C:\WINDOWS\KB974392.log
2014-03-12 17:01 - 2014-03-11 13:44 - 00036901 _____ () C:\WINDOWS\KB2419632.log
2014-03-12 16:59 - 2009-12-10 15:21 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-03-12 16:59 - 2009-12-06 06:18 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-12 16:58 - 2014-03-12 16:58 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft Help
2014-03-12 16:57 - 2014-03-12 16:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977914$
2014-03-12 16:57 - 2014-03-11 13:46 - 00032934 _____ () C:\WINDOWS\KB977914.log
2014-03-12 16:56 - 2014-03-12 16:56 - 00021170 _____ () C:\WINDOWS\KB2698365.log
2014-03-12 16:56 - 2014-03-12 16:56 - 00019523 _____ () C:\WINDOWS\KB2723135-v2.log
2014-03-12 16:56 - 2014-03-12 16:56 - 00018901 _____ () C:\WINDOWS\KB981997.log
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981997$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979482$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979309$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978706$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978542$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973815$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960803$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2619339$
2014-03-12 16:56 - 2014-03-11 13:49 - 00026436 _____ () C:\WINDOWS\KB2892075.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00026484 _____ () C:\WINDOWS\KB2705219-v2.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00025809 _____ () C:\WINDOWS\KB2619339.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00025064 _____ () C:\WINDOWS\KB960803.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00024888 _____ () C:\WINDOWS\KB978542.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00024851 _____ () C:\WINDOWS\KB2727528.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00024765 _____ () C:\WINDOWS\KB978706.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00024759 _____ () C:\WINDOWS\KB979482.log
2014-03-12 16:56 - 2014-03-11 13:42 - 00024365 _____ () C:\WINDOWS\KB973815.log
2014-03-12 16:56 - 2014-03-11 13:36 - 00023525 _____ () C:\WINDOWS\KB979309.log
2014-03-12 16:56 - 2009-12-05 22:24 - 00000000 ____D () C:\Program Files\Outlook Express
2014-03-12 16:56 - 2009-12-05 22:24 - 00000000 ____D () C:\Program Files\Movie Maker
2014-03-12 16:55 - 2014-03-12 16:55 - 00017169 _____ () C:\WINDOWS\KB2510531-IE8.log
2014-03-12 16:55 - 2014-03-12 16:55 - 00014801 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-03-12 16:55 - 2014-03-12 16:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-03-12 16:55 - 2014-03-12 16:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-03-12 16:55 - 2014-03-12 16:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2014-03-12 16:55 - 2014-03-12 16:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2509553$
2014-03-12 16:55 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982665$
2014-03-12 16:55 - 2014-03-11 13:42 - 00026472 _____ () C:\WINDOWS\KB2676562.log
2014-03-12 16:55 - 2014-03-11 13:42 - 00025863 _____ () C:\WINDOWS\KB2509553.log
2014-03-12 16:55 - 2014-03-11 13:42 - 00025761 _____ () C:\WINDOWS\KB2813345.log
2014-03-12 16:55 - 2014-03-11 13:42 - 00021472 _____ () C:\WINDOWS\KB982665.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00018283 _____ () C:\WINDOWS\KB2393802.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00016668 _____ () C:\WINDOWS\KB923561.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00014913 _____ () C:\WINDOWS\KB2566454.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00014706 _____ () C:\WINDOWS\KB2661637.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00012513 _____ () C:\WINDOWS\KB2914368.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00011891 _____ () C:\WINDOWS\KB2423089.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975467$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968389$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB923561$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2661637$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2566454$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478960$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2423089$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2393802$
2014-03-12 16:54 - 2014-03-11 13:41 - 00020278 _____ () C:\WINDOWS\KB2620712.log
2014-03-12 16:54 - 2014-03-11 13:41 - 00019789 _____ () C:\WINDOWS\KB2584146.log
2014-03-12 16:54 - 2014-03-11 13:40 - 00020582 _____ () C:\WINDOWS\KB975467.log
2014-03-12 16:54 - 2014-03-11 13:39 - 00021106 _____ () C:\WINDOWS\KB968389.log
2014-03-12 16:36 - 2009-12-05 22:52 - 00000000 ____D () C:\WINDOWS\pss
2014-03-12 16:25 - 2014-03-12 16:25 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-03-12 16:25 - 2009-12-10 15:20 - 00000000 ____D () C:\Program Files\MSBuild
2014-03-12 16:24 - 2009-12-06 06:11 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-03-12 16:22 - 2009-12-06 06:11 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-03-12 15:50 - 2009-12-05 22:51 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-12 15:35 - 2013-12-16 13:08 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-12 15:35 - 2011-12-30 10:35 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-12 09:33 - 2009-12-05 22:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-12 09:29 - 2009-12-06 06:17 - 00000000 ____D () C:\WINDOWS\system32\CatRoot2_201431292917
2014-03-12 08:50 - 2014-03-12 08:50 - 00065566 _____ () C:\ComboFix.txt
2014-03-12 08:50 - 2014-03-12 08:43 - 00000000 ____D () C:\ComboFix
2014-03-12 08:50 - 2014-03-10 09:25 - 00000000 ____D () C:\Qoobox
2014-03-11 16:02 - 2013-12-16 13:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-03-11 14:46 - 2012-03-30 11:09 - 00000000 ____D () C:\Documents and Settings\User\Application Data\SogouPY
2014-03-11 14:42 - 2014-03-07 17:58 - 00000180 _____ () C:\hwsig.log
2014-03-11 14:03 - 2014-03-11 13:49 - 00008340 _____ () C:\WINDOWS\KB2845187.log
2014-03-11 14:03 - 2014-03-11 13:48 - 00008693 _____ () C:\WINDOWS\KB2893984.log
2014-03-11 09:38 - 2014-03-11 09:38 - 00000174 _____ () C:\Documents and Settings\User\defogger_reenable
2014-03-11 09:10 - 2009-12-06 06:17 - 01047179 _____ () C:\WINDOWS\setupapi.log.0.old
2014-03-11 08:23 - 2009-12-06 06:11 - 00000000 ____D () C:\WINDOWS\Help
2014-03-10 10:00 - 2009-12-08 14:13 - 00000000 ____D () C:\UBSSTK94
2014-03-10 09:32 - 2014-03-10 09:25 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-10 09:27 - 2014-03-10 09:27 - 00000000 _RSHD () C:\cmdcons
2014-03-08 15:07 - 2014-03-08 14:58 - 00011889 _____ () C:\Documents and Settings\User\Desktop\Book2a.xlsx
2014-03-07 10:22 - 2014-03-07 10:22 - 00000000 ____D () C:\Program Files\ESET
2014-03-07 09:15 - 2009-12-05 22:24 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-03-05 10:13 - 2014-03-05 10:13 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-05 10:09 - 2014-03-05 09:33 - 00000000 ____D () C:\AdwCleaner
2014-03-05 10:09 - 2013-04-02 10:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\搜狗拼音输入法
2014-03-04 17:57 - 2014-03-04 10:22 - 00227455 _____ () C:\Documents and Settings\User\Desktop\CONTAINA - SCHEDULE.xlsx
2014-03-03 13:59 - 2014-03-03 13:59 - 00000000 __SHD () C:\Documents and Settings\User\IECompatCache
2014-03-03 10:28 - 2014-03-03 10:28 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-03 10:28 - 2014-03-03 10:28 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Skype
2014-03-03 10:28 - 2014-03-03 10:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-03-03 10:28 - 2010-08-23 10:47 - 00000000 ___RD () C:\Program Files\Skype
2014-03-03 10:28 - 2010-08-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-03-03 10:10 - 2014-01-23 08:56 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2014-03-03 09:58 - 2014-03-03 09:58 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Malwarebytes
2014-03-03 09:57 - 2014-03-03 09:57 - 00000796 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 09:57 - 2014-03-03 09:57 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-03 09:57 - 2014-03-03 09:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-03 09:57 - 2014-03-03 09:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-01 12:26 - 2014-03-10 09:27 - 00000245 _____ () C:\Boot.bak
2014-03-01 12:26 - 2014-01-09 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-03-01 10:32 - 2014-03-01 10:32 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-01 10:32 - 2014-03-01 10:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-02-24 19:46 - 2014-03-12 13:45 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-24 19:46 - 2009-12-05 22:25 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-24 19:45 - 2014-03-12 13:45 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-24 19:45 - 2014-03-12 13:45 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-24 19:45 - 2014-03-12 13:45 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-24 19:45 - 2009-12-05 23:14 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-24 19:45 - 2009-12-05 23:14 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-24 19:45 - 2009-12-05 23:14 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-24 19:45 - 2009-12-05 23:14 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-24 19:45 - 2007-08-13 18:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-24 19:45 - 2007-08-13 18:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-24 19:45 - 2007-08-13 18:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 19:45 - 2007-08-13 18:34 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-24 19:45 - 2006-02-28 20:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-24 19:45 - 2006-02-28 20:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-24 18:54 - 2006-02-28 20:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-24 16:24 - 2006-02-28 20:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-24 16:24 - 2006-02-28 20:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-20 08:43 - 2014-02-20 08:38 - 00048640 _____ () C:\Documents and Settings\User\Desktop\2002020141_Bong_PriceComfirmation.xls
2014-02-19 14:34 - 2014-02-19 14:34 - 00940794 _____ () C:\WINDOWS\system32\LoopyMusic.wav
2014-02-19 14:34 - 2014-02-19 14:34 - 00146650 _____ () C:\WINDOWS\system32\BuzzingBee.wav
2014-02-17 14:15 - 2013-04-25 11:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-17 12:20 - 2014-02-17 12:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

i believe that should be all

Juliet
2014-03-17, 14:38
Did you install Youdao?
Did you set Chrome home page to CHR HomePage to : start.iplay.com/ ?

~~~~~~~~~~~~~~~~~~~~~~~~~
Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:

C:\windows\system32\drivers\csdriver.sys


Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~`

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
S4 jcjymt;
C:\WINDOWS\system32\lvuwppj.dll
C:\WINDOWS\Tasks\Norton Security Scan for User.job
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Please post
scan results for csdriver.sys
Fixlog.txt

Please update me on how the computer is at the moment.

Trancidonia
2014-03-18, 04:43
I believe the PC is fix, I have yet come across the sound which Avast! made when it encounter a virus.
Eventho it has longer PC boot up time, comparing to the time before I came to the forum for help.

I didnt install Youdao, maybe it was my Aunt who installed it(accidentally or not), she still uses firefox.
and no i set Google Chrome homepage as empty URL which shows a google search bar, some popular recently visited web tabs and options for which you could pick whether to search google images or uses gmail


the csdriver file is actually a tool for typing chinese characters all the way back from window 98.
but non the less here's the information that i got after the virus total scan


SHA256: 6778e38c32f5fa441befab83a6de944b59129ecf8c139afd7a7cc968fb67a7af
File name: csdriver.sys
Detection ratio: 0 / 49
Analysis date: 2014-03-18 01:59:39 UTC ( 0 minutes ago )

Authenticode signature block
Copyright Copyright (C) Chinese Star Ltd.
Publisher Beijing Chinese Star Cyber Technology Limited
Product csdriver
Original name csdriver.sys
Internal name csdriver.sys
File version 1.00.1000.1
Description CStar Driver

PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-05-24 01:39:31
Entry Point 0x0000046E
Number of sections 7

Name Virtual address Virtual size Raw size Entropy MD5
.text 736 15818 15840 6.22 1ec3a480a685469d1cd0b9ff62d987f3
.rdata 16576 16279 16288 4.49 72096ce946d1e704c18f0787e5fae7c5
.data 32864 1240 1248 2.46 5e11529959dfb1cbc16392a2d6947e34
CODE_PAG 34112 4 32 0.00 70bc8f4b72a86921468bf8e8441dce51
INIT 34144 608 608 4.98 03ffe1909e8ac63adcf5de2125e241b1
.rsrc 34752 1032 1056 3.20 4a1e5b29552b62b572a87d128c743ff1
.reloc 35808 3480 3488 6.60 6da9975e30f09786ecfb4e79c1c0d02e

PE imports
[+] HAL.dll
KfAcquireSpinLock
KfReleaseSpinLock
[+] ntoskrnl.exe
MmUnmapIoSpace
MmMapIoSpace
IoAllocateMdl
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteSymbolicLink
RtlAnsiStringToUnicodeString
IoCreateDevice
RtlInitUnicodeString
MmProbeAndLockPages
IoDeleteDevice
MmGetPhysicalAddress
DbgPrint
sprintf
ExFreePool
MmIsAddressValid
KeInitializeSpinLock
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages


Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
ExifTool file metadata
SubsystemVersion 5.0
LinkerVersion 5.12
ImageVersion 5.0
FileSubtype 0
FileVersionNumber 1.0.1000.1
UninitializedDataSize 0
LanguageCode English (U.S.)
FileFlagsMask 0x003f
CharacterSet Unicode
InitializedDataSize 22112
FileOS Windows NT 32-bit
MIMEType application/octet-stream
LegalCopyright Copyright (C) Chinese Star Ltd.
FileVersion 1.00.1000.1
TimeStamp 2002:05:24 02:39:31+01:00
FileType Win32 EXE
PEType PE32
InternalName csdriver.sys
FileAccessDate 2014:03:18 02:59:43+01:00
ProductVersion 1.00.1000.1
FileDescription CStar Driver
OSVersion 5.0
FileCreateDate 2014:03:18 02:59:43+01:00
OriginalFilename csdriver.sys
Subsystem Native
MachineType Intel 386 or later, and compatibles
CompanyNameBeijing Chinese Star Cyber Technology Limited
CodeSize 16448
ProductName csdriver
ProductVersionNumber 1.0.1000.1
EntryPoint 0x046e
ObjectFileType Dynamic link library



MD5 0d15988b79de14c0ebf145a12137fec6
SHA1 d2e0a969849d8e32b2b678785fa14910522a2397
SHA256 6778e38c32f5fa441befab83a6de944b59129ecf8c139afd7a7cc968fb67a7af
ssdeep 768:gYAhNB1uSQlKWjmQmlT6aVQlOIQGPfnQoUoobbpKk9cPT5oc9NTfCMnY14:pAhNB1uHlJrmd6aVQwaPfQo/Ybf9CT57
imphash ee3d9ed372851e2ffadaa770c2e8e8e0
File size 39.7 KB ( 40623 bytes )
File type Win32 EXE
Magic literal PE32 executable for MS Windows (native) Intel 80386 32-bit
TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags peexe native

VirusTotal metadata
First submission 2010-01-26 18:23:39 UTC ( 4 years, 1 month ago )
Last submission 2014-03-18 01:59:39 UTC ( 8 minutes ago )
File names csdriver.sys



here are the FRST fixlog


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by User at 2014-03-18 10:12:51 Run:3
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
S4 jcjymt;
C:\WINDOWS\system32\lvuwppj.dll
C:\WINDOWS\Tasks\Norton Security Scan for User.job
Reboot:
end
*****************

jcjymt => Service deleted successfully.
"C:\WINDOWS\system32\lvuwppj.dll" => File/Directory not found.
C:\WINDOWS\Tasks\Norton Security Scan for User.job => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

Trancidonia
2014-03-18, 04:59
here are the most recent aswMBR scanlog


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-18 10:46:02
-----------------------------
10:46:02.468 OS Version: Windows 5.1.2600 Service Pack 3
10:46:02.468 Number of processors: 2 586 0x170A
10:46:02.468 ComputerName: CINDY UserName: User
10:46:02.750 Initialize success
10:46:05.609 AVAST engine defs: 14031701
10:46:08.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
10:46:08.296 Disk 0 Vendor: WDC_WD1600AAJS-08L7A0 03.03E03 Size: 152627MB BusType: 3
10:46:08.609 Disk 0 MBR read successfully
10:46:08.609 Disk 0 MBR scan
10:46:08.609 Disk 0 Windows XP default MBR code
10:46:08.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
10:46:08.609 Disk 0 Partition - 00 0F Extended LBA 76308 MB offset 156280320
10:46:08.625 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76308 MB offset 156280383
10:46:08.625 Disk 0 scanning sectors +312560640
10:46:08.703 Disk 0 scanning C:\WINDOWS\system32\drivers
10:46:15.875 Service scanning
10:46:28.109 Modules scanning
10:46:31.109 Disk 0 trace - called modules:
10:46:31.140 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:46:31.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5fdab8]
10:46:31.156 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a536f18]
10:46:31.156 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8a5a9d98]
10:46:31.359 AVAST engine scan C:\WINDOWS
10:46:45.843 AVAST engine scan C:\WINDOWS\system32
10:48:19.796 AVAST engine scan C:\WINDOWS\system32\drivers
10:48:30.453 AVAST engine scan C:\Documents and Settings\User
10:53:01.031 AVAST engine scan C:\Documents and Settings\All Users
10:54:44.062 Scan finished successfully
10:58:36.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
10:58:36.937 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

Juliet
2014-03-18, 12:30
Then it's good news.

A couple of things to check.

Please run this security check for my review.

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe).

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


~~~~~~~~~~~~~~~~~~~~~~~~~~

Download HijackThis

Go Here (http://www.bleepingcomputer.com/download/hijackthis/dl/90/) to download HijackThis program
Save HijackThis to your desktop.
Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
copy and paste hijackthis report into the topic




In your next post I need the following
checkup.txt
report from Hijackthis

Trancidonia
2014-03-19, 02:52
here are the checkup.txt


Results of screen317's Security Check version 0.99.80
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 6
Java version out of Date!
Adobe Flash Player 12.0.0.77
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (27.0.1)
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


here are the hijackthis.log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:45:22 AM, on 19/03/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {309E27CA-1FDC-4AD2-A3AA-0FF47085E5A6} (PLUGIN Control) - http://192.168.1.144/IEPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260026980718
O16 - DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} (HEM Video Decoder) - http://192.168.1.144/vcredist_x86.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6DDFB53-6BC9-4B06-8CDE-B73327CE27D9}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 11654 bytes

Juliet
2014-03-19, 11:46
Java(TM) 6 Update 6 <-- Uninstall this outdated version


Install Java:

Please go here to install Java (http://www.java.com/en/)

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close


Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here (http://www.foxitsoftware.com/pdf/reader/addons.php). It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.


~~~~~~~~~~~~~~~`

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O4 - HKLM\..\Run: "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart


Now reboot the computer to set the registry.

~~~~~~~~~~~~~~~~~~~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
[u]NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.



start
DeleteQuarantine:
end


~~~~~~~~~~~~~~~~


Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

Go to Start > Run > copy and paste the full text path in the run box

ComboFix /Uninstall

Note the space between the x and the /U, it needs to be there.

~~~~~~~~~~~~~~~~~~~~~

Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg

Click Run




Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

~~~~~~~~~~~~~~~~~~~~~~~~~

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)

CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.


Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop



~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)


WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))


Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)


Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)

Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

Trancidonia
2014-03-21, 03:41
Thank you Juliet for Everything :):):):)
I am now going to read through all the links provided.

While at the mean time, and since PC1 i believe is now clean from Viruses.
I will now prep my PC2 for a new thread soon.


Very much appreciated!!

Juliet
2014-03-21, 11:10
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.