View Full Version : iexplorer keeps replicating creating large files
blueskygal
2014-07-09, 03:00
Hello and thanks for your help in advance :)
I have acquired a virus of some sort that replicates windows explorer multiple times and the process becomes very large until the computer runs out of space.
spybot isolated the malware to one folder:
users/NAME/AppData/Local
I have run the spybot scan twice and when I hit "fix" the system freezes and never executes the fixes.
1. i have downloaded and run ERUNT
2. i ran dds but it only created the attach file (attached)
3. i ran aswmbr and have attached the output
4. I have the home edition and was not able to located where to turn TeaTimer off. I will try that later.
5. Before I got spybot i did do a registry clean (sorry) per someone else's advice.
I await your advice...
blueskygal
Hi blueskygal,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
The logs you provided appear to be incomplete. Please run the following scans and post the logs requested.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) aswMBR
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================
In your next post please provide the following:
checkup.txt
aswMBR.txt
attach MBR.zip
FRST.txt
Addition.txt
blueskygal
2014-07-10, 23:01
Hi OCD,
I ran the security check several times and it came up repeatedly with
"system cannot find specified file."
More luck with aswMBR. Files attached. Thanks!
Blueskygal
blueskygal
2014-07-10, 23:43
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-07-2014
Ran by Colleen (administrator) on COLLEEN-PC on 10-07-2014 13:29:39
Running from C:\Users\Colleen\Downloads
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Easy Dock] => [X]
HKLM\...\Run: [LXCJCATS] => C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll [106496 2006-11-21] (Lexmark International Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [CommonToolkitTray] => C:\Program Files\Fighters\Tray\FightersTray.exe [1497120 2013-04-29] (SPAMfighter ApS)
HKLM\...\Run: [sfagent] => C:\Program Files\Fighters\SPAMfighter\sfagent.exe [1065504 2013-06-14] (SPAMfighter ApS)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [3784704 2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [EfficientPIM] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2014-03-12] (RealNetworks, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-13] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Easy Dock] => [X]
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Google Update] => C:\Users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-01-24] (Google Inc.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cdloader] => C:\Users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Advanced SystemCare 6] => C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Amazon Cloud Player] => C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [sljwnape] => C:\Users\Colleen\AppData\Local\iogossul.exe [147456 2014-06-26] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cqibmelw] => C:\Users\Colleen\AppData\Local\aeqltsel.exe [131072 2014-06-27] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-05-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {0f57a5df-ad60-11df-acb7-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {22c098ed-bbc9-11df-b0fe-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {69ac5fda-0d5d-11df-ba7b-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {93e9c021-d11b-11e2-a15f-0016d48ced5c} - E:\menu.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EfficientPIM.lnk
ShortcutTarget: EfficientPIM.lnk -> C:\Program Files\EfficientPIM\EfficientPIM.exe (Efficient Software)
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
URLSearchHook: HKCU - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
SearchScopes: HKCU - Yahoo! URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E193F4C5-F373-46B8-B35A-B3DEFCDD880B}&mid=c69ac0678e2d6391eb38988c0bd4732a-43718684b57e539fbe5a9a735e71288613c12102&lang=us&ds=AVG&pr=fr&d=2013-06-04 11:40:48&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: No Name - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://toolbox.webex.com/client/T26L10NSP49EP8/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\system\msdxm.ocx (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program Files\PDFlite\npPdfViewer.dll No File
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Colleen\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-06]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-12]
Chrome:
=======
CHR HomePage: hxxp://my.netzero.net/start/sp.do
CHR Plugin: (Shockwave Flash) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (eMusic Remote Plugin) - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Colleen\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (RealDownloader) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-12]
CHR Extension: (WeatherBug (Legacy App)) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2013-08-16]
CHR Extension: (FastestFox for Chrome) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-10-27]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-08-15]
CHR Extension: (Google Wallet) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Readability) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-04-29]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-06-04]
========================== Services (Whitelisted) =================
S2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
S2 astcc; C:\Windows\system32\AstSrv.exe [53248 2008-06-11] ( Advanced Software Technologies) [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 lxcj_device; C:\Windows\system32\lxcjcoms.exe [537520 2007-02-08] ( )
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SPAMfighter Update Service; C:\Program Files\Fighters\SPAMfighter\sfus.exe [216608 2013-06-14] (SPAMfighter ApS)
S2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe [1281568 2013-05-29] (SPAMfighter ApS)
S2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [40960 2006-07-20] () [File not signed]
S2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
S2 TosCoSrv; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [425648 2006-11-22] (TOSHIBA Corporation) [File not signed]
S2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [77824 2006-10-31] (TOSHIBA CORPORATION) [File not signed]
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672 2007-03-22] (Gteko Ltd.)
S2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-29] (Malwarebytes Corporation)
S2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed]
S2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed]
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [68168 2010-05-06] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [68204 2005-09-12] (Microsoft Corporation) [File not signed]
U3 aswMBR; C:\Users\Colleen\AppData\Local\Temp\aswMBR.sys [54656 2014-07-10] () [File not signed]
U5 Tosrfusb; C:\Windows\System32\Drivers\Tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION)
U3 aswVmm; \??\C:\Users\Colleen\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-10 13:29 - 2014-07-10 13:31 - 00026192 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:26 - 2014-07-10 13:29 - 00000000 ____D () C:\FRST
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ () C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 13:07 - 2014-07-10 13:07 - 01075200 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-10 12:55 - 2014-07-10 12:56 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 12:54 - 2014-07-10 12:54 - 00000554 _____ () C:\Users\Colleen\Desktop\MBR.zip
2014-07-10 12:53 - 2014-07-10 12:53 - 00002290 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-10 12:53 - 2014-07-10 12:53 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-10 11:21 - 2014-07-10 11:22 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR (3).exe
2014-07-10 11:21 - 2014-07-10 11:22 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR (2).exe
2014-07-10 11:20 - 2014-07-10 11:21 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR (1).exe
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-10 10:51 - 2014-07-10 10:51 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck (1).exe
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:47 - 2014-07-01 10:48 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-10 11:09 - 00000000 ____D () C:\Windows\ERDNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 17:29 - 2014-06-28 09:00 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-06-27 17:29 - 2014-06-27 17:30 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:28 - 2014-06-27 17:26 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:26 - 2006-09-18 14:41 - 00000736 _____ () C:\Windows\system32\Drivers\etc\hosts.20140627-172634.backup
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:31 - 2014-06-28 08:52 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2014-06-27 21:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 16:29 - 2014-06-27 17:14 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-06-27 16:24 - 2014-06-27 16:26 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:21 - 2014-06-27 16:22 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:18 - 2014-06-27 16:20 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ () C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:32 - 2014-06-27 15:32 - 00003420 _____ () C:\Windows\PFRO.log
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 14:59 - 2014-06-27 15:00 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-27 12:54 - 2014-06-27 14:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 17:59 - 2014-06-26 17:59 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:49 - 2014-06-26 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 13:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-26 11:12 - 2014-06-26 11:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-06-24 10:34 - 2014-06-24 10:35 - 01116105 _____ () C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts! Tuesday June 24th 10 am and Noon EST.zip
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-20-14.zip
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to 6-15-14.zip
2014-06-12 10:22 - 2014-06-12 10:22 - 01974784 _____ () C:\Users\Colleen\Downloads\world_time_zones_sl.xls
2014-06-10 18:25 - 2014-05-28 09:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 18:25 - 2014-05-28 09:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 18:25 - 2014-05-28 09:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 18:25 - 2014-05-28 09:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 18:25 - 2014-05-28 09:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 18:25 - 2014-05-28 09:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 18:25 - 2014-05-28 09:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-10 18:25 - 2014-05-28 09:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 18:25 - 2014-05-28 09:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 18:25 - 2014-05-28 09:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-10 18:25 - 2014-05-28 09:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 18:25 - 2014-05-28 09:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 18:25 - 2014-05-28 09:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 18:25 - 2014-05-28 09:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 18:25 - 2014-05-28 09:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-10 18:25 - 2014-05-28 09:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 18:25 - 2014-05-28 09:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 18:25 - 2014-05-28 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 18:25 - 2014-05-28 09:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-10 18:25 - 2014-05-28 09:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-10 18:25 - 2014-05-28 09:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 18:25 - 2014-04-26 09:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 18:25 - 2014-04-04 19:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 18:25 - 2014-03-09 18:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 18:25 - 2014-03-09 18:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
==================== One Month Modified Files and Folders =======
2014-07-10 13:31 - 2014-07-10 13:29 - 00026192 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:29 - 2014-07-10 13:26 - 00000000 ____D () C:\FRST
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:24 - 2007-08-10 05:54 - 00001356 _____ () C:\Users\Colleen\AppData\Local\d3d9caps.dat
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ () C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 13:07 - 2014-07-10 13:07 - 01075200 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-10 12:56 - 2014-07-10 12:55 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 12:54 - 2014-07-10 12:54 - 00000554 _____ () C:\Users\Colleen\Desktop\MBR.zip
2014-07-10 12:53 - 2014-07-10 12:53 - 00002290 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-10 12:53 - 2014-07-10 12:53 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-10 11:22 - 2014-07-10 11:21 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR (3).exe
2014-07-10 11:22 - 2014-07-10 11:21 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR (2).exe
2014-07-10 11:21 - 2014-07-10 11:20 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR (1).exe
2014-07-10 11:14 - 2007-07-02 20:03 - 06866952 ____R () C:\Users\Colleen\Documents\My Money Backup.mbf
2014-07-10 11:14 - 2007-07-01 17:52 - 06864896 _____ () C:\Users\Colleen\Documents\My Money.mny
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:09 - 2014-07-01 10:04 - 00000000 ____D () C:\Windows\ERDNT
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-10 10:51 - 2014-07-10 10:51 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck (1).exe
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:48 - 2014-07-01 10:47 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:08 - 2010-06-07 15:34 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 09:05 - 2006-11-02 06:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-28 09:05 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-28 09:05 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 09:05 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-28 09:04 - 2007-01-10 15:30 - 01165282 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 09:00 - 2014-06-27 17:29 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-06-28 09:00 - 2014-03-12 10:59 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job
2014-06-28 08:59 - 2006-11-02 03:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 08:58 - 2009-12-22 23:09 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 08:52 - 2014-06-27 16:31 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-28 08:51 - 2009-12-22 23:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 08:47 - 2014-02-10 10:42 - 00000000 ____D () C:\Users\Colleen\Documents\Efficient Organizer AutoBackup
2014-06-28 08:23 - 2013-06-18 21:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-28 08:13 - 2007-09-01 08:47 - 00000256 _____ () C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2014-06-27 21:50 - 2009-06-30 21:59 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000Core.job
2014-06-27 21:32 - 2014-06-27 16:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 17:43 - 2013-06-04 11:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-27 17:34 - 2014-03-06 13:01 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2114738196-1747254254-1146559385-1000.job
2014-06-27 17:30 - 2014-06-27 17:29 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:27 - 2009-06-30 21:59 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000UA.job
2014-06-27 17:26 - 2014-06-27 17:28 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:18 - 2014-06-27 16:31 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 17:18 - 2014-06-27 16:31 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:14 - 2014-06-27 16:29 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:26 - 2014-06-27 16:24 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:22 - 2014-06-27 16:21 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:20 - 2014-06-27 16:18 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ () C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:43 - 2014-04-21 15:05 - 00000000 ____D () C:\Users\Colleen\Documents\A NexRep
2014-06-27 15:32 - 2014-06-27 15:32 - 00003420 _____ () C:\Windows\PFRO.log
2014-06-27 15:32 - 2006-11-30 17:44 - 00000000 ____D () C:\Program Files\Google
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 15:00 - 2014-06-27 14:59 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 14:32 - 2007-05-26 14:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Mozilla
2014-06-27 14:32 - 2007-05-26 14:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\Program Files\TOSHIBA Games
2014-06-27 14:30 - 2006-11-02 03:23 - 00000375 _____ () C:\Windows\win.ini
2014-06-27 14:15 - 2006-11-30 17:39 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-27 14:01 - 2014-06-27 12:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-27 13:07 - 2006-11-30 16:26 - 00000000 ____D () C:\Windows\Panther
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-27 12:35 - 2007-02-04 10:28 - 00000000 ____D () C:\Users\Colleen\AppData\Local\Google
2014-06-27 12:35 - 2006-11-30 17:44 - 00000000 ____D () C:\ProgramData\Google
2014-06-26 17:59 - 2014-06-26 17:59 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-06-26 17:30 - 2009-04-05 13:18 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\IObit
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:50 - 2014-06-26 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2010-06-07 15:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 11:14 - 2014-06-26 11:12 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-26 10:59 - 2014-03-12 11:59 - 00000040 _____ () C:\Users\Colleen\AppData\Roaming\WB.CFG
2014-06-25 12:04 - 2014-04-24 13:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Five9
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-06-25 11:53 - 2013-10-03 22:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-24 10:35 - 2014-06-24 10:34 - 01116105 _____ () C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts! Tuesday June 24th 10 am and Noon EST.zip
2014-06-23 15:22 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-23 14:49 - 2013-12-02 10:59 - 50753536 _____ () C:\Windows\system32\config\software.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 38883328 _____ () C:\Windows\system32\config\components.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00274432 _____ () C:\Windows\system32\config\default.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00057344 _____ () C:\Windows\system32\config\sam.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-20-14.zip
2014-06-21 14:58 - 2014-05-23 10:57 - 00000000 ____D () C:\Users\Colleen\DocumentA NexRep
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to 6-15-14.zip
2014-06-18 07:56 - 2013-06-05 14:31 - 00000000 ____D () C:\Program Files\Opera
2014-06-16 20:18 - 2010-01-02 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Local\Bible Explorer 4
2014-06-16 08:12 - 2014-02-10 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EfficientPIM
2014-06-16 08:12 - 2014-02-10 10:29 - 00000000 ____D () C:\Program Files\EfficientPIM
2014-06-13 12:35 - 2008-07-03 10:15 - 00000000 ____D () C:\Users\Colleen\Documents\Money
2014-06-13 12:31 - 2007-12-20 16:01 - 00000000 _____ () C:\Users\Colleen\Documents\NEWSOFT
2014-06-12 10:22 - 2014-06-12 10:22 - 01974784 _____ () C:\Users\Colleen\Downloads\world_time_zones_sl.xls
2014-06-11 08:35 - 2006-11-30 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 08:32 - 2013-08-18 10:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 08:24 - 2006-11-02 03:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
Files to move or delete:
====================
C:\Users\Colleen\lametritonus_en.dll
C:\Users\Colleen\lame_enc_en.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-10 12:17
==================== End Of Log ============================
Hi blueskygal,
Please don't attach the logs unless requested to do so. When you attach the log I must download it before I can view it. Most logs will fit in the reply window. If the forum should give you a warning that the file is to large, simply break the log up into multiple posts.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Multiple Anti-Virus Programs Installed
I notice that you have multiple Anti-Virus programs installed at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system.
AVG AntiVirus Free Edition 2014
Spybot - Search and Destroy
Please uninstall one (1) (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one anti-spyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.
AVG AntiVirus Free Edition 2014
Spybot - Search and Destroy
=========================
I noticed by your logs that you ran these scan is Safe Mode w/Networking. Can the computer boot in Normal Mode?
Please try and run this next step in Normal Mode. If you cannot boot in Normal Mode then run the in Safe Mode w/Networking.
=========================
You have a Rootkit infection on your computer. Please read through the instructions to familiarize yourself with the steps before you start. If you are more comfortable you can print them out for reference as you work though the steps.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) TDSSKiller
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) - Extract it to your desktop
TDSSKiller.exe
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
After program loads, click on Change parameters.
Put a check-mark beside Loaded modules.
http://img802.imageshack.us/img802/859/2012081514h0118.png
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
http://img.photobucket.com/albums/v257/MrChalee/clip.jpg
Press Start Scan
http://img202.imageshack.us/img202/1699/19695967.jpg
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue
http://img716.imageshack.us/img716/7638/67776163.jpg
Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
If in doubt about an entry....please ask or choose Skip
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
IMPORTANT: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt.
=========================
In your next post please provide the following:
TDSSKiller log
blueskygal
2014-07-12, 02:26
OCD,
1. Deleted AVG :) does run faster!
2. While running program spybot found a problem but i told it to allow it figuring tdsskiller would get it.
15:54:31.0117 0x0a54 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
15:54:31.0569 0x0a54 ============================================================
15:54:31.0569 0x0a54 Current date / time: 2014/07/11 15:54:31.0569
15:54:31.0569 0x0a54 SystemInfo:
15:54:31.0569 0x0a54
15:54:31.0569 0x0a54 OS Version: 6.0.6002 ServicePack: 2.0
15:54:31.0569 0x0a54 Product type: Workstation
15:54:31.0569 0x0a54 ComputerName: COLLEEN-PC
15:54:31.0569 0x0a54 UserName: Colleen
15:54:31.0569 0x0a54 Windows directory: C:\Windows
15:54:31.0569 0x0a54 System windows directory: C:\Windows
15:54:31.0569 0x0a54 Processor architecture: Intel x86
15:54:31.0569 0x0a54 Number of processors: 2
15:54:31.0569 0x0a54 Page size: 0x1000
15:54:31.0569 0x0a54 Boot type: Normal boot
15:54:31.0569 0x0a54 ============================================================
15:54:31.0585 0x0a54 BG loaded
15:54:33.0036 0x0a54 System UUID: {D7C73EAA-3184-3AB6-D3C6-0DB06BF1B4CD}
15:54:35.0376 0x0a54 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 ( 93.16 Gb ), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:54:35.0438 0x0a54 ============================================================
15:54:35.0438 0x0a54 \Device\Harddisk0\DR0:
15:54:35.0485 0x0a54 MBR partitions:
15:54:35.0485 0x0a54 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xB763800
15:54:35.0485 0x0a54 ============================================================
15:54:35.0922 0x0a54 C: <-> \Device\Harddisk0\DR0\Partition1
15:54:35.0922 0x0a54 ============================================================
15:54:35.0922 0x0a54 Initialize success
15:54:35.0922 0x0a54 ============================================================
15:55:25.0193 0x0c70 ============================================================
15:55:25.0193 0x0c70 Scan started
15:55:25.0193 0x0c70 Mode: Manual; SigCheck; TDLFS;
15:55:25.0193 0x0c70 ============================================================
15:55:25.0193 0x0c70 KSN ping started
15:56:09.0045 0x0c70 KSN ping finished: true
15:56:28.0670 0x0c70 ================ Scan system memory ========================
15:56:28.0670 0x0c70 System memory - ok
15:56:28.0919 0x0c70 ================ Scan services =============================
15:56:29.0606 0x0c70 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:56:29.0996 0x0c70 ACPI - ok
15:56:31.0135 0x0c70 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:56:31.0213 0x0c70 AdobeARMservice - ok
15:56:31.0790 0x0c70 [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:56:32.0086 0x0c70 AdobeFlashPlayerUpdateSvc - ok
15:56:32.0492 0x0c70 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:56:32.0773 0x0c70 adp94xx - ok
15:56:32.0866 0x0c70 [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:56:33.0334 0x0c70 adpahci - ok
15:56:33.0631 0x0c70 [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:56:34.0005 0x0c70 adpu160m - ok
15:56:34.0395 0x0c70 [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:56:34.0738 0x0c70 adpu320 - ok
15:56:35.0674 0x0c70 [ 9243229DFCCC99B5441750EBA49F1B14, 1292D9A049F07E74F3E60068D839E9166BBC090A63972FBE5432D4818AA9DF47 ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
15:56:35.0893 0x0c70 AdvancedSystemCareService6 - ok
15:56:36.0002 0x0c70 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:56:38.0186 0x0c70 AeLookupSvc - ok
15:56:38.0669 0x0c70 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
15:56:41.0259 0x0c70 AFD - ok
15:56:41.0493 0x0c70 [ 1CB677BF1DABD3BAF4F944E2C90D6C73, 099466E899BB7BA176C42DB15D0D4946DC15845CA051BDACF3BE767157AB90BD ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
15:56:41.0852 0x0c70 AgereModemAudio - ok
15:56:42.0179 0x0c70 [ 4E6294A06BE883C9BD685A8DFD9FCD4E, 981293F10047FEB0DA7D421E0F36653360BCF709F7BB8F0750CE6D298F739D73 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
15:56:42.0491 0x0c70 AgereSoftModem - ok
15:56:42.0772 0x0c70 [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:56:42.0866 0x0c70 agp440 - ok
15:56:42.0944 0x0c70 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:56:43.0006 0x0c70 aic78xx - ok
15:56:43.0084 0x0c70 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
15:56:44.0223 0x0c70 ALG - ok
15:56:44.0473 0x0c70 [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide C:\Windows\system32\drivers\aliide.sys
15:56:44.0519 0x0c70 aliide - ok
15:56:44.0582 0x0c70 [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:56:44.0597 0x0c70 amdagp - ok
15:56:44.0644 0x0c70 [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide C:\Windows\system32\drivers\amdide.sys
15:56:44.0660 0x0c70 amdide - ok
15:56:44.0691 0x0c70 [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:56:45.0034 0x0c70 AmdK7 - ok
15:56:45.0065 0x0c70 [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:56:45.0237 0x0c70 AmdK8 - ok
15:56:45.0362 0x0c70 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
15:56:45.0440 0x0c70 Appinfo - ok
15:56:45.0549 0x0c70 [ A8AA9D47F971570A5162B862B80F87E8, D33A9A2B7838288E99B56B95A10E6B62E4EFF973CF7FFA0073CC2A9145C0E11D ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
15:56:45.0580 0x0c70 Apple Mobile Device - ok
15:56:45.0752 0x0c70 [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc C:\Windows\system32\drivers\arc.sys
15:56:45.0877 0x0c70 arc - ok
15:56:46.0001 0x0c70 [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:56:46.0048 0x0c70 arcsas - ok
15:56:46.0204 0x0c70 [ C2DF2E3C676414D6F8C8F35F0EA46C60, 0D1BB71306D0C103A5B55A1C5CDBC7B93F72FEA24BFA1BDA5C7AEBC1D27C4362 ] astcc C:\Windows\system32\AstSrv.exe
15:56:46.0251 0x0c70 astcc - detected UnsignedFile.Multi.Generic ( 1 )
15:56:51.0368 0x0c70 Detect skipped due to KSN trusted
15:56:51.0368 0x0c70 astcc - ok
15:56:51.0555 0x0c70 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:56:51.0758 0x0c70 AsyncMac - ok
15:56:51.0836 0x0c70 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
15:56:51.0867 0x0c70 atapi - ok
15:56:52.0085 0x0c70 [ 47CCA447C98AA4258EC43C924A883A45, 98E4C1AC4CB59E361E09B5DB04A88483F807F53B7EEED32BA27E77D281D5AE4E ] atashost C:\Windows\system32\atashost.exe
15:56:52.0101 0x0c70 atashost - ok
15:56:52.0663 0x0c70 [ 8BE56F8300E1C37B578DA23C71816B7A, C214C8B070E60ED2C8144D875969DAB3B3999532AE0B7E8732813DCC0408826F ] athr C:\Windows\system32\DRIVERS\athr.sys
15:56:53.0068 0x0c70 athr - ok
15:56:53.0287 0x0c70 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:56:53.0333 0x0c70 AudioEndpointBuilder - ok
15:56:53.0396 0x0c70 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:56:53.0505 0x0c70 Audiosrv - ok
15:56:53.0739 0x0c70 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
15:56:53.0926 0x0c70 Beep - ok
15:56:54.0160 0x0c70 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
15:56:54.0269 0x0c70 BFE - ok
15:56:54.0737 0x0c70 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
15:56:55.0486 0x0c70 BITS - ok
15:56:55.0689 0x0c70 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:56:55.0767 0x0c70 bowser - ok
15:56:55.0876 0x0c70 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:56:55.0985 0x0c70 BrFiltLo - ok
15:56:56.0204 0x0c70 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:56:56.0375 0x0c70 BrFiltUp - ok
15:56:56.0469 0x0c70 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
15:56:56.0547 0x0c70 Browser - ok
15:56:56.0734 0x0c70 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:56:57.0171 0x0c70 Brserid - ok
15:56:57.0249 0x0c70 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:56:57.0717 0x0c70 BrSerWdm - ok
15:56:57.0748 0x0c70 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:56:57.0982 0x0c70 BrUsbMdm - ok
15:56:58.0216 0x0c70 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:56:58.0965 0x0c70 BrUsbSer - ok
15:56:59.0402 0x0c70 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:56:59.0527 0x0c70 BTHMODEM - ok
15:57:00.0197 0x0c70 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:57:00.0338 0x0c70 cdfs - ok
15:57:00.0572 0x0c70 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:57:00.0681 0x0c70 cdrom - ok
15:57:00.0993 0x0c70 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
15:57:01.0430 0x0c70 CertPropSvc - ok
15:57:02.0277 0x0c70 [ C82162949BBA6CC5D006C7BD008F3CF1, 635E5B5C5AF3ACECA6115DAC8E576390B258C6590EE9727DB6FA68B13FD85297 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
15:57:02.0417 0x0c70 CFSvcs - detected UnsignedFile.Multi.Generic ( 1 )
15:57:12.0918 0x0c70 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
15:57:17.0876 0x0c70 [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass C:\Windows\system32\drivers\circlass.sys
15:57:18.0100 0x0c70 circlass - ok
15:57:18.0208 0x0c70 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
15:57:18.0561 0x0c70 CLFS - ok
15:57:18.0821 0x0c70 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:57:20.0287 0x0c70 clr_optimization_v2.0.50727_32 - ok
15:57:20.0496 0x0c70 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:57:21.0124 0x0c70 clr_optimization_v4.0.30319_32 - ok
15:57:21.0454 0x0c70 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:57:21.0633 0x0c70 CmBatt - ok
15:57:21.0759 0x0c70 [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:57:21.0775 0x0c70 cmdide - ok
15:57:22.0107 0x0c70 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:57:22.0228 0x0c70 Compbatt - ok
15:57:22.0252 0x0c70 COMSysApp - ok
15:57:22.0361 0x0c70 [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:57:23.0007 0x0c70 crcdisk - ok
15:57:23.0201 0x0c70 [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:57:23.0829 0x0c70 Crusoe - ok
15:57:24.0670 0x0c70 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:57:25.0276 0x0c70 CryptSvc - ok
15:57:25.0779 0x0c70 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:57:26.0010 0x0c70 DcomLaunch - ok
15:57:26.0099 0x0c70 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:57:26.0311 0x0c70 DfsC - ok
15:57:27.0518 0x0c70 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
15:57:28.0870 0x0c70 DFSR - ok
15:57:29.0229 0x0c70 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:57:29.0307 0x0c70 Dhcp - ok
15:57:29.0588 0x0c70 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
15:57:30.0883 0x0c70 disk - ok
15:57:31.0101 0x0c70 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:57:31.0226 0x0c70 Dnscache - ok
15:57:31.0304 0x0c70 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
15:57:31.0709 0x0c70 dot3svc - ok
15:57:31.0865 0x0c70 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
15:57:32.0443 0x0c70 DPS - ok
15:57:32.0521 0x0c70 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:57:32.0708 0x0c70 drmkaud - ok
15:57:33.0425 0x0c70 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:57:33.0942 0x0c70 DXGKrnl - ok
15:57:34.0092 0x0c70 [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:57:39.0691 0x0c70 E1G60 - ok
15:57:39.0987 0x0c70 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
15:57:40.0190 0x0c70 EapHost - ok
15:57:40.0424 0x0c70 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
15:57:40.0517 0x0c70 Ecache - ok
15:57:40.0689 0x0c70 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:57:40.0881 0x0c70 ehRecvr - ok
15:57:40.0920 0x0c70 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
15:57:41.0164 0x0c70 ehSched - ok
15:57:41.0195 0x0c70 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
15:57:41.0273 0x0c70 ehstart - ok
15:57:41.0336 0x0c70 [ 7EC42EC12A4BAC14BCCA99FB06F2D125, 6C4761B6727430D11D463C2E3BD0202755BE6598F3585A2B4B8E24DBA6A2EF7B ] elagopro C:\Windows\system32\DRIVERS\elagopro.sys
15:57:41.0460 0x0c70 elagopro - ok
15:57:41.0507 0x0c70 [ DFEABB7CFFFADEA4A912AB95BDC3177A, 9A93956CF826F419ACB2B3CA8809917E345ACFD43B102EAB18DB46F49859D1C7 ] elaunidr C:\Windows\system32\DRIVERS\elaunidr.sys
15:57:41.0741 0x0c70 elaunidr - ok
15:57:41.0866 0x0c70 [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:57:42.0022 0x0c70 elxstor - ok
15:57:42.0131 0x0c70 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:57:42.0318 0x0c70 EMDMgmt - ok
15:57:42.0459 0x0c70 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
15:57:42.0568 0x0c70 EventSystem - ok
15:57:42.0880 0x0c70 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
15:57:43.0847 0x0c70 exfat - ok
15:57:43.0972 0x0c70 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:57:44.0066 0x0c70 fastfat - ok
15:57:44.0172 0x0c70 [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:57:44.0432 0x0c70 fdc - ok
15:57:44.0562 0x0c70 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
15:57:44.0652 0x0c70 fdPHost - ok
15:57:44.0702 0x0c70 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
15:57:44.0832 0x0c70 FDResPub - ok
15:57:44.0972 0x0c70 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:57:45.0002 0x0c70 FileInfo - ok
15:57:45.0092 0x0c70 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:57:45.0162 0x0c70 Filetrace - ok
15:57:45.0252 0x0c70 [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:57:45.0352 0x0c70 flpydisk - ok
15:57:45.0492 0x0c70 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:57:45.0522 0x0c70 FltMgr - ok
15:57:45.0902 0x0c70 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
15:57:46.0782 0x0c70 FontCache - ok
15:57:46.0942 0x0c70 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:57:46.0982 0x0c70 FontCache3.0.0.0 - ok
15:57:47.0042 0x0c70 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:57:47.0122 0x0c70 Fs_Rec - ok
15:57:47.0192 0x0c70 [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:57:47.0232 0x0c70 gagp30kx - ok
15:57:47.0372 0x0c70 [ AB8A6A87D9D7255C3884D5B9541A6E80, D073B5D8A06EFA6415E8F22DFE486DE913113AE23F59CFC5EEF1B3E694CE86F3 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:57:47.0392 0x0c70 GEARAspiWDM - ok
15:57:47.0542 0x0c70 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
15:57:47.0652 0x0c70 gpsvc - ok
15:57:47.0892 0x0c70 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:57:47.0907 0x0c70 gupdate - ok
15:57:47.0985 0x0c70 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:57:48.0001 0x0c70 gupdatem - ok
15:57:48.0102 0x0c70 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:57:48.0162 0x0c70 gusvc - ok
15:57:48.0272 0x0c70 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:57:48.0402 0x0c70 HdAudAddService - ok
15:57:48.0502 0x0c70 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:57:48.0712 0x0c70 HDAudBus - ok
15:57:48.0772 0x0c70 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:57:48.0902 0x0c70 HidBth - ok
15:57:48.0982 0x0c70 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
15:57:49.0112 0x0c70 HidIr - ok
15:57:49.0252 0x0c70 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll
15:57:49.0462 0x0c70 hidserv - ok
15:57:49.0632 0x0c70 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:57:49.0822 0x0c70 HidUsb - ok
15:57:49.0922 0x0c70 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
15:57:49.0992 0x0c70 hkmsvc - ok
15:57:50.0102 0x0c70 [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:57:50.0132 0x0c70 HpCISSs - ok
15:57:50.0312 0x0c70 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:57:50.0432 0x0c70 HTTP - ok
15:57:50.0492 0x0c70 [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:57:50.0522 0x0c70 i2omp - ok
15:57:50.0672 0x0c70 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:57:50.0742 0x0c70 i8042prt - ok
15:57:51.0502 0x0c70 [ 9378D57E2B96C0A185D844770AD49948, AED244DDF125C867091D0A926B275EC1C60C89844C69595B1D1FC586F60F118A ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
15:57:52.0827 0x0c70 ialm - ok
15:57:53.0045 0x0c70 [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:57:53.0092 0x0c70 iaStorV - ok
15:57:53.0248 0x0c70 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:57:53.0326 0x0c70 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
15:57:58.0178 0x0c70 Detect skipped due to KSN trusted
15:57:58.0178 0x0c70 IDriverT - ok
15:57:58.0614 0x0c70 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:58:00.0065 0x0c70 idsvc - ok
15:58:01.0298 0x0c70 [ 9378D57E2B96C0A185D844770AD49948, AED244DDF125C867091D0A926B275EC1C60C89844C69595B1D1FC586F60F118A ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:58:05.0868 0x0c70 igfx - ok
15:58:06.0024 0x0c70 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:58:06.0087 0x0c70 iirsp - ok
15:58:06.0227 0x0c70 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
15:58:06.0695 0x0c70 IKEEXT - ok
15:58:07.0132 0x0c70 [ A47B2875680AD67B35C6150BD0203056, 2087CF6D1EEA7C0DB09EB3211713B2D0F36877960878A08CF6CEC99252316417 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:58:07.0631 0x0c70 IntcAzAudAddService - ok
15:58:07.0772 0x0c70 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
15:58:07.0803 0x0c70 intelide - ok
15:58:07.0896 0x0c70 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:58:07.0974 0x0c70 intelppm - ok
15:58:08.0052 0x0c70 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:58:08.0130 0x0c70 IPBusEnum - ok
15:58:08.0208 0x0c70 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:58:08.0349 0x0c70 IpFilterDriver - ok
15:58:08.0442 0x0c70 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:58:08.0536 0x0c70 iphlpsvc - ok
15:58:08.0583 0x0c70 [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:58:08.0723 0x0c70 IPMIDRV - ok
15:58:08.0786 0x0c70 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:58:08.0926 0x0c70 IPNAT - ok
15:58:09.0129 0x0c70 [ 62937A89470AF8FF172F0980CA8AEFC9, E9F9853190EDB8B5805816C1B363FE357C61D3CD86CA4DEA6673FE4715AAFF89 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:58:09.0207 0x0c70 iPod Service - ok
15:58:09.0254 0x0c70 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:58:09.0503 0x0c70 IRENUM - ok
15:58:09.0550 0x0c70 [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:58:09.0566 0x0c70 isapnp - ok
15:58:09.0690 0x0c70 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:58:09.0706 0x0c70 iScsiPrt - ok
15:58:09.0753 0x0c70 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:58:09.0800 0x0c70 iteatapi - ok
15:58:10.0002 0x0c70 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:58:10.0034 0x0c70 iteraid - ok
15:58:10.0127 0x0c70 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:58:10.0143 0x0c70 kbdclass - ok
15:58:10.0283 0x0c70 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:58:10.0424 0x0c70 kbdhid - ok
15:58:10.0580 0x0c70 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
15:58:10.0704 0x0c70 KeyIso - ok
15:58:10.0782 0x0c70 [ 1E0D65F7FFEB4E99B2EEC1CCB5754CC8, FE56EA89A4D7751EAB089C58514A824FBEDB44065CF3132B897AC613E211B46B ] KR10I C:\Windows\system32\drivers\kr10i.sys
15:58:10.0798 0x0c70 KR10I - detected UnsignedFile.Multi.Generic ( 1 )
15:58:17.0350 0x0c70 Detect skipped due to KSN trusted
15:58:17.0350 0x0c70 KR10I - ok
15:58:17.0584 0x0c70 [ 485E005CD51FF502FB16483EB4B69C17, 8294524C21C18BA5A32B926BD497C67A4ED49FB3654C93D11681C01D30769998 ] KR3NPXP C:\Windows\system32\drivers\kr3npxp.sys
15:58:18.0146 0x0c70 KR3NPXP - detected UnsignedFile.Multi.Generic ( 1 )
15:58:23.0122 0x0c70 Detect skipped due to KSN trusted
15:58:23.0122 0x0c70 KR3NPXP - ok
15:58:24.0729 0x0c70 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:58:24.0807 0x0c70 KSecDD - ok
15:58:24.0978 0x0c70 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:58:25.0103 0x0c70 KtmRm - ok
15:58:25.0181 0x0c70 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll
15:58:25.0290 0x0c70 LanmanServer - ok
15:58:25.0368 0x0c70 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:58:25.0462 0x0c70 LanmanWorkstation - ok
15:58:25.0571 0x0c70 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:58:25.0634 0x0c70 lltdio - ok
15:58:25.0758 0x0c70 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:58:25.0868 0x0c70 lltdsvc - ok
15:58:25.0914 0x0c70 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:58:26.0055 0x0c70 lmhosts - ok
15:58:26.0164 0x0c70 [ 515FC18CABEE0158A324B08B1C2667CF, E044C731C795EB27E85DDD09F574D7002BC230D6341340078655892CAB3BA2E6 ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
15:58:26.0258 0x0c70 LPCFilter - ok
15:58:26.0290 0x0c70 [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:58:26.0317 0x0c70 LSI_FC - ok
15:58:26.0364 0x0c70 [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:58:26.0404 0x0c70 LSI_SAS - ok
15:58:26.0431 0x0c70 [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:58:26.0475 0x0c70 LSI_SCSI - ok
15:58:26.0598 0x0c70 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
15:58:26.0673 0x0c70 luafv - ok
15:58:26.0807 0x0c70 lxcj_device - ok
15:58:26.0931 0x0c70 [ 12E71DA845D76665B56753AD149E32B3, 0E403710CCBACD5AB85FD4C32AAB6CB2C27BC1F043E8008EE49EE96ECA944146 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
15:58:26.0961 0x0c70 MBAMSwissArmy - ok
15:58:27.0058 0x0c70 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:58:27.0120 0x0c70 Mcx2Svc - ok
15:58:27.0227 0x0c70 [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas C:\Windows\system32\drivers\megasas.sys
15:58:27.0286 0x0c70 megasas - ok
15:58:27.0384 0x0c70 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
15:58:27.0490 0x0c70 MMCSS - ok
15:58:27.0600 0x0c70 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
15:58:37.0630 0x0c70 Modem - ok
15:58:37.0850 0x0c70 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:58:37.0974 0x0c70 monitor - ok
15:58:38.0013 0x0c70 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:58:38.0032 0x0c70 mouclass - ok
15:58:38.0359 0x0c70 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:58:39.0045 0x0c70 mouhid - ok
15:58:39.0136 0x0c70 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:58:39.0220 0x0c70 MountMgr - ok
15:58:39.0418 0x0c70 [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio C:\Windows\system32\drivers\mpio.sys
15:58:39.0556 0x0c70 mpio - ok
15:58:39.0840 0x0c70 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:58:39.0960 0x0c70 mpsdrv - ok
15:58:40.0153 0x0c70 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:58:40.0363 0x0c70 MpsSvc - ok
15:58:40.0506 0x0c70 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:58:40.0534 0x0c70 Mraid35x - ok
15:58:40.0644 0x0c70 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:58:40.0704 0x0c70 MRxDAV - ok
15:58:40.0774 0x0c70 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:58:40.0864 0x0c70 mrxsmb - ok
15:58:40.0927 0x0c70 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:58:41.0023 0x0c70 mrxsmb10 - ok
15:58:41.0065 0x0c70 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:58:41.0117 0x0c70 mrxsmb20 - ok
15:58:41.0179 0x0c70 [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci C:\Windows\system32\drivers\msahci.sys
15:58:41.0203 0x0c70 msahci - ok
15:58:41.0278 0x0c70 [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:58:41.0307 0x0c70 msdsm - ok
15:58:41.0408 0x0c70 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
15:58:41.0607 0x0c70 MSDTC - ok
15:58:41.0793 0x0c70 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:58:41.0901 0x0c70 Msfs - ok
15:58:42.0037 0x0c70 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:58:42.0059 0x0c70 msisadrv - ok
15:58:42.0137 0x0c70 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:58:42.0290 0x0c70 MSiSCSI - ok
15:58:42.0315 0x0c70 msiserver - ok
15:58:42.0423 0x0c70 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:58:42.0548 0x0c70 MSKSSRV - ok
15:58:42.0717 0x0c70 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:58:42.0791 0x0c70 MSPCLOCK - ok
15:58:42.0890 0x0c70 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:58:42.0984 0x0c70 MSPQM - ok
15:58:43.0323 0x0c70 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:58:43.0432 0x0c70 MsRPC - ok
15:58:43.0816 0x0c70 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:58:43.0853 0x0c70 mssmbios - ok
15:58:43.0976 0x0c70 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:58:44.0115 0x0c70 MSTEE - ok
15:58:44.0187 0x0c70 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
15:58:44.0226 0x0c70 Mup - ok
15:58:44.0355 0x0c70 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
15:58:44.0402 0x0c70 napagent - ok
15:58:44.0544 0x0c70 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:58:44.0579 0x0c70 NativeWifiP - ok
15:58:44.0738 0x0c70 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:58:44.0965 0x0c70 NDIS - ok
15:58:45.0085 0x0c70 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:58:45.0150 0x0c70 NdisTapi - ok
15:58:45.0224 0x0c70 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:58:45.0297 0x0c70 Ndisuio - ok
15:58:45.0395 0x0c70 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:58:45.0504 0x0c70 NdisWan - ok
15:58:45.0567 0x0c70 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:58:45.0604 0x0c70 NDProxy - ok
15:58:45.0743 0x0c70 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:58:45.0795 0x0c70 NetBIOS - ok
15:58:45.0862 0x0c70 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:58:45.0971 0x0c70 netbt - ok
15:58:46.0014 0x0c70 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
15:58:46.0040 0x0c70 Netlogon - ok
15:58:46.0133 0x0c70 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
15:58:46.0277 0x0c70 Netman - ok
15:58:46.0365 0x0c70 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
15:58:46.0527 0x0c70 netprofm - ok
15:58:46.0689 0x0c70 [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:58:46.0780 0x0c70 NetTcpPortSharing - ok
15:58:46.0848 0x0c70 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:58:46.0898 0x0c70 nfrd960 - ok
15:58:46.0985 0x0c70 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
15:58:47.0060 0x0c70 NlaSvc - ok
15:58:47.0150 0x0c70 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:58:47.0192 0x0c70 Npfs - ok
15:58:47.0292 0x0c70 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
15:58:47.0377 0x0c70 nsi - ok
15:58:47.0497 0x0c70 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:58:47.0594 0x0c70 nsiproxy - ok
15:58:48.0042 0x0c70 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:58:48.0587 0x0c70 Ntfs - ok
15:58:48.0693 0x0c70 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:58:48.0853 0x0c70 ntrigdigi - ok
15:58:49.0009 0x0c70 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
15:58:49.0097 0x0c70 Null - ok
15:58:49.0197 0x0c70 [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:58:49.0247 0x0c70 nvraid - ok
15:58:49.0330 0x0c70 [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:58:49.0359 0x0c70 nvstor - ok
15:58:49.0555 0x0c70 [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:58:49.0768 0x0c70 nv_agp - ok
15:58:50.0238 0x0c70 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:58:50.0463 0x0c70 odserv - ok
15:58:50.0850 0x0c70 [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:58:50.0913 0x0c70 ohci1394 - ok
15:58:51.0077 0x0c70 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:58:51.0098 0x0c70 ose - ok
15:58:51.0349 0x0c70 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:58:51.0514 0x0c70 p2pimsvc - ok
15:58:51.0595 0x0c70 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
15:58:51.0919 0x0c70 p2psvc - ok
15:58:51.0986 0x0c70 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
15:59:01.0069 0x0c70 Parport - ok
15:59:01.0860 0x0c70 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:59:01.0991 0x0c70 partmgr - ok
15:59:02.0107 0x0c70 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:59:02.0432 0x0c70 Parvdm - ok
15:59:02.0620 0x0c70 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
15:59:03.0012 0x0c70 PcaSvc - ok
15:59:03.0200 0x0c70 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
15:59:03.0310 0x0c70 pci - ok
15:59:03.0522 0x0c70 [ 3B1901E401473E03EB8C874271E50C26, 3C7931F419E29FDD0155D8D05D97289430A2852FCB3DBAD1B338FE2241458E72 ] pciide C:\Windows\system32\drivers\pciide.sys
15:59:03.0794 0x0c70 pciide - ok
15:59:03.0946 0x0c70 [ 3BB2244F343B610C29C98035504C9B75, DA61EC2600199DFA32020D0484E9BBF5E0742E7C8C952370BF6FAF91C914A999 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:59:04.0065 0x0c70 pcmcia - ok
15:59:04.0396 0x0c70 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:59:05.0059 0x0c70 PEAUTH - ok
15:59:05.0390 0x0c70 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
15:59:06.0018 0x0c70 pla - ok
15:59:06.0184 0x0c70 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:59:06.0241 0x0c70 PlugPlay - ok
15:59:06.0546 0x0c70 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:59:06.0812 0x0c70 PNRPAutoReg - ok
blueskygal
2014-07-12, 02:28
15:59:07.0222 0x0c70 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:59:07.0420 0x0c70 PNRPsvc - ok
15:59:07.0767 0x0c70 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:59:08.0712 0x0c70 PolicyAgent - ok
15:59:09.0006 0x0c70 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:59:09.0100 0x0c70 PptpMiniport - ok
15:59:09.0193 0x0c70 [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor C:\Windows\system32\drivers\processr.sys
15:59:09.0318 0x0c70 Processor - ok
15:59:09.0478 0x0c70 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
15:59:09.0518 0x0c70 ProfSvc - ok
15:59:09.0603 0x0c70 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
15:59:09.0627 0x0c70 ProtectedStorage - ok
15:59:09.0727 0x0c70 [ 390C204CED3785609AB24E9C52054A84, D997A9EAAE4A7FED9C2FEBD1AA7D1171431B9C9D56F8BFB587DCAE26203FF4D2 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
15:59:09.0796 0x0c70 Ps2 - ok
15:59:09.0878 0x0c70 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:59:09.0955 0x0c70 PSched - ok
15:59:10.0075 0x0c70 [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
15:59:10.0109 0x0c70 PxHelp20 - ok
15:59:10.0537 0x0c70 [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:59:11.0618 0x0c70 ql2300 - ok
15:59:11.0688 0x0c70 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:59:11.0741 0x0c70 ql40xx - ok
15:59:12.0127 0x0c70 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
15:59:18.0373 0x0c70 QWAVE - ok
15:59:18.0471 0x0c70 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:59:18.0618 0x0c70 QWAVEdrv - ok
15:59:18.0767 0x0c70 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:59:18.0838 0x0c70 RasAcd - ok
15:59:18.0978 0x0c70 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
15:59:19.0134 0x0c70 RasAuto - ok
15:59:19.0205 0x0c70 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:59:19.0285 0x0c70 Rasl2tp - ok
15:59:19.0559 0x0c70 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
15:59:19.0607 0x0c70 RasMan - ok
15:59:19.0706 0x0c70 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:59:19.0799 0x0c70 RasPppoe - ok
15:59:19.0967 0x0c70 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:59:20.0060 0x0c70 RasSstp - ok
15:59:20.0249 0x0c70 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:59:20.0299 0x0c70 rdbss - ok
15:59:20.0381 0x0c70 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:59:20.0422 0x0c70 RDPCDD - ok
15:59:20.0940 0x0c70 [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:59:21.0461 0x0c70 rdpdr - ok
15:59:21.0586 0x0c70 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:59:21.0820 0x0c70 RDPENCDD - ok
15:59:21.0957 0x0c70 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:59:23.0038 0x0c70 RDPWD - ok
15:59:23.0794 0x0c70 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
15:59:23.0844 0x0c70 RealNetworks Downloader Resolver Service - ok
15:59:24.0149 0x0c70 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
15:59:24.0266 0x0c70 RemoteAccess - ok
15:59:24.0361 0x0c70 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:59:24.0412 0x0c70 RemoteRegistry - ok
15:59:24.0539 0x0c70 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
15:59:25.0143 0x0c70 RpcLocator - ok
15:59:25.0374 0x0c70 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
15:59:27.0286 0x0c70 RpcSs - ok
15:59:27.0423 0x0c70 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:59:27.0563 0x0c70 rspndr - ok
15:59:28.0281 0x0c70 [ 5163F804256DEB8CF1EF64B780A18CAA, 52C81583CEFA5E3EC503F48D759B93DA47C15BEA109022514CFAFFFDD5E9CB27 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
15:59:28.0823 0x0c70 RTL8169 - ok
15:59:29.0126 0x0c70 [ 93F66FAEA8BF047D4242AC85AADA403D, EAC5EA048B255EA255E120FD8FCF6BC682843E08A57838FB731050A7B9B9EDCC ] RVIEG01 C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
15:59:29.0516 0x0c70 RVIEG01 - detected UnsignedFile.Multi.Generic ( 1 )
15:59:34.0583 0x0c70 RVIEG01 ( UnsignedFile.Multi.Generic ) - warning
15:59:39.0767 0x0c70 [ 3C74D9FDB1D9831EC932E89F3D874F00, 193577197D2EE5E91A282B8DF945A1A5459C4D44F8C93F7FD5D67801BEEF988B ] RVIEGVST C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
15:59:39.0871 0x0c70 RVIEGVST - detected UnsignedFile.Multi.Generic ( 1 )
15:59:44.0970 0x0c70 RVIEGVST ( UnsignedFile.Multi.Generic ) - warning
15:59:44.0970 0x0c70 Force sending object to P2P due to detect: RVIEGVST
15:59:50.0222 0x0c70 Object send P2P result: true
15:59:55.0386 0x0c70 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
15:59:55.0401 0x0c70 SamSs - ok
15:59:55.0557 0x0c70 [ A3281AEC37E0720A2BC28034C2DF2A56, E8C122D17DD695D4EEAD115A5E1A388605EB77E5F2E8DA98C7BD93E0FDCFD01A ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:59:55.0573 0x0c70 SASDIFSV - ok
15:59:55.0698 0x0c70 [ 4FD72291A89793049104CA0A7E353CD4, 73FBA55854C2191B5786E79DF6861A79044DF3A3531D2F991D6F61B72BCDCF0B ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:59:55.0713 0x0c70 SASKUTIL - ok
15:59:55.0760 0x0c70 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:59:55.0822 0x0c70 sbp2port - ok
15:59:55.0916 0x0c70 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:59:55.0947 0x0c70 SCardSvr - ok
15:59:56.0197 0x0c70 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
15:59:56.0446 0x0c70 Schedule - ok
15:59:56.0478 0x0c70 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
15:59:56.0509 0x0c70 SCPolicySvc - ok
15:59:56.0634 0x0c70 [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:59:56.0665 0x0c70 sdbus - ok
15:59:56.0852 0x0c70 [ 77B6853F0BDAE72C9D2D504E85C89E7E, 80ECB518EF5C9DECE4CAD604ED03C984CF90BCC346E141CEF4DC17E82110522F ] SDHookDriver C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
15:59:57.0273 0x0c70 SDHookDriver - ok
15:59:57.0445 0x0c70 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:59:57.0710 0x0c70 SDRSVC - ok
15:59:58.0162 0x0c70 [ 11D94599270AA1603F75CB5ACBBD266F, 950746109BD7AA5BCF2F4320F40CFD268B34CB3DBE6073616B75A5254FE00469 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
15:59:58.0584 0x0c70 SDScannerService - ok
15:59:59.0036 0x0c70 [ D91D8344E73283999777083BF17D54E2, 018F500DD49A192617E57998A2E9833C5C9EB72A2B186AF25B5CB91329B1E267 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
15:59:59.0535 0x0c70 SDUpdateService - ok
15:59:59.0676 0x0c70 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
15:59:59.0769 0x0c70 SDWSCService - ok
15:59:59.0847 0x0c70 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:59:59.0956 0x0c70 secdrv - ok
16:00:00.0097 0x0c70 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
16:00:00.0190 0x0c70 seclogon - ok
16:00:00.0268 0x0c70 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
16:00:00.0378 0x0c70 SENS - ok
16:00:00.0424 0x0c70 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:00:00.0549 0x0c70 Serenum - ok
16:00:00.0705 0x0c70 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
16:00:00.0892 0x0c70 Serial - ok
16:00:00.0955 0x0c70 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:00:01.0002 0x0c70 sermouse - ok
16:00:01.0158 0x0c70 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
16:00:01.0267 0x0c70 SessionEnv - ok
16:00:01.0392 0x0c70 [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:00:01.0532 0x0c70 sffdisk - ok
16:00:01.0688 0x0c70 [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:00:01.0828 0x0c70 sffp_mmc - ok
16:00:01.0860 0x0c70 [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:00:01.0969 0x0c70 sffp_sd - ok
16:00:02.0047 0x0c70 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6, 490C29DC9E9FE8D5010E6DB18DE7DA808BCE84F014CFDEE0530735CBED788073 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:00:02.0094 0x0c70 sfloppy - ok
16:00:02.0140 0x0c70 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:00:02.0218 0x0c70 SharedAccess - ok
16:00:02.0343 0x0c70 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:00:02.0468 0x0c70 ShellHWDetection - ok
16:00:02.0515 0x0c70 [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:00:02.0546 0x0c70 sisagp - ok
16:00:02.0562 0x0c70 [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:00:02.0593 0x0c70 SiSRaid2 - ok
16:00:02.0608 0x0c70 [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:00:02.0640 0x0c70 SiSRaid4 - ok
16:00:03.0139 0x0c70 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
16:00:03.0638 0x0c70 slsvc - ok
16:00:03.0778 0x0c70 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:00:03.0872 0x0c70 SLUINotify - ok
16:00:03.0934 0x0c70 [ 46B40982AF166BF89C3F51FB13E60D6D, C95C4EEF37D270BFB59B8A706AF76EE5859E14030C7F042C9D8C1101A672DB8E ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
16:00:03.0966 0x0c70 SmartDefragDriver - ok
16:00:04.0044 0x0c70 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:00:04.0137 0x0c70 Smb - ok
16:00:04.0200 0x0c70 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:00:04.0278 0x0c70 SNMPTRAP - ok
16:00:04.0496 0x0c70 [ 1D244DB37B89D84A5DD46C0FFD41D733, B66AB3BEF4C1B26578FFCAD74FAF95E3069C6BC3F933FF318F96E4CDCC3A4285 ] SPAMfighter Update Service C:\Program Files\Fighters\SPAMfighter\sfus.exe
16:00:04.0527 0x0c70 SPAMfighter Update Service - ok
16:00:04.0605 0x0c70 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
16:00:04.0636 0x0c70 spldr - ok
16:00:04.0730 0x0c70 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
16:00:04.0839 0x0c70 Spooler - ok
16:00:04.0964 0x0c70 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
16:00:05.0089 0x0c70 srv - ok
16:00:05.0167 0x0c70 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:00:05.0245 0x0c70 srv2 - ok
16:00:05.0307 0x0c70 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:00:05.0401 0x0c70 srvnet - ok
16:00:05.0479 0x0c70 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:00:05.0541 0x0c70 SSDPSRV - ok
16:00:05.0619 0x0c70 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:00:05.0682 0x0c70 SstpSvc - ok
16:00:05.0744 0x0c70 [ EF70B3D22B4BFFDA6EA851ECB063EFAA, 1666572F8F988805C3A2E949FA6B060B35B72DBB115B86F4CFC710FB6A86C3E3 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
16:00:05.0822 0x0c70 StillCam - ok
16:00:05.0931 0x0c70 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
16:00:06.0087 0x0c70 stisvc - ok
16:00:06.0212 0x0c70 [ 336CF3DDC43BB2EF25823892D73581F7, FE640E43B8EE9387419CCA5CCD7A693ABB27EA82452F537716249B0E69867493 ] StMp3Rec C:\Windows\system32\Drivers\StMp3Rec.sys
16:00:06.0243 0x0c70 StMp3Rec - detected UnsignedFile.Multi.Generic ( 1 )
16:00:11.0594 0x0c70 Detect skipped due to KSN trusted
16:00:11.0594 0x0c70 StMp3Rec - ok
16:00:11.0844 0x0c70 [ 64421ADAEE91E036A0799E3B82526BAD, AE4D9C280DB0AB0CAAD0BFD07B1596E379E37DA249E122F02AC5FFB3979B5083 ] Suite Service C:\Program Files\Fighters\FighterSuiteService.exe
16:00:12.0202 0x0c70 Suite Service - ok
16:00:12.0249 0x0c70 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:00:12.0265 0x0c70 swenum - ok
16:00:12.0468 0x0c70 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
16:00:12.0546 0x0c70 swprv - ok
16:00:12.0655 0x0c70 [ 7330D477B7496CB42BF11EFF2D374C6A, 080AAE6294358A96BE5EE0D16F5631354DF5FB8E313A51C486876739423AC5CF ] Swupdtmr c:\Toshiba\IVP\swupdate\swupdtmr.exe
16:00:12.0702 0x0c70 Swupdtmr - detected UnsignedFile.Multi.Generic ( 1 )
16:00:17.0648 0x0c70 Detect skipped due to KSN trusted
16:00:17.0648 0x0c70 Swupdtmr - ok
16:00:17.0710 0x0c70 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:00:17.0741 0x0c70 Symc8xx - ok
16:00:17.0804 0x0c70 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:00:17.0819 0x0c70 Sym_hi - ok
16:00:17.0851 0x0c70 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:00:17.0866 0x0c70 Sym_u3 - ok
16:00:18.0131 0x0c70 [ 5EFCEDCF3DAF5C8D9E8B77A34A4EEC99, 4F9DFCBB1AAA1C6AD4123ECA4AF6A6F2334D9CED4D3D8945F45744DCDCD100A2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:00:18.0163 0x0c70 SynTP - ok
16:00:18.0256 0x0c70 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
16:00:18.0365 0x0c70 SysMain - ok
16:00:18.0553 0x0c70 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:00:18.0568 0x0c70 TabletInputService - ok
16:00:18.0709 0x0c70 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:00:18.0771 0x0c70 TapiSrv - ok
16:00:18.0896 0x0c70 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
16:00:18.0974 0x0c70 TBS - ok
16:00:19.0161 0x0c70 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:00:19.0333 0x0c70 Tcpip - ok
16:00:19.0442 0x0c70 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:00:19.0645 0x0c70 Tcpip6 - ok
16:00:19.0754 0x0c70 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:00:19.0816 0x0c70 tcpipreg - ok
16:00:19.0879 0x0c70 [ 1825BCEB47BF41C5A9F0E44DE82FC27A, 6E5F2654852060A61728686A1877A1EA93645EEED0D2612842D951B4E83750A3 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
16:00:19.0910 0x0c70 tdcmdpst - ok
16:00:19.0957 0x0c70 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:00:20.0050 0x0c70 TDPIPE - ok
16:00:20.0175 0x0c70 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:00:20.0269 0x0c70 TDTCP - ok
16:00:20.0378 0x0c70 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:00:20.0409 0x0c70 tdx - ok
16:00:20.0503 0x0c70 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:00:20.0518 0x0c70 TermDD - ok
16:00:20.0673 0x0c70 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll
16:00:20.0773 0x0c70 TermService - ok
16:00:20.0843 0x0c70 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
16:00:20.0873 0x0c70 Themes - ok
16:00:20.0963 0x0c70 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
16:00:21.0053 0x0c70 THREADORDER - ok
16:00:21.0163 0x0c70 [ F779BA4CD37963AB4600C9871B7752A3, 57CDADC5F089D03A800EF52F02C0B2F77B0AA9EFDF3CFD837452D699404A058E ] tifm21 C:\Windows\system32\drivers\tifm21.sys
16:00:21.0243 0x0c70 tifm21 - ok
16:00:21.0293 0x0c70 [ D540858E65BFA6FDED41AD2495ECE344, DB85A860F4C07D1370F34AA7F39FAE5DF7E47C1BE65B4D39954FC37CA703A199 ] TODDSrv C:\Windows\system32\TODDSrv.exe
16:00:21.0303 0x0c70 TODDSrv - detected UnsignedFile.Multi.Generic ( 1 )
16:00:31.0307 0x0c70 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
16:00:31.0307 0x0c70 Force sending object to P2P due to detect: TODDSrv
16:00:31.0367 0x0c70 Object send P2P result: false
16:00:31.0607 0x0c70 [ 3EDF206DA2B97519B8448ADDFCC098FF, D10D4072B4A408B851ECD3FDF5719E71092D3C2416742AFD2EC2C6E9E8E48A91 ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
16:00:31.0757 0x0c70 TosCoSrv - detected UnsignedFile.Multi.Generic ( 1 )
16:00:31.0757 0x0c70 TosCoSrv ( UnsignedFile.Multi.Generic ) - warning
16:00:31.0757 0x0c70 Force sending object to P2P due to detect: TosCoSrv
16:00:31.0767 0x0c70 Object send P2P result: false
16:00:31.0867 0x0c70 [ 76148C3159718B701252F87B067904A6, 90DDCF15A9A447D00213CAFF9FEF24720703EB5398388126DA8F58AFE7DF09BE ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
16:00:31.0877 0x0c70 TOSHIBA Bluetooth Service - detected UnsignedFile.Multi.Generic ( 1 )
16:00:31.0877 0x0c70 TOSHIBA Bluetooth Service ( UnsignedFile.Multi.Generic ) - warning
16:00:31.0947 0x0c70 [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2, 52D7505291268878712B4E6AE9B3E440D8D6125E2D61AA3F6719300B931385E0 ] Tosrfcom C:\Windows\system32\drivers\Tosrfcom.sys
16:00:32.0027 0x0c70 Tosrfcom - ok
16:00:32.0057 0x0c70 [ 5C4103544612E5011EF46301B93D1AA6, B26BBDE22AB60A7B692A8D6F11F40343146D0D3FD0099E3E0DB8ECCF87ECD2B3 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
16:00:32.0157 0x0c70 tosrfec - ok
16:00:32.0217 0x0c70 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
16:00:32.0277 0x0c70 TrkWks - ok
16:00:32.0547 0x0c70 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:00:32.0607 0x0c70 TrustedInstaller - ok
16:00:32.0707 0x0c70 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:00:32.0797 0x0c70 tssecsrv - ok
16:00:32.0857 0x0c70 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:00:32.0937 0x0c70 tunmp - ok
16:00:32.0987 0x0c70 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:00:33.0037 0x0c70 tunnel - ok
16:00:33.0117 0x0c70 [ 792A8B80F8188ABA4B2BE271583F3E46, BFE96D13926F3CB7D807CEBB5E190736B742EB5C93F7FED08AA5D145F4B6A874 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
16:00:33.0157 0x0c70 TVALZ - ok
16:00:33.0237 0x0c70 [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:00:33.0257 0x0c70 uagp35 - ok
16:00:33.0417 0x0c70 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:00:33.0477 0x0c70 udfs - ok
16:00:33.0587 0x0c70 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:00:33.0687 0x0c70 UI0Detect - ok
16:00:34.0637 0x0c70 [ 332D341D92B933600D41953B08360DFB, 213A5C84ABB0D627C05B355084A26A5081645D4EC398FF19EF6BBCB690B10055 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
16:00:34.0687 0x0c70 UleadBurningHelper - detected UnsignedFile.Multi.Generic ( 1 )
16:00:34.0687 0x0c70 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
16:00:34.0687 0x0c70 Force sending object to P2P due to detect: UleadBurningHelper
16:00:34.0687 0x0c70 Object send P2P result: false
16:00:34.0737 0x0c70 [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:00:34.0827 0x0c70 uliagpkx - ok
16:00:34.0937 0x0c70 [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:00:34.0997 0x0c70 uliahci - ok
16:00:35.0077 0x0c70 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:00:35.0107 0x0c70 UlSata - ok
16:00:35.0177 0x0c70 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:00:35.0207 0x0c70 ulsata2 - ok
16:00:35.0267 0x0c70 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:00:35.0337 0x0c70 umbus - ok
16:00:35.0497 0x0c70 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
16:00:35.0587 0x0c70 upnphost - ok
16:00:35.0717 0x0c70 [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:00:35.0807 0x0c70 usbaudio - ok
16:00:35.0897 0x0c70 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:00:35.0967 0x0c70 usbccgp - ok
16:00:36.0037 0x0c70 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:00:36.0197 0x0c70 usbcir - ok
16:00:36.0267 0x0c70 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:00:36.0297 0x0c70 usbehci - ok
16:00:36.0367 0x0c70 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:00:36.0487 0x0c70 usbhub - ok
16:00:36.0557 0x0c70 [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:00:36.0747 0x0c70 usbohci - ok
16:00:36.0817 0x0c70 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:00:36.0927 0x0c70 usbprint - ok
16:00:37.0037 0x0c70 [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:00:37.0137 0x0c70 usbscan - ok
16:00:37.0217 0x0c70 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:00:37.0287 0x0c70 USBSTOR - ok
16:00:37.0387 0x0c70 [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:00:37.0457 0x0c70 usbuhci - ok
16:00:37.0547 0x0c70 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
16:00:37.0627 0x0c70 UxSms - ok
16:00:37.0727 0x0c70 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
16:00:37.0877 0x0c70 vds - ok
16:00:37.0977 0x0c70 [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:00:38.0217 0x0c70 vga - ok
16:00:38.0287 0x0c70 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:00:38.0367 0x0c70 VgaSave - ok
16:00:38.0437 0x0c70 [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:00:38.0467 0x0c70 viaagp - ok
16:00:38.0547 0x0c70 [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:00:38.0697 0x0c70 ViaC7 - ok
16:00:38.0817 0x0c70 [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide C:\Windows\system32\drivers\viaide.sys
16:00:38.0847 0x0c70 viaide - ok
16:00:38.0907 0x0c70 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:00:38.0967 0x0c70 volmgr - ok
16:00:39.0097 0x0c70 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:00:39.0137 0x0c70 volmgrx - ok
16:00:39.0227 0x0c70 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:00:39.0287 0x0c70 volsnap - ok
16:00:39.0547 0x0c70 [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:00:39.0697 0x0c70 vsmraid - ok
16:00:39.0937 0x0c70 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
16:00:40.0947 0x0c70 VSS - ok
16:00:41.0157 0x0c70 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
16:00:41.0277 0x0c70 W32Time - ok
16:00:41.0317 0x0c70 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:00:41.0417 0x0c70 WacomPen - ok
16:00:41.0727 0x0c70 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:00:41.0777 0x0c70 Wanarp - ok
16:00:41.0827 0x0c70 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:00:41.0867 0x0c70 Wanarpv6 - ok
16:00:42.0087 0x0c70 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:00:42.0247 0x0c70 wcncsvc - ok
16:00:42.0327 0x0c70 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:00:42.0377 0x0c70 WcsPlugInService - ok
16:00:42.0427 0x0c70 [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd C:\Windows\system32\drivers\wd.sys
16:00:42.0457 0x0c70 Wd - ok
16:00:42.0557 0x0c70 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:00:42.0807 0x0c70 Wdf01000 - ok
16:00:42.0917 0x0c70 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:00:43.0037 0x0c70 WdiServiceHost - ok
16:00:43.0057 0x0c70 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:00:43.0117 0x0c70 WdiSystemHost - ok
16:00:43.0257 0x0c70 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
16:00:43.0317 0x0c70 WebClient - ok
16:00:43.0437 0x0c70 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:00:43.0657 0x0c70 Wecsvc - ok
16:00:43.0747 0x0c70 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:00:43.0897 0x0c70 wercplsupport - ok
16:00:43.0987 0x0c70 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
16:00:44.0137 0x0c70 WerSvc - ok
16:00:44.0237 0x0c70 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:00:44.0277 0x0c70 WinDefend - ok
16:00:44.0297 0x0c70 WinHttpAutoProxySvc - ok
16:00:44.0377 0x0c70 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:00:44.0437 0x0c70 Winmgmt - ok
16:00:44.0867 0x0c70 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
16:00:45.0837 0x0c70 WinRM - ok
16:00:45.0957 0x0c70 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:00:46.0117 0x0c70 Wlansvc - ok
16:00:46.0167 0x0c70 [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:00:46.0237 0x0c70 WmiAcpi - ok
16:00:46.0307 0x0c70 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:00:46.0357 0x0c70 wmiApSrv - ok
16:00:46.0517 0x0c70 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:00:46.0807 0x0c70 WMPNetworkSvc - ok
16:00:46.0877 0x0c70 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:00:46.0957 0x0c70 WPCSvc - ok
16:00:47.0127 0x0c70 [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:00:47.0367 0x0c70 WPDBusEnum - ok
16:00:47.0437 0x0c70 [ 0CEC23084B51B8288099EB710224E955, E1AAB1E08E1745313D0A149A645AA878148D2DBE5CCC23C4ECCFC5003945C22B ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:00:47.0527 0x0c70 WpdUsb - ok
16:00:47.0797 0x0c70 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:00:47.0947 0x0c70 WPFFontCache_v0400 - ok
16:00:48.0047 0x0c70 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:00:48.0107 0x0c70 ws2ifsl - ok
16:00:48.0197 0x0c70 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll
16:00:48.0287 0x0c70 wscsvc - ok
16:00:48.0307 0x0c70 WSearch - ok
16:00:48.0577 0x0c70 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
16:00:50.0307 0x0c70 wuauserv - ok
16:00:50.0407 0x0c70 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:00:50.0527 0x0c70 WudfPf - ok
16:00:50.0617 0x0c70 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:00:50.0677 0x0c70 WUDFRd - ok
16:00:50.0887 0x0c70 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:00:51.0037 0x0c70 wudfsvc - ok
16:00:51.0277 0x0c70 ================ Scan global ===============================
16:00:51.0417 0x0c70 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
16:00:51.0767 0x0c70 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
16:00:51.0867 0x0c70 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
16:00:51.0957 0x0c70 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
16:00:52.0017 0x0c70 [ Global ] - ok
blueskygal
2014-07-12, 02:35
16:00:52.0027 0x0c70 ================ Scan MBR ==================================
16:00:52.0047 0x0c70 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
16:00:58.0997 0x0c70 \Device\Harddisk0\DR0 - ok
16:00:58.0997 0x0c70 ================ Scan VBR ==================================
16:00:59.0027 0x0c70 [ 1E3A50083251ED0FEAB68B0338011B81 ] \Device\Harddisk0\DR0\Partition1
16:00:59.0107 0x0c70 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
16:00:59.0107 0x0c70 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
16:00:59.0107 0x0c70 ================ Scan active images ========================
16:00:59.0117 0x0c70 [ 36975327EF03949CC378AB01E316B574, C64CEF47DE41486F4532B9A38EBB05F2043B1A84762B8A4749BB01573B7F8FB5 ] C:\Windows\System32\drivers\crashdmp.sys
16:00:59.0117 0x0c70 C:\Windows\System32\drivers\crashdmp.sys - ok
16:00:59.0127 0x0c70 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] C:\Windows\System32\drivers\tunnel.sys
16:00:59.0127 0x0c70 C:\Windows\System32\drivers\tunnel.sys - ok
16:00:59.0137 0x0c70 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] C:\Windows\System32\drivers\TUNMP.SYS
16:00:59.0137 0x0c70 C:\Windows\System32\drivers\TUNMP.SYS - ok
16:00:59.0147 0x0c70 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] C:\Windows\System32\drivers\intelppm.sys
16:00:59.0147 0x0c70 C:\Windows\System32\drivers\intelppm.sys - ok
16:00:59.0167 0x0c70 [ 9378D57E2B96C0A185D844770AD49948, AED244DDF125C867091D0A926B275EC1C60C89844C69595B1D1FC586F60F118A ] C:\Windows\System32\drivers\igdkmd32.sys
16:00:59.0167 0x0c70 C:\Windows\System32\drivers\igdkmd32.sys - ok
16:00:59.0177 0x0c70 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] C:\Windows\System32\drivers\dxgkrnl.sys
16:00:59.0177 0x0c70 C:\Windows\System32\drivers\dxgkrnl.sys - ok
16:00:59.0187 0x0c70 [ 4A5C31E2C1646034E6A60EBA4C747FF6, CC5473E0B07014AAD4FCC2EE01C9E607FE43422A5A5851B2AD38E37C0AB7CDCF ] C:\Windows\System32\drivers\watchdog.sys
16:00:59.0187 0x0c70 C:\Windows\System32\drivers\watchdog.sys - ok
16:00:59.0197 0x0c70 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] C:\Windows\System32\drivers\hdaudbus.sys
16:00:59.0197 0x0c70 C:\Windows\System32\drivers\hdaudbus.sys - ok
16:00:59.0217 0x0c70 [ 8BE56F8300E1C37B578DA23C71816B7A, C214C8B070E60ED2C8144D875969DAB3B3999532AE0B7E8732813DCC0408826F ] C:\Windows\System32\drivers\athr.sys
16:00:59.0217 0x0c70 C:\Windows\System32\drivers\athr.sys - ok
16:00:59.0227 0x0c70 [ 5163F804256DEB8CF1EF64B780A18CAA, 52C81583CEFA5E3EC503F48D759B93DA47C15BEA109022514CFAFFFDD5E9CB27 ] C:\Windows\System32\drivers\Rtlh86.sys
16:00:59.0227 0x0c70 C:\Windows\System32\drivers\Rtlh86.sys - ok
16:00:59.0237 0x0c70 [ B09C74A41F26B08149707EA5E7F956C2, E6ECA1E437E5390A3A43DAA5E1B5C384D70C114707CA34018DB1A6AE37219E9B ] C:\Windows\System32\drivers\usbport.sys
16:00:59.0237 0x0c70 C:\Windows\System32\drivers\usbport.sys - ok
16:00:59.0247 0x0c70 [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] C:\Windows\System32\drivers\usbuhci.sys
16:00:59.0247 0x0c70 C:\Windows\System32\drivers\usbuhci.sys - ok
16:00:59.0257 0x0c70 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] C:\Windows\System32\drivers\usbehci.sys
16:00:59.0257 0x0c70 C:\Windows\System32\drivers\usbehci.sys - ok
16:00:59.0277 0x0c70 [ 0349BE02F329F4F48F1D48097FD65974, 228A8620AF8B25223BC4D5F0ACDD60FBFBBDFB0BD63BD78029BE79FB7550095F ] C:\Windows\System32\drivers\1394bus.sys
16:00:59.0277 0x0c70 C:\Windows\System32\drivers\1394bus.sys - ok
16:00:59.0297 0x0c70 [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] C:\Windows\System32\drivers\ohci1394.sys
16:00:59.0297 0x0c70 C:\Windows\System32\drivers\ohci1394.sys - ok
16:00:59.0307 0x0c70 [ F779BA4CD37963AB4600C9871B7752A3, 57CDADC5F089D03A800EF52F02C0B2F77B0AA9EFDF3CFD837452D699404A058E ] C:\Windows\System32\drivers\tifm21.sys
16:00:59.0307 0x0c70 C:\Windows\System32\drivers\tifm21.sys - ok
16:00:59.0317 0x0c70 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] C:\Windows\System32\drivers\CmBatt.sys
16:00:59.0317 0x0c70 C:\Windows\System32\drivers\CmBatt.sys - ok
16:00:59.0327 0x0c70 [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] C:\Windows\System32\drivers\sdbus.sys
16:00:59.0327 0x0c70 C:\Windows\System32\drivers\sdbus.sys - ok
16:00:59.0337 0x0c70 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] C:\Windows\System32\drivers\i8042prt.sys
16:00:59.0337 0x0c70 C:\Windows\System32\drivers\i8042prt.sys - ok
16:00:59.0357 0x0c70 [ 390C204CED3785609AB24E9C52054A84, D997A9EAAE4A7FED9C2FEBD1AA7D1171431B9C9D56F8BFB587DCAE26203FF4D2 ] C:\Windows\System32\drivers\PS2.sys
16:00:59.0357 0x0c70 C:\Windows\System32\drivers\PS2.sys - ok
16:00:59.0367 0x0c70 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] C:\Windows\System32\drivers\kbdclass.sys
16:00:59.0367 0x0c70 C:\Windows\System32\drivers\kbdclass.sys - ok
16:00:59.0377 0x0c70 [ 5EFCEDCF3DAF5C8D9E8B77A34A4EEC99, 4F9DFCBB1AAA1C6AD4123ECA4AF6A6F2334D9CED4D3D8945F45744DCDCD100A2 ] C:\Windows\System32\drivers\SynTP.sys
16:00:59.0377 0x0c70 C:\Windows\System32\drivers\SynTP.sys - ok
16:00:59.0397 0x0c70 [ FE619ED13CE12F5B43C04E3EA061BBD6, DDED6F0C5987CCF81AC1FA8C670D84153C8F7A3492C4139B273DA7F8C98BE55A ] C:\Windows\System32\drivers\usbd.sys
16:00:59.0397 0x0c70 C:\Windows\System32\drivers\usbd.sys - ok
16:00:59.0407 0x0c70 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] C:\Windows\System32\drivers\mouclass.sys
16:00:59.0407 0x0c70 C:\Windows\System32\drivers\mouclass.sys - ok
16:00:59.0417 0x0c70 [ 1825BCEB47BF41C5A9F0E44DE82FC27A, 6E5F2654852060A61728686A1877A1EA93645EEED0D2612842D951B4E83750A3 ] C:\Windows\System32\drivers\tdcmdpst.sys
16:00:59.0417 0x0c70 C:\Windows\System32\drivers\tdcmdpst.sys - ok
16:00:59.0427 0x0c70 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] C:\Windows\System32\drivers\cdrom.sys
16:00:59.0427 0x0c70 C:\Windows\System32\drivers\cdrom.sys - ok
16:00:59.0447 0x0c70 [ AB8A6A87D9D7255C3884D5B9541A6E80, D073B5D8A06EFA6415E8F22DFE486DE913113AE23F59CFC5EEF1B3E694CE86F3 ] C:\Windows\System32\drivers\GEARAspiWDM.sys
16:00:59.0447 0x0c70 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
16:00:59.0477 0x0c70 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] C:\Windows\System32\drivers\msiscsi.sys
16:00:59.0477 0x0c70 C:\Windows\System32\drivers\msiscsi.sys - ok
16:00:59.0497 0x0c70 [ 47E55AFE1ED1D5AFF09690DB226F4A7A, 6D9EF6C4A70BD9C5DD98F70516257C377D97C30AFD4ABA7E1C721D84672C9084 ] C:\Windows\System32\drivers\Storport.sys
16:00:59.0497 0x0c70 C:\Windows\System32\drivers\Storport.sys - ok
16:00:59.0517 0x0c70 [ 77937EFF009AC696B90E09F671F9D0A4, EF51316C44529E17B2C09EA06D55B4EF7BCC8B6EB8FEC02DE64005F99AA32C95 ] C:\Windows\System32\drivers\tdi.sys
16:00:59.0527 0x0c70 C:\Windows\System32\drivers\tdi.sys - ok
16:00:59.0527 0x0c70 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] C:\Windows\System32\drivers\ndistapi.sys
16:00:59.0527 0x0c70 C:\Windows\System32\drivers\ndistapi.sys - ok
16:00:59.0547 0x0c70 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] C:\Windows\System32\drivers\rasl2tp.sys
16:00:59.0547 0x0c70 C:\Windows\System32\drivers\rasl2tp.sys - ok
16:00:59.0557 0x0c70 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] C:\Windows\System32\drivers\ndiswan.sys
16:00:59.0557 0x0c70 C:\Windows\System32\drivers\ndiswan.sys - ok
16:00:59.0577 0x0c70 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] C:\Windows\System32\drivers\raspppoe.sys
16:00:59.0577 0x0c70 C:\Windows\System32\drivers\raspppoe.sys - ok
16:00:59.0597 0x0c70 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] C:\Windows\System32\drivers\raspptp.sys
16:00:59.0597 0x0c70 C:\Windows\System32\drivers\raspptp.sys - ok
16:00:59.0607 0x0c70 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] C:\Windows\System32\drivers\rassstp.sys
16:00:59.0607 0x0c70 C:\Windows\System32\drivers\rassstp.sys - ok
16:00:59.0617 0x0c70 [ EF70B3D22B4BFFDA6EA851ECB063EFAA, 1666572F8F988805C3A2E949FA6B060B35B72DBB115B86F4CFC710FB6A86C3E3 ] C:\Windows\System32\drivers\serscan.sys
16:00:59.0617 0x0c70 C:\Windows\System32\drivers\serscan.sys - ok
16:00:59.0627 0x0c70 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] C:\Windows\System32\drivers\termdd.sys
16:00:59.0627 0x0c70 C:\Windows\System32\drivers\termdd.sys - ok
16:00:59.0647 0x0c70 [ EF73C1E29FBE7B0FD0274BF4394E346A, F0C0524E6FE2E0EB9230995230868A4FFAA510129B7464BD7DB8AE9C8EAE4CF5 ] C:\Windows\System32\drivers\ks.sys
16:00:59.0647 0x0c70 C:\Windows\System32\drivers\ks.sys - ok
16:00:59.0657 0x0c70 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] C:\Windows\System32\drivers\mssmbios.sys
16:00:59.0657 0x0c70 C:\Windows\System32\drivers\mssmbios.sys - ok
16:00:59.0667 0x0c70 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] C:\Windows\System32\drivers\swenum.sys
16:00:59.0667 0x0c70 C:\Windows\System32\drivers\swenum.sys - ok
16:00:59.0677 0x0c70 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] C:\Windows\System32\drivers\umbus.sys
16:00:59.0677 0x0c70 C:\Windows\System32\drivers\umbus.sys - ok
16:00:59.0687 0x0c70 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] C:\Windows\System32\drivers\usbhub.sys
16:00:59.0687 0x0c70 C:\Windows\System32\drivers\usbhub.sys - ok
16:00:59.0697 0x0c70 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] C:\Windows\System32\drivers\ndproxy.sys
16:00:59.0707 0x0c70 C:\Windows\System32\drivers\ndproxy.sys - ok
16:00:59.0717 0x0c70 [ 2A63675F6FA8EF0FF9F5C72695584CAA, 35828A7FF9242EF161639E3B9E6D98EFCFE82D683F7E219FCAEF9F6D9C89007B ] C:\Windows\System32\drivers\drmk.sys
16:00:59.0717 0x0c70 C:\Windows\System32\drivers\drmk.sys - ok
16:00:59.0737 0x0c70 [ 6DBA75306DD9B242B6F1C343179AD201, DC20492A07685588E6FE9F7B7AE01CA23EC9315CEA198F3BC58EE1CB6D0A1FD4 ] C:\Windows\System32\drivers\portcls.sys
16:00:59.0737 0x0c70 C:\Windows\System32\drivers\portcls.sys - ok
16:00:59.0757 0x0c70 [ A47B2875680AD67B35C6150BD0203056, 2087CF6D1EEA7C0DB09EB3211713B2D0F36877960878A08CF6CEC99252316417 ] C:\Windows\System32\drivers\RTKVHDA.sys
16:00:59.0757 0x0c70 C:\Windows\System32\drivers\RTKVHDA.sys - ok
16:00:59.0767 0x0c70 [ 4E6294A06BE883C9BD685A8DFD9FCD4E, 981293F10047FEB0DA7D421E0F36653360BCF709F7BB8F0750CE6D298F739D73 ] C:\Windows\System32\drivers\AGRSM.sys
16:00:59.0767 0x0c70 C:\Windows\System32\drivers\AGRSM.sys - ok
16:00:59.0777 0x0c70 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] C:\Windows\System32\drivers\modem.sys
16:00:59.0777 0x0c70 C:\Windows\System32\drivers\modem.sys - ok
16:00:59.0797 0x0c70 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] C:\Windows\System32\drivers\beep.sys
16:00:59.0797 0x0c70 C:\Windows\System32\drivers\beep.sys - ok
16:00:59.0807 0x0c70 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] C:\Windows\System32\drivers\fs_rec.sys
16:00:59.0807 0x0c70 C:\Windows\System32\drivers\fs_rec.sys - ok
16:00:59.0827 0x0c70 [ BE4AD4045D7A6C6AF4ECCBD5F6B7F8D8, 980EB88D5B52AA1E9BE7FC7B92BFF02578DD643928A1B14488F0729F0B762EEE ] C:\Windows\System32\drivers\hidparse.sys
16:00:59.0827 0x0c70 C:\Windows\System32\drivers\hidparse.sys - ok
16:00:59.0827 0x0c70 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] C:\Windows\System32\drivers\kbdhid.sys
16:00:59.0827 0x0c70 C:\Windows\System32\drivers\kbdhid.sys - ok
16:00:59.0847 0x0c70 [ C048D2C33D27441A0CDCAAE2651EB03D, CD7F755400EF36C9EC689480AC425B8A8395F649B2843DE762997524C9B381DF ] C:\Windows\System32\drivers\videoprt.sys
16:00:59.0847 0x0c70 C:\Windows\System32\drivers\videoprt.sys - ok
16:00:59.0857 0x0c70 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] C:\Windows\System32\drivers\vga.sys
16:00:59.0857 0x0c70 C:\Windows\System32\drivers\vga.sys - ok
16:00:59.0877 0x0c70 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] C:\Windows\System32\drivers\RDPCDD.sys
16:00:59.0877 0x0c70 C:\Windows\System32\drivers\RDPCDD.sys - ok
16:00:59.0887 0x0c70 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] C:\Windows\System32\drivers\RDPENCDD.sys
16:00:59.0887 0x0c70 C:\Windows\System32\drivers\RDPENCDD.sys - ok
16:00:59.0897 0x0c70 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] C:\Windows\System32\drivers\msfs.sys
16:00:59.0897 0x0c70 C:\Windows\System32\drivers\msfs.sys - ok
16:00:59.0917 0x0c70 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] C:\Windows\System32\drivers\npfs.sys
16:00:59.0917 0x0c70 C:\Windows\System32\drivers\npfs.sys - ok
16:00:59.0937 0x0c70 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] C:\Windows\System32\drivers\rasacd.sys
16:00:59.0937 0x0c70 C:\Windows\System32\drivers\rasacd.sys - ok
16:00:59.0947 0x0c70 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] C:\Windows\System32\drivers\tdx.sys
16:00:59.0947 0x0c70 C:\Windows\System32\drivers\tdx.sys - ok
16:00:59.0957 0x0c70 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] C:\Windows\System32\drivers\netbt.sys
16:00:59.0957 0x0c70 C:\Windows\System32\drivers\netbt.sys - ok
16:00:59.0967 0x0c70 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] C:\Windows\System32\drivers\smb.sys
16:00:59.0967 0x0c70 C:\Windows\System32\drivers\smb.sys - ok
16:00:59.0977 0x0c70 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] C:\Windows\System32\drivers\afd.sys
16:00:59.0977 0x0c70 C:\Windows\System32\drivers\afd.sys - ok
16:00:59.0997 0x0c70 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] C:\Windows\System32\drivers\pacer.sys
16:00:59.0997 0x0c70 C:\Windows\System32\drivers\pacer.sys - ok
16:01:00.0007 0x0c70 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] C:\Windows\System32\drivers\netbios.sys
16:01:00.0007 0x0c70 C:\Windows\System32\drivers\netbios.sys - ok
16:01:00.0027 0x0c70 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] C:\Windows\System32\drivers\wanarp.sys
16:01:00.0027 0x0c70 C:\Windows\System32\drivers\wanarp.sys - ok
16:01:00.0037 0x0c70 [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2, 52D7505291268878712B4E6AE9B3E440D8D6125E2D61AA3F6719300B931385E0 ] C:\Windows\System32\drivers\tosrfcom.sys
16:01:00.0037 0x0c70 C:\Windows\System32\drivers\tosrfcom.sys - ok
16:01:00.0047 0x0c70 [ 77B6853F0BDAE72C9D2D504E85C89E7E, 80ECB518EF5C9DECE4CAD604ED03C984CF90BCC346E141CEF4DC17E82110522F ] C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
16:01:00.0047 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys - ok
16:01:00.0057 0x0c70 [ 4FD72291A89793049104CA0A7E353CD4, 73FBA55854C2191B5786E79DF6861A79044DF3A3531D2F991D6F61B72BCDCF0B ] C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:01:00.0057 0x0c70 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok
16:01:00.0077 0x0c70 [ A3281AEC37E0720A2BC28034C2DF2A56, E8C122D17DD695D4EEAD115A5E1A388605EB77E5F2E8DA98C7BD93E0FDCFD01A ] C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
16:01:00.0077 0x0c70 C:\Program Files\SUPERAntiSpyware\sasdifsv.sys - ok
16:01:00.0087 0x0c70 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] C:\Windows\System32\drivers\rdbss.sys
16:01:00.0087 0x0c70 C:\Windows\System32\drivers\rdbss.sys - ok
16:01:00.0097 0x0c70 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] C:\Windows\System32\drivers\nsiproxy.sys
16:01:00.0097 0x0c70 C:\Windows\System32\drivers\nsiproxy.sys - ok
16:01:00.0117 0x0c70 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] C:\Windows\System32\drivers\dfsc.sys
16:01:00.0117 0x0c70 C:\Windows\System32\drivers\dfsc.sys - ok
16:01:00.0127 0x0c70 [ BE7480C91E89EB82FC080F772C220AE4, 31A63BAA21B73B7395A2271A219E0A9B100E9CDEB275FF906F5C05B0A433BAB5 ] C:\Windows\System32\smss.exe
16:01:00.0127 0x0c70 C:\Windows\System32\smss.exe - ok
16:01:00.0137 0x0c70 [ B9FDFF876B0E7B4FECBAA5708C6ED616, 588B9677758DB19186ABE59D256D7E7CF224CA1923A60E37BFBDD03E8DAB9DB7 ] C:\Windows\System32\ntdll.dll
16:01:00.0137 0x0c70 C:\Windows\System32\ntdll.dll - ok
16:01:00.0157 0x0c70 [ 10761177A6EBE45843F443E99509F5E7, BB51065931E61EDBC920924D96B502D46E2967FFAFCE589171FC0D3AD43463CB ] C:\Windows\System32\autochk.exe
16:01:00.0157 0x0c70 C:\Windows\System32\autochk.exe - ok
16:01:00.0167 0x0c70 [ 55CEF8FE478E41C8EBCF7B27AF991A3F, 2527C2AAF7FF599CE91BF047017941C388B81836EE11F28948940AE0F97AAA05 ] C:\Windows\System32\sdnclean.exe
16:01:00.0167 0x0c70 C:\Windows\System32\sdnclean.exe - ok
16:01:00.0217 0x0c70 [ 50CAA7072C171B9887215C83D52069E4, AA1961787F24A6AFF9DD5D0A6110686EA654595D2EB941F5DA702498A662880D ] C:\Windows\System32\advapi32.dll
16:01:00.0217 0x0c70 C:\Windows\System32\advapi32.dll - ok
16:01:00.0247 0x0c70 [ FB3E5FD7F74BFC301AD3FB7DE670EDCB, 286EB6EA24FC2A29FE8ABBE84DDEDB1B1061ACA2C6CE2D3975CD55C477CD6944 ] C:\Windows\System32\usp10.dll
16:01:00.0247 0x0c70 C:\Windows\System32\usp10.dll - ok
16:01:00.0257 0x0c70 [ B218342214D9BBA0F54EA12BA2E9278C, 0B68D881F3B60068C250A97492B81DB8463FFB4FDADC26CD14E2255472A6A2A0 ] C:\Windows\System32\oleaut32.dll
16:01:00.0257 0x0c70 C:\Windows\System32\oleaut32.dll - ok
16:01:00.0277 0x0c70 [ 75510147B94598407666F4802797C75A, D9F989669EB0AAF384AA5462DD632999BF9C5A6BDB75C4F8857A6E9BDBE82B64 ] C:\Windows\System32\user32.dll
16:01:00.0277 0x0c70 C:\Windows\System32\user32.dll - ok
16:01:00.0287 0x0c70 [ 695DB97B018FB06F693F37108322AA1E, 20F438F5B143944DEA74D77851AB7668893A816B1E43ED87273E1EECDB8B7704 ] C:\Windows\System32\kernel32.dll
16:01:00.0287 0x0c70 C:\Windows\System32\kernel32.dll - ok
16:01:00.0297 0x0c70 [ 9F5AC4090D7C9F2591060DAC310FD294, EDE40CCC3435E04BE53A33B247435B5E2188E1E0BBFDF1D1F7EA60DA14C01AF2 ] C:\Windows\System32\urlmon.dll
16:01:00.0297 0x0c70 C:\Windows\System32\urlmon.dll - ok
16:01:00.0317 0x0c70 [ 872363237F24BCB03D73E2A3B4FBF38D, E5A64299C4D4F501E0A55FC8FE6823949C98327BCB68507A7AF9EECC893A2378 ] C:\Windows\System32\gdi32.dll
16:01:00.0317 0x0c70 C:\Windows\System32\gdi32.dll - ok
16:01:00.0337 0x0c70 [ 8C4836F71F2DB629A99CF5A774594C66, 4045FB24E7F90EEA07D011AF73B2A309A908795362AE85114276650F78AA607C ] C:\Windows\System32\shell32.dll
16:01:00.0337 0x0c70 C:\Windows\System32\shell32.dll - ok
16:01:00.0347 0x0c70 [ EB0E02749CE5C488741C9A0ABEAB5DEC, 558C6304AFD4DA12F8976F699E39D6C1749F28A2AD4308B1C9E6D56288405FBD ] C:\Windows\System32\lpk.dll
16:01:00.0347 0x0c70 C:\Windows\System32\lpk.dll - ok
16:01:00.0367 0x0c70 [ C8BDCECEE082B54F0BAC838BF0A34597, 8C451FA2BA8E38D83E50EBF1D9F56FCBCBC7E2C6898C15254FE9F337F279E0C1 ] C:\Windows\System32\imm32.dll
16:01:00.0367 0x0c70 C:\Windows\System32\imm32.dll - ok
16:01:00.0387 0x0c70 [ B304D47D5744BA20FCB99FB8B2C07B0B, 16AAD9264CAB5B5489E2CF8F118132EA46FE9066B4C4320C0259BE88EBD111C8 ] C:\Windows\System32\ws2_32.dll
16:01:00.0387 0x0c70 C:\Windows\System32\ws2_32.dll - ok
16:01:00.0397 0x0c70 [ 4AA2A0E26CEF1A803741253DCF9A1503, 8718BF6DC8678BDC5AF627F82D14E2D857D94A760529FF00F1D7B066F46CA832 ] C:\Windows\System32\comdlg32.dll
16:01:00.0397 0x0c70 C:\Windows\System32\comdlg32.dll - ok
16:01:00.0417 0x0c70 [ 551F51B66E5EA87A38D8197EB3BDB57A, 2006D0418848EAA2361C26D18246D0BAA646B6F25F2C0035BDC82967E9BD73F1 ] C:\Windows\System32\setupapi.dll
16:01:00.0417 0x0c70 C:\Windows\System32\setupapi.dll - ok
16:01:00.0427 0x0c70 [ 09EA40F4DAD2EDB3587E5E0BAA9C3E15, 45EDA279BD838BD65702762E4EFEDA8F4178F9478E21678B8C75D1AA4015906E ] C:\Windows\System32\imagehlp.dll
16:01:00.0427 0x0c70 C:\Windows\System32\imagehlp.dll - ok
16:01:00.0447 0x0c70 [ CFD26829131439B71D0109F9D5345573, D79B316D1F931EF4F030AF89A16E22594EB1F0867B5F44F49CC0E9000D7BC62E ] C:\Windows\System32\wininet.dll
16:01:00.0447 0x0c70 C:\Windows\System32\wininet.dll - ok
16:01:00.0457 0x0c70 [ E3C3BD69701CE6B7B17101E4F7740534, 9D6A308A961A1942D7BF8ABEABE6CA87EB13F7710D40F2F767CE4545C18864C6 ] C:\Windows\System32\msctf.dll
16:01:00.0457 0x0c70 C:\Windows\System32\msctf.dll - ok
16:01:00.0467 0x0c70 [ C394079EB162E812D682C73FA96AF6E4, 639F482DBC82E1E8E7254A5F6FF0F60661EA4BE44D86CA13238913DABFA522F8 ] C:\Windows\System32\clbcatq.dll
16:01:00.0467 0x0c70 C:\Windows\System32\clbcatq.dll - ok
16:01:00.0487 0x0c70 [ 6F29236AB5926100972924BD29D9D225, E8B517FC36F25C4AE07021473B0BCDCDDD4B6E3FE004E6B0AD449C030267674C ] C:\Windows\System32\normaliz.dll
16:01:00.0487 0x0c70 C:\Windows\System32\normaliz.dll - ok
16:01:00.0497 0x0c70 [ 9586E7CB2255A8B097A7E4538202585E, 7A65B6268940279D77CE08D695306150A8F8DD9A6878D2A322799AC576960C6B ] C:\Windows\System32\ole32.dll
16:01:00.0497 0x0c70 C:\Windows\System32\ole32.dll - ok
16:01:00.0507 0x0c70 [ 420B075CD71AB9E58D15DD258958FBA3, EDD96EDD4D3F1C05E34C769F9C4A1D966DA9B51A3B01CF25E9C5E30281E01AE2 ] C:\Windows\System32\shlwapi.dll
16:01:00.0507 0x0c70 C:\Windows\System32\shlwapi.dll - ok
16:01:00.0517 0x0c70 [ AA5456C16D7F4B73177FD46AD63A12C4, 8FFE91312B1252212E59E0EDE04F928AECAE5E501526D27E4023CFFCAEA0CB4A ] C:\Windows\System32\iertutil.dll
16:01:00.0517 0x0c70 C:\Windows\System32\iertutil.dll - ok
16:01:00.0527 0x0c70 [ 17AF64D727545F2804F6E6D998327E3F, CAD50C5321BF522CA6CA74662D032A98705ADD04A8BE38576B8EF0B8CE6DBA8A ] C:\Windows\System32\msvcrt.dll
16:01:00.0527 0x0c70 C:\Windows\System32\msvcrt.dll - ok
16:01:00.0547 0x0c70 [ A64AEBC6C78B4CFD7F41A7277879DF8F, 2283E1D5D5ACF66B6C71A7755577F0A03DB5FC213E5D7DB067C9B7B6E805C202 ] C:\Windows\System32\nsi.dll
16:01:00.0547 0x0c70 C:\Windows\System32\nsi.dll - ok
16:01:00.0557 0x0c70 [ E389C328AC7FE5673593ECAD269E7A54, 4EACF7F293D736941BC9F1FA5E70C11EF55CCF74664ECDEF56DA53BA043C0C38 ] C:\Windows\System32\rpcrt4.dll
16:01:00.0557 0x0c70 C:\Windows\System32\rpcrt4.dll - ok
16:01:00.0567 0x0c70 [ B8A609FB5EFB4E44FC1355B1C01C64BC, BB84036F8F16C6E2069FD8B18078A7E6CC98B513285FB1A8DC727B395C9E3A12 ] C:\Windows\System32\Wldap32.dll
16:01:00.0567 0x0c70 C:\Windows\System32\Wldap32.dll - ok
16:01:00.0607 0x0c70 [ 58035212AB7869A5FC3AF186ACBA8F09, BCBEE41B2E65560A71D9D9199C0F8D7657085EEE4F73CD2F04D0474823ED4200 ] C:\Windows\System32\comctl32.dll
16:01:00.0607 0x0c70 C:\Windows\System32\comctl32.dll - ok
16:01:00.0617 0x0c70 [ 93A1732F7F997E36A5C3893539E2FF02, 40B6F7A67F90E5D9948385418BD22BBD29DE86A151B35D1001081A61CA5FC612 ] C:\Windows\System32\psapi.dll
16:01:00.0617 0x0c70 C:\Windows\System32\psapi.dll - ok
16:01:00.0647 0x0c70 [ EAAAFEF04FBB45665C9576E525D45A12, 3472378C4E150B158B1C4E16760E278B0564BA10563D2CB181EFD17091056D87 ] C:\Windows\System32\drivers\dxapi.sys
16:01:00.0647 0x0c70 C:\Windows\System32\drivers\dxapi.sys - ok
16:01:00.0657 0x0c70 [ 7DEEA31FD41B77B433C17903B3416507, DE424D824FF5AB4A32E5F4742C2BED562857821474F0685DCFCD83F68F4B90E6 ] C:\Windows\System32\win32k.sys
16:01:00.0657 0x0c70 C:\Windows\System32\win32k.sys - ok
16:01:00.0677 0x0c70 [ ABCA209EBA02CB59233614DB83B4F50D, CF48E43B33B14234F5004F9F3BF0D973B17A501108F39FB42CF9548FD2124960 ] C:\Windows\System32\csrss.exe
16:01:00.0677 0x0c70 C:\Windows\System32\csrss.exe - ok
16:01:00.0697 0x0c70 [ 33F84B64D4765BCDFA0AB8464122DA14, 89FBC019E656B36A3B87F3F546C45A8DD033799606B05532FAC3E695DFD9701A ] C:\Windows\System32\csrsrv.dll
16:01:00.0697 0x0c70 C:\Windows\System32\csrsrv.dll - ok
16:01:00.0737 0x0c70 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\System32\basesrv.dll
16:01:00.0737 0x0c70 C:\Windows\System32\basesrv.dll - ok
16:01:00.0747 0x0c70 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\System32\winsrv.dll
16:01:00.0747 0x0c70 C:\Windows\System32\winsrv.dll - ok
16:01:00.0757 0x0c70 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] C:\Windows\System32\drivers\monitor.sys
16:01:00.0757 0x0c70 C:\Windows\System32\drivers\monitor.sys - ok
16:01:00.0767 0x0c70 [ CC21507D246861671A0BF97E75CE1B00, C36089B27D80F4FFD208A807310413DE3DCC7850F14D1B56F97670CC10F5566D ] C:\Windows\System32\tsddd.dll
16:01:00.0767 0x0c70 C:\Windows\System32\tsddd.dll - ok
16:01:00.0797 0x0c70 [ 101BA3EA053480BB5D957EF37C06B5ED, 9A02771DA9C226552A1766C2DD0295ECA8B5B80AAE13076FFCE6A806FA5C21B8 ] C:\Windows\System32\wininit.exe
16:01:00.0797 0x0c70 C:\Windows\System32\wininit.exe - ok
16:01:00.0807 0x0c70 [ 665417528489096BBCB8AEA46D3DA924, BB0D895B481EFA6ED024C979238F5F482DF0A53912575A47EB4E9C643919112A ] C:\Windows\System32\userenv.dll
16:01:00.0807 0x0c70 C:\Windows\System32\userenv.dll - ok
16:01:00.0827 0x0c70 [ D602FEDBD9155FC2DED6863FB60C950F, 5EADF6A70F3BB8CCF758AD645C96AF4034D7E8EEFE44C5008499809C510691EE ] C:\Windows\System32\secur32.dll
16:01:00.0827 0x0c70 C:\Windows\System32\secur32.dll - ok
16:01:00.0847 0x0c70 [ 12C8D6C564702B0776512932290A3F6B, D7AC82B7307694B6FDB3AC08C83C415005DFA26FD92D3AA3043B3600984792DA ] C:\Windows\System32\KBDUS.DLL
16:01:00.0847 0x0c70 C:\Windows\System32\KBDUS.DLL - ok
16:01:00.0867 0x0c70 [ D6F0260D9051C0B60998F4CDBE9B2CC6, D5805D6170FA05A7A8A592F0FB6B0E7E83A725313B499DA2F3394EA6060D0BB1 ] C:\Windows\System32\cdd.dll
16:01:00.0867 0x0c70 C:\Windows\System32\cdd.dll - ok
16:01:00.0877 0x0c70 [ 92283D9E33EC5F41ECC0B430B7459241, 9BE390D924438950025842667924819E6EB1E821893C9EFE5E06AB30CBD037BF ] C:\Windows\System32\WlS0WndH.dll
16:01:00.0877 0x0c70 C:\Windows\System32\WlS0WndH.dll - ok
16:01:00.0897 0x0c70 [ 1107BD574A84367735FEC38B9BD64E6B, 682D5372B533817C810F1DCB1C7AE42C44A786ED114601E56DF85FE1C41D5989 ] C:\Windows\System32\apphelp.dll
16:01:00.0897 0x0c70 C:\Windows\System32\apphelp.dll - ok
16:01:00.0907 0x0c70 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\System32\services.exe
16:01:00.0907 0x0c70 C:\Windows\System32\services.exe - ok
16:01:00.0917 0x0c70 [ 898E7C06A350D4A1A64A9EA264D55452, 0530B49018B59D4DCD3ECBC19E95B81438208AF34BC876BD07129A79896B4D7E ] C:\Windows\System32\winlogon.exe
16:01:00.0917 0x0c70 C:\Windows\System32\winlogon.exe - ok
16:01:00.0937 0x0c70 [ BE6FAC6F0745C67DAE7522C96406D083, 5FBDE0193F6C6752C8BAB88D945F536D1259B3290073FE73E97FD4D9603D9AD6 ] C:\Windows\System32\sxs.dll
16:01:00.0937 0x0c70 C:\Windows\System32\sxs.dll - ok
16:01:00.0947 0x0c70 [ 4AAFC7461633848AA87A363B2CBEC522, F2A452B5B71293011EED8CD5ABFA8D0B0761A92D4579CF9D98B1D2DC06D16791 ] C:\Windows\System32\winsta.dll
16:01:00.0947 0x0c70 C:\Windows\System32\winsta.dll - ok
16:01:00.0957 0x0c70 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] C:\Windows\System32\lsass.exe
16:01:00.0957 0x0c70 C:\Windows\System32\lsass.exe - ok
16:01:00.0977 0x0c70 [ D90911B3FA05D7B930C1286084B404DE, 200577AD30F9B3FBEAA2988B6858ED6811F7E75B0183F5F35F18207A0C932694 ] C:\Windows\System32\scesrv.dll
16:01:00.0977 0x0c70 C:\Windows\System32\scesrv.dll - ok
16:01:00.0987 0x0c70 [ 1AE011BB950A5E0B05023D2AFEC3666D, 4602DB22B7D1643780DBE7A34A4887C119A0516C65E4063A9C2074CF39A495DC ] C:\Windows\System32\authz.dll
16:01:00.0987 0x0c70 C:\Windows\System32\authz.dll - ok
16:01:00.0997 0x0c70 [ 4774AD6C447E02E954BD9A793614EBEC, 7BA75A26DA67FD10BB3E0A2404A7319F8D8938B0330BA0978A9E21EBC8CD9BA4 ] C:\Windows\System32\lsm.exe
16:01:00.0997 0x0c70 C:\Windows\System32\lsm.exe - ok
16:01:01.0017 0x0c70 [ 178FAC2B7C66E9A4400CE7AC37623E3F, 30BF99E3F6B02566A83DCC072F5654DA28311ACC5308CFB25BE02C1BD3B5CEE3 ] C:\Windows\System32\lsasrv.dll
16:01:01.0017 0x0c70 C:\Windows\System32\lsasrv.dll - ok
16:01:01.0037 0x0c70 [ 98B656EAF128CD06F625B09C84D959E1, 3E6502E629F15E697A813FC56A9B1F13F5A6F3D0C20550AB3459B2507F868156 ] C:\Windows\System32\netapi32.dll
16:01:01.0037 0x0c70 C:\Windows\System32\netapi32.dll - ok
16:01:01.0047 0x0c70 [ 71F5A7104FDF16C0AC5283A6CE666553, 481D688B87CC4155FB98AEB816B5F331F2EC8A1B409B01BA270A67660CE9564A ] C:\Windows\System32\sysntfy.dll
16:01:01.0047 0x0c70 C:\Windows\System32\sysntfy.dll - ok
16:01:01.0057 0x0c70 [ 2FA16465F64DB54B1F7F511395EB4FD7, 9BC7865CC2EC9CE08E2848F8E8FB9E73715858A31243CB280C317578DDD97EDA ] C:\Windows\System32\ncobjapi.dll
16:01:01.0057 0x0c70 C:\Windows\System32\ncobjapi.dll - ok
16:01:01.0077 0x0c70 [ F0321DA5203F1E71917F3B7A13DC4912, 2F40733CBDD6491DAA3182AFDB3CA9FBAE5C3EE15CD9FCFF20E2D74E98CA374F ] C:\Windows\System32\wmsgapi.dll
16:01:01.0077 0x0c70 C:\Windows\System32\wmsgapi.dll - ok
16:01:01.0077 0x0c70 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] C:\Windows\System32\aelupsvc.dll
16:01:01.0087 0x0c70 C:\Windows\System32\aelupsvc.dll - ok
16:01:01.0097 0x0c70 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] C:\Windows\System32\alg.exe
16:01:01.0097 0x0c70 C:\Windows\System32\alg.exe - ok
16:01:01.0107 0x0c70 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] C:\Windows\System32\appinfo.dll
16:01:01.0107 0x0c70 C:\Windows\System32\appinfo.dll - ok
16:01:01.0117 0x0c70 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] C:\Windows\System32\audiosrv.dll
16:01:01.0117 0x0c70 C:\Windows\System32\audiosrv.dll - ok
16:01:01.0137 0x0c70 [ 7808BF0E367ED7348808879CEF482AB3, BAC633E351F0A2CF69C288E7CD983ED5986FE0CC180BF769A5C2EB5F8CABBE8A ] C:\Windows\System32\samsrv.dll
16:01:01.0137 0x0c70 C:\Windows\System32\samsrv.dll - ok
16:01:01.0147 0x0c70 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] C:\Windows\System32\BFE.DLL
16:01:01.0147 0x0c70 C:\Windows\System32\BFE.DLL - ok
16:01:01.0157 0x0c70 [ 459B48188494490707DCA8BAA91AA185, E108A46F446A273BF118A73D4790FC85D49D6CE8ECC581AAEB942A1558D21327 ] C:\Windows\System32\cryptdll.dll
16:01:01.0157 0x0c70 C:\Windows\System32\cryptdll.dll - ok
16:01:01.0167 0x0c70 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] C:\Windows\System32\qmgr.dll
16:01:01.0167 0x0c70 C:\Windows\System32\qmgr.dll - ok
16:01:01.0187 0x0c70 [ 85E861D0B88DB2B54ACB0839654C09F7, 751E4F1F282C3798712AFF551D1525D5D65B5E8229689862AAB0BBDCC35A5925 ] C:\Windows\System32\dnsapi.dll
16:01:01.0187 0x0c70 C:\Windows\System32\dnsapi.dll - ok
16:01:01.0197 0x0c70 [ 453DE2958C885527E20C79A3FEFE6AF7, AC40DC0D1224A2F6FAA1A3396345371CAE7312C6D7EF0923602B2E89ED22BA2B ] C:\Windows\System32\samlib.dll
16:01:01.0197 0x0c70 C:\Windows\System32\samlib.dll - ok
16:01:01.0217 0x0c70 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] C:\Windows\System32\browser.dll
16:01:01.0217 0x0c70 C:\Windows\System32\browser.dll - ok
16:01:01.0247 0x0c70 [ EE2FF9A3FC4404234BE3B7C6AA383AF8, 51BF3C48BE9BF81A800EF5B247E03C78980B3FFFF37688C42C0F253351EEF4C1 ] C:\Windows\System32\msasn1.dll
16:01:01.0247 0x0c70 C:\Windows\System32\msasn1.dll - ok
16:01:01.0257 0x0c70 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] C:\Windows\System32\certprop.dll
16:01:01.0257 0x0c70 C:\Windows\System32\certprop.dll - ok
16:01:01.0277 0x0c70 [ 7F0F1D4B0D847696F8E309423D227DCE, 4460A2E8B27EB74E951DF328DABFC6C905DD1538D2F2BEE59B2FDA05482CE9F7 ] C:\Windows\System32\ntdsapi.dll
16:01:01.0277 0x0c70 C:\Windows\System32\ntdsapi.dll - ok
16:01:01.0287 0x0c70 [ 4211249955AF9133E2E357CC92B54DFD, 5868F1B809783723C45D3A60DC6B2A21C216E9329D131B282A5851E38603DF55 ] C:\Windows\System32\comres.dll
16:01:01.0287 0x0c70 C:\Windows\System32\comres.dll - ok
16:01:01.0297 0x0c70 [ 965AC9FBF2C67231C157E99C03C58D24, 732E6307AE0C8916F47CB0E74562C7991CF44D5656C5E071D3FBDF31EA734409 ] C:\Windows\System32\feclient.dll
16:01:01.0297 0x0c70 C:\Windows\System32\feclient.dll - ok
16:01:01.0317 0x0c70 [ 1F94EA31C9543B855F53BDAC7792DA4E, 3697D031632C47FC5AAB4208C05A7C4098DF390103CFDE99A512F685AD057F40 ] C:\Windows\System32\mpr.dll
16:01:01.0317 0x0c70 C:\Windows\System32\mpr.dll - ok
16:01:01.0327 0x0c70 [ 0317420D419E1885894B3ED9D375D245, 17F4C64CA4FE560F09DA4C1D13D62B525B5C7B6FDD44B846C6953D595D83CF3D ] C:\Windows\System32\crypt32.dll
16:01:01.0327 0x0c70 C:\Windows\System32\crypt32.dll - ok
16:01:01.0347 0x0c70 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] C:\Windows\System32\cryptsvc.dll
16:01:01.0347 0x0c70 C:\Windows\System32\cryptsvc.dll - ok
16:01:01.0377 0x0c70 [ C6DF7A87063D006ECF1FD8156CB6DE3F, 921AB6B88444B364F05D8EDF0EDDFA0892353A862CD3580F7EDA311E4FDC26B6 ] C:\Windows\System32\SLC.dll
16:01:01.0377 0x0c70 C:\Windows\System32\SLC.dll - ok
16:01:01.0397 0x0c70 [ 08D6D1692B62C9EE4062E1FA04D8FE2F, 0DDB6D64524CDED04DE6521FC834BC4507ECF4C51C9F9BC407B510222E4F0343 ] C:\Windows\System32\oleres.dll
16:01:01.0397 0x0c70 C:\Windows\System32\oleres.dll - ok
16:01:01.0407 0x0c70 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2, 9088837534980C39A885BF9FE2B0945166A433F0263DE7F8E9D4F5E153A70DF3 ] C:\Windows\System32\wevtapi.dll
16:01:01.0407 0x0c70 C:\Windows\System32\wevtapi.dll - ok
16:01:01.0437 0x0c70 [ 74F380C8EC8813626C670D46E8A714D1, 25E20A08048DB18CB1B1071B6FF916561A809561F587E26306FB75A8AA173FE3 ] C:\Windows\System32\dfsrres.dll
16:01:01.0437 0x0c70 C:\Windows\System32\dfsrres.dll - ok
16:01:01.0447 0x0c70 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] C:\Windows\System32\dhcpcsvc.dll
16:01:01.0447 0x0c70 C:\Windows\System32\dhcpcsvc.dll - ok
16:01:01.0467 0x0c70 [ 4FE8425F21B3F0F8C4B4726351D43EAA, F45C1429BD60EEAB7BE8C2114B9C819CED7583249CEE1AB234A8A05A484528A9 ] C:\Windows\System32\IPHLPAPI.DLL
16:01:01.0467 0x0c70 C:\Windows\System32\IPHLPAPI.DLL - ok
16:01:01.0477 0x0c70 [ 6B09105742C75DF80CEF21700F20F55A, D781C5F22BEBB5C51B7792EBB4421C170F2CC5FE28E9245E9D6B9D22E33423AB ] C:\Windows\System32\winnsi.dll
16:01:01.0477 0x0c70 C:\Windows\System32\winnsi.dll - ok
16:01:01.0497 0x0c70 [ DFB6B71CDABA9DFB49C9D2B318B97A1A, F380B9A28D56DEC902154A0251B58BD3576355EDE2CD13CF47D7F4DBE3D61C97 ] C:\Windows\System32\dhcpcsvc6.dll
16:01:01.0497 0x0c70 C:\Windows\System32\dhcpcsvc6.dll - ok
16:01:01.0507 0x0c70 [ 7F15B4953378C8B5161D65C26D5FED4D, 70C80736225273D083F071E625CC47E5C889E8D7426D8D3461F87D41286F06D0 ] C:\Windows\System32\cngaudit.dll
16:01:01.0507 0x0c70 C:\Windows\System32\cngaudit.dll - ok
16:01:01.0527 0x0c70 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] C:\Windows\System32\dot3svc.dll
16:01:01.0527 0x0c70 C:\Windows\System32\dot3svc.dll - ok
16:01:01.0537 0x0c70 [ 13CC59C1B04E9F20A87987C68CD4BE3F, E65363E112CF58007CA650782997413EAFFFDAC25B66976BC7B3A2CBD5ED3933 ] C:\Windows\System32\ncrypt.dll
16:01:01.0537 0x0c70 C:\Windows\System32\ncrypt.dll - ok
16:01:01.0547 0x0c70 [ DE0DD9AE3430F84A96B5501112A696BE, 28ED17BCAE5DB58885547213B5241F8E6599ADE3BB7834A54AC2F10D3285C45F ] C:\Windows\System32\bcrypt.dll
16:01:01.0547 0x0c70 C:\Windows\System32\bcrypt.dll - ok
16:01:01.0567 0x0c70 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] C:\Windows\System32\dps.dll
16:01:01.0567 0x0c70 C:\Windows\System32\dps.dll - ok
16:01:01.0577 0x0c70 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] C:\Windows\System32\eapsvc.dll
16:01:01.0577 0x0c70 C:\Windows\System32\eapsvc.dll - ok
16:01:01.0587 0x0c70 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] C:\Windows\ehome\ehrecvr.exe
16:01:01.0587 0x0c70 C:\Windows\ehome\ehrecvr.exe - ok
16:01:01.0597 0x0c70 [ 26F139DDEC6407508071930D3D07337E, 90EF02DCA67C68AFBEB8E2BE2E1BD6E400F2A386C3CE8AF5573E9F89B7636688 ] C:\Windows\System32\credssp.dll
16:01:01.0597 0x0c70 C:\Windows\System32\credssp.dll - ok
16:01:01.0607 0x0c70 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] C:\Windows\ehome\ehsched.exe
16:01:01.0607 0x0c70 C:\Windows\ehome\ehsched.exe - ok
16:01:01.0627 0x0c70 [ ABE9EEA1EABEA0711610A637A7B1C25D, 973F8BE8E411E1037DFC3FE3F979412450D268E4D34C0F38F3F015D2E00CD8AC ] C:\Windows\System32\msprivs.dll
16:01:01.0627 0x0c70 C:\Windows\System32\msprivs.dll - ok
16:01:01.0637 0x0c70 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] C:\Windows\ehome\ehstart.dll
16:01:01.0637 0x0c70 C:\Windows\ehome\ehstart.dll - ok
16:01:01.0657 0x0c70 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] C:\Windows\System32\emdmgmt.dll
16:01:01.0657 0x0c70 C:\Windows\System32\emdmgmt.dll - ok
16:01:01.0667 0x0c70 [ AA01497884F9CBAC89470120AF78D2B1, FACE3C2E7B0796A690B2E25175579575153453D90EB9B08FB164356575FA7614 ] C:\Windows\System32\kerberos.dll
16:01:01.0667 0x0c70 C:\Windows\System32\kerberos.dll - ok
16:01:01.0687 0x0c70 [ 22CFAEB9172F5F198048401485CD0571, 94E0B8590268BD21B035297F5B0C01A4E8958A1DB39A5AA654EA1805BD30CEC2 ] C:\Windows\System32\WSHTCPIP.DLL
16:01:01.0687 0x0c70 C:\Windows\System32\WSHTCPIP.DLL - ok
16:01:01.0707 0x0c70 [ 9E80FF0752E365F97FD2D1D68C2AFDA1, 07924F0966A05A992130D29BBF634214D0DFE4081851ED18B1E334437DD008D0 ] C:\Windows\System32\wship6.dll
16:01:01.0707 0x0c70 C:\Windows\System32\wship6.dll - ok
16:01:01.0717 0x0c70 [ 05C3B38DB95BA5585817A4F898EE5581, 227357221F00BA91D7907966FF251F6834D69ABD630174A56F9A6C98723C1625 ] C:\Windows\System32\wshqos.dll
16:01:01.0717 0x0c70 C:\Windows\System32\wshqos.dll - ok
16:01:01.0747 0x0c70 [ A1B40A28F38D27A7E3229EE4C7064434, 76CD78FAFC99C472CDFCE848B1E31037811D4D645849C9FDA1B22161A1191A2D ] C:\Windows\System32\wevtsvc.dll
16:01:01.0747 0x0c70 C:\Windows\System32\wevtsvc.dll - ok
16:01:01.0767 0x0c70 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] C:\Windows\System32\nlasvc.dll
16:01:01.0767 0x0c70 C:\Windows\System32\nlasvc.dll - ok
16:01:01.0777 0x0c70 [ FC62A635063B762E1C3C60EA77279378, 9C7ADE37C9F2F9CC5A79D75260736C3791C7A73FB84BE6B7E575CA31A4B99667 ] C:\Windows\System32\NapiNSP.dll
16:01:01.0777 0x0c70 C:\Windows\System32\NapiNSP.dll - ok
16:01:01.0777 0x0c70 [ 690D41DF1D555F96D4898A0F54EBA065, 3A8C9304D49657765DF0FCCEAE2A529982025D8677CCA5930824921F77B8F404 ] C:\Windows\System32\pnrpnsp.dll
16:01:01.0777 0x0c70 C:\Windows\System32\pnrpnsp.dll - ok
16:01:01.0807 0x0c70 [ 8617350C9B590B63E620881092751BCB, 4D16A2197F9ED9062CFD93061294FB8E1068071D03E72B6CF3C7256F1B454A9B ] C:\Windows\System32\mswsock.dll
16:01:01.0807 0x0c70 C:\Windows\System32\mswsock.dll - ok
16:01:01.0817 0x0c70 [ 4ABCE74D012971305249E45E095E9EA6, 6D53BB81F781694577ED8F6DBF41D0900C552DEC2F433206E5B087E80B239DE3 ] C:\Windows\System32\msv1_0.dll
16:01:01.0817 0x0c70 C:\Windows\System32\msv1_0.dll - ok
16:01:01.0857 0x0c70 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] C:\Windows\System32\fdPHost.dll
16:01:01.0857 0x0c70 C:\Windows\System32\fdPHost.dll - ok
16:01:01.0877 0x0c70 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] C:\Windows\System32\FDResPub.dll
16:01:01.0877 0x0c70 C:\Windows\System32\FDResPub.dll - ok
16:01:01.0887 0x0c70 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] C:\Windows\System32\FntCache.dll
16:01:01.0887 0x0c70 C:\Windows\System32\FntCache.dll - ok
16:01:01.0897 0x0c70 [ 95DAECF0FB120A7B5DA679CC54E37DDE, 492129AB9AF4F11CDE46148F6CC3AB6841D0F715DEF5E387B33CD8C79F5298BC ] C:\Windows\System32\netlogon.dll
16:01:01.0897 0x0c70 C:\Windows\System32\netlogon.dll - ok
16:01:01.0917 0x0c70 [ 302964DCAC79D618CC7B72C778DA9FD2, 7F2980AA49592B308E5D4C1A311AE837F65E9FB35761734A936626E81F0A7F10 ] C:\Windows\System32\PresentationHost.exe
16:01:01.0917 0x0c70 C:\Windows\System32\PresentationHost.exe - ok
16:01:01.0927 0x0c70 [ 72910BC4A218C49EA8E43D1FAEC403A5, AAC5026C440BA588D532703A582386EC33B2BCAE2D7A6EF7798498FDDF6F617A ] C:\Windows\System32\winbrand.dll
16:01:01.0927 0x0c70 C:\Windows\System32\winbrand.dll - ok
16:01:01.0937 0x0c70 [ 0F420E81062757EA8363CBACD4D40D6D, 9FC3A7C512B065F18B520FE93B821717BB8B4C36BD976E8D014F71116073CF50 ] C:\Windows\System32\gpapi.dll
16:01:01.0937 0x0c70 C:\Windows\System32\gpapi.dll - ok
16:01:01.0947 0x0c70 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] C:\Windows\System32\hidserv.dll
16:01:01.0947 0x0c70 C:\Windows\System32\hidserv.dll - ok
16:01:01.0957 0x0c70 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] C:\Windows\System32\KMSVC.DLL
16:01:01.0957 0x0c70 C:\Windows\System32\KMSVC.DLL - ok
16:01:01.0977 0x0c70 [ 05586F5438AB0DA4F5149159E0E5FD4B, D022FF63300D88DE959EA1B415A5ADC6578059088B2B39DC9DB60A0D29F45935 ] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
16:01:01.0977 0x0c70 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
16:01:01.0997 0x0c70 [ 50E3E76B0901BB4FC029BB88BFA5CE79, 2633FB41F30C68EB68B6241F89C035B3F66CBF51EDB6B4E2FFFE562CE3EEA745 ] C:\Windows\System32\schannel.dll
16:01:01.0997 0x0c70 C:\Windows\System32\schannel.dll - ok
16:01:01.0997 0x0c70 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] C:\Windows\System32\IKEEXT.DLL
16:01:01.0997 0x0c70 C:\Windows\System32\IKEEXT.DLL - ok
16:01:02.0007 0x0c70 [ 93620229F3CC3B67A3528BF39F064C30, BB5CD222902D528030DD6CB458691DD37BAFCCC0E35119F3C127DB5C55244780 ] C:\Windows\System32\wdigest.dll
16:01:02.0007 0x0c70 C:\Windows\System32\wdigest.dll - ok
16:01:02.0027 0x0c70 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] C:\Windows\System32\IPBusEnum.dll
16:01:02.0027 0x0c70 C:\Windows\System32\IPBusEnum.dll - ok
16:01:02.0037 0x0c70 [ 3464DAE0E801F5A81A23C571D86F30B2, A5C0256618215A96BC8CB68357E5278DBF01C3E2CFFDC77EB4A703F1342687D2 ] C:\Windows\System32\rascfg.dll
16:01:02.0037 0x0c70 C:\Windows\System32\rascfg.dll - ok
16:01:02.0047 0x0c70 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] C:\Windows\System32\iphlpsvc.dll
16:01:02.0057 0x0c70 C:\Windows\System32\iphlpsvc.dll - ok
16:01:02.0067 0x0c70 [ 74C2F29CC612B2B34231BEBD824D2FB2, 0C0888AB3B2D8C8F17CA57A503C61F867C8F12A6E6F645DEFE7A2C299AA59AD8 ] C:\Windows\System32\keyiso.dll
16:01:02.0067 0x0c70 C:\Windows\System32\keyiso.dll - ok
16:01:02.0077 0x0c70 [ E14170AEA125119B98FA2BDE3FF4F462, 939758ADA9D1A7E3B6BA1DB6D9E41D3FA27A7013C156F0B63010A0FB62DD64F8 ] C:\Windows\System32\rsaenh.dll
16:01:02.0077 0x0c70 C:\Windows\System32\rsaenh.dll - ok
16:01:02.0087 0x0c70 [ F8873D15018F411588BEC02C1725BADA, 7E90B1D820733C80B438287D89FC3D4219B2C97BD878EB5BA2DBFF64BBF3938A ] C:\Windows\System32\TSpkg.dll
16:01:02.0087 0x0c70 C:\Windows\System32\TSpkg.dll - ok
16:01:02.0107 0x0c70 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] C:\Windows\System32\srvsvc.dll
16:01:02.0107 0x0c70 C:\Windows\System32\srvsvc.dll - ok
16:01:02.0117 0x0c70 [ A136094368CA45BA50BF4E2703E93B82, F7232B62AB8D88FE142E8E14FD31A1140455963D9320A5871669E8E23DCEEA5A ] C:\Windows\System32\atmfd.dll
16:01:02.0117 0x0c70 C:\Windows\System32\atmfd.dll - ok
16:01:02.0127 0x0c70 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] C:\Windows\System32\wkssvc.dll
16:01:02.0127 0x0c70 C:\Windows\System32\wkssvc.dll - ok
16:01:02.0147 0x0c70 [ FA0593D936C9B95FB6FAA32AD1595D49, E7DEC36E708D62D6E95649F3F82DD1CB3E4A77934ABC86FD44FE1F37826901B0 ] C:\Windows\System32\lltdres.dll
16:01:02.0147 0x0c70 C:\Windows\System32\lltdres.dll - ok
16:01:02.0157 0x0c70 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] C:\Windows\System32\lmhsvc.dll
16:01:02.0157 0x0c70 C:\Windows\System32\lmhsvc.dll - ok
16:01:02.0177 0x0c70 [ 132F6237FA3BF3E9715F63A1CCF72BF1, E877AACC2DE4E93A00C76D537D471AA268DC3B983D48407C6707FC682982DBF5 ] C:\Windows\ehome\ehres.dll
16:01:02.0177 0x0c70 C:\Windows\ehome\ehres.dll - ok
16:01:02.0197 0x0c70 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] C:\Windows\System32\mmcss.dll
16:01:02.0197 0x0c70 C:\Windows\System32\mmcss.dll - ok
16:01:02.0207 0x0c70 [ 95F1EB99B81CFD6F581C85F0A0AA9B2B, 65EE7016E6235880C4443119BF32CF12D4A9A9CA3810B974B575AD31D380A7FB ] C:\Windows\System32\FirewallAPI.dll
16:01:02.0207 0x0c70 C:\Windows\System32\FirewallAPI.dll - ok
16:01:02.0227 0x0c70 [ EA822412BBBA9B7D2B1A3748AD50EFB8, 10BA6E240FEC5BB1A0A7C0D75E0495D99FD48D68CA69C0985DD921658835225C ] C:\Windows\System32\iscsidsc.dll
16:01:02.0227 0x0c70 C:\Windows\System32\iscsidsc.dll - ok
16:01:02.0247 0x0c70 [ ED21401F1E2F6BC2F54C462BB66D0D6B, 7E3874AFB57CA6B7CDA3833DB0E43E9D2BEE7C5C70AC1182260740CCA40291CA ] C:\Windows\System32\msimsg.dll
16:01:02.0247 0x0c70 C:\Windows\System32\msimsg.dll - ok
16:01:02.0257 0x0c70 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] C:\Windows\System32\QAGENTRT.DLL
16:01:02.0257 0x0c70 C:\Windows\System32\QAGENTRT.DLL - ok
16:01:02.0277 0x0c70 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] C:\Windows\System32\netman.dll
16:01:02.0277 0x0c70 C:\Windows\System32\netman.dll - ok
16:01:02.0287 0x0c70 [ ED640F4CE585058119B824CC76591D9C, B8FA63CEE5105DD034084F34D0FDB223EAC1228888EDBD9EB48BF1B64F720C0E ] C:\Windows\System32\netprof.dll
16:01:02.0287 0x0c70 C:\Windows\System32\netprof.dll - ok
16:01:02.0307 0x0c70 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] C:\Windows\System32\nsisvc.dll
16:01:02.0307 0x0c70 C:\Windows\System32\nsisvc.dll - ok
16:01:02.0317 0x0c70 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] C:\Windows\System32\p2psvc.dll
16:01:02.0317 0x0c70 C:\Windows\System32\p2psvc.dll - ok
16:01:02.0337 0x0c70 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] C:\Windows\System32\pcasvc.dll
16:01:02.0337 0x0c70 C:\Windows\System32\pcasvc.dll - ok
16:01:02.0347 0x0c70 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] C:\Windows\System32\pla.dll
16:01:02.0347 0x0c70 C:\Windows\System32\pla.dll - ok
16:01:02.0357 0x0c70 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] C:\Windows\System32\umpnpmgr.dll
16:01:02.0357 0x0c70 C:\Windows\System32\umpnpmgr.dll - ok
16:01:02.0367 0x0c70 [ 64B28D672B5B6A01E87B0C3096B1E047, D4E5875A25E0EBEFD4AE38A3BA508CF99DD7278E7D4E1C95C7E1B8E42F381A10 ] C:\Windows\System32\polstore.dll
16:01:02.0367 0x0c70 C:\Windows\System32\polstore.dll - ok
16:01:02.0387 0x0c70 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] C:\Windows\System32\profsvc.dll
16:01:02.0387 0x0c70 C:\Windows\System32\profsvc.dll - ok
16:01:02.0397 0x0c70 [ 08F9134A2215B7ED985409A4DF60AC60, BAFFCA0BA71A11FE63AB8411D8951E9AE087E31E04E9D226CCB21E82B79F2DCE ] C:\Windows\System32\psbase.dll
16:01:02.0397 0x0c70 C:\Windows\System32\psbase.dll - ok
16:01:02.0407 0x0c70 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] C:\Windows\System32\qwave.dll
16:01:02.0407 0x0c70 C:\Windows\System32\qwave.dll - ok
16:01:02.0427 0x0c70 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] C:\Windows\System32\drivers\qwavedrv.sys
16:01:02.0427 0x0c70 C:\Windows\System32\drivers\qwavedrv.sys - ok
16:01:02.0437 0x0c70 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] C:\Windows\System32\rasauto.dll
16:01:02.0437 0x0c70 C:\Windows\System32\rasauto.dll - ok
16:01:02.0447 0x0c70 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] C:\Windows\System32\rasmans.dll
16:01:02.0447 0x0c70 C:\Windows\System32\rasmans.dll - ok
16:01:02.0457 0x0c70 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] C:\Windows\System32\sstpsvc.dll
16:01:02.0457 0x0c70 C:\Windows\System32\sstpsvc.dll - ok
16:01:02.0477 0x0c70 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] C:\Windows\System32\mprdim.dll
16:01:02.0477 0x0c70 C:\Windows\System32\mprdim.dll - ok
16:01:02.0487 0x0c70 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] C:\Windows\System32\regsvc.dll
16:01:02.0487 0x0c70 C:\Windows\System32\regsvc.dll - ok
16:01:02.0517 0x0c70 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] C:\Windows\System32\Locator.exe
16:01:02.0517 0x0c70 C:\Windows\System32\Locator.exe - ok
16:01:02.0587 0x0c70 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] C:\Windows\System32\SCardSvr.dll
16:01:02.0587 0x0c70 C:\Windows\System32\SCardSvr.dll - ok
16:01:02.0597 0x0c70 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] C:\Windows\System32\schedsvc.dll
16:01:02.0597 0x0c70 C:\Windows\System32\schedsvc.dll - ok
16:01:02.0607 0x0c70 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] C:\Windows\System32\sdrsvc.dll
16:01:02.0607 0x0c70 C:\Windows\System32\sdrsvc.dll - ok
16:01:02.0617 0x0c70 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] C:\Windows\System32\seclogon.dll
16:01:02.0617 0x0c70 C:\Windows\System32\seclogon.dll - ok
16:01:02.0637 0x0c70 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] C:\Windows\System32\Sens.dll
16:01:02.0637 0x0c70 C:\Windows\System32\Sens.dll - ok
16:01:02.0647 0x0c70 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] C:\Windows\System32\SessEnv.dll
16:01:02.0647 0x0c70 C:\Windows\System32\SessEnv.dll - ok
16:01:02.0667 0x0c70 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] C:\Windows\System32\ipnathlp.dll
16:01:02.0667 0x0c70 C:\Windows\System32\ipnathlp.dll - ok
16:01:02.0697 0x0c70 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] C:\Windows\System32\shsvcs.dll
16:01:02.0697 0x0c70 C:\Windows\System32\shsvcs.dll - ok
16:01:02.0707 0x0c70 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] C:\Windows\System32\SLsvc.exe
16:01:02.0707 0x0c70 C:\Windows\System32\SLsvc.exe - ok
16:01:02.0717 0x0c70 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] C:\Windows\System32\SLUINotify.dll
16:01:02.0717 0x0c70 C:\Windows\System32\SLUINotify.dll - ok
16:01:02.0727 0x0c70 [ E4060CFE50F87C72316CB0FDB20E4913, FC7D21327E5FAA424798097FBE5A2F7821BE8A1E54F80E81A620A52DC8E933AA ] C:\Windows\System32\tcpipcfg.dll
16:01:02.0727 0x0c70 C:\Windows\System32\tcpipcfg.dll - ok
16:01:02.0747 0x0c70 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] C:\Windows\System32\snmptrap.exe
16:01:02.0747 0x0c70 C:\Windows\System32\snmptrap.exe - ok
16:01:02.0757 0x0c70 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] C:\Windows\System32\spoolsv.exe
16:01:02.0757 0x0c70 C:\Windows\System32\spoolsv.exe - ok
16:01:02.0767 0x0c70 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] C:\Windows\System32\ssdpsrv.dll
16:01:02.0767 0x0c70 C:\Windows\System32\ssdpsrv.dll - ok
blueskygal
2014-07-12, 02:37
16:01:02.0777 0x0c70 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] C:\Windows\System32\wiaservc.dll
16:01:02.0777 0x0c70 C:\Windows\System32\wiaservc.dll - ok
16:01:02.0787 0x0c70 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] C:\Windows\System32\swprv.dll
16:01:02.0787 0x0c70 C:\Windows\System32\swprv.dll - ok
16:01:02.0797 0x0c70 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] C:\Windows\System32\sysmain.dll
16:01:02.0797 0x0c70 C:\Windows\System32\sysmain.dll - ok
16:01:02.0807 0x0c70 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] C:\Windows\System32\TabSvc.dll
16:01:02.0807 0x0c70 C:\Windows\System32\TabSvc.dll - ok
16:01:02.0827 0x0c70 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] C:\Windows\System32\tapisrv.dll
16:01:02.0827 0x0c70 C:\Windows\System32\tapisrv.dll - ok
16:01:02.0837 0x0c70 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] C:\Windows\System32\tbssvc.dll
16:01:02.0837 0x0c70 C:\Windows\System32\tbssvc.dll - ok
16:01:02.0847 0x0c70 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] C:\Windows\System32\termsrv.dll
16:01:02.0847 0x0c70 C:\Windows\System32\termsrv.dll - ok
16:01:02.0867 0x0c70 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] C:\Windows\System32\trkwks.dll
16:01:02.0867 0x0c70 C:\Windows\System32\trkwks.dll - ok
16:01:02.0887 0x0c70 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] C:\Windows\servicing\TrustedInstaller.exe
16:01:02.0887 0x0c70 C:\Windows\servicing\TrustedInstaller.exe - ok
16:01:02.0897 0x0c70 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] C:\Windows\System32\UI0Detect.exe
16:01:02.0897 0x0c70 C:\Windows\System32\UI0Detect.exe - ok
16:01:02.0907 0x0c70 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] C:\Windows\System32\upnphost.dll
16:01:02.0907 0x0c70 C:\Windows\System32\upnphost.dll - ok
16:01:02.0917 0x0c70 [ 01DD1004181FD46ECDC3628228EB269D, 8AED6773AE1C8B65B4CAD6229BD05E224D348CF2A9D9F7D50F2513A9B1E14F66 ] C:\Windows\System32\dwm.exe
16:01:02.0917 0x0c70 C:\Windows\System32\dwm.exe - ok
16:01:02.0937 0x0c70 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] C:\Windows\System32\vds.exe
16:01:02.0937 0x0c70 C:\Windows\System32\vds.exe - ok
16:01:02.0957 0x0c70 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] C:\Windows\System32\VSSVC.exe
16:01:02.0957 0x0c70 C:\Windows\System32\VSSVC.exe - ok
16:01:02.0977 0x0c70 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] C:\Windows\System32\w32time.dll
16:01:02.0977 0x0c70 C:\Windows\System32\w32time.dll - ok
16:01:02.0987 0x0c70 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] C:\Windows\System32\wcncsvc.dll
16:01:02.0987 0x0c70 C:\Windows\System32\wcncsvc.dll - ok
16:01:02.0997 0x0c70 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] C:\Windows\System32\WcsPlugInService.dll
16:01:02.0997 0x0c70 C:\Windows\System32\WcsPlugInService.dll - ok
16:01:03.0007 0x0c70 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] C:\Windows\System32\drivers\Wdf01000.sys
16:01:03.0007 0x0c70 C:\Windows\System32\drivers\Wdf01000.sys - ok
16:01:03.0017 0x0c70 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] C:\Windows\System32\wdi.dll
16:01:03.0017 0x0c70 C:\Windows\System32\wdi.dll - ok
16:01:03.0027 0x0c70 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] C:\Windows\System32\WebClnt.dll
16:01:03.0027 0x0c70 C:\Windows\System32\WebClnt.dll - ok
16:01:03.0047 0x0c70 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] C:\Windows\System32\wecsvc.dll
16:01:03.0047 0x0c70 C:\Windows\System32\wecsvc.dll - ok
16:01:03.0067 0x0c70 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] C:\Windows\System32\wercplsupport.dll
16:01:03.0067 0x0c70 C:\Windows\System32\wercplsupport.dll - ok
16:01:03.0067 0x0c70 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] C:\Windows\System32\wersvc.dll
16:01:03.0067 0x0c70 C:\Windows\System32\wersvc.dll - ok
16:01:03.0087 0x0c70 [ 62DB790A860CDFC4278D2F03CC5675D8, FE5CA54BC7E89ED539BED3C578ADC745E42F3B5623A84FE52AF593CA24895F39 ] C:\Program Files\Windows Defender\MsMpRes.dll
16:01:03.0087 0x0c70 C:\Program Files\Windows Defender\MsMpRes.dll - ok
16:01:03.0097 0x0c70 [ DBD02E3E6F061EBBBF9B99A9D7CBA30B, 2C65C129BD1D4279B78E7EDF83F6FB398B705A56A99942F4CA61C9E52D21D25A ] C:\Windows\System32\winhttp.dll
16:01:03.0097 0x0c70 C:\Windows\System32\winhttp.dll - ok
16:01:03.0117 0x0c70 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] C:\Windows\System32\wbem\WMIsvc.dll
16:01:03.0117 0x0c70 C:\Windows\System32\wbem\WMIsvc.dll - ok
16:01:03.0137 0x0c70 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] C:\Windows\System32\WsmSvc.dll
16:01:03.0137 0x0c70 C:\Windows\System32\WsmSvc.dll - ok
16:01:03.0147 0x0c70 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] C:\Windows\System32\wlansvc.dll
16:01:03.0147 0x0c70 C:\Windows\System32\wlansvc.dll - ok
16:01:03.0167 0x0c70 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] C:\Windows\System32\wbem\WmiApSrv.exe
16:01:03.0167 0x0c70 C:\Windows\System32\wbem\WmiApSrv.exe - ok
16:01:03.0187 0x0c70 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] C:\Program Files\Windows Media Player\wmpnetwk.exe
16:01:03.0197 0x0c70 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
16:01:03.0197 0x0c70 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] C:\Windows\System32\wpcsvc.dll
16:01:03.0197 0x0c70 C:\Windows\System32\wpcsvc.dll - ok
16:01:03.0217 0x0c70 [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] C:\Windows\System32\wpdbusenum.dll
16:01:03.0217 0x0c70 C:\Windows\System32\wpdbusenum.dll - ok
16:01:03.0237 0x0c70 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:01:03.0237 0x0c70 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok
16:01:03.0257 0x0c70 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] C:\Windows\System32\wscsvc.dll
16:01:03.0257 0x0c70 C:\Windows\System32\wscsvc.dll - ok
16:01:03.0277 0x0c70 [ AED0DFF80C6B3914769407E78D7AB21A, 5B9779B163302F80A256AACBBE2E22B827EDDEC491F109C439184CBD5B343151 ] C:\Windows\System32\SearchIndexer.exe
16:01:03.0277 0x0c70 C:\Windows\System32\SearchIndexer.exe - ok
16:01:03.0287 0x0c70 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] C:\Windows\System32\wuaueng.dll
16:01:03.0287 0x0c70 C:\Windows\System32\wuaueng.dll - ok
16:01:03.0307 0x0c70 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] C:\Windows\System32\drivers\WUDFPf.sys
16:01:03.0307 0x0c70 C:\Windows\System32\drivers\WUDFPf.sys - ok
16:01:03.0317 0x0c70 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] C:\Windows\System32\WUDFSvc.dll
16:01:03.0317 0x0c70 C:\Windows\System32\WUDFSvc.dll - ok
16:01:03.0327 0x0c70 [ 8FC182167381E9915651267044105EE1, A0F0039496CA0755C07E7F249D4101D66FA64AFA5C8CE036428060AB106A1250 ] C:\Windows\System32\scecli.dll
16:01:03.0327 0x0c70 C:\Windows\System32\scecli.dll - ok
16:01:03.0347 0x0c70 [ CD08EEC61C591AF59A39F4363C567D30, 6A8413BE885A07235F59846FAD986B7A65CF009EAD78DD378114B6362DDDB371 ] C:\Windows\System32\ntmarta.dll
16:01:03.0347 0x0c70 C:\Windows\System32\ntmarta.dll - ok
16:01:03.0367 0x0c70 [ 3794B461C45882E06856F282EEF025AF, D4F79D7BC639FE86AC68961E6273836B9D7AF491773FD054395B33D317017BEB ] C:\Windows\System32\svchost.exe
16:01:03.0367 0x0c70 C:\Windows\System32\svchost.exe - ok
16:01:03.0387 0x0c70 [ 9A7F4B2EDACD11444D048AA19CBB26AF, 2CC3632D39484C959855B8A27DDED12A44765D7723CCF150E9F8B70015F1AA2E ] C:\Windows\System32\powrprof.dll
16:01:03.0387 0x0c70 C:\Windows\System32\powrprof.dll - ok
16:01:03.0397 0x0c70 [ 9243229DFCCC99B5441750EBA49F1B14, 1292D9A049F07E74F3E60068D839E9166BBC090A63972FBE5432D4818AA9DF47 ] C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
16:01:03.0397 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe - ok
16:01:03.0417 0x0c70 [ DDB9BCFF8CBF73638A15579FEC223229, A89D6AC3A25D32AEBA0A1203446A29412AC33BA942E2C0B6A056E65387D16910 ] C:\Program Files\IObit\Advanced SystemCare 6\rtl120.bpl
16:01:03.0417 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\rtl120.bpl - ok
16:01:03.0427 0x0c70 [ 69827805A221C21450BA22F4326A2EE3, 2580CEB58BE4AEF7DEB134F3AD251188CAED05BC992B4FA977CCD11BD583BE5E ] C:\Windows\System32\version.dll
16:01:03.0427 0x0c70 C:\Windows\System32\version.dll - ok
16:01:03.0447 0x0c70 [ E582816A4855914DEFFC212E12B3B744, B59C692FE8D19A2D9615D12C6026854C3467B25B3630183D766A32A9584C3115 ] C:\Windows\System32\wsock32.dll
16:01:03.0447 0x0c70 C:\Windows\System32\wsock32.dll - ok
16:01:03.0457 0x0c70 [ DC15AB7168C0309D8F04FD95B6240422, C94550429403C710A2BD26EA67AEF698522CF4826C0A4C4A7D2CBC3145AB40A6 ] C:\Windows\System32\oleacc.dll
16:01:03.0457 0x0c70 C:\Windows\System32\oleacc.dll - ok
16:01:03.0477 0x0c70 [ 8290E04F8A4D9594BFB53D520B677B8A, FD6DBD30286A28540C003796A4E30A5DFA5A6A94CDF65D2C720BDEA90124F993 ] C:\Program Files\IObit\Advanced SystemCare 6\vcl120.bpl
16:01:03.0477 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\vcl120.bpl - ok
16:01:03.0487 0x0c70 [ 2EC53B5A351C4D443896DBAD117F7E82, E158AD22F1905B41D7975E3725D7A870FB192D7258C4330DF06CD4AC02A7CFE4 ] C:\Windows\System32\msimg32.dll
16:01:03.0487 0x0c70 C:\Windows\System32\msimg32.dll - ok
16:01:03.0497 0x0c70 [ 9474AD3584430D24DA87517F9DB0CBB2, 62AF2AD461E255B2B646F7462A7F2592BC7CE2FCAC980F09B5E8AC54F3C912D0 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18879_none_88f80d1769beeaec\comctl32.dll
16:01:03.0497 0x0c70 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18879_none_88f80d1769beeaec\comctl32.dll - ok
16:01:03.0507 0x0c70 [ 5EC8FB83F31AA2D6F421F02C3F4F4475, CC325D32700AED6CEA6FA1190C04FEDA9A52DABB3E47D3923BA9BBE06A5EB556 ] C:\Windows\System32\winspool.drv
16:01:03.0507 0x0c70 C:\Windows\System32\winspool.drv - ok
16:01:03.0527 0x0c70 [ 80BD4B26E2CBC0D65445D0463DFF6FC2, 3C36ACAABF7D0EE528424599E151DC9D19A1D2D50E97CAA141E427774F11076D ] C:\Windows\System32\oledlg.dll
16:01:03.0527 0x0c70 C:\Windows\System32\oledlg.dll - ok
16:01:03.0537 0x0c70 [ E73310D7895B2889A1F2A560285A68EE, 2C04407380812F3A3E8E1DED806C03EF246B818B296DAAF277595DDA9D2D4BC1 ] C:\Program Files\IObit\Advanced SystemCare 6\sqlite3.dll
16:01:03.0537 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\sqlite3.dll - ok
16:01:03.0547 0x0c70 [ 14FF750EFE13B0C21E5A06507C3A97B1, 6962EE642FB635442D3E75CE022BAFE78FA453DD6E8E3DAC8B484C699454AF0F ] C:\Windows\System32\winmm.dll
16:01:03.0557 0x0c70 C:\Windows\System32\winmm.dll - ok
16:01:03.0567 0x0c70 [ BE3C082837866C4C291ADAF163C10EA6, 9C65ABFE6E11B05C9309B86A87ADDD3557C043D4582E1A29530EBC36D470B13D ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
16:01:03.0567 0x0c70 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok
16:01:03.0587 0x0c70 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] C:\Windows\System32\rpcss.dll
16:01:03.0587 0x0c70 C:\Windows\System32\rpcss.dll - ok
16:01:03.0597 0x0c70 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] C:\Windows\System32\drivers\luafv.sys
16:01:03.0597 0x0c70 C:\Windows\System32\drivers\luafv.sys - ok
16:01:03.0617 0x0c70 [ 62D577288B48998FC6667BF22DC5B690, 2AE9E184BA655EB56488A3DEFF1C7C37B1C99EEB821E961390FCE2EFCE6D7CBF ] C:\Windows\System32\LogonUI.exe
16:01:03.0617 0x0c70 C:\Windows\System32\LogonUI.exe - ok
16:01:03.0647 0x0c70 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] C:\Program Files\Windows Defender\MpSvc.dll
16:01:03.0647 0x0c70 C:\Program Files\Windows Defender\MpSvc.dll - ok
16:01:03.0657 0x0c70 [ 58C2521D87C494831A625202C80354AD, 6C5D9503E587904F5207E0AB470325DBEA0C32EB6693521DE669DF2D0BD935D4 ] C:\Windows\System32\authui.dll
16:01:03.0657 0x0c70 C:\Windows\System32\authui.dll - ok
16:01:03.0667 0x0c70 [ D16A740186870C32941C0E61DF4F1298, 070E994DC851F9E397CCABCB2227D3E4E096463E89BF34E3C09896BF9A08C91E ] C:\Windows\System32\wintrust.dll
16:01:03.0667 0x0c70 C:\Windows\System32\wintrust.dll - ok
16:01:03.0687 0x0c70 [ 1BD363738B672A394EBE3B8A78EAB9D3, 68D405EE3AE5A013E631892D6F4AAA8C654C2BCE30D749E9DAA3C49823006BA9 ] C:\Program Files\Windows Defender\MpClient.dll
16:01:03.0687 0x0c70 C:\Program Files\Windows Defender\MpClient.dll - ok
16:01:03.0697 0x0c70 [ 999D69DEB576C2C424294DF025891CC6, ED634C9829E87F4D016446F2E2F44B542A263F166F69EF5759BBE964A457ECBE ] C:\Windows\System32\uxtheme.dll
16:01:03.0697 0x0c70 C:\Windows\System32\uxtheme.dll - ok
16:01:03.0717 0x0c70 [ 33F571D9F4B0B4107E60323075F64980, A5C8FE2BDED4C10D0CB4F0AF26F644C95C613EF49AAA44CF1A0047532652C92A ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\GdiPlus.dll
16:01:03.0717 0x0c70 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\GdiPlus.dll - ok
16:01:03.0727 0x0c70 [ C9244BCAC83B259B920BBEE18A97BFE1, 9EA58407433F86BAAC3B4A6C334FB3BC59032FF4EB50EFA7CD639AA56D96E908 ] C:\Windows\System32\avrt.dll
16:01:03.0727 0x0c70 C:\Windows\System32\avrt.dll - ok
16:01:03.0737 0x0c70 [ 75EB73E64F5B4655D9797D20F26DE320, 4AA94D039AC5BD7D39766C4E2A4F7DFCDD46782D3B2483677D722949A7B790FC ] C:\Windows\System32\duser.dll
16:01:03.0737 0x0c70 C:\Windows\System32\duser.dll - ok
16:01:03.0757 0x0c70 [ 56B5914070B2C243DFB3D186070DA89D, 657EBC48F8AE297F76898C5417797C3542B086C40F84D32F7D76FA14893B2C08 ] C:\Windows\System32\MMDevAPI.dll
16:01:03.0757 0x0c70 C:\Windows\System32\MMDevAPI.dll - ok
16:01:03.0767 0x0c70 [ F42483814FC39170B3982A184EC5AAA2, DD8A1E7C6714DF07742EFDF6CA5AB93CDC547F56EB8C1066C56A68E83A818DD2 ] C:\Windows\System32\wtsapi32.dll
16:01:03.0767 0x0c70 C:\Windows\System32\wtsapi32.dll - ok
16:01:03.0777 0x0c70 [ 801F1E963F7EEFFDA3F9EF89DB3EF133, AD1A7A589E6484E0063CCBCE1DD6F1C9D59C9629C11D6D6F95CD19F48F2ED33B ] C:\Windows\System32\radardt.dll
16:01:03.0777 0x0c70 C:\Windows\System32\radardt.dll - ok
16:01:03.0787 0x0c70 [ A99871BA522CB2539AE275AC18CACC8F, CBE1F5B357AAE3EA03E8E0AE2E1A1DE4EDF8F35AD056DCF1DC4E413284C86FC3 ] C:\Windows\System32\cabinet.dll
16:01:03.0787 0x0c70 C:\Windows\System32\cabinet.dll - ok
16:01:03.0797 0x0c70 [ EC43D9CC95C3BB5FEFDBCF22D375E1F5, 088BF98E433F7E25889262549DC1C27FB0DF8C26905B5BF4A0F69AA3DA0995E5 ] C:\Windows\System32\adtschema.dll
16:01:03.0797 0x0c70 C:\Windows\System32\adtschema.dll - ok
16:01:03.0807 0x0c70 [ 1908CC7673F72601AFFDCA022689CEDF, 57E9F87421D7D7447F0BE5B6746D90DECFBCF82972E9A08E2F3943F6CDAE9F84 ] C:\Windows\System32\xmllite.dll
16:01:03.0807 0x0c70 C:\Windows\System32\xmllite.dll - ok
16:01:03.0817 0x0c70 [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB, 272C4175900FD4DD36E863BF6658AA1DB863C01573E0C89E354754938AA32EDF ] C:\Windows\System32\SmartcardCredentialProvider.dll
16:01:03.0817 0x0c70 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
16:01:03.0827 0x0c70 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] C:\Windows\System32\drivers\drmkaud.sys
16:01:03.0827 0x0c70 C:\Windows\System32\drivers\drmkaud.sys - ok
16:01:03.0847 0x0c70 [ 9DC3723519F52B6BC63EACD4BD411313, 7EA9EC9AD518AA9E575100E052CAC44EC2443501C4E133E9C7C70A05A171D239 ] C:\Windows\System32\rasplap.dll
16:01:03.0847 0x0c70 C:\Windows\System32\rasplap.dll - ok
16:01:03.0867 0x0c70 [ 70C6489D56008D75DEDF73226FA63C11, 7AB4C89D7A259BB7DD6F24C5CA181749C3015A06B160B91593F2F1FC1E4AEDCE ] C:\Windows\System32\dimsjob.dll
16:01:03.0867 0x0c70 C:\Windows\System32\dimsjob.dll - ok
16:01:03.0867 0x0c70 [ 3437B9E218A2E4586BEF4F7A3BD00777, 01FBFA70A741B1717430FCA58F675C2154B83907BD35D75A444C191FB2C2B1A2 ] C:\Windows\System32\audiodg.exe
16:01:03.0867 0x0c70 C:\Windows\System32\audiodg.exe - ok
16:01:03.0877 0x0c70 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] C:\Windows\System32\drivers\fltMgr.sys
16:01:03.0877 0x0c70 C:\Windows\System32\drivers\fltMgr.sys - ok
16:01:03.0897 0x0c70 [ 3CB863B78642405371CB3A71C07E2382, 571D43BBB0D0D54A7D508E9D0E70CDF5F1F3B147B4F6B15EB3D893401BB6F40F ] C:\Windows\System32\rasapi32.dll
16:01:03.0897 0x0c70 C:\Windows\System32\rasapi32.dll - ok
16:01:03.0907 0x0c70 [ 22F73612087430A94DBE912AB58E0C79, 0F6C82603B20FD118DC70040809294E6695DF9A16BFE5016DE2CFF9F07D7C215 ] C:\Windows\System32\ci.dll
16:01:03.0907 0x0c70 C:\Windows\System32\ci.dll - ok
16:01:03.0917 0x0c70 [ 3A1DDA77F331D107BA40DB06E4D666E9, 544A63148756AD0E993DD79F0656E73E23386BF0DA54394000044FD0972C838D ] C:\Windows\System32\rasman.dll
16:01:03.0917 0x0c70 C:\Windows\System32\rasman.dll - ok
16:01:03.0927 0x0c70 [ 70F08ECE7A30A639D3F0C8C433685C7D, E7B852E949D0DB9C3D63C4F49DECF9C93781142EAC6F6D66C9FC8E0027E904F4 ] C:\Windows\System32\tapi32.dll
16:01:03.0927 0x0c70 C:\Windows\System32\tapi32.dll - ok
16:01:03.0947 0x0c70 [ 3D418A22A56471295AEB1CEB9027C3DA, C1D5E63B7400E6436E348AE1D9E2B3701174856DDAACE39C00134DC89497AACF ] C:\Windows\System32\rtutils.dll
16:01:03.0947 0x0c70 C:\Windows\System32\rtutils.dll - ok
16:01:03.0947 0x0c70 [ 627920CFF5DFCF8CF54CF2D592D61307, 5339B6E9EA04AD8FCFF976E0DEBB62C1591980E50906DC0D11640EB6CD6CF183 ] C:\Windows\System32\WinSCard.dll
16:01:03.0947 0x0c70 C:\Windows\System32\WinSCard.dll - ok
16:01:03.0967 0x0c70 [ D1A84F7D4CAFCFE2A32149FF418056E5, 1BF29E5E1C541F36DEDCD0DDCCCA0F35D19E94D2655055EE2477439940BAAFF1 ] C:\Windows\System32\nlaapi.dll
16:01:03.0967 0x0c70 C:\Windows\System32\nlaapi.dll - ok
16:01:03.0977 0x0c70 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] C:\Windows\System32\gpsvc.dll
16:01:03.0977 0x0c70 C:\Windows\System32\gpsvc.dll - ok
16:01:03.0987 0x0c70 [ 57418956DDAE128D1023C508E7D07071, 94C77D511983CD139D909C3E157BA5DF579EB3D559C58CB69517B8895D591034 ] C:\Windows\System32\PSHED.DLL
16:01:03.0987 0x0c70 C:\Windows\System32\PSHED.DLL - ok
16:01:04.0007 0x0c70 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] C:\Windows\System32\es.dll
16:01:04.0007 0x0c70 C:\Windows\System32\es.dll - ok
16:01:04.0017 0x0c70 [ 12A1DF1B84FB45A00D47B2CDE2CEEBBA, 66CE19049421B34597E201843577E8299462D9338B87461FDEC477D54C04DD36 ] C:\Windows\System32\shgina.dll
16:01:04.0017 0x0c70 C:\Windows\System32\shgina.dll - ok
16:01:04.0027 0x0c70 [ 409F36C8BD06FCE184631EB4142B009A, 5DEEA3B8937B9C3DD716060819E78A1C12AD00A7D0EC8CB47823B7EE856CCFE1 ] C:\Windows\System32\atl.dll
16:01:04.0027 0x0c70 C:\Windows\System32\atl.dll - ok
16:01:04.0037 0x0c70 [ 70932D6C3D59B416CBD2BE5A3B3D4BE6, E2590A9E0343B5FE5CB68AFFB33D3DD5320002A5228B6316FC71468BABD19DC8 ] C:\Windows\System32\shacct.dll
16:01:04.0037 0x0c70 C:\Windows\System32\shacct.dll - ok
16:01:04.0047 0x0c70 [ 7DACD94118E2D8B6D72F47ADEB0367BF, 6467DE36C7DB6502AF17210148194F16BE76A9BA793105FAC763536CC14CE693 ] C:\Windows\System32\propsys.dll
16:01:04.0047 0x0c70 C:\Windows\System32\propsys.dll - ok
16:01:04.0067 0x0c70 [ A7F8BAD9590ADDC425B4003E94780DFA, 52F742BA0DF75CBD3625808FC38119C3F417A074AB65C6CC2B07610168D89CB7 ] C:\Windows\System32\drivers\spsys.sys
16:01:04.0067 0x0c70 C:\Windows\System32\drivers\spsys.sys - ok
16:01:04.0077 0x0c70 [ 6836D001FC733F205ACB80A7986CB6C9, C56ACEBA2597649BE1C5D00407C57FC8A9D5F9715491884E5DB0D58940CFEB34 ] C:\Windows\System32\WindowsCodecs.dll
16:01:04.0077 0x0c70 C:\Windows\System32\WindowsCodecs.dll - ok
16:01:04.0107 0x0c70 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] C:\Windows\System32\uxsms.dll
16:01:04.0107 0x0c70 C:\Windows\System32\uxsms.dll - ok
16:01:04.0117 0x0c70 [ D5CF1536137026ACDED95BF6CBF849F6, 1F98483A28319F06716F4EC4E1F48DE3B2DC07783D6406EED9B4DBADC9C17E65 ] C:\Windows\System32\WUDFPlatform.dll
16:01:04.0117 0x0c70 C:\Windows\System32\WUDFPlatform.dll - ok
16:01:04.0127 0x0c70 [ 8269CC01940A202BBB9FDF26705DBD67, 70DAB5CBEB5B2855784A9F6E3A52FD36C6FE18415FB01176481F85AEF5B3E67B ] C:\Windows\System32\hid.dll
16:01:04.0127 0x0c70 C:\Windows\System32\hid.dll - ok
16:01:04.0147 0x0c70 [ 7EC42EC12A4BAC14BCCA99FB06F2D125, 6C4761B6727430D11D463C2E3BD0202755BE6598F3585A2B4B8E24DBA6A2EF7B ] C:\Windows\System32\drivers\elagopro.sys
16:01:04.0147 0x0c70 C:\Windows\System32\drivers\elagopro.sys - ok
16:01:04.0157 0x0c70 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] C:\Windows\System32\drivers\lltdio.sys
16:01:04.0157 0x0c70 C:\Windows\System32\drivers\lltdio.sys - ok
16:01:04.0217 0x0c70 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] C:\Windows\System32\drivers\nwifi.sys
16:01:04.0217 0x0c70 C:\Windows\System32\drivers\nwifi.sys - ok
16:01:04.0247 0x0c70 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] C:\Windows\System32\drivers\ndisuio.sys
16:01:04.0247 0x0c70 C:\Windows\System32\drivers\ndisuio.sys - ok
16:01:04.0287 0x0c70 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] C:\Windows\System32\drivers\rspndr.sys
16:01:04.0297 0x0c70 C:\Windows\System32\drivers\rspndr.sys - ok
16:01:04.0327 0x0c70 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] C:\Windows\System32\dnsrslvr.dll
16:01:04.0327 0x0c70 C:\Windows\System32\dnsrslvr.dll - ok
16:01:04.0357 0x0c70 [ 3AB4023CBD406AC33AB8CDFF6C8079A0, BEAC47A3930E7E0A38540DAD16C934A45CD129251C621B1334715CF8FB6073CA ] C:\Windows\System32\eapphost.dll
16:01:04.0357 0x0c70 C:\Windows\System32\eapphost.dll - ok
16:01:04.0367 0x0c70 [ 3B0489DE8CC3058B48471660C60A7B75, A4EE12ACE2EB2E48E0D40A8845E3DCE8CF5A9D07EF29EE38F25A7F5BE3566919 ] C:\Windows\System32\rastls.dll
16:01:04.0367 0x0c70 C:\Windows\System32\rastls.dll - ok
16:01:04.0387 0x0c70 [ 82A79D5BE740D0AE9C91AA6DE4B3AC5A, C7E9FB7FE06626931A64846AE628655FC5469D840E42315E5E70C89810E622B3 ] C:\Windows\System32\raschap.dll
16:01:04.0387 0x0c70 C:\Windows\System32\raschap.dll - ok
16:01:04.0407 0x0c70 [ E45051C374F845EDF3DB02A35BA13193, A42F9E45F7B6733AE4FB9A10E8CEB30508CAE94AC0CFC4CDF352AC2D153A0957 ] C:\Windows\System32\umb.dll
16:01:04.0417 0x0c70 C:\Windows\System32\umb.dll - ok
16:01:04.0427 0x0c70 [ 3727F8B85E24BBDD325BFF75F029DDE3, 18772D32845D44D36A6257379942952B301CF8357B1C7A55387A4F2661CE3FBA ] C:\Windows\System32\wlanmsm.dll
16:01:04.0427 0x0c70 C:\Windows\System32\wlanmsm.dll - ok
16:01:04.0437 0x0c70 [ 4662AF853DFAD5648CE3814E7D9EF3D6, 47AF7FAA6378FC1484521465EF3258E55530ADEF880454EA523B03B302166268 ] C:\Windows\System32\wlansec.dll
16:01:04.0437 0x0c70 C:\Windows\System32\wlansec.dll - ok
16:01:04.0447 0x0c70 [ B64AC7967D6B9FB2D6152AC768A1CB88, D4F46C3DCAE8A7578102961285BB90BFE1BDE31028CC56E2CEFE0DE8FF32FB85 ] C:\Windows\System32\onex.dll
16:01:04.0447 0x0c70 C:\Windows\System32\onex.dll - ok
16:01:04.0487 0x0c70 [ 9D9FFC923FADBB575E0452EA0BBB15BD, 700A292EFEC71EDF2EF7F20D147F6E23E0FAA5BAF1D930CB96C40FC70D206D35 ] C:\Windows\System32\eappprxy.dll
16:01:04.0487 0x0c70 C:\Windows\System32\eappprxy.dll - ok
16:01:04.0497 0x0c70 [ 5D0FE613570CABE3992F7DBCD68E61D1, 68A6D6DA722E9A5120DE240194F9682ACBB485CEBDD8A6A099AE0E76359302B9 ] C:\Windows\System32\eappcfg.dll
16:01:04.0497 0x0c70 C:\Windows\System32\eappcfg.dll - ok
16:01:04.0517 0x0c70 [ 91D995A67D9447592A1BF21CBC15C628, B9C034997481150E3F6EB0EC83EA30AFE04CFF6B1273AC6EC6795C57DF853C64 ] C:\Windows\System32\wlgpclnt.dll
16:01:04.0517 0x0c70 C:\Windows\System32\wlgpclnt.dll - ok
16:01:04.0527 0x0c70 [ 19FFAD68A02AF1BF0BC336EE26CD6767, C3E6E79A1E6681CE988591F3CADB3F08E37ACAB2D8478A250D9D6881F6C716A6 ] C:\Windows\System32\l2gpstore.dll
16:01:04.0537 0x0c70 C:\Windows\System32\l2gpstore.dll - ok
16:01:04.0547 0x0c70 [ EB2170D0DDF3B2A92506AE16BC524B0B, 95E296024DC16657BA36DB72E7AB774C68A6F8029B2ACB18460FC50E44AE5DA9 ] C:\Windows\System32\wlanutil.dll
16:01:04.0547 0x0c70 C:\Windows\System32\wlanutil.dll - ok
16:01:04.0557 0x0c70 [ BE01E566D1F569AAB32D0335613E1EEA, 997B248BFBDB290206A8496722D6102903634EC0D397694569BC237A681C088F ] C:\Windows\System32\dllhost.exe
16:01:04.0557 0x0c70 C:\Windows\System32\dllhost.exe - ok
16:01:04.0567 0x0c70 [ 1DACD1530C6E58AEAE9F6DE7DA851935, 923C936B935BDCCBE7DD0D6F2921CFA5980FC15F950E29B72E649AC0B9867EB2 ] C:\Windows\System32\shimeng.dll
16:01:04.0567 0x0c70 C:\Windows\System32\shimeng.dll - ok
16:01:04.0587 0x0c70 [ 1E06779EDB55D035DD3F4A2B7432A291, 247E0A741C23D2C9CA1784CECF63211EA0D4ED924CDA866DAA6F51256230BB32 ] C:\Windows\System32\msxml6.dll
16:01:04.0587 0x0c70 C:\Windows\System32\msxml6.dll - ok
16:01:04.0607 0x0c70 [ 3CD1B69551236977918E60F9543C89A2, 75468494E37A0C0CF3F182C49A5B45C92661E2C64491418714B9F347138F8492 ] C:\Windows\System32\AtBroker.exe
16:01:04.0607 0x0c70 C:\Windows\System32\AtBroker.exe - ok
16:01:04.0617 0x0c70 [ 0E135526E9785D085BCD9AEDE6FBCBF9, 75EEA7E5AE90D857B777361A0166F9A82E354F229FD5250AF8738364E6FB45DB ] C:\Windows\System32\userinit.exe
16:01:04.0617 0x0c70 C:\Windows\System32\userinit.exe - ok
16:01:04.0637 0x0c70 [ 9B96F6952186336CC6E3D4E08BE2E0AF, B7DFB14DB60D84062B7E2A2293A4F3F5EF986108EF3C9C1E1CDC284F61981731 ] C:\Windows\System32\dwmapi.dll
16:01:04.0637 0x0c70 C:\Windows\System32\dwmapi.dll - ok
16:01:04.0647 0x0c70 [ CA0B849566776A17F35F0339BE17DFD9, 527FFE08A427703F3620DB7C44E096A7F9D0C88AD1FD8F0623815B7E7D78687A ] C:\Windows\System32\ktmw32.dll
16:01:04.0647 0x0c70 C:\Windows\System32\ktmw32.dll - ok
16:01:04.0657 0x0c70 [ D80C6539C00CB4F5D59066865479C308, 53AC27856FC65361FEA6FDF97A94ABEC530AB81113A64428E9F9F8618DCE6D4B ] C:\Windows\System32\dwmredir.dll
16:01:04.0657 0x0c70 C:\Windows\System32\dwmredir.dll - ok
16:01:04.0687 0x0c70 [ 6BC5FCEF351E4CB5A269C1E84B5A06DA, A5CAB1752E7AB7A37E1F8B943FBBDF6FACAFC228FF6D0321E61D2501D2653BB7 ] C:\Windows\System32\netcfgx.dll
16:01:04.0687 0x0c70 C:\Windows\System32\netcfgx.dll - ok
16:01:04.0717 0x0c70 [ C99403A5B641520DAED0021DDA06F272, 5E337BDA9D4899A7102F35592766F24699F41BE27A18D0EDF4902B27BE9EA0AF ] C:\Windows\System32\milcore.dll
16:01:04.0717 0x0c70 C:\Windows\System32\milcore.dll - ok
16:01:04.0737 0x0c70 [ 2A6A2C09ECC2CB495628E45F1379ECE8, 4E9232EB29AEA58C4EC5B505301F01F62EFB0C1BC5F8B5F9CE1B4C91284FD97D ] C:\Windows\System32\taskcomp.dll
16:01:04.0737 0x0c70 C:\Windows\System32\taskcomp.dll - ok
16:01:04.0747 0x0c70 [ 73FE2E5FA55088A241AA2732F5D387D6, EB8822FD08C0C85441BBE86FE55349BFE2D8297A042249B2934B44121D132CCB ] C:\Windows\System32\wiarpc.dll
16:01:04.0747 0x0c70 C:\Windows\System32\wiarpc.dll - ok
16:01:04.0757 0x0c70 [ D07D4C3038F3578FFCE1C0237F2A1253, 135DD05678C8997B45982D77298DBDD98061C9D4FE43D77866846012EB061A04 ] C:\Windows\explorer.exe
16:01:04.0757 0x0c70 C:\Windows\explorer.exe - ok
16:01:04.0767 0x0c70 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] C:\Windows\System32\drivers\http.sys
16:01:04.0767 0x0c70 C:\Windows\System32\drivers\http.sys - ok
16:01:04.0787 0x0c70 [ E79FDA8D320147FDC347C504B3487F87, 7BAF7C9828A285875BCF92EF33E1F0F5A2ED8A25289333985A9428E2913DF3CC ] C:\Windows\System32\spoolss.dll
16:01:04.0787 0x0c70 C:\Windows\System32\spoolss.dll - ok
16:01:04.0807 0x0c70 [ 8AAEEE8E59A70F37579993D118A34EE0, 9DC8618557B0D852EEA1163CF312EB68F8DF42486E4E76A74926CF99DB06AC92 ] C:\Windows\System32\d3d9.dll
16:01:04.0807 0x0c70 C:\Windows\System32\d3d9.dll - ok
16:01:04.0817 0x0c70 [ 3D50C4B10352367D5CB20ED1F50F8DA2, 03C2732F2DF18CE8CC3CB9EBF2F811A2333C96D8BBC9111F6CCE15A09D8E63E6 ] C:\Windows\System32\taskeng.exe
16:01:04.0817 0x0c70 C:\Windows\System32\taskeng.exe - ok
16:01:04.0827 0x0c70 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] C:\Windows\System32\drivers\srvnet.sys
16:01:04.0827 0x0c70 C:\Windows\System32\drivers\srvnet.sys - ok
16:01:04.0837 0x0c70 [ EE16F3E01C4A6C77383F1BBBD10AD6C2, 204BF3757B362EDBCEC29C0576B7F666D6B9422C72491F4C566B27D20F45A031 ] C:\Windows\System32\FWPUCLNT.DLL
16:01:04.0837 0x0c70 C:\Windows\System32\FWPUCLNT.DLL - ok
16:01:04.0877 0x0c70 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] C:\Windows\System32\drivers\bowser.sys
16:01:04.0877 0x0c70 C:\Windows\System32\drivers\bowser.sys - ok
16:01:04.0897 0x0c70 [ B11FDCA4410D6252964EF97F9A47DE74, 085EDBF22392265B35F0D8A73B1B5DFC0D1CEB4C3493F11361BF4CF6C2223FC5 ] C:\Windows\System32\TSChannel.dll
16:01:04.0897 0x0c70 C:\Windows\System32\TSChannel.dll - ok
16:01:04.0897 0x0c70 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] C:\Windows\System32\drivers\mpsdrv.sys
16:01:04.0897 0x0c70 C:\Windows\System32\drivers\mpsdrv.sys - ok
16:01:04.0937 0x0c70 [ 58F0BC29B0E19A8397ABD5FB8472EB7D, 642C000C27EF9BC0DFE7ADA8045C4127365ECD1BA6F0BFBD336522AAB0170A4A ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
16:01:04.0937 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe - ok
16:01:04.0987 0x0c70 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] C:\Windows\System32\MPSSVC.dll
16:01:04.0987 0x0c70 C:\Windows\System32\MPSSVC.dll - ok
16:01:04.0997 0x0c70 [ 167AC31450C0C53A01FA1491E94D7678, 951744503EF72C6D6DC49720C4E6E65DC1DBB9C8252C89FEE18B396E2ED67EA5 ] C:\Windows\System32\shdocvw.dll
16:01:04.0997 0x0c70 C:\Windows\System32\shdocvw.dll - ok
16:01:05.0017 0x0c70 [ CD6DA5770CAE9D5E6E86722E17B442E0, 9F0EE70460FFA43E869C3821F0AF6646D97E0F463A87B50B167ECAD44DF2E523 ] C:\Windows\System32\d3d8thk.dll
16:01:05.0017 0x0c70 C:\Windows\System32\d3d8thk.dll - ok
16:01:05.0027 0x0c70 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] C:\Windows\System32\drivers\mrxsmb.sys
16:01:05.0027 0x0c70 C:\Windows\System32\drivers\mrxsmb.sys - ok
16:01:05.0047 0x0c70 [ 784485B6BF7F0156D3CF64E8A91D1CE6, E0E15D6207FDB53292E48C7B09F18DE35E376EA1963FBE2D438A7724E8029786 ] C:\Windows\System32\igdumd32.dll
16:01:05.0047 0x0c70 C:\Windows\System32\igdumd32.dll - ok
16:01:05.0047 0x0c70 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] C:\Windows\System32\drivers\mrxsmb10.sys
16:01:05.0047 0x0c70 C:\Windows\System32\drivers\mrxsmb10.sys - ok
16:01:05.0067 0x0c70 [ 0745D6EAD386710110817FBEC03F5161, FF725C5361087985973BA21DF9BD37B96377CB3305B8BBA99DD3368D440CEAD1 ] C:\Windows\System32\wfapigp.dll
16:01:05.0067 0x0c70 C:\Windows\System32\wfapigp.dll - ok
16:01:05.0087 0x0c70 [ 5F1DEC3824E566457F53F24F493FEF08, 8ED9B269E5195BD11FF7ED6EBBC19FA32027AD068DF357660C9E5084922329B5 ] C:\Windows\System32\mscms.dll
16:01:05.0087 0x0c70 C:\Windows\System32\mscms.dll - ok
16:01:05.0117 0x0c70 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] C:\Windows\System32\drivers\mrxsmb20.sys
16:01:05.0117 0x0c70 C:\Windows\System32\drivers\mrxsmb20.sys - ok
16:01:05.0137 0x0c70 [ 4504819D18FAC09B6108D8728467E5B2, 46736DE57B2A0592BE1DC53B337A607C8962C305F678E5899D5734D3D4630135 ] C:\Windows\System32\browseui.dll
16:01:05.0137 0x0c70 C:\Windows\System32\browseui.dll - ok
16:01:05.0157 0x0c70 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] C:\Windows\System32\drivers\srv2.sys
16:01:05.0157 0x0c70 C:\Windows\System32\drivers\srv2.sys - ok
16:01:05.0197 0x0c70 [ 1311171CF8F6D2954441EF2A42693035, 516FFF8E8DCEE409EF525276EAEB62DB67BA63448D9ED4B53F412F70A587799C ] C:\Windows\System32\WsmRes.dll
16:01:05.0197 0x0c70 C:\Windows\System32\WsmRes.dll - ok
16:01:05.0217 0x0c70 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] C:\Windows\System32\drivers\srv.sys
16:01:05.0217 0x0c70 C:\Windows\System32\drivers\srv.sys - ok
16:01:05.0227 0x0c70 [ A324D72A06C110152E7607745F39BFA1, 7E33A108B090840FC98953358216A1D84C122D965E37B37335B0EF6152CA9FC0 ] C:\Windows\System32\netmsg.dll
16:01:05.0227 0x0c70 C:\Windows\System32\netmsg.dll - ok
16:01:05.0247 0x0c70 [ E230F3776F373F4C5E788794B53101E4, 5E1B28C8A0EC67F1EC720AC7800021288A69B4E13C5DF3603EC4FCCDBE42DAFA ] C:\Windows\System32\plasrv.exe
16:01:05.0247 0x0c70 C:\Windows\System32\plasrv.exe - ok
16:01:05.0307 0x0c70 [ 452341E471D2D961229DFE0842957272, 43C3DEEFCD27F10DCFF81D8637EBDE5050ADC3E530A5DCC459D1CFF80BFD0067 ] C:\Windows\System32\sscore.dll
16:01:05.0307 0x0c70 C:\Windows\System32\sscore.dll - ok
16:01:05.0327 0x0c70 [ D333058925CE305E39DE8D5AD2B52A46, 29E40E6DCAB4F3559B34A848AEDA34B5D436C9167565856451028DE25A529EDF ] C:\Windows\System32\clusapi.dll
16:01:05.0327 0x0c70 C:\Windows\System32\clusapi.dll - ok
16:01:05.0337 0x0c70 [ 6468C3FF6D0C7874FA8C619AF3E23B22, 2A8A01D5164453544A9DD1B850C24B82EFE6ACAABED56084B8A0388AC383802B ] C:\Windows\System32\activeds.dll
16:01:05.0337 0x0c70 C:\Windows\System32\activeds.dll - ok
16:01:05.0417 0x0c70 [ E9B9C1B98C8D6D48407E1C1203EAC659, A7B836B37935475E7D7277F9A7828E347B2EBD14958836499E5610AC5A922265 ] C:\Windows\System32\adsldpc.dll
16:01:05.0417 0x0c70 C:\Windows\System32\adsldpc.dll - ok
16:01:05.0427 0x0c70 [ 93E317D7AD783D8EAEE2E3500BFE889D, 12D3ACCBF470E025EEBD77CF3407964950DADCF6991959A97B5319A9FAE219C1 ] C:\Windows\System32\credui.dll
16:01:05.0427 0x0c70 C:\Windows\System32\credui.dll - ok
16:01:05.0477 0x0c70 [ B9F3FF52B84FD9E3CAFB29B8EE385E5B, 3944E3C0FCD8E927A8A6470D8A603C96D298695AE62831DBE6DA656C5D74EC05 ] C:\Windows\System32\resutils.dll
16:01:05.0477 0x0c70 C:\Windows\System32\resutils.dll - ok
16:01:05.0487 0x0c70 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:01:05.0487 0x0c70 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
16:01:05.0507 0x0c70 [ 14E4470BF8ACA69A85D741BA99F75F96, B9DA437B42D56FAF29EF8227A22D842A852F80D5611E114E27FC8A3864E6DEA5 ] C:\Windows\System32\EhStorShell.dll
16:01:05.0507 0x0c70 C:\Windows\System32\EhStorShell.dll - ok
16:01:05.0527 0x0c70 [ 111C47816F39A91EAAA18DA0A54E8E63, 6910253AA5DFD7E2656C65B7227E7D546648D6C55600552D79FA275D0331AA00 ] C:\Windows\System32\imageres.dll
16:01:05.0567 0x0c70 C:\Windows\System32\imageres.dll - ok
16:01:05.0577 0x0c70 [ 7A623F6B4C51F6F2BC1A31D5787FC0A7, 673A7F086251CC5CB6473BC392A7572566F58A11F4DE1B8D7B3C281A1A5AE11C ] C:\Windows\System32\uDWM.dll
16:01:05.0577 0x0c70 C:\Windows\System32\uDWM.dll - ok
16:01:05.0587 0x0c70 [ CDBE9690CF2B8409FACAD94FAC9479C9, 8E7FE1A1F3550C479FFD86A77BC9D10686D47F8727025BB891D8F4F0259354C8 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
16:01:05.0587 0x0c70 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
16:01:05.0617 0x0c70 [ 1CB677BF1DABD3BAF4F944E2C90D6C73, 099466E899BB7BA176C42DB15D0D4946DC15845CA051BDACF3BE767157AB90BD ] C:\Windows\System32\agrsmsvc.exe
16:01:05.0617 0x0c70 C:\Windows\System32\agrsmsvc.exe - ok
16:01:05.0627 0x0c70 [ A8AA9D47F971570A5162B862B80F87E8, D33A9A2B7838288E99B56B95A10E6B62E4EFF973CF7FFA0073CC2A9145C0E11D ] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
16:01:05.0627 0x0c70 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - ok
16:01:05.0637 0x0c70 [ C2DF2E3C676414D6F8C8F35F0EA46C60, 0D1BB71306D0C103A5B55A1C5CDBC7B93F72FEA24BFA1BDA5C7AEBC1D27C4362 ] C:\Windows\System32\AstSrv.exe
16:01:05.0637 0x0c70 C:\Windows\System32\AstSrv.exe - ok
16:01:05.0657 0x0c70 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] C:\Program Files\Google\Update\GoogleUpdate.exe
16:01:05.0657 0x0c70 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
16:01:05.0667 0x0c70 [ 47CCA447C98AA4258EC43C924A883A45, 98E4C1AC4CB59E361E09B5DB04A88483F807F53B7EEED32BA27E77D281D5AE4E ] C:\Windows\System32\atashost.exe
16:01:05.0667 0x0c70 C:\Windows\System32\atashost.exe - ok
16:01:05.0757 0x0c70 [ 782C8019C89920A77B1907AD3B4C8FF9, B38C1B9C022B2B2CCC860845ABC7CE2803A251477D07F1DE7B7F7AAB02376EDB ] C:\Windows\System32\HotStartUserAgent.dll
16:01:05.0757 0x0c70 C:\Windows\System32\HotStartUserAgent.dll - ok
16:01:05.0777 0x0c70 [ 57125869A7B9638A5D11DD685AA65EB4, ADDEA7198DD1586D1D4E4DC1091369BC5702CED5E4FF8A0B42A06626D8DA28D7 ] C:\Windows\System32\PlaySndSrv.dll
16:01:05.0777 0x0c70 C:\Windows\System32\PlaySndSrv.dll - ok
16:01:05.0787 0x0c70 [ 43E1054C713C48D252A1826C5E14AACA, 46B6A5011EC63F1B8DDC6A2BE013C2BBB59B81310644766C609CAAF4B9A18278 ] C:\Windows\System32\MsCtfMonitor.dll
16:01:05.0787 0x0c70 C:\Windows\System32\MsCtfMonitor.dll - ok
16:01:05.0807 0x0c70 [ 4C867B62F6100C107A3A8F5E7A10461D, 890A90A16B0ED6B2F5EE16B140C22586B2068389CAF25F630B11CAAC336D7007 ] C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl
blueskygal
2014-07-12, 02:38
16:01:05.0807 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl - ok
16:01:05.0827 0x0c70 [ C6DA42ADA0C5FC8CB05744229D632B47, 1C0FFD6B1CB0C72DF079F279E24243D2617F37D9DD5142140C3AB5AA3E4647BD ] C:\Windows\System32\msutb.dll
16:01:05.0827 0x0c70 C:\Windows\System32\msutb.dll - ok
16:01:05.0857 0x0c70 [ 77E585EDD4C7EB7AB2ACC36BC1DC32A5, 57BF4D683CA66AAC2A4B7FEDF9F7FB254860BE77E1F4A6DD2C40410783B5C113 ] C:\Program Files\Google\Update\1.3.24.15\goopdate.dll
16:01:05.0857 0x0c70 C:\Program Files\Google\Update\1.3.24.15\goopdate.dll - ok
16:01:05.0867 0x0c70 [ 293C5CCD99D332ECC94637FEDA38D1F2, A220C2F2F2C2075B724EFBD15A3F354824859AE28C3A548E76306DD6AE1FB723 ] C:\Windows\System32\TMM.dll
16:01:05.0867 0x0c70 C:\Windows\System32\TMM.dll - ok
16:01:05.0877 0x0c70 [ C82162949BBA6CC5D006C7BD008F3CF1, 635E5B5C5AF3ACECA6115DAC8E576390B258C6590EE9727DB6FA68B13FD85297 ] C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
16:01:05.0877 0x0c70 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe - ok
16:01:05.0897 0x0c70 [ 2B30E34B957EC1B1C38F30AB87BF790E, 6EA7AFCEB64AFC94B5E44410015574D16FBE5609C393F1D809F19434370F2762 ] C:\Program Files\Toshiba\ConfigFree\NDSAPI.dll
16:01:05.0897 0x0c70 C:\Program Files\Toshiba\ConfigFree\NDSAPI.dll - ok
16:01:05.0907 0x0c70 [ 9B1A6646F87ACABD82039A38C18E6B19, ECCC360606D9FB4202E2396AF818CAD5800E4575B0F9F7C92EBE48C13444CB29 ] C:\Program Files\Toshiba\ConfigFree\CFWlApi.dll
16:01:05.0907 0x0c70 C:\Program Files\Toshiba\ConfigFree\CFWlApi.dll - ok
16:01:05.0917 0x0c70 [ 17C0E094BEE5BC03CF491972F71AA6EF, 801E500A8B3C6DC7881E1C26AD3AFF4D105D5F2C8F58AFED84EF1A101F3AC10A ] C:\Windows\System32\wlanapi.dll
16:01:05.0917 0x0c70 C:\Windows\System32\wlanapi.dll - ok
16:01:05.0937 0x0c70 [ 60CAA8A76E0E101F4F42AA6598CA53F4, 9AEC03522F7B81A5574EE9B6144736B116B8F94D35C9A2AA4FAFEAE9BEF15C31 ] C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
16:01:05.0937 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe - ok
16:01:05.0937 0x0c70 [ 2A356FA2650E30E139F0476979548BF6, C11BC218A72A6978E0590FD09CC0EDD8800B497441777F2A282DAF8F14F5AB76 ] C:\Program Files\Real\RealUpgrade\realupgrade.exe
16:01:05.0937 0x0c70 C:\Program Files\Real\RealUpgrade\realupgrade.exe - ok
16:01:05.0957 0x0c70 [ BDE89AB6F15F0093A2A7861D1FC413ED, CDD703B147DD2B49FB4DD3EF8E8E97A9496782462AF8D65AC70D3075E4E0514A ] C:\Windows\System32\QAGENT.DLL
16:01:05.0957 0x0c70 C:\Windows\System32\QAGENT.DLL - ok
16:01:05.0977 0x0c70 [ 1F5AFD468EB5E09E9ED75A087529EAB5, 8204DBCC054C1E54B6065BACB78C55716681AD91759E25111B4E4797E51D0AA3 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
16:01:05.0977 0x0c70 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
16:01:05.0987 0x0c70 [ C9564CF4976E7E96B4052737AA2492B4, C3AC989C8489A23BB96400B1856F5325FFC67E844F04651EA5D61BC20A991C6D ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
16:01:05.0987 0x0c70 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
16:01:06.0017 0x0c70 [ 455727C2E04F1E967AD2DC0FEA9DB830, 8D7CE72CB34C64ED45FC0478B79DEAC5BFB9B10BC5C8C05397A40B84CFE99DEC ] C:\Program Files\Toshiba\ConfigFree\IpAdrSet.dll
16:01:06.0017 0x0c70 C:\Program Files\Toshiba\ConfigFree\IpAdrSet.dll - ok
16:01:06.0027 0x0c70 [ 769D027B977CED05658C85E698D3C5B1, AD17B98BC2E2CEA59CC603264F171098AE77F16B7E9C61080F7E2DC50EE74637 ] C:\Windows\System32\QUTIL.DLL
16:01:06.0027 0x0c70 C:\Windows\System32\QUTIL.DLL - ok
16:01:06.0047 0x0c70 [ 2DD6AF8E97F59C9D39329BBC2A81F13F, 53D9DD827F010DFC555C330296B552276E2F0DB2ECFFB9578FA92F4D4DD77945 ] C:\Windows\System32\rasdlg.dll
16:01:06.0047 0x0c70 C:\Windows\System32\rasdlg.dll - ok
16:01:06.0057 0x0c70 [ 3606CE1AC3D6A9A9CB7DB35D7F5C54EC, 220911A88EF333BAC01062CC9E83566DBC12B1564D5B58C3A8A039DFDFDB7C6C ] C:\Windows\System32\shfolder.dll
16:01:06.0057 0x0c70 C:\Windows\System32\shfolder.dll - ok
16:01:06.0067 0x0c70 [ 401DFFDBBBD3F07C747ED1AE2BB88106, 596B0CDB80274D52BD631605FD74030DF1579AD7CF8CB209CB3983FEF3675114 ] C:\Windows\System32\msi.dll
16:01:06.0067 0x0c70 C:\Windows\System32\msi.dll - ok
16:01:06.0087 0x0c70 [ D9AF104F7E21FA859EFA3C67E5522E88, F821D0A103BCEF48ABECE5EF52F5B48DE19351B196EDCD2A2B1D48DA94A83443 ] C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl
16:01:06.0087 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl - ok
16:01:06.0107 0x0c70 [ 412C0E1B515AB44F45037CD495D6A1BE, CAEC37D8D0C0CA95085A6C7458AC7634BA3454CA4E510ECB0C28AD77570CC0AC ] C:\Windows\System32\igfxTMM.dll
16:01:06.0117 0x0c70 C:\Windows\System32\igfxTMM.dll - ok
16:01:06.0127 0x0c70 [ 08578F3CA5365F896D90CE2BF97FD000, B081E6B39D69141B3AD31E127DA18756EBB68F47E649635D78D45B25EBDC2511 ] C:\Windows\System32\IconCodecService.dll
16:01:06.0127 0x0c70 C:\Windows\System32\IconCodecService.dll - ok
16:01:06.0257 0x0c70 [ 9A6A653ADF28D9D69670B48F535E6B90, 72351645184693A879CFF7FD171A182F24B7F72EA313E8D42F2744D0421FE188 ] C:\Windows\System32\runonce.exe
16:01:06.0257 0x0c70 C:\Windows\System32\runonce.exe - ok
16:01:06.0327 0x0c70 [ 4DF066ECEE5A7B20BF8B39EF4D646600, CA1859155E0187388E3C774B796A27B773C026E4D06C9193EF6B23C6990E4E8E ] C:\Windows\System32\wdmaud.drv
16:01:06.0327 0x0c70 C:\Windows\System32\wdmaud.drv - ok
16:01:06.0347 0x0c70 [ 56E315ACFB08A177B4D01E42B9044DB5, 230B5AC4EB6654C854046CD210A80929345AA5D049EFA7C329048723A3A32345 ] C:\Windows\System32\mprapi.dll
16:01:06.0347 0x0c70 C:\Windows\System32\mprapi.dll - ok
16:01:06.0367 0x0c70 [ 74F26FC01B180D4A99A168ED69C30A53, D2FD623D70340F650BFAC8C31102E1B9168FE1750C141A23ACCC1A21F9F93A94 ] C:\Windows\System32\cmd.exe
16:01:06.0367 0x0c70 C:\Windows\System32\cmd.exe - ok
16:01:06.0387 0x0c70 [ 919CC2A0476D5A6A4C935D4B88E29912, E9884E7565BAA72CEF0B805908B1B78C759074E9402CB5CC563A2F73B875DCBA ] C:\Windows\System32\ksuser.dll
16:01:06.0387 0x0c70 C:\Windows\System32\ksuser.dll - ok
16:01:06.0437 0x0c70 [ 28A09777D2D952122567A8A82F1A2C7B, 772260DF36AE85A0619C51402DE416E0C329976B724C8E9C4F8C013CBB7C7289 ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
16:01:06.0437 0x0c70 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
16:01:06.0457 0x0c70 [ 7258434974EA735725FD2D4A65C5E821, 4D4BCEEDAA3B293B599CED5777E3695C8B1A07805FE84223A72A5785CA68E6F4 ] C:\Windows\System32\AudioSes.dll
16:01:06.0457 0x0c70 C:\Windows\System32\AudioSes.dll - ok
16:01:06.0467 0x0c70 [ DFEABB7CFFFADEA4A912AB95BDC3177A, 9A93956CF826F419ACB2B3CA8809917E345ACFD43B102EAB18DB46F49859D1C7 ] C:\Windows\System32\drivers\elaunidr.sys
16:01:06.0467 0x0c70 C:\Windows\System32\drivers\elaunidr.sys - ok
16:01:06.0477 0x0c70 [ 114CF6C8F5897162DFC00A7C920DDF16, CEBD61BFB33DE3543FCBB3C52A44ABBA24AD531E9DA1CEF6C768C27E7D6C087D ] C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl
16:01:06.0477 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl - ok
16:01:06.0487 0x0c70 [ 4CFC2D1810769682E60D002AFC33B0E6, 5A7D8006429A426E7898EF8D3184016BE007619B0CF311F734A8529DE374F16F ] C:\Windows\System32\lxcjcoms.exe
16:01:06.0487 0x0c70 C:\Windows\System32\lxcjcoms.exe - ok
16:01:06.0497 0x0c70 [ 52E129522C1775DBB8CC252E7A0655C7, 5A3946551605380998FB83EBF6DC88279876F968754A0DFB9D5D91C906228E2A ] C:\Windows\System32\taskschd.dll
16:01:06.0497 0x0c70 C:\Windows\System32\taskschd.dll - ok
16:01:06.0547 0x0c70 [ E7D0F91E44D9D3B2116FA549BDCDB756, 96363C567D7BAE7F8D3DE763AF84A1DDD6F2B0B7C790FD1CC3D5D0197E64868F ] C:\Windows\System32\wdscore.dll
16:01:06.0547 0x0c70 C:\Windows\System32\wdscore.dll - ok
16:01:06.0567 0x0c70 [ DB7F4AB85298F3FE522C5512B8B0F56D, A659963B55DBF26657920B718E6598F0B64975B292BA9AB5FCFB4485B5CF9DDF ] C:\Windows\System32\AudioEng.dll
16:01:06.0567 0x0c70 C:\Windows\System32\AudioEng.dll - ok
16:01:06.0577 0x0c70 [ 17FC3EDA0162F513E858B8C8FA7FA6E0, 6A1EE9DA1AB4A038258B6343E28C6F288AAFBBF3075C88BFBADB98C763F906AC ] C:\Windows\System32\vssapi.dll
16:01:06.0587 0x0c70 C:\Windows\System32\vssapi.dll - ok
16:01:06.0667 0x0c70 [ AD48183027CAFCEBC322CB9CAC60F9B8, 08ABF5E3E8ABAFEC30C97B59711DB1094A1A7C515B161856547FEFF95397C4B6 ] C:\Windows\System32\WSDApi.dll
16:01:06.0667 0x0c70 C:\Windows\System32\WSDApi.dll - ok
16:01:06.0687 0x0c70 [ F86293D93760C70ADF4F19E66E3FA5E8, 444C1B9321D40A0EAB29BBBE72E400A47384D5ED60531441F7D0CDDFFB0244D2 ] C:\Windows\System32\httpapi.dll
16:01:06.0687 0x0c70 C:\Windows\System32\httpapi.dll - ok
16:01:06.0707 0x0c70 [ 166F004D73EA2CF4AC61800CA469458D, 7C1D83DC49505E452D7AFD843312B1B197BBB613D604BFF41FD4235B06F24EF3 ] C:\Windows\System32\msacm32.drv
16:01:06.0707 0x0c70 C:\Windows\System32\msacm32.drv - ok
16:01:06.0757 0x0c70 [ 4EDA94333BDB75B1BC0A7610BED34F00, 093FBB55253B8B4168D64DC0518D812C90D6BCFBB2DFA5A441BF339F3634FF84 ] C:\Windows\System32\fundisc.dll
16:01:06.0757 0x0c70 C:\Windows\System32\fundisc.dll - ok
16:01:06.0777 0x0c70 [ D1844AD9D6D4AE52B7C76D1610C5E22E, 27EC99FBEC994381D1F19C98B8CC352728708B109F66638A3A2C6F8F2C30961C ] C:\Windows\System32\lxcjserv.dll
16:01:06.0777 0x0c70 C:\Windows\System32\lxcjserv.dll - ok
16:01:06.0847 0x0c70 [ 1DFC366D2154EF2B381A7F2CB165C7F4, BE21632FD644AEFD6B608E7098F73705F82B65CBFD0FCE93C0AF2BF9DE02E063 ] C:\Windows\System32\diagperf.dll
16:01:06.0847 0x0c70 C:\Windows\System32\diagperf.dll - ok
16:01:06.0867 0x0c70 [ BDBB449425991154135E5ED1559927E6, C89AE8DD76EC8F669B5FFA9F8CBB4531743D3E1D8975B416EF2CB5AB35DB4EF2 ] C:\Windows\System32\msacm32.dll
16:01:06.0867 0x0c70 C:\Windows\System32\msacm32.dll - ok
16:01:06.0877 0x0c70 [ 83199EF88D691E730B80666E29F90D58, A7D3E5CA5AE7308201159A25BE59C0A90C079F88F0D588BEA7CE98BBD2838FB0 ] C:\Windows\System32\midimap.dll
16:01:06.0877 0x0c70 C:\Windows\System32\midimap.dll - ok
16:01:06.0917 0x0c70 [ D0D44370770D491E6BA472C855883422, 53DF6D40663F5FDF0C20D5561C64CC6C25876593C74F34B6275FA215BFA7CE44 ] C:\Windows\System32\msxml3.dll
16:01:06.0917 0x0c70 C:\Windows\System32\msxml3.dll - ok
16:01:06.0937 0x0c70 [ D922592AB65C5D9B88B30B4510A3464E, E6226CFD77C6DDAE5737C4CC6F8B347DF474CF8DFD93E32ABE6AE63D9AB0A586 ] C:\Windows\System32\cscapi.dll
16:01:06.0937 0x0c70 C:\Windows\System32\cscapi.dll - ok
16:01:06.0947 0x0c70 [ DC3AE9F1554DCD97F90983DDBDACD83D, 9D3B4E273FDDA77B5B8A258525FA44616C184E58CE1312B47512AAAD5915E073 ] C:\Windows\System32\vsstrace.dll
16:01:06.0947 0x0c70 C:\Windows\System32\vsstrace.dll - ok
16:01:06.0957 0x0c70 [ 4934241CD20AC87D78121352E3BA8318, DACD7A7E0A41B011AD306972876568F27CDCF064EDFF71024BC0D4B595B666A7 ] C:\Windows\System32\dbghelp.dll
16:01:06.0957 0x0c70 C:\Windows\System32\dbghelp.dll - ok
16:01:06.0967 0x0c70 [ 71B479749F0F52C4FEC726C6FFA2CE1C, ED0F1D94620696941E9633F55AC4130EFBDA3B883CA356BB34D268F4FC7F94F1 ] C:\Windows\System32\cryptnet.dll
16:01:06.0967 0x0c70 C:\Windows\System32\cryptnet.dll - ok
16:01:06.0977 0x0c70 [ EC760B0B76A4353DE49D66520EB2141F, ADBF30D100D3837C35695B1ABE3E7EB03FD6B9200B9C1C337325D9E0A3A3ACE4 ] C:\Windows\System32\SensApi.dll
16:01:06.0977 0x0c70 C:\Windows\System32\SensApi.dll - ok
16:01:07.0007 0x0c70 [ 072283EF1720E1F9694357F6E9673898, 9C3F845EA2871D0DCF18F8160142EDB8DB4A4FFC53C99A2B0FE7D51DDD70F2BE ] C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
16:01:07.0007 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl - ok
16:01:07.0097 0x0c70 [ F4D9ED6BD74AD7CC0BEC83C43A1CB76B, 18F167DEC8464AC42B9C7C2C69638D812C1C2CF867DBF3E833F4B880C26BD1D2 ] C:\Windows\System32\ncsi.dll
16:01:07.0097 0x0c70 C:\Windows\System32\ncsi.dll - ok
16:01:07.0107 0x0c70 [ 1A09CB187440993FA5E24DE1EEB7B916, DE0ABF6A3D7AD303A10E2E114EAA0E8F064EF5298270FC9548028010DBE4FFAC ] C:\Windows\System32\cfgmgr32.dll
16:01:07.0107 0x0c70 C:\Windows\System32\cfgmgr32.dll - ok
16:01:07.0157 0x0c70 [ C484BD3B4EC3B038440832FF1FD85645, EB891E888304B6F43D9DB6132DD3941A0EB4017F47CC223571927A5650A32FB0 ] C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl
16:01:07.0157 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl - ok
16:01:07.0167 0x0c70 [ 01BCD91CC2B0EFDA4890F547010750BD, 34B99B58AC2CEC8EF089C9B82D3ADEAD721B32B5F884399E8A9D2252B8AB5C02 ] C:\Windows\System32\ssdpapi.dll
16:01:07.0167 0x0c70 C:\Windows\System32\ssdpapi.dll - ok
16:01:07.0177 0x0c70 [ 4ADF36502EADF4A67101AEFB0A7C393B, 22E1D3341674876DE15CC2DE643293B250AA507C104C597F7319559470BE2307 ] C:\Windows\System32\lxcjinpa.dll
16:01:07.0177 0x0c70 C:\Windows\System32\lxcjinpa.dll - ok
16:01:07.0197 0x0c70 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] C:\Windows\System32\drivers\PEAuth.sys
16:01:07.0197 0x0c70 C:\Windows\System32\drivers\PEAuth.sys - ok
16:01:07.0207 0x0c70 [ 6306F5C04E4F18E851CCAEA5D58AEE82, 1E291DF6DBBBBA288B7515C20BAAEECBE7A2CCD03BC54FF7E12F7C6A9F369EF0 ] C:\Windows\System32\lxcjiesc.dll
16:01:07.0207 0x0c70 C:\Windows\System32\lxcjiesc.dll - ok
16:01:07.0217 0x0c70 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] C:\Windows\System32\IPSECSVC.DLL
16:01:07.0217 0x0c70 C:\Windows\System32\IPSECSVC.DLL - ok
16:01:07.0237 0x0c70 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
16:01:07.0237 0x0c70 C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe - ok
16:01:07.0247 0x0c70 [ F58732600FC92413A8B2451FEC5B2FC9, 5869D4CC5A740AE0B2F12E3021433C06A0EC26F1AC7F491C174A6E27B88433CA ] C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl
16:01:07.0247 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl - ok
16:01:07.0257 0x0c70 [ B653A9F6AF36466E2B839C91DA64F16F, 2D4B9C7E1A14EAD7A4CD77116F659852DE520D5AB8AE6BA844201284C2D90606 ] C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl
16:01:07.0257 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl - ok
16:01:07.0277 0x0c70 [ 42608AE9AF2641EE473A1797C25CFFC2, 64FCAEDFAE7B530522A630BD41880180C3B5D78924DF80DC54862A0D666EBA5F ] C:\Windows\System32\FwRemoteSvr.dll
16:01:07.0277 0x0c70 C:\Windows\System32\FwRemoteSvr.dll - ok
16:01:07.0297 0x0c70 [ 06C878A8527BC5829C87AFE85E0605C2, F49672141D288CFED05A3E9E9829980108B1CDDB2612C64524DFB4CDBC47A5D3 ] C:\Windows\System32\lxcjusb1.dll
16:01:07.0297 0x0c70 C:\Windows\System32\lxcjusb1.dll - ok
16:01:07.0317 0x0c70 [ 0E37FBFA79D349D672456923EC5FBBE3, 8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18 ] C:\Windows\System32\msvcr100.dll
16:01:07.0317 0x0c70 C:\Windows\System32\msvcr100.dll - ok
16:01:07.0327 0x0c70 [ 93F66FAEA8BF047D4242AC85AADA403D, EAC5EA048B255EA255E120FD8FCF6BC682843E08A57838FB731050A7B9B9EDCC ] C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
16:01:07.0327 0x0c70 C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys - ok
16:01:07.0337 0x0c70 [ 3C74D9FDB1D9831EC932E89F3D874F00, 193577197D2EE5E91A282B8DF945A1A5459C4D44F8C93F7FD5D67801BEEF988B ] C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
16:01:07.0337 0x0c70 C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys - ok
16:01:07.0347 0x0c70 [ ADBDF381754191B3BE14EA7771ACD29B, A672CF6FD8589CF54D6905B82CF1C861C618C3065571BD7C8416309A7C9F1737 ] C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
16:01:07.0347 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl - ok
16:01:07.0367 0x0c70 [ 11D94599270AA1603F75CB5ACBBD266F, 950746109BD7AA5BCF2F4320F40CFD268B34CB3DBE6073616B75A5254FE00469 ] C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
16:01:07.0367 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe - ok
16:01:07.0387 0x0c70 [ AD2C67A381CC7148BB98A66BB04DDF5B, 5AD11D1B1B3E60B79755630712FA70157E3240F09355A6EF9523845E1934251D ] C:\Windows\System32\ieframe.dll
16:01:07.0387 0x0c70 C:\Windows\System32\ieframe.dll - ok
16:01:07.0397 0x0c70 [ 8838B1D35DA190061890A8FED8596EAE, 1975C044E5422DD5164CB0152AA28BF7F1FFBCD6116952306F2634B9716A99A4 ] C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl
16:01:07.0397 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl - ok
16:01:07.0407 0x0c70 [ 1A188C66E4C52BA5B8A9A5F24FFA2E02, 7F4C48DADC5C08221A734E2651DDD98811C45BC74C420C26EC24D1B17C89DD16 ] C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
16:01:07.0407 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl - ok
16:01:07.0427 0x0c70 [ 5422CB64444C33F029483552A8FACE37, D7DE9BF855EA616F066C7FB681FF60C0784AF66C6F6A48706E1A6993B3F7F4BC ] C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl
16:01:07.0427 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl - ok
16:01:07.0437 0x0c70 [ 4AA01BD5CC7DA9888AF33C5FAB5BF1DD, 84065A4C02345363874664D92BDE0F0A04DBD93A444D68929CB2624A659360EF ] C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl
16:01:07.0437 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl - ok
16:01:07.0447 0x0c70 [ 4A0C434F611E058B78FFBC9B89C679C4, EAD82E564F2996D1ABD28BCCEDD35F5EF642CDCCBEB391869282D10EE278C2EF ] C:\Program Files\IObit\Advanced SystemCare 6\taskmgr.dll
16:01:07.0447 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\taskmgr.dll - ok
16:01:07.0467 0x0c70 [ 1CB3C50832603B742F9D068D3508DDEE, 22487D3213A8416B31B93E7383ECF636D26A6EE4480FC0ABC7D2E1D0D0C3C1EA ] C:\Windows\System32\lxcjhbn3.dll
16:01:07.0467 0x0c70 C:\Windows\System32\lxcjhbn3.dll - ok
16:01:07.0477 0x0c70 [ D09E0F39C136E43F67AA36B27FCA5E08, AA64A66D7F0FCCDFD8633F57E14271F5B69BB7A79040A9DE2D5E9B41DD241163 ] C:\Windows\System32\lxcjhcp.dll
16:01:07.0477 0x0c70 C:\Windows\System32\lxcjhcp.dll - ok
16:01:07.0487 0x0c70 [ BC83108B18756547013ED443B8CDB31B, B2AD109C15EAA92079582787B7772BA0A2F034F7D075907FF87028DF0EAEA671 ] C:\Windows\System32\msvcp100.dll
16:01:07.0487 0x0c70 C:\Windows\System32\msvcp100.dll - ok
16:01:07.0507 0x0c70 [ C411C80F90D6732380352B98B37BBD53, FC5A45F208072249CAA1CA9A602FEBAD24A87166628275AC15FE37B7EEF00A40 ] C:\Windows\System32\winrnr.dll
16:01:07.0507 0x0c70 C:\Windows\System32\winrnr.dll - ok
16:01:07.0517 0x0c70 [ 14361FB2FD630988816A4F46AEAF0684, 62444B8B9CF07B281966DD9D22811B67B0F721DE199BCE07C2D3405EAED6B570 ] C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
16:01:07.0517 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll - ok
16:01:07.0537 0x0c70 [ 7BA5B7DEDE25D44F3E664D5BA067E3CD, 57FEAE599516C86666DDF0F7D9C7368E516D3E73A5CCBC1C667F97916B9FF55A ] C:\Program Files\Internet Explorer\iexplore.exe
16:01:07.0537 0x0c70 C:\Program Files\Internet Explorer\iexplore.exe - ok
16:01:07.0547 0x0c70 [ 397D14958D6C9C2B365469A857B2AC4E, 1465D7DC50A27A2C75FFC477E8A453B0884D1E298F804233483B63A47634B7EA ] C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
16:01:07.0547 0x0c70 C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe - ok
16:01:07.0557 0x0c70 [ A944A73CEC5921B871542FE5CC5E03E4, CBFAA80631A6A332697494160A7453645478AC535DCF5F72F75C27D3F325CE88 ] C:\Windows\System32\olepro32.dll
16:01:07.0557 0x0c70 C:\Windows\System32\olepro32.dll - ok
16:01:07.0567 0x0c70 [ BA7CC0D3170EB03FA610BA8EA3A01E9D, F23CA5918040C300F5F32D7CFAA8604C8A62EF4E090AAD0E27C7F8161DD656C5 ] C:\Windows\System32\jsproxy.dll
16:01:07.0567 0x0c70 C:\Windows\System32\jsproxy.dll - ok
16:01:07.0577 0x0c70 [ 31C364E11F4F37160AF8716861BB5039, 4269921230F38BEC5FA36BDF4EC0730EB8B77425DDD435A3596744D7E2234D27 ] C:\Program Files\IObit\Advanced SystemCare 6\datastate.dll
16:01:07.0577 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\datastate.dll - ok
16:01:07.0597 0x0c70 [ D21AB32F16E8DE67D45E5A383B5E52BA, 29870BFD4337A80BE9C96897C59CBBF412971EE67CB65BA9C0622CAD90FA3CB5 ] C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll
16:01:07.0597 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll - ok
16:01:07.0597 0x0c70 [ 9B375BB63F99B113C065A5DB4E632E23, 842627E881B8E4D32CBACFD1C13A640603C2709CAFAFB9AF2A5A2AFD0BB569DE ] C:\Program Files\Spybot - Search & Destroy 2\av\scan.dll
16:01:07.0597 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\av\scan.dll - ok
16:01:07.0617 0x0c70 [ B009D6171147BE129636A49C4178E487, DBAA8C7FDD8F6A55AE10F9E1537CE71283A34920BFAD5CD386BA3EC05C1F4E76 ] C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll
16:01:07.0617 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll - ok
16:01:07.0627 0x0c70 [ 91A7D4B3CCE541505F783707E4FF2E13, 0B4E678FB80A36755293DF3334705A35CBCC1E939D2836CC18DF794B0CB6053D ] C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll
16:01:07.0627 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll - ok
16:01:07.0637 0x0c70 [ E0564E0B6D729D7D25B3C3F71CEDEC21, A8D1214580389912C70A40AE271BB2BB10EFD936310C16952AA4586C1180C642 ] C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
16:01:07.0647 0x0c70 C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
16:01:07.0657 0x0c70 [ B7363143940197BD9F16FD957B4F8131, 4786BEE09944F4C148A1A3DE3567CBAC72B3A0AD50638C44A62AA4FD7A0A26DE ] C:\Windows\System32\mshtml.dll
16:01:07.0657 0x0c70 C:\Windows\System32\mshtml.dll - ok
16:01:07.0667 0x0c70 [ BC8E5F6AAF447364A6F6A00D3F8FAF29, 72BE1F1F7B6D31F3E98324BBABB49FAC21689A86DC90DB41706000ED56D81C05 ] C:\Windows\System32\srclient.dll
16:01:07.0667 0x0c70 C:\Windows\System32\srclient.dll - ok
16:01:07.0677 0x0c70 [ 43AEF7355D24090CA7C24C83846BD981, 9F7B568C5B1478168B6E3D566B47CD96349575BF9DD854294B3F7E3C40FE0146 ] C:\Windows\System32\spp.dll
16:01:07.0677 0x0c70 C:\Windows\System32\spp.dll - ok
16:01:07.0697 0x0c70 [ D40E7B5FBB8E0EAA7C5C294389AF95AB, 8EFD521DF1F335AF416DEC15D5C0C6538903803AA1A8ED93AA704B384A29876B ] C:\Users\Colleen\AppData\Local\Temp\{924C70D2-1712-450D-999A-DDC2EB101BB8}.exe
16:01:07.0697 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{924C70D2-1712-450D-999A-DDC2EB101BB8}.exe - ok
16:01:07.0707 0x0c70 [ 2D5871BA7E1F5C044E35D3934F273429, 0A6B9E320241C41E9F06A0EB6F8259A511EA5EEECAA4B00B9B55D1D13A93EE91 ] C:\Program Files\Spybot - Search & Destroy 2\SDLicense.dll
16:01:07.0707 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDLicense.dll - ok
16:01:07.0717 0x0c70 [ 5CAAE5333EF36DB4A8D294418AB37E80, 0FAC92CDED62CEFDD44B3DC714FC3A453FEAAF44653F3AB75FB5A093A1DA71E9 ] C:\Windows\System32\p2pcollab.dll
16:01:07.0717 0x0c70 C:\Windows\System32\p2pcollab.dll - ok
16:01:07.0727 0x0c70 [ 0DE5BA4CEFB5BC123C45B974A182557D, 65D7ABCD2DC3A18351AF87A57D666C588F31BAD2A1A90BD9BEC41482D1B826C6 ] C:\Program Files\IObit\Advanced SystemCare 6\webres.dll
16:01:07.0727 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\webres.dll - ok
16:01:07.0737 0x0c70 [ EE9D715AF1B928982F417238B9914484, 89A55A54F4513ECA86DF9442E752F0642D73018B2D5D9F05590789AB1F98B4D0 ] C:\Windows\System32\ieapfltr.dll
16:01:07.0737 0x0c70 C:\Windows\System32\ieapfltr.dll - ok
16:01:07.0747 0x0c70 [ 0740D38A057081D172A5E155468D6F74, 6807DB85B83509EC8B95186CB7BAA12FC9CD93116139021188F2494AE37F3118 ] C:\Program Files\Spybot - Search & Destroy 2\SDLists.dll
16:01:07.0747 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDLists.dll - ok
16:01:07.0757 0x0c70 [ 22DC784B32BEE306A99F50D6DC2460BC, 5144BDCEAFC593817545869E82A7D78104F310A8B0188E0EC49648F929F6E1C2 ] C:\Windows\System32\esent.dll
16:01:07.0757 0x0c70 C:\Windows\System32\esent.dll - ok
16:01:07.0767 0x0c70 [ AC6B8F8058EE27932F9AF8A2D959D201, 64DA78BC39DFECCB74584BB795155EF13BE8A0F35C245FA967F38AC633FDD195 ] C:\Windows\System32\msimtf.dll
16:01:07.0767 0x0c70 C:\Windows\System32\msimtf.dll - ok
16:01:07.0777 0x0c70 [ 35AAE2E841AA1A949775168E119482C9, 2457985F6113E565DCEBE58A14C644EAE1397CDB50393C03A2A94F279C053D93 ] C:\Windows\System32\msls31.dll
16:01:07.0777 0x0c70 C:\Windows\System32\msls31.dll - ok
16:01:07.0787 0x0c70 [ E828C391BB999BD85C15DA20B51CDF9C, D6133176C868FEEA16169B4EBFF08A382650844726D21D78577E48C89BC35DD3 ] C:\Windows\System32\d2d1.dll
16:01:07.0787 0x0c70 C:\Windows\System32\d2d1.dll - ok
16:01:07.0797 0x0c70 [ 9BD443B52350D2784544B637F103EBCF, 5E776B7D469A4E7D4CCFD1B0A9340CC4BDDEA10561CFD829D96CD8E30EBCF241 ] C:\Windows\System32\DWrite.dll
16:01:07.0797 0x0c70 C:\Windows\System32\DWrite.dll - ok
16:01:07.0817 0x0c70 [ A7D525E5C0D91C8C1D84C6BCD25AD77D, BD3D51E302587E33901E5995367B6227743D2385F1420E12C712A62063150318 ] C:\Windows\System32\rasadhlp.dll
16:01:07.0817 0x0c70 C:\Windows\System32\rasadhlp.dll - ok
16:01:07.0827 0x0c70 [ 2D90310ED56ED2D6D3735BA8A0A1F1F2, 1CA50A326BC295E7CA3844248D3F7EB131D2AF297E5066B3729BA251DBFF6046 ] C:\Program Files\IObit\Advanced SystemCare 6\AutoSweep.exe
16:01:07.0827 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\AutoSweep.exe - ok
16:01:07.0837 0x0c70 [ 3F33D9CB732275D87D5E583CF87A6D3A, 9C2CB8909067517FECDE3CF69C01036AF2BC0A3D9BCFE000A361BBFCE22FCB13 ] C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
16:01:07.0847 0x0c70 C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll - ok
16:01:07.0867 0x0c70 [ 73FD66B14D3C4252F7A524B8836A4359, 04656A6290E9DFE79FCCD427FC4BBCF65E5C6B9525953D780FF42966C93468CF ] C:\Windows\System32\mstask.dll
16:01:07.0867 0x0c70 C:\Windows\System32\mstask.dll - ok
16:01:07.0887 0x0c70 [ 6B01DAD4CB6B2BB507A268DD0DFEF04F, 371311A551B89A6051BF46E97A59EC519C0C4132FBD37A20AD27ED315A887CAC ] C:\Windows\System32\igfxdev.dll
16:01:07.0887 0x0c70 C:\Windows\System32\igfxdev.dll - ok
16:01:07.0907 0x0c70 [ C6FD3425B1ADD739B95DC4D661FF4DD3, 310C99B78305F9A0E33C7108477734D81DD9F7AA3C6FB6B735FD19CE939EDB10 ] C:\Windows\System32\PresentationSettings.exe
16:01:07.0907 0x0c70 C:\Windows\System32\PresentationSettings.exe - ok
16:01:07.0927 0x0c70 [ D91D8344E73283999777083BF17D54E2, 018F500DD49A192617E57998A2E9833C5C9EB72A2B186AF25B5CB91329B1E267 ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
16:01:07.0927 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe - ok
16:01:07.0937 0x0c70 [ F4E1AA5D59C849A4AB47E895DC76B9C8, 0C93E63372D619393D9DDD3EFCA2317A6652276A9FDE0530CD2A06135EE6B46D ] C:\Windows\System32\sfc.dll
16:01:07.0937 0x0c70 C:\Windows\System32\sfc.dll - ok
16:01:07.0957 0x0c70 [ 12BCF4DAD8E5A1B3D5FA7AB4A79DA105, 613F0D184E08CBE1FFEEB8F845ADCA79577FB3CF59EA1FEE6B2346D9930763AB ] C:\Windows\System32\sfc_os.dll
16:01:07.0957 0x0c70 C:\Windows\System32\sfc_os.dll - ok
16:01:07.0967 0x0c70 [ C0B8B96D018849FD8CCF15FED84E8782, E107AA4ADE150DC309C39BBF47292E7A7F8DD439FAB30791676BC8A1133B9AFD ] C:\Windows\System32\ie4uinit.exe
16:01:07.0967 0x0c70 C:\Windows\System32\ie4uinit.exe - ok
16:01:07.0977 0x0c70 [ F0FEFB0B5D25A75D478A4317139D937E, CB6EB2891130A410A80F6A1BF0CAC66C429DB7D4ADD0D8484CA4F83D17856441 ] C:\Windows\System32\iedkcs32.dll
16:01:07.0977 0x0c70 C:\Windows\System32\iedkcs32.dll - ok
16:01:07.0987 0x0c70 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] C:\Windows\System32\drivers\secdrv.sys
16:01:07.0997 0x0c70 C:\Windows\System32\drivers\secdrv.sys - ok
16:01:08.0007 0x0c70 [ 4B19A9A4191353007E9819A832B81186, 02B78FB11F80763CCB0E30E383247BD76FAC8A25DEE4971E8958EF19A08A719A ] C:\Windows\System32\timedate.cpl
16:01:08.0007 0x0c70 C:\Windows\System32\timedate.cpl - ok
16:01:08.0017 0x0c70 [ 1D244DB37B89D84A5DD46C0FFD41D733, B66AB3BEF4C1B26578FFCAD74FAF95E3069C6BC3F933FF318F96E4CDCC3A4285 ] C:\Program Files\Fighters\SPAMfighter\sfus.exe
16:01:08.0017 0x0c70 C:\Program Files\Fighters\SPAMfighter\sfus.exe - ok
16:01:08.0037 0x0c70 [ 428FF21418ADCD6FAD6189CD9520A67B, E9021A9B74AC6C4F7317704DF6A66B1A5C3D05DD2535989942005D638340010D ] C:\Windows\System32\wiatrace.dll
16:01:08.0037 0x0c70 C:\Windows\System32\wiatrace.dll - ok
16:01:08.0047 0x0c70 [ 4DBA143F06BAD1DF935CB9603140CF2A, DE2D3A13993046CCC7691C9614702DCBC43C788282A2B722A8F3F4829281BC1A ] C:\Windows\System32\wsdchngr.dll
16:01:08.0047 0x0c70 C:\Windows\System32\wsdchngr.dll - ok
16:01:08.0057 0x0c70 [ 64421ADAEE91E036A0799E3B82526BAD, AE4D9C280DB0AB0CAAD0BFD07B1596E379E37DA249E122F02AC5FFB3979B5083 ] C:\Program Files\Fighters\FighterSuiteService.exe
16:01:08.0057 0x0c70 C:\Program Files\Fighters\FighterSuiteService.exe - ok
16:01:08.0067 0x0c70 [ 8D78BA30DB4AE040A52EDEE725782715, 15099FC7A90B2E8D718D46E02D56026D56B3F043124C3455E79B7B44A027DD11 ] C:\Windows\System32\actxprxy.dll
16:01:08.0067 0x0c70 C:\Windows\System32\actxprxy.dll - ok
16:01:08.0077 0x0c70 [ 2AC2716E2083A949437CEDB2B6A2E89A, 53713692E86BF76053EA22C71742B977B8B9CA2690A87871DC48F874E3D0BF85 ] C:\PROGRA~1\WI4EB4~1\wmpband.dll
16:01:08.0077 0x0c70 C:\PROGRA~1\WI4EB4~1\wmpband.dll - ok
16:01:08.0097 0x0c70 [ B5A9AE7B79C331569A4DB12F109E1F47, EB5DEBE263629B9FD148A23CE6879DFD3AEF5AD304A170D519246CE7A10760AC ] C:\Program Files\Fighters\MachineIdGateway.dll
16:01:08.0097 0x0c70 C:\Program Files\Fighters\MachineIdGateway.dll - ok
blueskygal
2014-07-12, 02:39
16:01:08.0097 0x0c70 [ B0CBCE737573C9B02780063B342D0780, 45EC2337677E03AA5F8E8B6F0AC11D3048E976C2C2C1E2DFBD7A8A2EADE2B7FF ] C:\Windows\System32\HPWia2_DJ3510.dll
16:01:08.0107 0x0c70 C:\Windows\System32\HPWia2_DJ3510.dll - ok
16:01:08.0117 0x0c70 [ FF41E1AC301F51E16F61AD7C0F45467C, 8E8F7C932C4A6EE239BC6F48D064C55872ED309C8F77263159729D0C2EC675DA ] C:\Windows\System32\msshsq.dll
16:01:08.0117 0x0c70 C:\Windows\System32\msshsq.dll - ok
16:01:08.0167 0x0c70 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{06DE4B0E-281A-4C6C-AA7F-BA6655394588}.tmp
16:01:08.0167 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{06DE4B0E-281A-4C6C-AA7F-BA6655394588}.tmp - ok
16:01:08.0207 0x0c70 [ 7330D477B7496CB42BF11EFF2D374C6A, 080AAE6294358A96BE5EE0D16F5631354DF5FB8E313A51C486876739423AC5CF ] C:\Toshiba\IVP\swupdate\swupdtmr.exe
16:01:08.0207 0x0c70 C:\Toshiba\IVP\swupdate\swupdtmr.exe - ok
16:01:08.0217 0x0c70 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{7809B66D-A751-42C6-BCF4-19FF537A0CA2}.tmp
16:01:08.0217 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{7809B66D-A751-42C6-BCF4-19FF537A0CA2}.tmp - ok
16:01:08.0227 0x0c70 [ 1CE4A2790EB4A96F4ED1E4264866AFE6, EA079AABE19E4E15674AB6EC0B92EFBB382CEDE1D43CFF8A118127F7FF891FDA ] C:\Windows\System32\NaturalLanguage6.dll
16:01:08.0227 0x0c70 C:\Windows\System32\NaturalLanguage6.dll - ok
16:01:08.0237 0x0c70 [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{F21F7968-1A6E-42FE-8F34-ECA1D02E36A8}.tmp
16:01:08.0237 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{F21F7968-1A6E-42FE-8F34-ECA1D02E36A8}.tmp - ok
16:01:08.0247 0x0c70 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] C:\Windows\System32\drivers\tcpipreg.sys
16:01:08.0247 0x0c70 C:\Windows\System32\drivers\tcpipreg.sys - ok
16:01:08.0267 0x0c70 [ D540858E65BFA6FDED41AD2495ECE344, DB85A860F4C07D1370F34AA7F39FAE5DF7E47C1BE65B4D39954FC37CA703A199 ] C:\Windows\System32\TODDSrv.exe
16:01:08.0267 0x0c70 C:\Windows\System32\TODDSrv.exe - ok
16:01:08.0307 0x0c70 [ 351FA1DF82CFFDEDA801604246E63E95, AD030032C0C4C0E2A8EEDA3E45338BE7DFD75AED330EBC266183C49687E7A3D0 ] C:\Windows\System32\icaapi.dll
16:01:08.0307 0x0c70 C:\Windows\System32\icaapi.dll - ok
16:01:08.0307 0x0c70 [ 5057B4B8A5C53812033911ED55D39180, E56C1350E3AD48D6EB8AC6242C5A35A538216E3C7BB9298DCF1445253F90CD6A ] C:\Windows\System32\HPScanTRDrv_DJ3510.dll
16:01:08.0307 0x0c70 C:\Windows\System32\HPScanTRDrv_DJ3510.dll - ok
16:01:08.0347 0x0c70 [ 3EDF206DA2B97519B8448ADDFCC098FF, D10D4072B4A408B851ECD3FDF5719E71092D3C2416742AFD2EC2C6E9E8E48A91 ] C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
16:01:08.0347 0x0c70 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe - ok
16:01:08.0347 0x0c70 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{EB3DCA6E-B66F-421E-92FE-D31E8D1921B2}.tmp
16:01:08.0347 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{EB3DCA6E-B66F-421E-92FE-D31E8D1921B2}.tmp - ok
16:01:08.0377 0x0c70 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{D10000A7-2905-4AF1-95B7-7EB6AB37EC70}.tmp
16:01:08.0377 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{D10000A7-2905-4AF1-95B7-7EB6AB37EC70}.tmp - ok
16:01:08.0407 0x0c70 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{BEC570DB-AAAC-4A4E-B9C7-003051411CB0}.tmp
16:01:08.0407 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{BEC570DB-AAAC-4A4E-B9C7-003051411CB0}.tmp - ok
16:01:08.0417 0x0c70 [ AA111488C03C58A2BF66509ABB4FDE60, E7E0E3305DB8ECE1E4312D8C664BE0C25B62236C97ABB19ABF5B4FD1E75C83E2 ] C:\Windows\System32\NlsData0009.dll
16:01:08.0417 0x0c70 C:\Windows\System32\NlsData0009.dll - ok
16:01:08.0467 0x0c70 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{6F46873D-7665-4796-8C04-B192BB7F4A17}.tmp
16:01:08.0467 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{6F46873D-7665-4796-8C04-B192BB7F4A17}.tmp - ok
16:01:08.0487 0x0c70 [ 07A607CFB27D195210EAE03B0DC6BD03, 1B71D5DC7A63F72BE90EA4FD76FBC07BEDED4D80E052A2A97EF5FB25FFC9C9C0 ] C:\Program Files\Toshiba\Power Saver\TPwrReg.dll
16:01:08.0487 0x0c70 C:\Program Files\Toshiba\Power Saver\TPwrReg.dll - ok
16:01:08.0507 0x0c70 [ 4B09541D884E5923C1943D5357026BD8, E68FD5BD4C10570600652226E1FF611A883A485BC603DCDE93EB79ACE6715623 ] C:\Program Files\Toshiba\Power Saver\TPwrFunc.dll
16:01:08.0507 0x0c70 C:\Program Files\Toshiba\Power Saver\TPwrFunc.dll - ok
16:01:08.0527 0x0c70 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{FFEA6F22-36C7-41EA-B6F3-FC9D70CDBAA5}.tmp
16:01:08.0527 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{FFEA6F22-36C7-41EA-B6F3-FC9D70CDBAA5}.tmp - ok
16:01:08.0537 0x0c70 [ 76148C3159718B701252F87B067904A6, 90DDCF15A9A447D00213CAFF9FEF24720703EB5398388126DA8F58AFE7DF09BE ] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
16:01:08.0537 0x0c70 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe - ok
16:01:08.0547 0x0c70 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{4EFC2C7C-2100-4A1E-8384-F4A938567AC8}.tmp
16:01:08.0547 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{4EFC2C7C-2100-4A1E-8384-F4A938567AC8}.tmp - ok
16:01:08.0557 0x0c70 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{044B2B15-5A75-4E50-B51E-EF5579CCDB39}.tmp
16:01:08.0557 0x0c70 C:\Users\Colleen\AppData\Local\Temp\{A1E6B2C5-F00E-4918-BB4B-5167F60524D4}\{044B2B15-5A75-4E50-B51E-EF5579CCDB39}.tmp - ok
16:01:08.0617 0x0c70 [ 332D341D92B933600D41953B08360DFB, 213A5C84ABB0D627C05B355084A26A5081645D4EC398FF19EF6BBCB690B10055 ] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
16:01:08.0617 0x0c70 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe - ok
16:01:08.0627 0x0c70 [ 74B8C2EA72D43727142D12397D5A49F9, 37E8858211D7BF9DE90CBD22863B18A939C43BA64CAD06229E994A417BD46B0D ] C:\Windows\System32\wbemcomn.dll
16:01:08.0627 0x0c70 C:\Windows\System32\wbemcomn.dll - ok
16:01:08.0637 0x0c70 [ DEB9D08750423069647C3A066CEC7A1B, 5570DF2EFB4D3B6BD2F8839F8FDB89C107424F9C3113238A34F3384285AB940F ] C:\Windows\System32\tquery.dll
16:01:08.0637 0x0c70 C:\Windows\System32\tquery.dll - ok
16:01:08.0657 0x0c70 [ 1F18B9EA1BBFF033413414C3BEA13AD6, EC549203DD16A70F3275500CF1754198FDD4F619A0EC973FF8D4A9934DAACE6B ] C:\Windows\System32\wbem\WinMgmtR.dll
16:01:08.0657 0x0c70 C:\Windows\System32\wbem\WinMgmtR.dll - ok
16:01:08.0667 0x0c70 [ 218B73EA8341EA9FDF018D43052E790A, 35696A2107490EB6E81A442CBE0F3DE36DBED103A0A18677F2686DB2A157FE3C ] C:\Windows\System32\mssrch.dll
16:01:08.0667 0x0c70 C:\Windows\System32\mssrch.dll - ok
16:01:08.0677 0x0c70 [ AAB5FEAABF4CB6F76D794203831C8D94, 2E773665AEC22EAE334F4123F1B1D183790FA165E54C126246E32B8DAB4CD67F ] C:\Windows\System32\msidle.dll
16:01:08.0677 0x0c70 C:\Windows\System32\msidle.dll - ok
16:01:08.0697 0x0c70 [ 30F0DC266B46118E9FBCF5B2A30EB1DB, 72C59BBD1590EAD91D92C07B3434BE308639CE773E8A2E72751E5396B4B10BA5 ] C:\Windows\System32\wbem\wbemprox.dll
16:01:08.0697 0x0c70 C:\Windows\System32\wbem\wbemprox.dll - ok
16:01:08.0767 0x0c70 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] C:\Windows\System32\netprofm.dll
16:01:08.0767 0x0c70 C:\Windows\System32\netprofm.dll - ok
16:01:08.0767 0x0c70 [ 8629B71343F61E1140243581C63BC0C7, DF03E90AC77E2559294385B8502AF8F6BAF5B2B40BE843F1AD50CD5848538F0D ] C:\Windows\System32\NlsLexicons0009.dll
16:01:08.0767 0x0c70 C:\Windows\System32\NlsLexicons0009.dll - ok
16:01:08.0797 0x0c70 [ BF7E4D6F60A6D9E866432855C6F8C262, 6E99AA4BD3867867C6DE1B37F0EA8A1332190D23CD72752889B7A5C90DDC610F ] C:\Windows\System32\sqmapi.dll
16:01:08.0797 0x0c70 C:\Windows\System32\sqmapi.dll - ok
16:01:08.0817 0x0c70 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D, 15A579FDE0288BC732DF0C092A8269159D4D7B8AAC13E78B1D444899EE1CE478 ] C:\Windows\System32\riched20.dll
16:01:08.0817 0x0c70 C:\Windows\System32\riched20.dll - ok
16:01:08.0847 0x0c70 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
16:01:08.0847 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe - ok
16:01:08.0867 0x0c70 [ B458B58F7BB97C48D01AC3CF5805AAAC, C72F88E1CF47B3645177E8CC78E3AE3D098E6401EF7EF598E4C02F75A466B78C ] C:\Windows\System32\Query.dll
16:01:08.0867 0x0c70 C:\Windows\System32\Query.dll - ok
16:01:08.0877 0x0c70 [ A952D0DED445F26AEFCF593A935AB300, 3A5D7D33D6445B146C9F1ABAE7A705EB53E5C4800CE3F04A9392C42E0D9ECBBD ] C:\Windows\System32\hnetcfg.dll
16:01:08.0877 0x0c70 C:\Windows\System32\hnetcfg.dll - ok
16:01:08.0887 0x0c70 [ DFCAB29E8FD38F95650CC1E203E8D318, 96B444CF2FA218447A29BC5BF4308E3A5A47203555A460E79056EE6AC4875F9A ] C:\Windows\System32\npmproxy.dll
16:01:08.0887 0x0c70 C:\Windows\System32\npmproxy.dll - ok
16:01:08.0907 0x0c70 [ BF2156D8D9866983B55D95382131DC4A, 51C0D5038A23BC81829B63505D5E2DCC304C1AEFA0443C7F0B4D65B734D544DB ] C:\Windows\System32\lsmproxy.dll
16:01:08.0907 0x0c70 C:\Windows\System32\lsmproxy.dll - ok
16:01:08.0937 0x0c70 [ 21322832C99E8DE85BD047689A2A69DB, EDEA0659E65AD8C081BDF82A8AFF0999E7DD3B31F2AB0FBCEDDAEE893E90B9EB ] C:\Windows\System32\pnpts.dll
16:01:08.0937 0x0c70 C:\Windows\System32\pnpts.dll - ok
16:01:08.0987 0x0c70 [ A6250DF429D0D78DACFBC6B87074E584, 0C0FC4F1B5CADB8AE9D4182C732F01921979EB839E46462564181F87AE4376F6 ] C:\Windows\System32\regapi.dll
16:01:08.0987 0x0c70 C:\Windows\System32\regapi.dll - ok
16:01:09.0017 0x0c70 [ F0062778F50838145AC46B384FFB4FA3, 7EC4509AB87062D2BA00E3B7AD59F3D6D2F01AF66E4AEFB70BFAFD1B89E7BFEF ] C:\Windows\System32\pcadm.dll
16:01:09.0017 0x0c70 C:\Windows\System32\pcadm.dll - ok
16:01:09.0027 0x0c70 [ E67DAF21DDBE6D4B5771E12902902EEA, 247D7E77AC5B3F67B855C2F3518F543CABFEB39128B391E017A1F515E2F900B5 ] C:\Windows\System32\rdpwsx.dll
16:01:09.0027 0x0c70 C:\Windows\System32\rdpwsx.dll - ok
16:01:09.0047 0x0c70 [ FC1EEE57EB9CD57279D70BA2A9131C38, 3154EF4F545CE40C7C67B8D5A4DF23D37B2A6F0CA8C5EC656CF81D96A7BE3CE9 ] C:\Windows\System32\wbem\wbemcore.dll
16:01:09.0047 0x0c70 C:\Windows\System32\wbem\wbemcore.dll - ok
16:01:09.0057 0x0c70 [ EE60FC8F65B94C392DE0F75533C014FB, 28266E2F196363AC13D06421172A530E09FC5D4A8F23D9D2018D5DC580BB1673 ] C:\Windows\System32\mstlsapi.dll
16:01:09.0057 0x0c70 C:\Windows\System32\mstlsapi.dll - ok
16:01:09.0077 0x0c70 [ AAAE543C535ED596ECAD2AB8761C2C6F, E10E03D5E7A8A7257EA29EA3D045B9E169099BF7B224458806EC2918BD7AD161 ] C:\Windows\System32\dxgi.dll
16:01:09.0077 0x0c70 C:\Windows\System32\dxgi.dll - ok
16:01:09.0097 0x0c70 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] C:\Windows\System32\drivers\tdtcp.sys
16:01:09.0097 0x0c70 C:\Windows\System32\drivers\tdtcp.sys - ok
16:01:09.0117 0x0c70 [ FEA6D21F78922D641A0C9346D885133B, 258B920BFA67A5F5A85A455EC7CCF18119C786F94A708087F09F3B5660CD783C ] C:\Windows\System32\mssprxy.dll
16:01:09.0117 0x0c70 C:\Windows\System32\mssprxy.dll - ok
16:01:09.0127 0x0c70 [ C10E13721B0AAEBEB5EBA914F1D18181, D30BA6FF257A840D67BFA6AF332ADBDC0E79C70EDCEFB10FAACD7071FB431458 ] C:\Windows\System32\wbem\esscli.dll
16:01:09.0127 0x0c70 C:\Windows\System32\wbem\esscli.dll - ok
16:01:09.0147 0x0c70 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] C:\Windows\System32\drivers\tssecsrv.sys
16:01:09.0147 0x0c70 C:\Windows\System32\drivers\tssecsrv.sys - ok
16:01:09.0167 0x0c70 [ 05B6A5CE1C7767C32DF35966107CB1EC, DECC08418A2F6B887268B6C35B11F5C00523D291AD8C6F792CD6DF801FCACBFD ] C:\Windows\System32\hhctrl.ocx
16:01:09.0167 0x0c70 C:\Windows\System32\hhctrl.ocx - ok
16:01:09.0187 0x0c70 [ 1D1C3BBA2191F0F5B14555757DDB729A, 0050EEC0E8B4CFC7675E7C099CC379B1AEB36003ABB73E89435E1747DE171C93 ] C:\Windows\System32\d3d10_1.dll
16:01:09.0187 0x0c70 C:\Windows\System32\d3d10_1.dll - ok
16:01:09.0197 0x0c70 [ BC5A34B6A14C93BF04E3F4E8EA57090A, 55F71740FBA3A079B81A045C81088C39176D44358ED28F568C198F338400E017 ] C:\Windows\System32\wbem\fastprox.dll
16:01:09.0197 0x0c70 C:\Windows\System32\wbem\fastprox.dll - ok
16:01:09.0217 0x0c70 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] C:\Windows\System32\drivers\rdpwd.sys
16:01:09.0217 0x0c70 C:\Windows\System32\drivers\rdpwd.sys - ok
16:01:09.0317 0x0c70 [ 2434237DFBC70483B63A667B9573891E, 35F4D31A947C4E843B63D1F4D5474B56C983AB2F84F2375753596FDD317AC7DB ] C:\Windows\System32\d3d10_1core.dll
16:01:09.0317 0x0c70 C:\Windows\System32\d3d10_1core.dll - ok
16:01:09.0367 0x0c70 [ 52673DCDFA7687EABC0C779894D0F4FF, EAD605C51ABA9BFB2F5DC4AAE8AED5488FE9233205941222B1DD2D4FC8603CC4 ] C:\Windows\System32\d3d10warp.dll
16:01:09.0367 0x0c70 C:\Windows\System32\d3d10warp.dll - ok
16:01:09.0377 0x0c70 [ B8A21907FE2F1A113F3487D9AB60BEF9, 00BC900F04C2594E177A5C13CF613194926292FF92A2E5320E98AFD94A9524D0 ] C:\Windows\System32\en-US\tquery.dll.mui
16:01:09.0377 0x0c70 C:\Windows\System32\en-US\tquery.dll.mui - ok
16:01:09.0397 0x0c70 [ DB0F37DBA4C245C61E5936DDBDE62438, 2DB2979BAF792DA74584E380055F233B9CEF51BCBF992CA84A79AD81A23C1663 ] C:\Windows\System32\wbem\wbemsvc.dll
16:01:09.0397 0x0c70 C:\Windows\System32\wbem\wbemsvc.dll - ok
16:01:09.0427 0x0c70 [ F85134BF76CB335A39F8D7BC4173D4FB, F6D1FA04D5BEA86625016FC460B9BF713C0D47694D84E9EA31AB927AD7527F37 ] C:\Windows\System32\msscb.dll
16:01:09.0427 0x0c70 C:\Windows\System32\msscb.dll - ok
16:01:09.0447 0x0c70 [ 2C3B09E586BDA2CC49A292BE7BADC589, E8AA356380E11A75DA0B51DA9C8BD9D3EA05885206AB9D4D1A69A96D8E9777AE ] C:\Windows\System32\wbem\wmiutils.dll
16:01:09.0447 0x0c70 C:\Windows\System32\wbem\wmiutils.dll - ok
16:01:09.0477 0x0c70 [ 24F90AEFEBE601D427CB4511E74CDCB6, 0FEBBE1F81E6A48DA0D8967E256259B6F92F6E79804DF9CAC9422FEC47CB9BF2 ] C:\Windows\System32\linkinfo.dll
16:01:09.0477 0x0c70 C:\Windows\System32\linkinfo.dll - ok
16:01:09.0497 0x0c70 [ 0F0812A01DD2299792EE254AC3FCF865, 35047AAD472A3A47E29BDCF76FEBA9F307DFE2ED72D802CFE7D7DD0BA35C3F9A ] C:\Program Files\Fighters\SPAMfighter\sfse_update.exe
16:01:09.0497 0x0c70 C:\Program Files\Fighters\SPAMfighter\sfse_update.exe - ok
16:01:09.0507 0x0c70 [ 1D6B95871DC006190964B04E5657E35F, 813F546ECB052166851B3E402DA13BF82CC83D36DA02AF3DED3780FEFFBA3277 ] C:\Windows\System32\rastapi.dll
16:01:09.0507 0x0c70 C:\Windows\System32\rastapi.dll - ok
16:01:09.0517 0x0c70 [ 834933F16EA839AC5AC7CBF88638DF27, 5A91A23ACD760F81E4DF7976DE1FA27E80EF8D35B680EEC859E08AF9588ACBE4 ] C:\Windows\System32\wbem\repdrvfs.dll
16:01:09.0517 0x0c70 C:\Windows\System32\wbem\repdrvfs.dll - ok
16:01:09.0527 0x0c70 [ 0A7F888BCB331B67A7ADC3D5327EEDA2, 5025652A49C2A573A6161AC924A712C4581DF693B4DB982B0C894F17B037FED8 ] C:\Program Files\Fighters\SPAMfighter\sfsg.dll
16:01:09.0527 0x0c70 C:\Program Files\Fighters\SPAMfighter\sfsg.dll - ok
16:01:09.0577 0x0c70 [ FFE170C44287AE0861A0E8B4AEEF8F67, 593B13B4C06236FDAD9AF26E4972BA1016CC1FB58A2925C128DD3A77B5268024 ] C:\Program Files\Fighters\SPAMfighter\sfse.dll
16:01:09.0577 0x0c70 C:\Program Files\Fighters\SPAMfighter\sfse.dll - ok
16:01:09.0587 0x0c70 [ B96B60EC821F86D445C9739A0F3DED59, 5BBB1C4AE7EB45403435D875598A8CC576698FD081977F5D51D438BA43140588 ] C:\Windows\System32\unimdm.tsp
16:01:09.0587 0x0c70 C:\Windows\System32\unimdm.tsp - ok
16:01:09.0627 0x0c70 [ 3EB6D30D82F0E300FCFBAD0498F654FD, 12A9CA74619AE147FC097A8A2142B6DF9318AE8ED0ADAF04A783BC0995039071 ] C:\Windows\System32\mlang.dll
16:01:09.0627 0x0c70 C:\Windows\System32\mlang.dll - ok
16:01:09.0647 0x0c70 [ 159B659B77452D87CE9E6371AB25A2EC, 04BDB62A61578409B18128267CB22BACEB9B75A312FFC3D966379C76FEEEB6F8 ] C:\Program Files\Spybot - Search & Destroy 2\SDHookInst32.exe
16:01:09.0647 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDHookInst32.exe - ok
16:01:09.0657 0x0c70 [ 04044BF8E6989BE45FA718C24407CA28, C88D19AA791793313551B26DF2A33A59BEBE366F2F2930ABDE0865AE932BFD7E ] C:\Windows\System32\networkexplorer.dll
16:01:09.0657 0x0c70 C:\Windows\System32\networkexplorer.dll - ok
16:01:09.0667 0x0c70 [ DFBAADF1B624DC71E88D34D86B3595BE, AFEEA1CF788DC67833C4FA14CCE681B5E30F480A8D9059B9192D636359F8D8DD ] C:\Windows\System32\uniplat.dll
16:01:09.0667 0x0c70 C:\Windows\System32\uniplat.dll - ok
16:01:09.0677 0x0c70 [ 0B71899E60D1265229BF3D080EAB573D, 84CF5A6316DDCF5811CB8CE4C6EC647E2FB2286C852B0D2970DBF17C9CAC3F06 ] C:\Windows\System32\unimdmat.dll
16:01:09.0677 0x0c70 C:\Windows\System32\unimdmat.dll - ok
16:01:09.0697 0x0c70 [ C2C6C014B96581EC8BF0C8604DE1743E, 5641A4B4EEB85C247A6C5718D3DDBAC9BD8C00E1D474721E8F27CFC7E7C25FBC ] C:\Windows\System32\wbem\WmiPrvSD.dll
16:01:09.0697 0x0c70 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
16:01:09.0707 0x0c70 [ D0A95E567224B4C347CBDD6541E5D928, 6CF5AA0B5C48B783A8C300B95E8C75366BC0859B434ACBE5D334AC987462886E ] C:\Windows\System32\wscisvif.dll
16:01:09.0707 0x0c70 C:\Windows\System32\wscisvif.dll - ok
16:01:09.0747 0x0c70 [ A0F4852A5DB9754BEC06F84B400AE743, B233988541B738FC8082F6A286A88DE40679476D3914E9E541D75B89E451C476 ] C:\Windows\System32\wscapi.dll
16:01:09.0747 0x0c70 C:\Windows\System32\wscapi.dll - ok
16:01:09.0747 0x0c70 [ 2E837F3D406224DF131C34BC8F71621E, 1878268AC27FEEFC58F813E84FDFBCC2B1B93412D7F2282E439BC5CAEE99E587 ] C:\Windows\System32\modemui.dll
16:01:09.0747 0x0c70 C:\Windows\System32\modemui.dll - ok
16:01:09.0767 0x0c70 [ 9393A174F440EE1B43E73823647C023B, D1C14AE444D15A4BC42B37361E00B6D64390F594390F9B62DDC55FB73FB5D887 ] C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll
16:01:09.0767 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll - ok
16:01:09.0787 0x0c70 [ 953193A9DEA40348C1086D171F6440AE, D09D2A3238A56C823010F7AB5A92C88D315F7A01093C3EB0CF70C0F058055C93 ] C:\Windows\System32\kmddsp.tsp
16:01:09.0787 0x0c70 C:\Windows\System32\kmddsp.tsp - ok
16:01:09.0797 0x0c70 [ 2F6776ACEFE41EE889C464EA407918F2, 67401F5B8B6DBA6E7478D1D05D1ED91680C8623E66CA66AFB44377D63DD5F13C ] C:\Windows\System32\ndptsp.tsp
16:01:09.0797 0x0c70 C:\Windows\System32\ndptsp.tsp - ok
16:01:09.0817 0x0c70 [ A609A192E98934A8D352704C99AB8577, E4E4B8FEDBDFAC148E416190C7E88F8634269FFB2395E197D92BCB3CD7CDF662 ] C:\Windows\System32\wbem\wbemess.dll
16:01:09.0817 0x0c70 C:\Windows\System32\wbem\wbemess.dll - ok
16:01:09.0827 0x0c70 [ B4B59AC042EE3733A862F26CBC0B17FC, 4EB571061FF1C0CEF66C450FBB266D81A583B7EA2AFD4A32F3ED7079969D7949 ] C:\Windows\System32\hidphone.tsp
16:01:09.0827 0x0c70 C:\Windows\System32\hidphone.tsp - ok
16:01:09.0867 0x0c70 [ CC482978D7F0655BEE5B910E219A6106, 0918B511A20EFD459FC45F83D891AEE18F489C1B776456FA3AC30E6F16042DA5 ] C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll
16:01:09.0867 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll - ok
16:01:09.0877 0x0c70 [ 8B645890A93F1FBBC7DA3E07CC72D762, 9D7054729CC860F2311060C236F7123567CBB2780966A72B6ADEB96185CB5D7B ] C:\Windows\System32\rasppp.dll
16:01:09.0877 0x0c70 C:\Windows\System32\rasppp.dll - ok
16:01:09.0887 0x0c70 [ 88225070DD2F7B0B2ED51E7935078641, 9DC31DE93783EBC7285B8CBEA50E73976AA221B9701C3AE6CED56960F19AB298 ] C:\Windows\System32\rasqec.dll
16:01:09.0887 0x0c70 C:\Windows\System32\rasqec.dll - ok
16:01:09.0897 0x0c70 [ 612C9C28A2B577D8AAC916E73E1F68EC, B6CC3345738706BC9390237944629223087E67D1E33D52ED43AB5B6942CD5EE7 ] C:\Program Files\Spybot - Search & Destroy 2\SDAV.dll
16:01:09.0897 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDAV.dll - ok
16:01:09.0907 0x0c70 [ 248A1F31ABB58DDDDC01490EF0BDC777, 5E5CF3FEAB07628BB1EAE37BED9207E231AB3AEE38907C58D909B1BA391D18A8 ] C:\Windows\System32\cryptui.dll
16:01:09.0907 0x0c70 C:\Windows\System32\cryptui.dll - ok
16:01:09.0917 0x0c70 [ 25D23E5A5A627CC718E478B66AD8AFF7, EFEE79C9ABC23CE3745928247BE63A3DCE74B39C47F2AF0C62C8380E7EDCBFB7 ] C:\Program Files\Spybot - Search & Destroy 2\av\bdquar.dll
16:01:09.0927 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\av\bdquar.dll - ok
16:01:09.0937 0x0c70 [ BADC359C9A0D9C217B7E8DA17BF3F5BB, F3DAD07D80FFF1631AE21C66362757263BD9D6D2D6DE692A618191F84EE46827 ] C:\Windows\System32\ntshrui.dll
16:01:09.0937 0x0c70 C:\Windows\System32\ntshrui.dll - ok
16:01:09.0947 0x0c70 [ 98638A4CA187245C469DA0DEC4F04A45, AE352C68D11888AA27109F366BFFA308CA8EE8E222599C74E2C0B1A1AA9B60A3 ] C:\Windows\System32\pautoenr.dll
16:01:09.0947 0x0c70 C:\Windows\System32\pautoenr.dll - ok
16:01:09.0957 0x0c70 [ AC48FD62E22C4425879FCA5A63F50497, 36234D6835F8CCDE2DEF4AAD2C9AD42C47FC7A5BDD9CFC9BE8FFE6995FB3DE1B ] C:\Windows\System32\certcli.dll
16:01:09.0957 0x0c70 C:\Windows\System32\certcli.dll - ok
16:01:09.0977 0x0c70 [ C8DBFEF835FF54467425C8F3ABCF7046, F9F20D4AD8144B17F53927AF4D901092B2047E1C4300620B6B31232703304356 ] C:\Windows\System32\dssenh.dll
16:01:09.0977 0x0c70 C:\Windows\System32\dssenh.dll - ok
16:01:09.0987 0x0c70 [ 5016B8FC59AD616F03813FBE63295081, D5141F87D456CBF12E7C227A9C5D3918A675D20953E7705A49ED1BE5426C69EB ] C:\Windows\System32\thumbcache.dll
16:01:09.0987 0x0c70 C:\Windows\System32\thumbcache.dll - ok
16:01:10.0047 0x0c70 [ 0053319C4438CDE659AA75C19BBD22F1, F0EE45AAB3DC43DECF7DA6B7A5DC4AAEF9A660D3BE1B571EA5FD2C6779A583FB ] C:\Windows\System32\CertEnroll.dll
16:01:10.0047 0x0c70 C:\Windows\System32\CertEnroll.dll - ok
16:01:10.0067 0x0c70 [ B608BA52FA1FD29BF81B718818246B4D, F1167F0F02D860BE15920760AC09532D844913C0787947E3E5739FD3F9D1AADC ] C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
blueskygal
2014-07-12, 02:40
16:01:10.0067 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll - ok
16:01:10.0077 0x0c70 [ 61216539E55DDF2F78E421E7EF140650, 0897EEA53F8924441FD2F61EB0FCE96142A6526EDB857B1638FEDD9304AD3561 ] C:\Windows\System32\ExplorerFrame.dll
16:01:10.0077 0x0c70 C:\Windows\System32\ExplorerFrame.dll - ok
16:01:10.0087 0x0c70 [ 5B9777517C41B28DD351C69576D81070, 40E17D37734443A649AE9E5FE9ABADCBBB35104DD6CA63F2E9CBDF45928141E9 ] C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
16:01:10.0087 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe - ok
16:01:10.0117 0x0c70 [ 296937202E4D930AAE98085B99D744D8, 65F569B7291307FD2B0F782888F18E23027A8F986CFB7B719CA53E93FA3B1367 ] C:\Windows\System32\AUDIOKSE.dll
16:01:10.0117 0x0c70 C:\Windows\System32\AUDIOKSE.dll - ok
16:01:10.0137 0x0c70 [ 3ECFFF6C69A056B0BEAD2CD7F96F9961, F7755C365C79EFE5C978764D1C0004459D1874B7C55042D4930BED6D1F27C952 ] C:\Windows\System32\RtkAPO.dll
16:01:10.0137 0x0c70 C:\Windows\System32\RtkAPO.dll - ok
16:01:10.0137 0x0c70 [ 4CEB44AE133F1628917E3385905B88D7, 5900C7EB5B360FF5469AA24E41F3D91C102E6E262937CA9CA40532BE8BE30D55 ] C:\Program Files\Spybot - Search & Destroy 2\av\bdcore.dll
16:01:10.0137 0x0c70 C:\Program Files\Spybot - Search & Destroy 2\av\bdcore.dll - ok
16:01:10.0157 0x0c70 [ C8AE490A93C3CC2E537B6E06247785A1, AE4978ADCBBE8047B3409969752230DC1A2C10B7ADC876859A3965196B7F6203 ] C:\Windows\System32\wbem\NCProv.dll
16:01:10.0157 0x0c70 C:\Windows\System32\wbem\NCProv.dll - ok
16:01:10.0187 0x0c70 [ 1A617835452EEE5060976C9B9F5FE635, DCCAAB049681BE876B73F0880EA32196CDA7EC954D452768A48D366096C5BD53 ] C:\Windows\System32\wuapi.dll
16:01:10.0187 0x0c70 C:\Windows\System32\wuapi.dll - ok
16:01:10.0197 0x0c70 [ 33CB1099D1FE7093773E3C7A2A7B97E7, 2B7556C88958B25E118EABBA782FC962B7171EE27680923BFA024DBA976B89C3 ] C:\Program Files\Wisdom-soft AutoScreenRecorder Free\AutoScreenRecorderFree.exe
16:01:10.0197 0x0c70 C:\Program Files\Wisdom-soft AutoScreenRecorder Free\AutoScreenRecorderFree.exe - ok
16:01:10.0217 0x0c70 [ E3F535656B5ABF249702EB64F3CF9AF0, 8669E7586FC1020E2C382997CF5A3B55BBF4A0135554921F1BC00CF9400FBC75 ] C:\Windows\System32\wbem\wbemcons.dll
16:01:10.0217 0x0c70 C:\Windows\System32\wbem\wbemcons.dll - ok
16:01:10.0237 0x0c70 [ 3458EDA96E30FBD0477A2800D3FB1909, BDF84362E4D8A102E7FB5F352D950B84D1A8E1E7928521B68E7671D4176803C5 ] C:\Windows\System32\wups.dll
16:01:10.0237 0x0c70 C:\Windows\System32\wups.dll - ok
16:01:10.0247 0x0c70 [ 41DFDCFCEF4878407AF1F6DCCA1CE905, A2EB1BAEDE62752C5705B37D0261D98CA65EA5A6FD6A94AFF1C73FF7D969D242 ] C:\Windows\System32\WMALFXGFXDSP.dll
16:01:10.0247 0x0c70 C:\Windows\System32\WMALFXGFXDSP.dll - ok
16:01:10.0257 0x0c70 [ DE6E7A6AFDD684FB3EF48101B8A9C364, 4CA7D4FD4354BAA841BDB93D0A18A614CBE64173AAD245244AB8DAA87B9C70A7 ] C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe
16:01:10.0257 0x0c70 C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe - ok
16:01:10.0287 0x0c70 [ BF142D4F8C61ED3629A9CDD7BA867900, B7928A0143945CB5F19AE888BC1ED1B9C450807A5B8C65FDC139A46777B2827F ] C:\Windows\System32\mfplat.dll
16:01:10.0287 0x0c70 C:\Windows\System32\mfplat.dll - ok
16:01:10.0297 0x0c70 [ 027E5E14C9CFF810377701BDEAD8210F, 053BE912C3F536DFA8734603B9BDFB314B61934404C84B368ABC8CA8C68F2CE5 ] C:\Windows\System32\control.exe
16:01:10.0297 0x0c70 C:\Windows\System32\control.exe - ok
16:01:10.0317 0x0c70 [ 4B555106290BD117334E9A08761C035A, 8A3808FBC197040BF0C65084514E8441E35FFFF8E31980F9CE1F41ED65E08437 ] C:\Windows\System32\rundll32.exe
16:01:10.0317 0x0c70 C:\Windows\System32\rundll32.exe - ok
16:01:10.0327 0x0c70 [ 21221CD7C7C844F6F0E0B7BC69CBA36B, E279C8FBC0233F74E76AFBF857D39176711A4738091D5F1C6BE33185B21DCFCB ] C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE
16:01:10.0327 0x0c70 C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE - ok
16:01:10.0347 0x0c70 [ B5950DF243837D8217F4E597919B224A, 3E675AFDE75E4DB9C528343569F5A9DE495BBCCB699EBE3FE41A2B5199F25E97 ] C:\Windows\System32\stobject.dll
16:01:10.0347 0x0c70 C:\Windows\System32\stobject.dll - ok
16:01:10.0367 0x0c70 [ EC69B16644C613F41A57169F8D068F1D, 400CD49D44643CC72129A918B2E2B4FEDB5DD26A9709D7A686B01432F73F0474 ] C:\Windows\System32\batmeter.dll
16:01:10.0367 0x0c70 C:\Windows\System32\batmeter.dll - ok
16:01:10.0387 0x0c70 [ 26DE50A7F668F541B8130A0E26EFF3D8, 1E1BE454E71D03A0490B203F58B0641B5D3B62189045D176DFECCF816F5FBFC2 ] C:\Program Files\Microsoft Works\MSWorks.exe
16:01:10.0387 0x0c70 C:\Program Files\Microsoft Works\MSWorks.exe - ok
16:01:10.0387 0x0c70 [ 30F02D9C55053367E26A11482F51E255, A1CE545DBB8983BD71C82FAC1C3F2633E571FAC7EFDDD8E99E73C7A308A31861 ] C:\Windows\System32\SndVolSSO.dll
16:01:10.0387 0x0c70 C:\Windows\System32\SndVolSSO.dll - ok
16:01:10.0417 0x0c70 [ C37571F7C79C3972D641804F1DF7C0F5, 8F1A1E7654A6A68B21F856A46C9ED549CCA606B3FCA02289E4123DB18208F748 ] C:\Program Files\Microsoft Works\wksdb.exe
16:01:10.0417 0x0c70 C:\Program Files\Microsoft Works\wksdb.exe - ok
16:01:10.0427 0x0c70 [ 6AF8B469331699F69EB4E770110F19E2, 22D681885E4CB33749D588E7891126F6723095C8E24C83565B723BFF26C314D7 ] C:\Program Files\Toshiba Registration\Registration.exe
16:01:10.0427 0x0c70 C:\Program Files\Toshiba Registration\Registration.exe - ok
16:01:10.0437 0x0c70 [ 313B30189557A2E2793F845DE0F0A4D5, AC3B725CF44C214FACB7F48784CE3CAB7CA2F94B6C3E7C2549AD0C94070DE849 ] C:\Windows\ehome\ehSSO.dll
16:01:10.0437 0x0c70 C:\Windows\ehome\ehSSO.dll - ok
16:01:10.0457 0x0c70 [ 790222D6CCFC576F0D07D418E6115D85, F1B1B9CC64822CE16629B1569121FB782A1A5F4E49E97AB9238BCBCD81E58AF9 ] C:\Program Files\Windows Calendar\WinCal.exe
16:01:10.0457 0x0c70 C:\Program Files\Windows Calendar\WinCal.exe - ok
16:01:10.0587 0x0c70 [ E98E402067978DB38282158F9E8609CA, 63AA9BA292F5A62C0B6C668BE27E4B0BF1761CD5D961D405CAEDE2DC7C54A2E2 ] C:\Windows\System32\netshell.dll
16:01:10.0587 0x0c70 C:\Windows\System32\netshell.dll - ok
16:01:10.0617 0x0c70 [ 0BC020A9DAF363FF08F877E54A5233A5, A6F8405B4BFDA0BB91AD9CDF085D98C8A020738BEEEC015A85C38ED3F7227FCA ] C:\Program Files\Fighters\Tray\FightersTray.exe
16:01:10.0617 0x0c70 C:\Program Files\Fighters\Tray\FightersTray.exe - ok
16:01:10.0647 0x0c70 [ 06164026C38AA5366E4D127E2E36FDE8, 9E2D88DFF9906F929F0F4C343E818DE8FDF0B49DDFA8B0851CF3E1DB66462F2C ] C:\Program Files\Windows Mail\wab.exe
16:01:10.0647 0x0c70 C:\Program Files\Windows Mail\wab.exe - ok
16:01:10.0677 0x0c70 [ 75AD59B9B12EB194486BE8D97B062994, 603ECA45F49420EE4F8549FB11C6CB814990E0A562786E6DEB3AF434A1D42E39 ] C:\Windows\System32\pnidui.dll
16:01:10.0677 0x0c70 C:\Windows\System32\pnidui.dll - ok
16:01:10.0687 0x0c70 [ 3A2EEE8444A8E5C1A454C57B2198F5FC, 6B21A65BBCF9E86193BD8ABC3FAE897B4EB55758E52BE4B9F24BE1C98C73A333 ] C:\Windows\System32\ntlanman.dll
16:01:10.0687 0x0c70 C:\Windows\System32\ntlanman.dll - ok
16:01:10.0767 0x0c70 [ 582EFE56FC0858E58A6CEBA2A64B02C7, 569F05DC50651165FD734C19767C10E7C9DFF03157B8222C59544A35A38E1C75 ] C:\Windows\System32\drprov.dll
16:01:10.0767 0x0c70 C:\Windows\System32\drprov.dll - ok
16:01:10.0777 0x0c70 [ 395335431AD55C167CFDBBAB8420DA73, F9945DA83998BA22F40D334C42D960B2E4A82DE98522637A0F7D14DC6B708CB5 ] C:\Program Files\Movie Maker\DVDMaker.exe
16:01:10.0777 0x0c70 C:\Program Files\Movie Maker\DVDMaker.exe - ok
16:01:10.0787 0x0c70 [ CFBD2E1FE18B50748A76703A2DC6D4E3, 5D553B3CBCC404555DEE7F58102B62A02A968EEDB99E1029624327F0A914D08E ] C:\Windows\System32\davclnt.dll
16:01:10.0787 0x0c70 C:\Windows\System32\davclnt.dll - ok
16:01:10.0807 0x0c70 [ DE7F813217EC88C0A6D4D8F2F39D7949, F749DA3DC87DDA8579B02F27951CC3BBEADFC25362D892E9484146616A0ACF47 ] C:\Windows\System32\msiltcfg.dll
16:01:10.0807 0x0c70 C:\Windows\System32\msiltcfg.dll - ok
16:01:10.0817 0x0c70 [ B7ED332A57FC78CA29E40D3619550225, 6C04CFAE566E8979DBC495F1B9D4FAFCFDF1F061278B5D9794CD6E5FDC7406D7 ] C:\Windows\ehome\ehshell.exe
16:01:10.0817 0x0c70 C:\Windows\ehome\ehshell.exe - ok
16:01:10.0867 0x0c70 [ ABAEAEE763E287BDD39094C4165E1F3F, 7AEF1623E585A42620D423309BC48FE386B8ACC52315F03B946947B6E6F434B6 ] C:\Windows\System32\fdProxy.dll
16:01:10.0867 0x0c70 C:\Windows\System32\fdProxy.dll - ok
16:01:10.0877 0x0c70 [ 52BC119E49F88F2A5D1466230B1275C7, 948EC013DBD86AC61FA3C0CEE4778866161383EF25AD715BD6160B5697BDF5A8 ] C:\Program Files\Windows Collaboration\WinCollab.exe
16:01:10.0877 0x0c70 C:\Program Files\Windows Collaboration\WinCollab.exe - ok
16:01:10.0887 0x0c70 [ C4AB08459CD7B59B410ACFC04D90E87B, 503A3D8590246C9BE313AF0CA0A322509A27AFBAE33A1D0CE2173DBC48170154 ] C:\Program Files\Movie Maker\MOVIEMK.exe
16:01:10.0887 0x0c70 C:\Program Files\Movie Maker\MOVIEMK.exe - ok
16:01:10.0947 0x0c70 [ C03AC1FBCD625F93D2C245D97E06F270, C8B29DA440C32B305FDC734DFA02DBB50B6FD47BC94582A8FAF86B4674534B35 ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
16:01:10.0947 0x0c70 C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok
16:01:10.0967 0x0c70 [ 4BAEC13BCAA595639EBB5185278DEFEA, 9326D08AE3D0547A319777BBEEBAB17B75452F70B3CC40049ABDCA634E366658 ] C:\Windows\System32\fdWSD.dll
16:01:10.0967 0x0c70 C:\Windows\System32\fdWSD.dll - ok
16:01:10.0977 0x0c70 [ 069385484EA57B663D688894C88975C5, 878148BBC052241F5CA78EA4CF708D21F0B31F9EA67EE2BCE07D2BDAD9F67241 ] C:\Windows\System32\wuapp.exe
16:01:10.0977 0x0c70 C:\Windows\System32\wuapp.exe - ok
16:01:11.0077 0x0c70 [ 443C5961CACD4ABC16648874AF06E4A0, 89AB98F2503CD4A36A9FAE668B62431EC219FF5E8428EC7786F6CC4F26BB0A28 ] C:\Windows\System32\fdSSDP.dll
16:01:11.0077 0x0c70 C:\Windows\System32\fdSSDP.dll - ok
16:01:11.0147 0x0c70 [ D6804F089CBB6749E95124E7C4D80900, 262065CFC88A1E27996CA6B161A5B87B40B2ED1850EE928A2033D140C1A84F60 ] C:\Windows\AppPatch\AcLayers.dll
16:01:11.0147 0x0c70 C:\Windows\AppPatch\AcLayers.dll - ok
16:01:11.0177 0x0c70 [ 5610D60C7230BB56647AB40B88AC9476, 97830528A3D6AAC4596073EED16B9CE1DDA1BCBB73D26F73A3F90869CE8FC6D2 ] C:\Windows\System32\spool\drivers\w32x86\3\lxcjtime.dll
16:01:11.0177 0x0c70 C:\Windows\System32\spool\drivers\w32x86\3\lxcjtime.dll - ok
16:01:11.0227 0x0c70 [ 55FE794CF42B6209FD6C51C48E4C9BE0, F430CBF2B92405C4F267D1701BA9F0B0FF81E946A874B4D2A22E27746C5AED1E ] C:\Program Files\Fighters\Tray\SuiteClient.dll
16:01:11.0227 0x0c70 C:\Program Files\Fighters\Tray\SuiteClient.dll - ok
16:01:11.0367 0x0c70 [ 4A839160ED1963F9A1526DDA2D1233B2, 1586B0D89994C37DF8DC045AEA91BA6A26B59DBDF9FB57C4BB7482922CC5B0F2 ] C:\Windows\System32\AltTab.dll
16:01:11.0367 0x0c70 C:\Windows\System32\AltTab.dll - ok
16:01:11.0437 0x0c70 [ A216F1C708CA4CBB7E1EB096C3A7EC5F,
blueskygal
2014-07-12, 02:41
1E1D30495D4D5FEC7B2F68737FA31105A335B01986D28D96911D3D62F1EBBC9F ] C:\Windows\System32\WPDShServiceObj.dll
16:01:11.0437 0x0c70 C:\Windows\System32\WPDShServiceObj.dll - ok
16:01:11.0487 0x0c70 [ 744F08CF9ACFFB1C715191D04DEEE907, 22FD4A3BA5F6424EEC0310AF9D0184599F1F820201CF643311FB6527A0BC2016 ] C:\Windows\System32\srchadmin.dll
16:01:11.0497 0x0c70 C:\Windows\System32\srchadmin.dll - ok
16:01:11.0537 0x0c70 [ 5193DE33F3284C447E0D31DAFBF92570, EA0F12B0C2F9DD4EA651BD96FC88AE5584364F2C0D4138E8E3D4F18F226717FE ] C:\Windows\System32\webcheck.dll
16:01:11.0537 0x0c70 C:\Windows\System32\webcheck.dll - ok
16:01:11.0607 0x0c70 [ 4ACEA0C4BB15ACE55E3AE5EC4E88DD55, 3014464C3A1E4D653A378CE6DFB22911B1B0F98EA8D3F6AD9AAD7399E319795C ] C:\Windows\System32\SyncCenter.dll
16:01:11.0607 0x0c70 C:\Windows\System32\SyncCenter.dll - ok
16:01:11.0627 0x0c70 [ 0B5AC46982E77CAF3EC1D55C9AC6AB56, D13A98929C5A4F0BBC24F2C5DEC13D850563E6745EACA0196179D7DCBA0DE8DC ] C:\Windows\System32\wscntfy.dll
16:01:11.0627 0x0c70 C:\Windows\System32\wscntfy.dll - ok
16:01:11.0667 0x0c70 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] C:\Windows\System32\drivers\cdfs.sys
16:01:11.0667 0x0c70 C:\Windows\System32\drivers\cdfs.sys - ok
16:01:11.0707 0x0c70 [ 3192ED5E2FFDF5B630541B9643AE1AA3, 5F2A25A3B49E312D39CFD5C3D9E058AC3807016A09458F991894FABEFE029A56 ] C:\Windows\System32\upnp.dll
16:01:11.0707 0x0c70 C:\Windows\System32\upnp.dll - ok
16:01:11.0717 0x0c70 [ 9B0726A03B790E5B82BED44D24009BEF, F82F3379C2D399B64BE4A9B10B85B4CE8D3C75F7BAA5BF3938A6E5DFC2826F13 ] C:\Windows\System32\imapi2.dll
16:01:11.0717 0x0c70 C:\Windows\System32\imapi2.dll - ok
16:01:11.0757 0x0c70 [ 9765724992C11ED770D920FFE1F845B7, C5A384322A7B4D5C5C7584CA9AD6751376C41793E74F0F679F85531728C21810 ] C:\Program Files\IObit\Advanced SystemCare 6\DelayLoad.exe
16:01:11.0757 0x0c70 C:\Program Files\IObit\Advanced SystemCare 6\DelayLoad.exe - ok
16:01:11.0777 0x0c70 [ FE8B09A83451DF72456556EBCCC3B305, AC4F0AEAEC2D57059738D4C36474575E097D46A607E4EC2D23F62C4F1708124F ] C:\Program Files\Haali\MatroskaSplitter\gdsmux.exe
16:01:11.0777 0x0c70 C:\Program Files\Haali\MatroskaSplitter\gdsmux.exe - ok
16:01:11.0797 0x0c70 [ 898ABECCD5F0B9A8E8F1318DDB234685, CD9B0AE2FDF22B694FD2E3FD92C751AAECDDD85779D6F8CCD7EFCD3CC8C1161B ] C:\Windows\System32\dot3api.dll
16:01:11.0797 0x0c70 C:\Windows\System32\dot3api.dll - ok
16:01:11.0817 0x0c70 [ 8D544AC1B7AA7FB9DFF0C3E7DA6AD295, 745FA882709CCD6CEBD9881A001B9F26D9F09BE5D64582D61A6557E1C8E6C58F ] C:\Windows\System32\wlanhlp.dll
16:01:11.0817 0x0c70 C:\Windows\System32\wlanhlp.dll - ok
16:01:11.0827 0x0c70 [ C0ABD66F31C0B84CD944802E6D3D02C2, FCB7316FBA1F37EAA0036CE6A075C55FBBCB58C4444B053963E540517E95D636 ] C:\Windows\System32\bthprops.cpl
16:01:11.0827 0x0c70 C:\Windows\System32\bthprops.cpl - ok
16:01:11.0837 0x0c70 [ F7A9AA5A708404B3A66C0D352D8FDCA3, 561290899CFD9DE821A5C80E04EFB8EF74590F5372526AA7DF2BB666CF099375 ] C:\Program Files\Fighters\SPAMfighter\sfagent.exe
16:01:11.0837 0x0c70 C:\Program Files\Fighters\SPAMfighter\sfagent.exe - ok
16:01:11.0867 0x0c70 [ 63396CBB1365769D520E0FD89C2419F2, 897613C16C11E3836F75EA5E645DB2ECEF99B403F50F6E7361B4A7CC80C54904 ] C:\Windows\System32\localspl.dll
16:01:11.0867 0x0c70 C:\Windows\System32\localspl.dll - ok
16:01:11.0897 0x0c70 [ 9B89B3BB79EA1ACF041F40A7B6FC5827, B84A1F43C19D596BC0AE11D3E2ADF0B70172648CB4A488BF3F2AB371E819632F ] C:\Windows\System32\mobsync.exe
16:01:11.0897 0x0c70 C:\Windows\System32\mobsync.exe - ok
16:01:11.0917 0x0c70 [ 7599E425947A595448DA778B610923BC, AA9D3DE8BC0BD8757F87B12B31EF74A1C7828F1686F79D2C2411D8A0939A301E ] C:\Program Files\Windows Media Player\wmpsyncmgr.dll
16:01:11.0917 0x0c70 C:\Program Files\Windows Media Player\wmpsyncmgr.dll - ok
16:01:11.0937 0x0c70 [ 07B801F4067C1D33490305A7BB6E9F15, 25E172D558689403594A9D36B0E05183CDD0107E122E1B98C7F81F14ED3BC460 ] C:\Windows\System32\lxcjlmpm.dll
16:01:11.0937 0x0c70 C:\Windows\System32\lxcjlmpm.dll - ok
16:01:11.0997 0x0c70 [ B26C0D2B2186AC508B5EFF976BB7FF9D, 3679D359E75B556CFD68C930B2282130BB305502C743FFCF2C0133666A4D3C49 ] C:\Windows\System32\PortableDeviceApi.dll
16:01:11.0997 0x0c70 C:\Windows\System32\PortableDeviceApi.dll - ok
16:01:12.0037 0x0c70 [ 8C90575CF19F570448DE845F6A403445, 911F342C31B8F29ECFCF10A337B84ED264A01BF4305ABA31E109D8DACF9C19BB ] C:\Windows\System32\lxcjcomc.dll
16:01:12.0037 0x0c70 C:\Windows\System32\lxcjcomc.dll - ok
16:01:12.0057 0x0c70 [ 4DF4367DC457E3E391EFE6D18F2CD646, 3DE23639E97F60DE4BDBD361917730D201E05993AE07B58901A31BEFF14D4BF7 ] C:\Program Files\Fighters\Tray\sfhtml.dll
16:01:12.0057 0x0c70 C:\Program Files\Fighters\Tray\sfhtml.dll - ok
16:01:12.0067 0x0c70 ================ Scan generic autorun ======================
16:01:12.0077 0x0c70 LXCJCATS - ok
16:01:13.0007 0x0c70 [ 0BC020A9DAF363FF08F877E54A5233A5, A6F8405B4BFDA0BB91AD9CDF085D98C8A020738BEEEC015A85C38ED3F7227FCA ] C:\Program Files\Fighters\Tray\FightersTray.exe
16:01:15.0397 0x0c70 CommonToolkitTray - ok
16:01:16.0007 0x0c70 [ F7A9AA5A708404B3A66C0D352D8FDCA3, 561290899CFD9DE821A5C80E04EFB8EF74590F5372526AA7DF2BB666CF099375 ] C:\Program Files\Fighters\SPAMfighter\sfagent.exe
16:01:16.0357 0x0c70 sfagent - ok
16:01:17.0837 0x0c70 [ A503A47A5E7EA8024379A8CC6059B74A, 8DEEC50E21924D21DD6383FA7FB3714ECA5AD45C576E0FF0431EE0DB25194620 ] C:\Windows\RtHDVCpl.exe
16:01:21.0588 0x0c70 RtHDVCpl - ok
16:01:22.0290 0x0c70 [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
16:01:22.0305 0x0c70 HP Software Update - ok
16:01:22.0867 0x0c70 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:01:24.0084 0x0c70 Sidebar - ok
16:01:24.0099 0x0c70 WindowsWelcomeCenter - ok
16:01:24.0911 0x0c70 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:01:25.0129 0x0c70 Sidebar - ok
16:01:25.0145 0x0c70 WindowsWelcomeCenter - ok
16:01:26.0003 0x0c70 [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] C:\Users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe
16:01:26.0018 0x0c70 Google Update - ok
16:01:26.0112 0x0c70 [ BC0DF782D8C5C446C2AC7D16D2F3312C, 2702873FDC1B8DEA46F3B6B98BC93ED0EA199FA30F0AA22C0E50D8B6B5381FEE ] C:\Users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe
16:01:26.0159 0x0c70 cdloader - ok
16:01:26.0424 0x0c70 [ 78185A1C861FA7AD6BE016D54D050119, ABC1D092973F8E04329356C9BE192818760D050ED24AD5888CA6140E228396B7 ] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
16:01:26.0455 0x0c70 Advanced SystemCare 6 - ok
16:01:26.0861 0x0c70 [ 395BCC9122E705F6586217E32CD01CC9, 0A2E3BF0E626A65B9FF1BEFB35FFBC9CCAA3C75DB395D175AAE2DD014A8E8A34 ] C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
16:01:27.0157 0x0c70 HP Deskjet 3510 series (NET) - ok
16:01:28.0233 0x0c70 [ D8470A716BE1C02A81F5AD704D43D334, DA2E76AFB6C0F0111CC5B3A83B331D2BCA54CC78C56128D2B90B86FC89E7EAA7 ] C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
16:01:28.0951 0x0c70 Amazon Cloud Player - ok
16:01:29.0357 0x0c70 [ FA249F4F7554861362AB2FB845D22E40, 88C3F861324F8FC734EBA337A8F942BED8C1199C870FA66E80388F85E050D84D ] C:\Users\Colleen\AppData\Local\iogossul.exe
16:01:29.0372 0x0c70 sljwnape - detected UnsignedFile.Multi.Generic ( 1 )
16:01:29.0372 0x0c70 sljwnape ( UnsignedFile.Multi.Generic ) - warning
16:01:29.0637 0x0c70 [ 2ACF209E20B01488246F4F8C5788ECBD, 07C2A607FB2562AF3B19547DFF5F79DB55A2C4C93B0A83731D42DBB789B242D9 ] C:\Users\Colleen\AppData\Local\aeqltsel.exe
16:01:29.0653 0x0c70 cqibmelw - detected UnsignedFile.Multi.Generic ( 1 )
16:01:29.0653 0x0c70 cqibmelw ( UnsignedFile.Multi.Generic ) - warning
16:01:29.0918 0x0c70 [ 2DF7EC8427034EC6327CA7AE3A1280D6, 854A17256C3F7FF9F3AE8A8D836C95CF9AA9DCB25842485FF0039866CABFF778 ] C:\Users\Colleen\AppData\Local\soisaqtj.exe
16:01:29.0934 0x0c70 gkbqtgfq - detected UnsignedFile.Multi.Generic ( 1 )
16:01:29.0934 0x0c70 gkbqtgfq ( UnsignedFile.Multi.Generic ) - warning
16:01:29.0959 0x0c70 AV detected via SS2: Spybot - Search and Destroy, C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe ( 2.3.39.0 ), 0x61000 ( enabled : updated )
16:01:29.0969 0x0c70 Win FW state via NFP2: enabled
16:01:29.0969 0x0c70 ============================================================
16:01:29.0969 0x0c70 Scan finished
16:01:29.0969 0x0c70 ============================================================
16:01:29.0989 0x0c6c Detected object count: 11
16:01:29.0989 0x0c6c Actual detected object count: 11
16:02:27.0132 0x0c6c CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0132 0x0c6c CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0133 0x0c6c RVIEG01 ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0133 0x0c6c RVIEG01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0133 0x0c6c RVIEGVST ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0133 0x0c6c RVIEGVST ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0134 0x0c6c TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0134 0x0c6c TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0135 0x0c6c TosCoSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0135 0x0c6c TosCoSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0144 0x0c6c TOSHIBA Bluetooth Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0144 0x0c6c TOSHIBA Bluetooth Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0147 0x0c6c UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:27.0147 0x0c6c UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:27.0678 0x0c6c \Device\Harddisk0\DR0\Partition1 - copied to quarantine
16:02:28.0255 0x0c6c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
16:02:28.0419 0x0c6c \Device\Harddisk0\DR0\Partition1 - ok
16:02:28.0419 0x0c6c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
16:02:28.0424 0x0c6c sljwnape ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:28.0424 0x0c6c sljwnape ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:28.0428 0x0c6c cqibmelw ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:28.0428 0x0c6c cqibmelw ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:28.0428 0x0c6c gkbqtgfq ( UnsignedFile.Multi.Generic ) - skipped by user
16:02:28.0429 0x0c6c gkbqtgfq ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:02:33.0264 0x0c6c KLMD registered as C:\Windows\system32\drivers\45258115.sys
16:02:49.0061 0x09d4 Deinitialize success
Hi blueskygal,
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) aswMBR
Re-run aswMBR should be on your desktop.
Right click and select "Run as Administrator".
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================
In your next post please provide the following:
aswMBR.txt
FRST.txt
blueskygal
2014-07-12, 06:36
During the scan a program keeps popping up that looks like an update to adobe flash but i don't recognize it and cancel it. I think this might be a bug but don't know. it's the first time it's surfaced again after a few days. i'm in regular mode now not safe mode, perhaps that's why.
Hi blueskygal,
Can you complete the scans requested, or does the pop-up prevent it?
Hi blueskygal,
Just checking in to see if you still need help?
blueskygal
2014-07-17, 02:06
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-
2014 01
Ran by Colleen (administrator) on COLLEEN-PC on 16-07-2014
15:06:08
Running from C:\Users\Colleen\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2
(X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-
tool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-
tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted
or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-
frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted)
=================
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
( Advanced Software Technologies) C:\Windows\System32\AstSrv.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(TOSHIBA CORPORATION) C:\Program
Files\Toshiba\ConfigFree\CFSvcs.exe
( ) C:\Windows\System32\lxcjcoms.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
(SPAMfighter ApS) C:\Program Files\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfagent.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software
Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program
Files\Real\realplayer\Update\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2
\SDTray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510
series\Bin\ScanToPCActivationApp.exe
() C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music
Helper.exe
() C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2
\SDUpdSvc.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfus.exe
(SPAMfighter ApS) C:\Program Files\Fighters\FighterSuiteService.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power
Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth
Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead
Systems\DVD\ULCDRSvr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2
\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2
\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510
series\Bin\HPNetworkCommunicator.exe
==================== Registry (Whitelisted)
==================
HKLM\...\Run: [Easy Dock] => [X]
HKLM\...\Run: [LXCJCATS] => C:\Windows\system32
\spool\DRIVERS\W32X86\3\LXCJtime.dll [106496 2006-11-21]
(Lexmark International Inc.)
HKLM\...\Run: [CommonToolkitTray] => C:\Program
Files\Fighters\Tray\FightersTray.exe [1497120 2013-04-29]
(SPAMfighter ApS)
HKLM\...\Run: [sfagent] => C:\Program
Files\Fighters\SPAMfighter\sfagent.exe [1065504 2013-06-14]
(SPAMfighter ApS)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [3784704
2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [EfficientPIM] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP
Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-
Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program
Files\Real\realplayer\update\realsched.exe [295512 2014-03-12]
(RealNetworks, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX
Media Server\DivXMediaServer.exe [450560 2014-02-13] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX
Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common
Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe
Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search &
Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe
oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe
oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[Easy Dock] => [X]
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[Google Update] =>
C:\Users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe
[133104 2009-01-24] (Google Inc.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[cdloader] => C:\Users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe
[50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[Advanced SystemCare 6] => C:\Program Files\IObit\Advanced
SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet
3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17]
(Hewlett-Packard Co.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[Amazon Cloud Player] => C:\Users\Colleen\AppData\Local\Amazon
Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[sljwnape] => C:\Users\Colleen\AppData\Local\iogossul.exe [147456
2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[cqibmelw] => C:\Users\Colleen\AppData\Local\aeqltsel.exe [131072
2014-06-27] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[gkbqtgfq] => C:\Users\Colleen\AppData\Local\soisaqtj.exe [88064
2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run:
[Ummuyqdayb] =>
C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe [348160 2007-
02-24] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000
\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000
\...\MountPoints2: {0f57a5df-ad60-11df-acb7-0016d48ced5c} -
E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000
\...\MountPoints2: {22c098ed-bbc9-11df-b0fe-0016d48ced5c} -
E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000
\...\MountPoints2: {69ac5fda-0d5d-11df-ba7b-0016d48ced5c} -
E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000
\...\MountPoints2: {93e9c021-d11b-11e2-a15f-0016d48ced5c} -
E:\menu.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000
\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\EfficientPIM.lnk
ShortcutTarget: EfficientPIM.lnk -> C:\Program
Files\EfficientPIM\EfficientPIM.exe (Efficient Software)
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program
Files\ERUNT\AUTOBACK.EXE ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted)
====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
about:blank
URLSearchHook: HKLM - (No Name) - {9ee802e8-c931-47ab-b570-
aa8f791598ca} - No File
URLSearchHook: HKCU - (No Name) - {9ee802e8-c931-47ab-b570-
aa8f791598ca} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b}
URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}
&SearchSource=4&ctid=CT1641676
SearchScopes: HKCU - Yahoo! URL =
http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-
chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-
73684A933233} URL = http://isearch.avg.com/search?cid={E193F4C5
-F373-46B8-B35A-B3DEFCDD880B}
&mid=c69ac0678e2d6391eb38988c0bd4732a-
43718684b57e539fbe5a9a735e71288613c12102&lang=us&ds=AVG&
pr=fr&d=2013-06-04
11:40:48&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b}
URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}
&SearchSource=4&ctid=CT1641676
BHO: RealNetworks Download and Record Plugin for Internet Explorer
-> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbr
owserrecordplugin.dll (RealDownloader)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC
-5164760863C6} -> C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909
-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Advanced
SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-
ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live
Toolbar\msntb.dll (Microsoft Corporation)
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
-> C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft
Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17
-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
(Yahoo! Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-
9F516DD69829} - No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-
56A92E8F84A7} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-
009027A5CD4F} - No File
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17
-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {9EE802E8-C931-47AB-B570-
AA8F791598CA} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-
79A187E2698E} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-
9F516DD69829} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-
E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-
4ED3E9456D39} - No File
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E}
http://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-
8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultras
him.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://toolbox.webex.com/client/T26L10NSP49EP8/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} -
C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} -
C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} -
c:\Program Files\Common Files\Microsoft Shared\Information
Retrieval\msitss.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-
204C4F4F5020} - C:\Windows\system\msdxm.ocx (Microsoft
Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-
48E0-853A-EBB7F4A000DA} - C:\Program
Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13]
(SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of
Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12
68.105.28.11
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32
\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program
Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program
Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -
C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download
Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program
Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program
Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program
Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program
Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll
(IObit)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program
Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program
Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin:
@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 -
C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program
Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program
Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -
c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program
Files\PDFlite\npPdfViewer.dll No File
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -
C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program
files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaP
lugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaP
lugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaP
lugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program
files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program
Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugi
n.dll (RealDownloader)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Program
Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program
Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program
Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0
\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -
C:\Users\Colleen\AppData\Local\Citrix\Plugins\104\npappdetector.dll
(Citrix Online)
FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files\eMusic
Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -
C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15
\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -
C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15
\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla
firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla
firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla
firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla
firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-
secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla
firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-
08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5
\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant -
c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension [2009-02-06]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-
4FC4AF8A08E2}] -
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\
Ext
FF Extension: RealDownloader -
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\
Ext [2014-03-12]
Chrome:
=======
CHR HomePage: hxxp://my.netzero.net/start/sp.do
CHR Plugin: (Shockwave Flash) -
C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.
131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) -
C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.
131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) -
C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.
131\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0
\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program
Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files\Java\jre6
\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) -
C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft
Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) -
C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks,
Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla
Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla
Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla
Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google
Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google
Updater\2.4.1851.5542\npCIDetect14.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll
(Google, Inc.)
CHR Plugin: (Google Update) - C:\Program
Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program
Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll
(Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program
Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (eMusic Remote Plugin) - C:\Program Files\eMusic
Download Manager\plugin\npemusic.dll (eMusic.com)
CHR Plugin: (iTunes Application Detector) - C:\Program
Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) -
C:\Users\Colleen\AppData\Local\Yahoo!\BrowserPlus\2.9.8
\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32
\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft
Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) -
c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (RealDownloader) -
C:\Users\Colleen\AppData\Local\Google\Chrome\User
Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-
12]
CHR Extension: (WeatherBug (Legacy App)) -
C:\Users\Colleen\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2013-08
-16]
CHR Extension: (FastestFox for Chrome) -
C:\Users\Colleen\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-10-
27]
CHR Extension: (Advanced SystemCare Surfing Protection) -
C:\Users\Colleen\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-08-15]
CHR Extension: (Google Wallet) -
C:\Users\Colleen\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08
-21]
CHR Extension: (Readability) -
C:\Users\Colleen\AppData\Local\Google\Chrome\User
Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-04-
29]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji]
-
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\
Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] -
C:\Program Files\IObit\Advanced SystemCare 6
\BrowerProtect\ASC_GhromePlugin.crx [2013-06-04]
========================== Services (Whitelisted)
=================
R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced
SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-
07] (Apple Inc.)
R2 astcc; C:\Windows\system32\AstSrv.exe [53248 2008-06-11] (
Advanced Software Technologies) [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960
2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150
\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
[File not signed]
R2 lxcj_device; C:\Windows\system32\lxcjcoms.exe [537520 2007-02-
08] ( )
R2 RealNetworks Downloader Resolver Service; C:\Program
Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-
08-14] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2
\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2
\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2
\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SPAMfighter Update Service; C:\Program
Files\Fighters\SPAMfighter\sfus.exe [216608 2013-06-14] (SPAMfighter
ApS)
R2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe
[1281568 2013-05-29] (SPAMfighter ApS)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [40960 2006-07
-20] () [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-
25] (TOSHIBA Corporation) [File not signed]
R2 TosCoSrv; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
[425648 2006-11-22] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth
Toshiba Stack\TosBtSrv.exe [77824 2006-10-31] (TOSHIBA
CORPORATION) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead
Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems,
Inc.) [File not signed]
==================== Drivers (Whitelisted)
====================
R2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672
2007-03-22] (Gteko Ltd.)
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-
03-22] (Gteko Ltd.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-
14] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488
2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456
2006-07-28] (COMPAL ELECTRONIC INC.)
S3 MBAMSwissArmy; C:\Windows\system32
\drivers\MBAMSwissArmy.sys [110296 2014-06-29] (Malwarebytes
Corporation)
R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas
DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed]
R2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas
VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
[12872 2010-02-17] (SUPERAdBlocker.com and
SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
[68168 2010-05-06] (SUPERAdBlocker.com and
SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2
\SDHookDrv32.sys [46336 2014-04-25] ()
R0 SmartDefragDriver; C:\Windows\System32
\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [68204
2005-09-12] (Microsoft Corporation) [File not signed]
U5 Tosrfusb; C:\Windows\System32\Drivers\Tosrfusb.sys [40960 2006-
10-28] (TOSHIBA CORPORATION)
==================== NetSvcs (Whitelisted)
===================
==================== One Month Created Files and Folders
========
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ ()
C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ ()
C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:15 - 00026810 _____ ()
C:\Users\Colleen\Desktop\FRST.txt
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ ()
C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-16 15:03 - 2014-07-16 15:03 - 00000000 ____D ()
C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.)
C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-11 21:16 - 2014-07-11 21:16 - 00002300 _____ ()
C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-11 21:16 - 2014-07-11 21:16 - 00000512 _____ ()
C:\Users\Colleen\Desktop\MBR.dat
2014-07-11 20:35 - 2014-07-12 10:00 - 00000816 _____ ()
C:\Windows\Tasks\Security Center Update - 3528313281.job
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH ()
C:\ProgramData\ntuser.pol
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D ()
C:\TDSSKiller_Quarantine
2014-07-11 15:46 - 2014-07-11 15:46 - 00088064 _____ ()
C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ ()
C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky
Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.)
C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D ()
C:\Users\Colleen\Desktop\Data
2014-07-10 13:32 - 2014-07-10 13:37 - 00046361 _____ ()
C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:29 - 2014-07-10 13:36 - 00049605 _____ ()
C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:26 - 2014-07-16 15:06 - 00000000 ____D () C:\FRST
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar)
C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar)
C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ ()
C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 13:07 - 2014-07-16 15:03 - 01077248 _____ (Farbar)
C:\Users\Colleen\Desktop\FRST.exe
2014-07-10 12:55 - 2014-07-10 12:56 - 00854390 _____ ()
C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ ()
C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ ()
C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D ()
C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:21 - 2014-07-08 16:22 - 05185536 _____ (AVAST
Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware)
C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:47 - 2014-07-01 10:48 - 00688992 ____R (Swearware)
C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware)
C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-11 14:57 - 00000000 ____D ()
C:\Windows\ERDNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ ()
C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D ()
C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars
Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____
(Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ ()
C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 17:29 - 2014-07-12 10:00 - 00000816 _____ ()
C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-06-27 17:29 - 2014-06-27 17:30 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:28 - 2014-06-27 17:26 - 00450609 ____R ()
C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:26 - 2006-09-18 14:41 - 00000736 _____ ()
C:\Windows\system32\Drivers\etc\hosts.20140627-172634.backup
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:31 - 2014-07-16 15:01 - 00000644 _____ ()
C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000618 _____ ()
C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000448 _____ ()
C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D
Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ ()
C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot -
Search & Destroy 2
2014-06-27 16:29 - 2014-06-27 21:32 - 00000000 ____D ()
C:\ProgramData\Spybot - Search & Destroy
2014-06-27 16:29 - 2014-06-27 17:14 - 00000000 ____D ()
C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2013-09-20 10:49 - 00018968 _____ (Safer
Networking Limited) C:\Windows\system32\sdnclean.exe
2014-06-27 16:24 - 2014-06-27 16:26 - 46392680 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:21 - 2014-06-27 16:22 - 46392680 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:18 - 2014-06-27 16:20 - 46392680 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ ()
C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft
Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-
enu.exe
2014-06-27 15:32 - 2014-07-11 15:36 - 00004606 _____ ()
C:\Windows\PFRO.log
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ ()
C:\Users\Colleen\Downloads\My+Information-140210+102523
(1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ ()
C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 14:59 - 2014-06-27 15:00 - 03010560 _____ ()
C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ ()
C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-27 12:54 - 2014-06-27 14:01 - 00000000 ____D ()
C:\Program Files\CCleaner
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ ()
C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 17:59 - 2014-07-11 16:00 - 00147456 _____ ()
C:\Users\Colleen\AppData\Local\iogossul.exe
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ ()
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:49 - 2014-06-26 13:50 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D ()
C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-05-12 07:26 - 00051928 _____
(Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 13:49 - 2014-05-12 07:25 - 00074456 _____
(Malwarebytes Corporation) C:\Windows\system32
\Drivers\mbamchameleon.sys
2014-06-26 11:12 - 2014-06-26 11:14 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ ()
C:\Users\Colleen\AppData\Local\ffageekw
2014-06-24 10:34 - 2014-06-24 10:35 - 01116105 _____ ()
C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts!
Tuesday June 24th 10 am and Noon EST.zip
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to
6-20-14.zip
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to
6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to
6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to
6-15-14.zip
==================== One Month Modified Files and Folders
=======
2014-07-16 15:43 - 2013-06-04 11:29 - 00000830 _____ ()
C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 15:34 - 2014-03-06 13:01 - 00000574 _____ ()
C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2114738196-
1747254254-1146559385-1000.job
2014-07-16 15:30 - 2009-06-30 21:59 - 00000916 _____ ()
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-
1747254254-1146559385-1000UA.job
2014-07-16 15:22 - 2013-08-18 10:32 - 00000000 ____D ()
C:\Windows\system32\MRT
2014-07-16 15:21 - 2006-11-02 03:24 - 93585272 _____ (Microsoft
Corporation) C:\Windows\system32\mrt.exe
2014-07-16 15:15 - 2014-07-16 15:06 - 00026810 _____ ()
C:\Users\Colleen\Desktop\FRST.txt
2014-07-16 15:12 - 2007-09-01 08:47 - 00000256 _____ ()
C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ ()
C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:10 - 2007-01-10 15:30 - 01283861 _____ ()
C:\Windows\WindowsUpdate.log
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ ()
C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ ()
C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-16 15:06 - 2014-07-10 13:26 - 00000000 ____D () C:\FRST
2014-07-16 15:03 - 2014-07-16 15:03 - 00000000 ____D ()
C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-16 15:03 - 2014-07-10 13:07 - 01077248 _____ (Farbar)
C:\Users\Colleen\Desktop\FRST.exe
2014-07-16 15:01 - 2014-06-27 16:31 - 00000644 _____ ()
C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-07-16 15:00 - 2009-12-22 23:09 - 00000882 _____ ()
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 15:00 - 2006-11-02 06:01 - 00000006 ____H ()
C:\Windows\Tasks\SA.DAT
2014-07-16 15:00 - 2006-11-02 05:47 - 00003296 ____H ()
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-
2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 15:00 - 2006-11-02 05:47 - 00003296 ____H ()
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-
2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 10:06 - 2006-11-02 06:01 - 00032642 _____ ()
C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.)
C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-12 10:00 - 2014-07-11 20:35 - 00000816 _____ ()
C:\Windows\Tasks\Security Center Update - 3528313281.job
2014-07-12 10:00 - 2014-06-27 17:29 - 00000816 _____ ()
C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-07-12 10:00 - 2009-12-22 23:09 - 00000886 _____ ()
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-12 09:59 - 2014-03-12 10:59 - 00000300 _____ ()
C:\Windows\Tasks\Digital Sites.job
2014-07-11 21:16 - 2014-07-11 21:16 - 00002300 _____ ()
C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-11 21:16 - 2014-07-11 21:16 - 00000512 _____ ()
C:\Users\Colleen\Desktop\MBR.dat
2014-07-11 20:47 - 2007-08-10 05:54 - 00001356 _____ ()
C:\Users\Colleen\AppData\Local\d3d9caps.dat
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 17:06 - 2014-02-10 10:42 - 00000000 ____D ()
C:\Users\Colleen\Documents\Efficient Organizer AutoBackup
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH ()
C:\ProgramData\ntuser.pol
2014-07-11 16:54 - 2006-11-02 04:18 - 00000000 ___HD ()
C:\Windows\system32\GroupPolicy
2014-07-11 16:43 - 2013-06-04 11:29 - 00699056 _____ (Adobe
Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-11 16:43 - 2013-06-04 11:29 - 00071344 _____ (Adobe
Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D ()
C:\TDSSKiller_Quarantine
2014-07-11 16:00 - 2014-06-26 17:59 - 00147456 _____ ()
C:\Users\Colleen\AppData\Local\iogossul.exe
2014-07-11 15:46 - 2014-07-11 15:46 - 00088064 _____ ()
C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ ()
C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky
Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:36 - 2014-06-27 15:32 - 00004606 _____ ()
C:\Windows\PFRO.log
2014-07-11 15:36 - 2013-10-03 22:41 - 00000000 ____D ()
C:\ProgramData\AVG2014
2014-07-11 15:36 - 2013-06-18 21:06 - 00000000 ____D ()
C:\ProgramData\MFAData
2014-07-11 15:36 - 2009-04-04 09:34 - 00000000 ____D ()
C:\Program Files\AVG
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.)
C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-11 14:59 - 2007-11-17 14:48 - 00000000 ____D ()
C:\Program Files\lx_Cats
2014-07-11 14:57 - 2014-07-01 10:04 - 00000000 ____D ()
C:\Windows\ERDNT
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D ()
C:\Users\Colleen\Desktop\Data
2014-07-10 13:37 - 2014-07-10 13:32 - 00046361 _____ ()
C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:36 - 2014-07-10 13:29 - 00049605 _____ ()
C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar)
C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar)
C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ ()
C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 12:56 - 2014-07-10 12:55 - 00854390 _____ ()
C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:14 - 2007-07-02 20:03 - 06866952 ____R ()
C:\Users\Colleen\Documents\My Money Backup.mbf
2014-07-10 11:14 - 2007-07-01 17:52 - 06864896 _____ ()
C:\Users\Colleen\Documents\My Money.mny
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ ()
C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ ()
C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D ()
C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:22 - 2014-07-08 16:21 - 05185536 _____ (AVAST
Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware)
C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:48 - 2014-07-01 10:47 - 00688992 ____R (Swearware)
C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware)
C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ ()
C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D ()
C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars
Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:08 - 2010-06-07 15:34 - 00110296 _____
(Malwarebytes Corporation) C:\Windows\system32
\Drivers\mbamswissarmy.sys
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____
(Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:59 - 2006-11-02 03:33 - 00703388 _____ ()
C:\Windows\system32\PerfStringBackup.INI
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ ()
C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 21:50 - 2009-06-30 21:59 - 00000864 _____ ()
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-
1747254254-1146559385-1000Core.job
2014-06-27 21:32 - 2014-06-27 16:29 - 00000000 ____D ()
C:\ProgramData\Spybot - Search & Destroy
2014-06-27 17:30 - 2014-06-27 17:29 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:26 - 2014-06-27 17:28 - 00450609 ____R ()
C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:18 - 2014-06-27 16:31 - 00000618 _____ ()
C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 17:18 - 2014-06-27 16:31 - 00000448 _____ ()
C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:14 - 2014-06-27 16:29 - 00000000 ____D ()
C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D
Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ ()
C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot -
Search & Destroy 2
2014-06-27 16:26 - 2014-06-27 16:24 - 46392680 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:22 - 2014-06-27 16:21 - 46392680 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:20 - 2014-06-27 16:18 - 46392680 _____ (Safer-
Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ ()
C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft
Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-
enu.exe
2014-06-27 15:43 - 2014-04-21 15:05 - 00000000 ____D ()
C:\Users\Colleen\Documents\A NexRep
2014-06-27 15:32 - 2006-11-30 17:44 - 00000000 ____D ()
C:\Program Files\Google
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ ()
C:\Users\Colleen\Downloads\My+Information-140210+102523
(1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ ()
C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 15:00 - 2014-06-27 14:59 - 03010560 _____ ()
C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 14:32 - 2007-05-26 14:20 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Mozilla
2014-06-27 14:32 - 2007-05-26 14:19 - 00000000 ____D ()
C:\Program Files\Mozilla Firefox
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
Games
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D ()
C:\Program Files\TOSHIBA Games
2014-06-27 14:30 - 2006-11-02 03:23 - 00000375 _____ ()
C:\Windows\win.ini
2014-06-27 14:15 - 2006-11-30 17:39 - 00000000 ____D ()
C:\ProgramData\WildTangent
2014-06-27 14:01 - 2014-06-27 12:54 - 00000000 ____D ()
C:\Program Files\CCleaner
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ ()
C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-27 13:07 - 2006-11-30 16:26 - 00000000 ____D ()
C:\Windows\Panther
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ ()
C:\Users\Public\Desktop\CCleaner.lnk
2014-06-27 12:35 - 2007-02-04 10:28 - 00000000 ____D ()
C:\Users\Colleen\AppData\Local\Google
2014-06-27 12:35 - 2006-11-30 17:44 - 00000000 ____D ()
C:\ProgramData\Google
2014-06-26 17:30 - 2009-04-05 13:18 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\IObit
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ ()
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:50 - 2014-06-26 13:49 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D ()
C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2010-06-07 15:34 - 00000000 ____D ()
C:\ProgramData\Malwarebytes
2014-06-26 11:14 - 2014-06-26 11:12 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-26 10:59 - 2014-03-12 11:59 - 00000040 _____ ()
C:\Users\Colleen\AppData\Roaming\WB.CFG
2014-06-25 12:04 - 2014-04-24 13:20 - 00000000 ____D ()
C:\Users\Colleen\AppData\Roaming\Five9
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ ()
C:\Users\Colleen\AppData\Local\ffageekw
2014-06-24 10:35 - 2014-06-24 10:34 - 01116105 _____ ()
C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts!
Tuesday June 24th 10 am and Noon EST.zip
2014-06-23 15:22 - 2006-11-02 04:18 - 00000000 ____D ()
C:\Windows\Microsoft.NET
2014-06-23 14:49 - 2013-12-02 10:59 - 50753536 _____ ()
C:\Windows\system32\config\software.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 38883328 _____ ()
C:\Windows\system32\config\components.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00274432 _____ ()
C:\Windows\system32\config\default.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00057344 _____ ()
C:\Windows\system32\config\sam.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00028672 _____ ()
C:\Windows\system32\config\security.iobit
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to
6-20-14.zip
2014-06-21 14:58 - 2014-05-23 10:57 - 00000000 ____D ()
C:\Users\Colleen\DocumentA NexRep
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to
6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to
6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ ()
C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to
6-15-14.zip
2014-06-18 07:56 - 2013-06-05 14:31 - 00000000 ____D ()
C:\Program Files\Opera
2014-06-16 20:18 - 2010-01-02 20:35 - 00000000 ____D ()
C:\Users\Colleen\AppData\Local\Bible Explorer 4
2014-06-16 08:12 - 2014-02-10 10:29 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EfficientPIM
2014-06-16 08:12 - 2014-02-10 10:29 - 00000000 ____D ()
C:\Program Files\EfficientPIM
Files to move or delete:
====================
C:\Users\Colleen\lametritonus_en.dll
C:\Users\Colleen\lame_enc_en.dll
Some content of TEMP:
====================
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\{5E271BDF-0DFA-41F1-A223
-EDC0089639EC}.exe
==================== Bamital & volsnap Check
=================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-16 15:47
==================== End Of Log
============================
blueskygal
2014-07-17, 02:08
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-11 20:28:29
-----------------------------
20:28:29.080 OS Version: Windows 6.0.6002 Service Pack 2
20:28:29.080 Number of processors: 2 586 0xE0C
20:28:29.080 ComputerName: COLLEEN-PC UserName: Colleen
20:28:30.609 Initialize success
20:28:30.624 VM: initialized successfully
20:28:30.687 VM: Intel CPU virtualization not supported
20:29:42.431 AVAST engine defs: 14071000
20:30:15.425 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:30:15.425 Disk 0 Vendor: Hitachi_HTS541610J9SA00 SBCOC7DP Size: 95396MB BusType: 3
20:30:15.612 Disk 0 MBR read successfully
20:30:15.628 Disk 0 MBR scan
20:30:15.675 Disk 0 Windows VISTA default MBR code
20:30:15.706 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:30:15.722 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 93895 MB offset 3074048
20:30:15.737 Disk 0 scanning sectors +195371008
20:30:16.096 Disk 0 scanning C:\Windows\system32\drivers
20:30:45.284 Service scanning
20:31:27.996 Modules scanning
20:31:53.939 Disk 0 trace - called modules:
20:31:53.970 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:31:53.986 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a60ac8]
20:31:54.002 3 CLASSPNP.SYS[889ae8b3] -> nt!IofCallDriver -> [0x851e6b48]
20:31:54.002 5 acpi.sys[82e566bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851e0b98]
20:31:55.156 AVAST engine scan C:\Windows
20:32:03.499 AVAST engine scan C:\Windows\system32
20:53:14.790 AVAST engine scan C:\Windows\system32\drivers
20:55:40.541 AVAST engine scan C:\Users\Colleen
20:55:46.981 File: C:\Users\Colleen\AppData\Local\aeqltsel.exe **INFECTED** Win32:Malware-gen
21:05:21.784 File: C:\Users\Colleen\AppData\Local\iogossul.exe **INFECTED** Win32:Malware-gen
21:05:30.600 File: C:\Users\Colleen\AppData\Local\knxdsdhe.exe **INFECTED** Win32:Rootkit-gen [Rtk]
21:16:23.462 Disk 0 MBR has been saved successfully to "C:\Users\Colleen\Desktop\MBR.dat"
21:16:23.477 The log file has been saved successfully to "C:\Users\Colleen\Desktop\aswMBR.txt"
Hi blueskygal,
Your FRST log is difficult to read as posted. Please disable Word Wrap in Notepad and re post the log.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Remove Word Wrap in Notepad
Click the Windows “Start” button.
Enter “Notepad” into the search box and double-click the application from the list of search results that appears. The Notepad application opens.
Click “Format” from the main menu in Notepad to display the formatting drop-down menu. You will see a check mark next to the words “Word Wrap,” which indicates that the Word Wrap feature is currently inserting line endings into your Notepad files.
Click “Word Wrap” to remove line endings. The check mark that used to appear next to “Word Wrap” disappears, indicating that you have successfully disabled this feature and removed all line endings from your document.
=========================
blueskygal
2014-07-17, 23:23
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Colleen (administrator) on COLLEEN-PC on 16-07-2014 15:06:08
Running from C:\Users\Colleen\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
( Advanced Software Technologies) C:\Windows\System32\AstSrv.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
( ) C:\Windows\System32\lxcjcoms.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
(SPAMfighter ApS) C:\Program Files\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfagent.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
() C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
() C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfus.exe
(SPAMfighter ApS) C:\Program Files\Fighters\FighterSuiteService.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Easy Dock] => [X]
HKLM\...\Run: [LXCJCATS] => C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll [106496 2006-11-21] (Lexmark International Inc.)
HKLM\...\Run: [CommonToolkitTray] => C:\Program Files\Fighters\Tray\FightersTray.exe [1497120 2013-04-29] (SPAMfighter ApS)
HKLM\...\Run: [sfagent] => C:\Program Files\Fighters\SPAMfighter\sfagent.exe [1065504 2013-06-14] (SPAMfighter ApS)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [3784704 2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [EfficientPIM] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\realplayer\update\realsched.exe [295512 2014-03-12] (RealNetworks, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-13] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Easy Dock] => [X]
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Google Update] => C:\Users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-01-24] (Google Inc.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cdloader] => C:\Users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Advanced SystemCare 6] => C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Amazon Cloud Player] => C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [sljwnape] => C:\Users\Colleen\AppData\Local\iogossul.exe [147456 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cqibmelw] => C:\Users\Colleen\AppData\Local\aeqltsel.exe [131072 2014-06-27] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [gkbqtgfq] => C:\Users\Colleen\AppData\Local\soisaqtj.exe [88064 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Ummuyqdayb] => C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe [348160 2007-02-24] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {0f57a5df-ad60-11df-acb7-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {22c098ed-bbc9-11df-b0fe-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {69ac5fda-0d5d-11df-ba7b-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {93e9c021-d11b-11e2-a15f-0016d48ced5c} - E:\menu.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EfficientPIM.lnk
ShortcutTarget: EfficientPIM.lnk -> C:\Program Files\EfficientPIM\EfficientPIM.exe (Efficient Software)
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
URLSearchHook: HKCU - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
SearchScopes: HKCU - Yahoo! URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E193F4C5-F373-46B8-B35A-B3DEFCDD880B}&mid=c69ac0678e2d6391eb38988c0bd4732a-43718684b57e539fbe5a9a735e71288613c12102&lang=us&ds=AVG&pr=fr&d=2013-06-04 11:40:48&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://toolbox.webex.com/client/T26L10NSP49EP8/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\system\msdxm.ocx (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program Files\PDFlite\npPdfViewer.dll No File
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Colleen\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-06]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-12]
Chrome:
=======
CHR HomePage: hxxp://my.netzero.net/start/sp.do
CHR Plugin: (Shockwave Flash) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (eMusic Remote Plugin) - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Colleen\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (RealDownloader) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-12]
CHR Extension: (WeatherBug (Legacy App)) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2013-08-16]
CHR Extension: (FastestFox for Chrome) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-10-27]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-08-15]
CHR Extension: (Google Wallet) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Readability) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-04-29]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-06-04]
========================== Services (Whitelisted) =================
R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 astcc; C:\Windows\system32\AstSrv.exe [53248 2008-06-11] ( Advanced Software Technologies) [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 lxcj_device; C:\Windows\system32\lxcjcoms.exe [537520 2007-02-08] ( )
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SPAMfighter Update Service; C:\Program Files\Fighters\SPAMfighter\sfus.exe [216608 2013-06-14] (SPAMfighter ApS)
R2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe [1281568 2013-05-29] (SPAMfighter ApS)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [40960 2006-07-20] () [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 TosCoSrv; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [425648 2006-11-22] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [77824 2006-10-31] (TOSHIBA CORPORATION) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672 2007-03-22] (Gteko Ltd.)
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-29] (Malwarebytes Corporation)
R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed]
R2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [68168 2010-05-06] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [68204 2005-09-12] (Microsoft Corporation) [File not signed]
U5 Tosrfusb; C:\Windows\System32\Drivers\Tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:15 - 00026810 _____ () C:\Users\Colleen\Desktop\FRST.txt
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-16 15:03 - 2014-07-16 15:03 - 00000000 ____D () C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-11 21:16 - 2014-07-11 21:16 - 00002300 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-11 21:16 - 2014-07-11 21:16 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-11 20:35 - 2014-07-12 10:00 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 3528313281.job
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-11 15:46 - 2014-07-11 15:46 - 00088064 _____ () C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ () C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D () C:\Users\Colleen\Desktop\Data
2014-07-10 13:32 - 2014-07-10 13:37 - 00046361 _____ () C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:29 - 2014-07-10 13:36 - 00049605 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:26 - 2014-07-16 15:06 - 00000000 ____D () C:\FRST
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ () C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 13:07 - 2014-07-16 15:03 - 01077248 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-10 12:55 - 2014-07-10 12:56 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:21 - 2014-07-08 16:22 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:47 - 2014-07-01 10:48 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-11 14:57 - 00000000 ____D () C:\Windows\ERDNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 17:29 - 2014-07-12 10:00 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-06-27 17:29 - 2014-06-27 17:30 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:28 - 2014-06-27 17:26 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:26 - 2006-09-18 14:41 - 00000736 _____ () C:\Windows\system32\Drivers\etc\hosts.20140627-172634.backup
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:31 - 2014-07-16 15:01 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2014-06-27 21:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 16:29 - 2014-06-27 17:14 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-06-27 16:24 - 2014-06-27 16:26 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:21 - 2014-06-27 16:22 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:18 - 2014-06-27 16:20 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ () C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:32 - 2014-07-11 15:36 - 00004606 _____ () C:\Windows\PFRO.log
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 14:59 - 2014-06-27 15:00 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-27 12:54 - 2014-06-27 14:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 17:59 - 2014-07-11 16:00 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:49 - 2014-06-26 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 13:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-26 11:12 - 2014-06-26 11:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-06-24 10:34 - 2014-06-24 10:35 - 01116105 _____ () C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts! Tuesday June 24th 10 am and Noon EST.zip
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-20-14.zip
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to 6-15-14.zip
==================== One Month Modified Files and Folders =======
2014-07-16 15:43 - 2013-06-04 11:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 15:34 - 2014-03-06 13:01 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2114738196-1747254254-1146559385-1000.job
2014-07-16 15:30 - 2009-06-30 21:59 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000UA.job
2014-07-16 15:22 - 2013-08-18 10:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-16 15:21 - 2006-11-02 03:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-16 15:15 - 2014-07-16 15:06 - 00026810 _____ () C:\Users\Colleen\Desktop\FRST.txt
2014-07-16 15:12 - 2007-09-01 08:47 - 00000256 _____ () C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:10 - 2007-01-10 15:30 - 01283861 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-16 15:06 - 2014-07-10 13:26 - 00000000 ____D () C:\FRST
2014-07-16 15:03 - 2014-07-16 15:03 - 00000000 ____D () C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-16 15:03 - 2014-07-10 13:07 - 01077248 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-16 15:01 - 2014-06-27 16:31 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-07-16 15:00 - 2009-12-22 23:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 15:00 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 15:00 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 15:00 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 10:06 - 2006-11-02 06:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-12 10:00 - 2014-07-11 20:35 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 3528313281.job
2014-07-12 10:00 - 2014-06-27 17:29 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-07-12 10:00 - 2009-12-22 23:09 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-12 09:59 - 2014-03-12 10:59 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job
2014-07-11 21:16 - 2014-07-11 21:16 - 00002300 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-11 21:16 - 2014-07-11 21:16 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-11 20:47 - 2007-08-10 05:54 - 00001356 _____ () C:\Users\Colleen\AppData\Local\d3d9caps.dat
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 17:06 - 2014-02-10 10:42 - 00000000 ____D () C:\Users\Colleen\Documents\Efficient Organizer AutoBackup
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-11 16:54 - 2006-11-02 04:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-11 16:43 - 2013-06-04 11:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-11 16:43 - 2013-06-04 11:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-11 16:00 - 2014-06-26 17:59 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-07-11 15:46 - 2014-07-11 15:46 - 00088064 _____ () C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ () C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:36 - 2014-06-27 15:32 - 00004606 _____ () C:\Windows\PFRO.log
2014-07-11 15:36 - 2013-10-03 22:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-11 15:36 - 2013-06-18 21:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-11 15:36 - 2009-04-04 09:34 - 00000000 ____D () C:\Program Files\AVG
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-11 14:59 - 2007-11-17 14:48 - 00000000 ____D () C:\Program Files\lx_Cats
2014-07-11 14:57 - 2014-07-01 10:04 - 00000000 ____D () C:\Windows\ERDNT
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D () C:\Users\Colleen\Desktop\Data
2014-07-10 13:37 - 2014-07-10 13:32 - 00046361 _____ () C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:36 - 2014-07-10 13:29 - 00049605 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ () C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 12:56 - 2014-07-10 12:55 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:14 - 2007-07-02 20:03 - 06866952 ____R () C:\Users\Colleen\Documents\My Money Backup.mbf
2014-07-10 11:14 - 2007-07-01 17:52 - 06864896 _____ () C:\Users\Colleen\Documents\My Money.mny
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:22 - 2014-07-08 16:21 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:48 - 2014-07-01 10:47 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:08 - 2010-06-07 15:34 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:59 - 2006-11-02 03:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 21:50 - 2009-06-30 21:59 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000Core.job
2014-06-27 21:32 - 2014-06-27 16:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 17:30 - 2014-06-27 17:29 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:26 - 2014-06-27 17:28 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:18 - 2014-06-27 16:31 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 17:18 - 2014-06-27 16:31 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:14 - 2014-06-27 16:29 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:26 - 2014-06-27 16:24 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:22 - 2014-06-27 16:21 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:20 - 2014-06-27 16:18 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ () C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:43 - 2014-04-21 15:05 - 00000000 ____D () C:\Users\Colleen\Documents\A NexRep
2014-06-27 15:32 - 2006-11-30 17:44 - 00000000 ____D () C:\Program Files\Google
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 15:00 - 2014-06-27 14:59 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 14:32 - 2007-05-26 14:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Mozilla
2014-06-27 14:32 - 2007-05-26 14:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\Program Files\TOSHIBA Games
2014-06-27 14:30 - 2006-11-02 03:23 - 00000375 _____ () C:\Windows\win.ini
2014-06-27 14:15 - 2006-11-30 17:39 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-27 14:01 - 2014-06-27 12:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-27 13:07 - 2006-11-30 16:26 - 00000000 ____D () C:\Windows\Panther
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-27 12:35 - 2007-02-04 10:28 - 00000000 ____D () C:\Users\Colleen\AppData\Local\Google
2014-06-27 12:35 - 2006-11-30 17:44 - 00000000 ____D () C:\ProgramData\Google
2014-06-26 17:30 - 2009-04-05 13:18 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\IObit
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:50 - 2014-06-26 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2010-06-07 15:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 11:14 - 2014-06-26 11:12 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-26 10:59 - 2014-03-12 11:59 - 00000040 _____ () C:\Users\Colleen\AppData\Roaming\WB.CFG
2014-06-25 12:04 - 2014-04-24 13:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Five9
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-06-24 10:35 - 2014-06-24 10:34 - 01116105 _____ () C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts! Tuesday June 24th 10 am and Noon EST.zip
2014-06-23 15:22 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-23 14:49 - 2013-12-02 10:59 - 50753536 _____ () C:\Windows\system32\config\software.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 38883328 _____ () C:\Windows\system32\config\components.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00274432 _____ () C:\Windows\system32\config\default.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00057344 _____ () C:\Windows\system32\config\sam.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-20-14.zip
2014-06-21 14:58 - 2014-05-23 10:57 - 00000000 ____D () C:\Users\Colleen\DocumentA NexRep
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to 6-15-14.zip
2014-06-18 07:56 - 2013-06-05 14:31 - 00000000 ____D () C:\Program Files\Opera
2014-06-16 20:18 - 2010-01-02 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Local\Bible Explorer 4
2014-06-16 08:12 - 2014-02-10 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EfficientPIM
2014-06-16 08:12 - 2014-02-10 10:29 - 00000000 ____D () C:\Program Files\EfficientPIM
Files to move or delete:
====================
C:\Users\Colleen\lametritonus_en.dll
C:\Users\Colleen\lame_enc_en.dll
Some content of TEMP:
====================
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\{5E271BDF-0DFA-41F1-A223-EDC0089639EC}.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-16 15:47
==================== End Of Log ============================
blueskygal
2014-07-17, 23:28
Hello OCD,
When I rebooted computer today microsoft's malicious software program came up after some microsoft update.
i ran it. also spybot located the culprits that have been replicating. What I am noticing is that this program merely changes the name of the virus and starts replicating again. i had spybot quarantine the viruses it found.
Also a popup keeps coming up called
UPDATEFLASHPLAYER_9664FC94.EXE asking to update it shows as an unidenfied publisher.
how can i get rid of this as well?
i am going to rerun both of your requested programs again after i restart the computer to see if that virus is still working.
thanks
blueskygal
blueskygal
2014-07-18, 01:46
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Colleen (administrator) on COLLEEN-PC on 17-07-2014 15:42:40
Running from C:\Users\Colleen\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
( Advanced Software Technologies) C:\Windows\System32\AstSrv.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
( ) C:\Windows\System32\lxcjcoms.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(SPAMfighter ApS) C:\Program Files\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfagent.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfus.exe
(SPAMfighter ApS) C:\Program Files\Fighters\FighterSuiteService.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
() C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Efficient Software) C:\Program Files\EfficientPIM\EfficientPIM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Masnesaft Corporation) C:\Users\Colleen\AppData\Roaming\Imcega\aziwawy.exe
(Masnesaft Corporation) C:\Users\Colleen\AppData\Roaming\Imcega\aziwawy.exe
(Masnesaft Corporation) C:\Users\Colleen\AppData\Roaming\Imcega\aziwawy.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Easy Dock] => [X]
HKLM\...\Run: [LXCJCATS] => C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll [106496 2006-11-21] (Lexmark International Inc.)
HKLM\...\Run: [CommonToolkitTray] => C:\Program Files\Fighters\Tray\FightersTray.exe [1497120 2013-04-29] (SPAMfighter ApS)
HKLM\...\Run: [sfagent] => C:\Program Files\Fighters\SPAMfighter\sfagent.exe [1065504 2013-06-14] (SPAMfighter ApS)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [3784704 2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [EfficientPIM] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\realplayer\update\realsched.exe [295512 2014-03-12] (RealNetworks, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-13] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Easy Dock] => [X]
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Google Update] => C:\Users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-01-24] (Google Inc.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cdloader] => C:\Users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Advanced SystemCare 6] => C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Amazon Cloud Player] => C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [sljwnape] => C:\Users\Colleen\AppData\Local\iogossul.exe [147456 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cqibmelw] => C:\Users\Colleen\AppData\Local\aeqltsel.exe [131072 2014-07-17] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [gkbqtgfq] => C:\Users\Colleen\AppData\Local\soisaqtj.exe [88064 2014-07-17] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Ummuyqdayb] => C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe [348160 2014-07-17] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [wfkguuqr] => C:\Users\Colleen\AppData\Local\smqnnerw.exe [87040 2014-07-16] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Zeureqte] => C:\Users\Colleen\AppData\Roaming\Imcega\aziwawy.exe [433378 2008-04-06] (Masnesaft Corporation)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [ikudaofn] => C:\Users\Colleen\AppData\Local\xwaieusa.exe [101376 2014-07-17] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {0f57a5df-ad60-11df-acb7-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {22c098ed-bbc9-11df-b0fe-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {69ac5fda-0d5d-11df-ba7b-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {93e9c021-d11b-11e2-a15f-0016d48ced5c} - E:\menu.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EfficientPIM.lnk
ShortcutTarget: EfficientPIM.lnk -> C:\Program Files\EfficientPIM\EfficientPIM.exe (Efficient Software)
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
URLSearchHook: HKCU - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
SearchScopes: HKCU - Yahoo! URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E193F4C5-F373-46B8-B35A-B3DEFCDD880B}&mid=c69ac0678e2d6391eb38988c0bd4732a-43718684b57e539fbe5a9a735e71288613c12102&lang=us&ds=AVG&pr=fr&d=2013-06-04 11:40:48&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://toolbox.webex.com/client/T26L10NSP49EP8/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\system\msdxm.ocx (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program Files\PDFlite\npPdfViewer.dll No File
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Colleen\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-06]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-12]
Chrome:
=======
CHR HomePage: hxxp://my.netzero.net/start/sp.do
CHR Plugin: (Shockwave Flash) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (eMusic Remote Plugin) - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Colleen\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (RealDownloader) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-12]
CHR Extension: (WeatherBug (Legacy App)) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2013-08-16]
CHR Extension: (FastestFox for Chrome) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-10-27]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-08-15]
CHR Extension: (Google Wallet) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Readability) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-04-29]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-06-04]
========================== Services (Whitelisted) =================
R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 astcc; C:\Windows\system32\AstSrv.exe [53248 2008-06-11] ( Advanced Software Technologies) [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 lxcj_device; C:\Windows\system32\lxcjcoms.exe [537520 2007-02-08] ( )
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SPAMfighter Update Service; C:\Program Files\Fighters\SPAMfighter\sfus.exe [216608 2013-06-14] (SPAMfighter ApS)
R2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe [1281568 2013-05-29] (SPAMfighter ApS)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [40960 2006-07-20] () [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 TosCoSrv; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [425648 2006-11-22] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [77824 2006-10-31] (TOSHIBA CORPORATION) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672 2007-03-22] (Gteko Ltd.)
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-29] (Malwarebytes Corporation)
R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed]
R2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [68168 2010-05-06] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [68204 2005-09-12] (Microsoft Corporation) [File not signed]
U5 Tosrfusb; C:\Windows\System32\Drivers\Tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION)
U3 aswMBR; \??\C:\Users\Colleen\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Colleen\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-17 15:14 - 2014-07-17 15:14 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 388022737.job
2014-07-17 15:14 - 2014-07-17 15:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Wyezro
2014-07-17 14:59 - 2014-07-17 15:00 - 00000000 ____D () C:\Users\Colleen\Documents\My Money
2014-07-17 14:55 - 2014-07-17 15:00 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 1860252774.job
2014-07-17 14:55 - 2014-07-17 14:55 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Untuyr
2014-07-17 13:38 - 2014-07-17 13:38 - 00101376 _____ () C:\Users\Colleen\AppData\Local\xwaieusa.exe
2014-07-17 13:26 - 2014-07-17 15:00 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 464613837.job
2014-07-17 13:26 - 2014-07-17 13:26 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Imcega
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-17 15:43 - 00027829 _____ () C:\Users\Colleen\Desktop\FRST.txt
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-16 15:03 - 2014-07-16 15:03 - 00000000 ____D () C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-11 21:16 - 2014-07-17 15:31 - 00005021 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-11 21:16 - 2014-07-17 15:31 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-11 20:35 - 2014-07-17 15:00 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 3528313281.job
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-11 16:29 - 2014-06-06 17:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 16:29 - 2014-06-06 17:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-11 16:29 - 2014-06-06 16:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-11 16:29 - 2014-06-06 16:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-11 16:29 - 2014-06-06 16:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-11 16:29 - 2014-06-06 16:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-11 16:29 - 2014-06-06 16:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-11 16:29 - 2014-06-06 16:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-11 16:29 - 2014-06-06 15:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-11 16:29 - 2014-06-06 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-11 16:29 - 2014-06-06 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-11 16:29 - 2014-06-06 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-11 16:29 - 2014-06-06 15:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-11 16:29 - 2014-06-06 15:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-11 16:29 - 2014-06-06 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-11 16:29 - 2014-06-06 15:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-11 16:29 - 2014-06-06 15:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-11 16:29 - 2014-06-06 15:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-11 16:29 - 2014-06-06 01:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 16:29 - 2014-05-29 23:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-11 15:46 - 2014-07-17 13:19 - 00088064 _____ () C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ () C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D () C:\Users\Colleen\Desktop\Data
2014-07-10 13:32 - 2014-07-10 13:37 - 00046361 _____ () C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:29 - 2014-07-10 13:36 - 00049605 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:26 - 2014-07-17 15:43 - 00000000 ____D () C:\FRST
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ () C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 13:07 - 2014-07-16 15:03 - 01077248 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-10 12:55 - 2014-07-10 12:56 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:21 - 2014-07-08 16:22 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:47 - 2014-07-01 10:48 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-11 14:57 - 00000000 ____D () C:\Windows\ERDNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 17:29 - 2014-07-17 15:00 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-06-27 17:29 - 2014-06-27 17:30 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:28 - 2014-06-27 17:26 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:26 - 2006-09-18 14:41 - 00000736 _____ () C:\Windows\system32\Drivers\etc\hosts.20140627-172634.backup
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:31 - 2014-07-17 13:57 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2014-06-27 21:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 16:29 - 2014-06-27 17:14 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-06-27 16:24 - 2014-06-27 16:26 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:21 - 2014-06-27 16:22 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:18 - 2014-06-27 16:20 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ () C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:32 - 2014-07-11 15:36 - 00004606 _____ () C:\Windows\PFRO.log
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 14:59 - 2014-06-27 15:00 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 13:31 - 2014-07-17 13:19 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-27 12:54 - 2014-06-27 14:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 17:59 - 2014-07-11 16:00 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:49 - 2014-06-26 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 13:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-26 11:12 - 2014-06-26 11:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-06-24 10:34 - 2014-06-24 10:35 - 01116105 _____ () C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts! Tuesday June 24th 10 am and Noon EST.zip
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-20-14.zip
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to 6-15-14.zip
==================== One Month Modified Files and Folders =======
2014-07-17 15:43 - 2014-07-16 15:06 - 00027829 _____ () C:\Users\Colleen\Desktop\FRST.txt
2014-07-17 15:43 - 2014-07-10 13:26 - 00000000 ____D () C:\FRST
2014-07-17 15:43 - 2013-06-04 11:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 15:34 - 2014-03-06 13:01 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2114738196-1747254254-1146559385-1000.job
2014-07-17 15:31 - 2014-07-11 21:16 - 00005021 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-17 15:31 - 2014-07-11 21:16 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-17 15:27 - 2009-06-30 21:59 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000UA.job
2014-07-17 15:14 - 2014-07-17 15:14 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 388022737.job
2014-07-17 15:14 - 2014-07-17 15:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Wyezro
2014-07-17 15:12 - 2007-09-01 08:47 - 00000256 _____ () C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2014-07-17 15:06 - 2007-01-10 15:30 - 01339115 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 15:00 - 2014-07-17 14:59 - 00000000 ____D () C:\Users\Colleen\Documents\My Money
2014-07-17 15:00 - 2014-07-17 14:55 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 1860252774.job
2014-07-17 15:00 - 2014-07-17 13:26 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 464613837.job
2014-07-17 15:00 - 2014-07-11 20:35 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 3528313281.job
2014-07-17 15:00 - 2014-06-27 17:29 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-07-17 15:00 - 2007-07-01 17:52 - 06885376 _____ () C:\Users\Colleen\Documents\My Money.mny
2014-07-17 14:59 - 2014-03-12 10:59 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job
2014-07-17 14:58 - 2009-12-22 23:09 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 14:55 - 2014-07-17 14:55 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Untuyr
2014-07-17 13:58 - 2009-12-22 23:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 13:57 - 2014-06-27 16:31 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-07-17 13:56 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 13:56 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 13:56 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 13:43 - 2006-11-02 06:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-17 13:38 - 2014-07-17 13:38 - 00101376 _____ () C:\Users\Colleen\AppData\Local\xwaieusa.exe
2014-07-17 13:26 - 2014-07-17 13:26 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Imcega
2014-07-17 13:19 - 2014-07-11 15:46 - 00088064 _____ () C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-17 13:19 - 2014-06-27 13:31 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-07-17 13:19 - 2013-08-18 10:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-17 13:07 - 2006-11-02 05:47 - 00383968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-16 16:13 - 2006-11-02 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-16 15:21 - 2006-11-02 03:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-16 15:03 - 2014-07-16 15:03 - 00000000 ____D () C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-16 15:03 - 2014-07-10 13:07 - 01077248 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-11 20:47 - 2007-08-10 05:54 - 00001356 _____ () C:\Users\Colleen\AppData\Local\d3d9caps.dat
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 17:06 - 2014-02-10 10:42 - 00000000 ____D () C:\Users\Colleen\Documents\Efficient Organizer AutoBackup
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-11 16:54 - 2006-11-02 04:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-11 16:43 - 2013-06-04 11:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-11 16:43 - 2013-06-04 11:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-11 16:00 - 2014-06-26 17:59 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ () C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:36 - 2014-06-27 15:32 - 00004606 _____ () C:\Windows\PFRO.log
2014-07-11 15:36 - 2013-10-03 22:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-11 15:36 - 2013-06-18 21:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-11 15:36 - 2009-04-04 09:34 - 00000000 ____D () C:\Program Files\AVG
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-11 14:59 - 2007-11-17 14:48 - 00000000 ____D () C:\Program Files\lx_Cats
2014-07-11 14:57 - 2014-07-01 10:04 - 00000000 ____D () C:\Windows\ERDNT
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D () C:\Users\Colleen\Desktop\Data
2014-07-10 13:37 - 2014-07-10 13:32 - 00046361 _____ () C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:36 - 2014-07-10 13:29 - 00049605 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ () C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 12:56 - 2014-07-10 12:55 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:14 - 2007-07-02 20:03 - 06866952 ____R () C:\Users\Colleen\Documents\My Money Backup.mbf
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:22 - 2014-07-08 16:21 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:48 - 2014-07-01 10:47 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:08 - 2010-06-07 15:34 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:59 - 2006-11-02 03:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 21:50 - 2009-06-30 21:59 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000Core.job
2014-06-27 21:32 - 2014-06-27 16:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 17:30 - 2014-06-27 17:29 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:26 - 2014-06-27 17:28 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:18 - 2014-06-27 16:31 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 17:18 - 2014-06-27 16:31 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:14 - 2014-06-27 16:29 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:26 - 2014-06-27 16:24 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:22 - 2014-06-27 16:21 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:20 - 2014-06-27 16:18 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ () C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:43 - 2014-04-21 15:05 - 00000000 ____D () C:\Users\Colleen\Documents\A NexRep
2014-06-27 15:32 - 2006-11-30 17:44 - 00000000 ____D () C:\Program Files\Google
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 15:00 - 2014-06-27 14:59 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 14:32 - 2007-05-26 14:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Mozilla
2014-06-27 14:32 - 2007-05-26 14:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\Program Files\TOSHIBA Games
2014-06-27 14:30 - 2006-11-02 03:23 - 00000375 _____ () C:\Windows\win.ini
2014-06-27 14:15 - 2006-11-30 17:39 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-27 14:01 - 2014-06-27 12:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 13:07 - 2006-11-30 16:26 - 00000000 ____D () C:\Windows\Panther
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-27 12:35 - 2007-02-04 10:28 - 00000000 ____D () C:\Users\Colleen\AppData\Local\Google
2014-06-27 12:35 - 2006-11-30 17:44 - 00000000 ____D () C:\ProgramData\Google
2014-06-26 17:30 - 2009-04-05 13:18 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\IObit
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:50 - 2014-06-26 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2010-06-07 15:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 11:14 - 2014-06-26 11:12 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-26 10:59 - 2014-03-12 11:59 - 00000040 _____ () C:\Users\Colleen\AppData\Roaming\WB.CFG
2014-06-25 12:04 - 2014-04-24 13:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Five9
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-06-24 10:35 - 2014-06-24 10:34 - 01116105 _____ () C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts! Tuesday June 24th 10 am and Noon EST.zip
2014-06-23 15:22 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-23 14:49 - 2013-12-02 10:59 - 50753536 _____ () C:\Windows\system32\config\software.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 38883328 _____ () C:\Windows\system32\config\components.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00274432 _____ () C:\Windows\system32\config\default.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00057344 _____ () C:\Windows\system32\config\sam.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-20-14.zip
2014-06-21 14:58 - 2014-05-23 10:57 - 00000000 ____D () C:\Users\Colleen\DocumentA NexRep
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to 6-15-14.zip
2014-06-18 07:56 - 2013-06-05 14:31 - 00000000 ____D () C:\Program Files\Opera
Files to move or delete:
====================
C:\Users\Colleen\lametritonus_en.dll
C:\Users\Colleen\lame_enc_en.dll
Some content of TEMP:
====================
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_0cddd156.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_69fc6670.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_6ce0d775.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_f395e78b.exe
C:\Users\Colleen\AppData\Local\Temp\{5E271BDF-0DFA-41F1-A223-EDC0089639EC}.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-17 14:16
==================== End Of Log ============================
blueskygal
2014-07-18, 01:47
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-11 20:28:29
-----------------------------
20:28:29.080 OS Version: Windows 6.0.6002 Service Pack 2
20:28:29.080 Number of processors: 2 586 0xE0C
20:28:29.080 ComputerName: COLLEEN-PC UserName: Colleen
20:28:30.609 Initialize success
20:28:30.624 VM: initialized successfully
20:28:30.687 VM: Intel CPU virtualization not supported
20:29:42.431 AVAST engine defs: 14071000
20:30:15.425 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:30:15.425 Disk 0 Vendor: Hitachi_HTS541610J9SA00 SBCOC7DP Size: 95396MB BusType: 3
20:30:15.612 Disk 0 MBR read successfully
20:30:15.628 Disk 0 MBR scan
20:30:15.675 Disk 0 Windows VISTA default MBR code
20:30:15.706 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:30:15.722 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 93895 MB offset 3074048
20:30:15.737 Disk 0 scanning sectors +195371008
20:30:16.096 Disk 0 scanning C:\Windows\system32\drivers
20:30:45.284 Service scanning
20:31:27.996 Modules scanning
20:31:53.939 Disk 0 trace - called modules:
20:31:53.970 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:31:53.986 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a60ac8]
20:31:54.002 3 CLASSPNP.SYS[889ae8b3] -> nt!IofCallDriver -> [0x851e6b48]
20:31:54.002 5 acpi.sys[82e566bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851e0b98]
20:31:55.156 AVAST engine scan C:\Windows
20:32:03.499 AVAST engine scan C:\Windows\system32
20:53:14.790 AVAST engine scan C:\Windows\system32\drivers
20:55:40.541 AVAST engine scan C:\Users\Colleen
20:55:46.981 File: C:\Users\Colleen\AppData\Local\aeqltsel.exe **INFECTED** Win32:Malware-gen
21:05:21.784 File: C:\Users\Colleen\AppData\Local\iogossul.exe **INFECTED** Win32:Malware-gen
21:05:30.600 File: C:\Users\Colleen\AppData\Local\knxdsdhe.exe **INFECTED** Win32:Rootkit-gen [Rtk]
21:16:23.462 Disk 0 MBR has been saved successfully to "C:\Users\Colleen\Desktop\MBR.dat"
21:16:23.477 The log file has been saved successfully to "C:\Users\Colleen\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-17 14:31:07
-----------------------------
14:31:07.125 OS Version: Windows 6.0.6002 Service Pack 2
14:31:07.125 Number of processors: 2 586 0xE0C
14:31:07.125 ComputerName: COLLEEN-PC UserName: Colleen
14:31:09.325 Initialize success
14:31:09.325 VM: initialized successfully
14:31:09.341 VM: Intel CPU virtualization not supported
14:32:34.422 AVAST engine defs: 14071701
14:33:51.331 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:33:51.346 Disk 0 Vendor: Hitachi_HTS541610J9SA00 SBCOC7DP Size: 95396MB BusType: 3
14:33:51.674 Disk 0 MBR read successfully
14:33:51.674 Disk 0 MBR scan
14:33:51.721 Disk 0 Windows VISTA default MBR code
14:33:51.752 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:33:51.767 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 93895 MB offset 3074048
14:33:51.799 Disk 0 scanning sectors +195371008
14:33:52.298 Disk 0 scanning C:\Windows\system32\drivers
14:34:32.155 Service scanning
14:35:23.820 Modules scanning
14:35:50.151 Disk 0 trace - called modules:
14:35:50.186 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
14:35:50.197 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a19ac8]
14:35:50.214 3 CLASSPNP.SYS[889b08b3] -> nt!IofCallDriver -> [0x85210918]
14:35:50.230 5 acpi.sys[82e4d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851e0b98]
14:35:53.650 AVAST engine scan C:\Windows
14:36:21.680 AVAST engine scan C:\Windows\system32
14:49:58.902 AVAST engine scan C:\Windows\system32\drivers
14:51:28.254 AVAST engine scan C:\Users\Colleen
14:51:30.033 File: C:\Users\Colleen\AppData\Local\aeqltsel.exe **INFECTED** Win32:Malware-gen
14:51:57.208 File: C:\Users\Colleen\AppData\Local\atmjwxqq.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:52:18.268 File: C:\Users\Colleen\AppData\Local\flqidrgp.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:54:40.711 File: C:\Users\Colleen\AppData\Local\iogossul.exe **INFECTED** Win32:Malware-gen
14:54:48.502 File: C:\Users\Colleen\AppData\Local\kbiqnamh.exe **INFECTED** Win32:CeeInject-AR [Trj]
14:54:48.689 File: C:\Users\Colleen\AppData\Local\knxdsdhe.exe **INFECTED** Win32:AnglerEK-I [Trj]
14:54:48.876 File: C:\Users\Colleen\AppData\Local\ljvwdkwk.exe **INFECTED** Win32:CeeInject-AR [Trj]
15:31:20.446 Disk 0 MBR has been saved successfully to "C:\Users\Colleen\Desktop\MBR.dat"
15:31:20.477 The log file has been saved successfully to "C:\Users\Colleen\Desktop\aswMBR.txt"
Hi blueskygal,
Please refrain from running tools unless requested. Removing items in the incorrect order may make the cleaning process more difficult.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes Anti-Rootkit
Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkit1_zps4613be8c.png.html)
Please click by the introduction screen on the Next button to continue.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2_zps0e2079b1.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkit2_zps0e2079b1.png.html)
Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png.html)
When the update has finished, click on the Next button.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkitscan_zps9b346fe7.png.html)
Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png.html)
When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.
There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [sljwnape] => C:\Users\Colleen\AppData\Local\iogossul.exe [147456 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cqibmelw] => C:\Users\Colleen\AppData\Local\aeqltsel.exe [131072 2014-06-27] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [gkbqtgfq] => C:\Users\Colleen\AppData\Local\soisaqtj.exe [88064 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: => C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe [348160 2007-02-24] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
URLSearchHook: HKLM - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
URLSearchHook: HKCU - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E193F4C5-F373-46B8-B35A-B3DEFCDD880B}&mid=c69ac0678e2d6391eb38988c0bd4732a-43718684b57e539fbe5a9a735e71288613c12102&lang=us&ds=AVG&pr=fr&d=2013-06-04 11:40:48&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-11 15:46 - 2014-07-11 15:46 - 00088064 _____ () C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ () C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 17:29 - 2014-06-27 17:30 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-26 17:59 - 2014-07-11 16:00 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-06-26 11:12 - 2014-06-26 11:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
C:\Users\Colleen\lametritonus_en.dll
C:\Users\Colleen\lame_enc_en.dll
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\{5E271BDF-0DFA-41F1-A223-EDC0089639EC}.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Zeureqte] => C:\Users\Colleen\AppData\Roaming\Imcega\aziwawy.exe [433378 2008-04-06] (Masnesaft Corporation)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [ikudaofn] => C:\Users\Colleen\AppData\Local\xwaieusa.exe [101376 2014-07-17] ()
2014-07-17 15:14 - 2014-07-17 15:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Wyezro
2014-07-17 14:55 - 2014-07-17 14:55 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Untuyr
2014-07-17 13:38 - 2014-07-17 13:38 - 00101376 _____ () C:\Users\Colleen\AppData\Local\xwaieusa.exe
2014-07-17 13:26 - 2014-07-17 13:26 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Imcega
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_0cddd156.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_69fc6670.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_6ce0d775.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_f395e78b.exe
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ComboFix
Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from the following location:
Link (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply
[u]Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
=========================
In your next post please provide the following:
system-log.txt
mbar-log
Fixlog.txt
ComboFix.txt
Hi blueskygal,
Just checking in to see if you still need help?
blueskygal
2014-07-22, 06:23
OCD, Takes me a little longer to do things due to schedule.
Reran MSWmbr today will post here as it is a complete log.
Just finished Malwarebytes run tonight.
I am going to post logs.
It looks like the java bug is still running, replicating.
Let me know if you want me to proceed with code fix you have written.
Thanks so much.
Blueskygal
blueskygal
2014-07-22, 06:26
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-11 20:28:29
-----------------------------
20:28:29.080 OS Version: Windows 6.0.6002 Service Pack 2
20:28:29.080 Number of processors: 2 586 0xE0C
20:28:29.080 ComputerName: COLLEEN-PC UserName: Colleen
20:28:30.609 Initialize success
20:28:30.624 VM: initialized successfully
20:28:30.687 VM: Intel CPU virtualization not supported
20:29:42.431 AVAST engine defs: 14071000
20:30:15.425 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:30:15.425 Disk 0 Vendor: Hitachi_HTS541610J9SA00 SBCOC7DP Size: 95396MB BusType: 3
20:30:15.612 Disk 0 MBR read successfully
20:30:15.628 Disk 0 MBR scan
20:30:15.675 Disk 0 Windows VISTA default MBR code
20:30:15.706 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:30:15.722 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 93895 MB offset 3074048
20:30:15.737 Disk 0 scanning sectors +195371008
20:30:16.096 Disk 0 scanning C:\Windows\system32\drivers
20:30:45.284 Service scanning
20:31:27.996 Modules scanning
20:31:53.939 Disk 0 trace - called modules:
20:31:53.970 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:31:53.986 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a60ac8]
20:31:54.002 3 CLASSPNP.SYS[889ae8b3] -> nt!IofCallDriver -> [0x851e6b48]
20:31:54.002 5 acpi.sys[82e566bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851e0b98]
20:31:55.156 AVAST engine scan C:\Windows
20:32:03.499 AVAST engine scan C:\Windows\system32
20:53:14.790 AVAST engine scan C:\Windows\system32\drivers
20:55:40.541 AVAST engine scan C:\Users\Colleen
20:55:46.981 File: C:\Users\Colleen\AppData\Local\aeqltsel.exe **INFECTED** Win32:Malware-gen
21:05:21.784 File: C:\Users\Colleen\AppData\Local\iogossul.exe **INFECTED** Win32:Malware-gen
21:05:30.600 File: C:\Users\Colleen\AppData\Local\knxdsdhe.exe **INFECTED** Win32:Rootkit-gen [Rtk]
21:16:23.462 Disk 0 MBR has been saved successfully to "C:\Users\Colleen\Desktop\MBR.dat"
21:16:23.477 The log file has been saved successfully to "C:\Users\Colleen\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-17 14:31:07
-----------------------------
14:31:07.125 OS Version: Windows 6.0.6002 Service Pack 2
14:31:07.125 Number of processors: 2 586 0xE0C
14:31:07.125 ComputerName: COLLEEN-PC UserName: Colleen
14:31:09.325 Initialize success
14:31:09.325 VM: initialized successfully
14:31:09.341 VM: Intel CPU virtualization not supported
14:32:34.422 AVAST engine defs: 14071701
14:33:51.331 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:33:51.346 Disk 0 Vendor: Hitachi_HTS541610J9SA00 SBCOC7DP Size: 95396MB BusType: 3
14:33:51.674 Disk 0 MBR read successfully
14:33:51.674 Disk 0 MBR scan
14:33:51.721 Disk 0 Windows VISTA default MBR code
14:33:51.752 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:33:51.767 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 93895 MB offset 3074048
14:33:51.799 Disk 0 scanning sectors +195371008
14:33:52.298 Disk 0 scanning C:\Windows\system32\drivers
14:34:32.155 Service scanning
14:35:23.820 Modules scanning
14:35:50.151 Disk 0 trace - called modules:
14:35:50.186 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
14:35:50.197 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a19ac8]
14:35:50.214 3 CLASSPNP.SYS[889b08b3] -> nt!IofCallDriver -> [0x85210918]
14:35:50.230 5 acpi.sys[82e4d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851e0b98]
14:35:53.650 AVAST engine scan C:\Windows
14:36:21.680 AVAST engine scan C:\Windows\system32
14:49:58.902 AVAST engine scan C:\Windows\system32\drivers
14:51:28.254 AVAST engine scan C:\Users\Colleen
14:51:30.033 File: C:\Users\Colleen\AppData\Local\aeqltsel.exe **INFECTED** Win32:Malware-gen
14:51:57.208 File: C:\Users\Colleen\AppData\Local\atmjwxqq.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:52:18.268 File: C:\Users\Colleen\AppData\Local\flqidrgp.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:54:40.711 File: C:\Users\Colleen\AppData\Local\iogossul.exe **INFECTED** Win32:Malware-gen
14:54:48.502 File: C:\Users\Colleen\AppData\Local\kbiqnamh.exe **INFECTED** Win32:CeeInject-AR [Trj]
14:54:48.689 File: C:\Users\Colleen\AppData\Local\knxdsdhe.exe **INFECTED** Win32:AnglerEK-I [Trj]
14:54:48.876 File: C:\Users\Colleen\AppData\Local\ljvwdkwk.exe **INFECTED** Win32:CeeInject-AR [Trj]
15:31:20.446 Disk 0 MBR has been saved successfully to "C:\Users\Colleen\Desktop\MBR.dat"
15:31:20.477 The log file has been saved successfully to "C:\Users\Colleen\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-21 15:39:41
-----------------------------
15:39:41.554 OS Version: Windows 6.0.6002 Service Pack 2
15:39:41.679 Number of processors: 2 586 0xE0C
15:39:41.710 ComputerName: COLLEEN-PC UserName: Colleen
15:40:14.954 Initialize success
15:40:15.110 VM: initialized successfully
15:40:15.219 VM: Intel CPU virtualization not supported
15:49:01.282 AVAST engine defs: 14072101
15:49:41.917 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:49:41.917 Disk 0 Vendor: Hitachi_HTS541610J9SA00 SBCOC7DP Size: 95396MB BusType: 3
15:49:43.180 Disk 0 MBR read successfully
15:49:43.196 Disk 0 MBR scan
15:49:44.023 Disk 0 Windows VISTA default MBR code
15:49:46.332 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:49:46.457 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 93895 MB offset 3074048
15:49:46.551 Disk 0 scanning sectors +195371008
15:49:47.487 Disk 0 scanning C:\Windows\system32\drivers
15:51:54.187 Service scanning
16:01:38.978 Modules scanning
16:03:09.192 Disk 0 trace - called modules:
16:03:09.517 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
16:03:09.538 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8540a1d8]
16:03:09.792 3 CLASSPNP.SYS[889b48b3] -> nt!IofCallDriver -> [0x8520d918]
16:03:09.823 5 acpi.sys[82e546bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851deb98]
16:03:47.519 AVAST engine scan C:\Windows
16:05:25.145 AVAST engine scan C:\Windows\system32
16:27:58.534 AVAST engine scan C:\Windows\system32\drivers
16:30:19.541 AVAST engine scan C:\Users\Colleen
16:30:30.816 File: C:\Users\Colleen\AppData\Local\aeqltsel.exe **INFECTED** Win32:Malware-gen
16:31:21.176 File: C:\Users\Colleen\AppData\Local\atmjwxqq.exe **INFECTED** Win32:Rootkit-gen [Rtk]
16:32:20.178 File: C:\Users\Colleen\AppData\Local\flqidrgp.exe **INFECTED** Win32:Rootkit-gen [Rtk]
16:40:55.259 File: C:\Users\Colleen\AppData\Local\iogossul.exe **INFECTED** Win32:Malware-gen
16:41:07.448 File: C:\Users\Colleen\AppData\Local\kbiqnamh.exe **INFECTED** Win32:CeeInject-AR [Trj]
16:41:07.808 File: C:\Users\Colleen\AppData\Local\knxdsdhe.exe **INFECTED** Win32:AnglerEK-I [Trj]
16:41:08.035 File: C:\Users\Colleen\AppData\Local\ljvwdkwk.exe **INFECTED** Win32:CeeInject-AR [Trj]
17:50:03.327 File: C:\Users\Colleen\AppData\Local\qxnqwijv.exe **INFECTED** Win32:Rootkit-gen [Rtk]
17:50:07.882 File: C:\Users\Colleen\AppData\Local\smqnnerw.exe **INFECTED** Win32:Malware-gen
17:50:55.079 File: C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe **INFECTED** Win32:Necurs-S [Trj]
17:54:14.599 File: C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe **INFECTED** Win32:Necurs-S [Trj]
18:20:01.999 AVAST engine scan C:\ProgramData
18:26:20.131 Scan finished successfully
18:26:44.546 Disk 0 MBR has been saved successfully to "C:\Users\Colleen\Desktop\MBR.dat"
18:26:44.675 The log file has been saved successfully to "C:\Users\Colleen\Desktop\aswMBR.txt"
Hi blueskygal,
Please review my instructions, I didn't ask for an aswMBR log. Complete all the steps requested and post the logs that are generated.
blueskygal
2014-07-23, 07:17
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 2136346624, free: 577273856
Downloaded database version: v2014.07.22.11
Downloaded database version: v2014.07.17.01
=======================================
Initializing...
------------ Kernel report ------------
07/22/2014 16:53:46
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\LPCFilter.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\drivers\tifm21.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\PS2.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\elagopro.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\elaunidr.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
\??\C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff858eb708
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff851e0b98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff858eb708, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff858eb328, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff858eb708, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff851e6830, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff851e0b98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6BBA44A8
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 192296960
Partition file system is NTFS
Partition is bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 100030242816 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-195351568-195371568)...
Done!
Infected: C:\Users\Colleen\AppData\Roaming\Cuanhoe\ufoqd.exe --> [Trojan.FakeJav]
Infected: HKU\S-1-5-21-2114738196-1747254254-1146559385-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Zeyqaqupi --> [Trojan.FakeJav]
Infected: C:\Users\Colleen\AppData\Roaming\Cuanhoe\ufoqd.exe --> [Trojan.FakeJav]
Infected: C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe --> [Spyware.Zbot.MSXGen]
Infected: HKU\S-1-5-21-2114738196-1747254254-1146559385-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tutimox --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Roaming\Epokzyu\iplozy.exe --> [Trojan.FakeJav]
Infected: C:\Users\Colleen\AppData\Roaming\Navovy\someazr.exe --> [Trojan.FakeJav]
Infected: C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_6245cbb3.exe --> [Trojan.FakeJav]
Infected: C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_7594fd13.exe --> [Trojan.FakeJav]
Infected: C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_b7ea92bf.exe --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_dcfc098d.exe --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_01f3c46a.exe --> [Trojan.FakeJav]
Infected: C:\Windows\Tasks\Security Center Update - 3385068857.job --> [Trojan.Agent.RvGen]
Infected: C:\Windows\Tasks\Security Center Update - 4280870395.job --> [Trojan.Agent.RvGen]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
blueskygal
2014-07-23, 07:18
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.07.22.11
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Colleen :: COLLEEN-PC [administrator]
7/22/2014 4:55:23 PM
mbar-log-2014-07-22 (16-55-23).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 270027
Time elapsed: 1 hour(s), 13 minute(s), 3 second(s)
Memory Processes Detected: 5
C:\Users\Colleen\AppData\Roaming\Cuanhoe\ufoqd.exe (Trojan.FakeJav) -> 3484 -> Delete on reboot. [c5dc9d033249ad89c1d7bfe0ec15b64a]
C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe (Spyware.Zbot.MSXGen) -> 5728 -> Delete on reboot. [6a37158bfc7f81b5277bb0e9c938ef11]
C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe (Spyware.Zbot.MSXGen) -> 2676 -> Delete on reboot. [6a37158bfc7f81b5277bb0e9c938ef11]
C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe (Spyware.Zbot.MSXGen) -> 3468 -> Delete on reboot. [6a37158bfc7f81b5277bb0e9c938ef11]
C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe (Spyware.Zbot.MSXGen) -> 1664 -> Delete on reboot. [6a37158bfc7f81b5277bb0e9c938ef11]
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Zeyqaqupi (Trojan.FakeJav) -> Data: C:\Users\Colleen\AppData\Roaming\Cuanhoe\ufoqd.exe -> Delete on reboot. [c5dc9d033249ad89c1d7bfe0ec15b64a]
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tutimox (Spyware.Zbot.MSXGen) -> Data: C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe -> Delete on reboot. [6a37158bfc7f81b5277bb0e9c938ef11]
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 11
C:\Users\Colleen\AppData\Roaming\Cuanhoe\ufoqd.exe (Trojan.FakeJav) -> Delete on reboot. [c5dc9d033249ad89c1d7bfe0ec15b64a]
C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe (Spyware.Zbot.MSXGen) -> Delete on reboot. [6a37158bfc7f81b5277bb0e9c938ef11]
C:\Users\Colleen\AppData\Roaming\Epokzyu\iplozy.exe (Trojan.FakeJav) -> Delete on reboot. [960bb6ea1b60e74f41575b44b34ef60a]
C:\Users\Colleen\AppData\Roaming\Navovy\someazr.exe (Trojan.FakeJav) -> Delete on reboot. [861b6040a8d3c2743a5e752aa06114ec]
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_6245cbb3.exe (Trojan.FakeJav) -> Delete on reboot. [831e5f412259e4528e0a7b2406fbee12]
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_7594fd13.exe (Trojan.FakeJav) -> Delete on reboot. [0d942a76cbb00f27b3e5e3bc5ba66c94]
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_b7ea92bf.exe (Spyware.Zbot.MSXGen) -> Delete on reboot. [0b96346c2a519f97d8cabcddae53ce32]
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_dcfc098d.exe (Spyware.Zbot.MSXGen) -> Delete on reboot. [acf5d5cb7cff67cff3afb8e100013dc3]
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_01f3c46a.exe (Trojan.FakeJav) -> Delete on reboot. [643dedb358230531138519869a677a86]
C:\Windows\Tasks\Security Center Update - 3385068857.job (Trojan.Agent.RvGen) -> Delete on reboot. [3c65b6eac0bbec4a4743a54b2bd85da3]
C:\Windows\Tasks\Security Center Update - 4280870395.job (Trojan.Agent.RvGen) -> Delete on reboot. [524fbbe53546330381097b75af54758b]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
blueskygal
2014-07-23, 07:20
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-07-2014
Ran by Colleen at 2014-07-22 19:28:39 Run:1
Running from C:\Users\Colleen\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [sljwnape] => C:\Users\Colleen\AppData\Local\iogossul.exe [147456 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cqibmelw] => C:\Users\Colleen\AppData\Local\aeqltsel.exe [131072 2014-06-27] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [gkbqtgfq] => C:\Users\Colleen\AppData\Local\soisaqtj.exe [88064 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Ummuyqdayb] => C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe [348160 2007-02-24] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
URLSearchHook: HKLM - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
URLSearchHook: HKCU - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E193F4C5-F373-46B8-B35A-B3DEFCDD880B}&mid=c69ac0678e2d6391eb38988c0bd4732a-43718684b57e539fbe5a9a735e71288613c12102&lang=us&ds=AVG&pr=fr&d=2013-06-04 11:40:48&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-11 15:46 - 2014-07-11 15:46 - 00088064 _____ () C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ () C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 17:29 - 2014-06-27 17:30 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-26 17:59 - 2014-07-11 16:00 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-06-26 11:12 - 2014-06-26 11:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
C:\Users\Colleen\lametritonus_en.dll
C:\Users\Colleen\lame_enc_en.dll
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\{5E271BDF-0DFA-41F1-A223-EDC0089639EC}.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Zeureqte] => C:\Users\Colleen\AppData\Roaming\Imcega\aziwawy.exe [433378 2008-04-06] (Masnesaft Corporation)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [ikudaofn] => C:\Users\Colleen\AppData\Local\xwaieusa.exe [101376 2014-07-17] ()
2014-07-17 15:14 - 2014-07-17 15:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Wyezro
2014-07-17 14:55 - 2014-07-17 14:55 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Untuyr
2014-07-17 13:38 - 2014-07-17 13:38 - 00101376 _____ () C:\Users\Colleen\AppData\Local\xwaieusa.exe
2014-07-17 13:26 - 2014-07-17 13:26 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Imcega
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_0cddd156.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_69fc6670.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_6ce0d775.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_f395e78b.exe
*****************
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Microsoft\Windows\CurrentVersion\Run\\sljwnape => Value not found.
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cqibmelw => Value not found.
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Microsoft\Windows\CurrentVersion\Run\\gkbqtgfq => value deleted successfully.
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ummuyqdayb => Value not found.
'HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}' => Key deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9ee802e8-c931-47ab-b570-aa8f791598ca} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9ee802e8-c931-47ab-b570-aa8f791598ca} => value deleted successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}' => Key deleted successfully.
'HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}' => Key deleted successfully.
'HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}' => Key deleted successfully.
'HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
'HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} => value deleted successfully.
'HKCR\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9EE802E8-C931-47AB-B570-AA8F791598CA} => value deleted successfully.
'HKCR\CLSID\{9EE802E8-C931-47AB-B570-AA8F791598CA}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value deleted successfully.
'HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
'HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
'HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
'HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}' => Key deleted successfully.
"C:\Users\Colleen\AppData\Local\smqnnerw.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\atmjwxqq.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\qxnqwijv.exe" => File/Directory not found.
C:\Users\Colleen\AppData\Local\soisaqtj.exe => Moved successfully.
"C:\Users\Colleen\AppData\Local\flqidrgp.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\knxdsdhe.exe" => File/Directory not found.
C:\Users\Colleen\AppData\Roaming\Iryhwed => Moved successfully.
"C:\Users\Colleen\AppData\Local\aeqltsel.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\iogossul.exe" => File/Directory not found.
C:\Users\Colleen\AppData\Roaming\Keakil => Moved successfully.
C:\Users\Colleen\AppData\Local\ffageekw => Moved successfully.
"C:\Users\Colleen\AppData\Local\ljvwdkwk.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\kbiqnamh.exe" => File/Directory not found.
C:\Users\Colleen\lametritonus_en.dll => Moved successfully.
C:\Users\Colleen\lame_enc_en.dll => Moved successfully.
"C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe" => File/Directory not found.
C:\Users\Colleen\AppData\Local\Temp\{5E271BDF-0DFA-41F1-A223-EDC0089639EC}.exe => Moved successfully.
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zeureqte => Value not found.
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ikudaofn => Value not found.
C:\Users\Colleen\AppData\Roaming\Wyezro => Moved successfully.
C:\Users\Colleen\AppData\Roaming\Untuyr => Moved successfully.
"C:\Users\Colleen\AppData\Local\xwaieusa.exe" => File/Directory not found.
C:\Users\Colleen\AppData\Roaming\Imcega => Moved successfully.
"C:\Users\Colleen\AppData\Local\smqnnerw.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\atmjwxqq.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\qxnqwijv.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\kbiqnamh.exe" => File/Directory not found.
C:\Users\Colleen\AppData\Roaming\Eporgoeb => Moved successfully.
"C:\Users\Colleen\AppData\Local\ljvwdkwk.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\knxdsdhe.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_0cddd156.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_69fc6670.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_6ce0d775.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_f395e78b.exe" => File/Directory not found.
==== End of Fixlog ====
blueskygal
2014-07-23, 07:21
ComboFix 14-07-22.01 - Colleen 07/22/2014 20:21:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1160 [GMT -7:00]
Running from: c:\users\Colleen\Desktop\ComboFix.exe
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL227.tmp
c:\programdata\SPL3BF5.tmp
c:\programdata\SPL41D8.tmp
c:\programdata\SPL4924.tmp
c:\programdata\SPL8263.tmp
c:\programdata\SPL9201.tmp
c:\programdata\SPLAB5B.tmp
c:\programdata\SPLAFA5.tmp
c:\programdata\SPLC69E.tmp
c:\programdata\SPLDA2C.tmp
c:\programdata\SPLE071.tmp
c:\programdata\SPLEC0B.tmp
c:\programdata\SPLEDB3.tmp
c:\programdata\SPLF8B9.tmp
c:\users\Colleen\AppData\Local\suftslwg.exe
c:\users\Colleen\Documents\~WRL3512.tmp
c:\users\Colleen\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-06-23 to 2014-07-23 )))))))))))))))))))))))))))))))
.
.
2014-07-23 03:37 . 2014-07-23 03:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-23 02:27 . 2014-07-23 02:27 -------- d-----w- c:\users\Colleen\AppData\Roaming\Uccini
2014-07-23 00:27 . 2014-07-23 00:27 -------- d-----w- c:\users\Colleen\AppData\Roaming\Ewpuzagi
2014-07-22 23:53 . 2014-07-23 02:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-22 23:53 . 2014-07-22 23:53 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-22 23:50 . 2014-07-22 23:50 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-22 23:46 . 2014-07-23 01:18 -------- d-----w- c:\users\Colleen\AppData\Roaming\Ezwuan
2014-07-22 02:12 . 2014-07-23 01:13 -------- d-----w- c:\users\Colleen\AppData\Roaming\Navovy
2014-07-22 01:56 . 2014-07-23 01:13 -------- d-----w- c:\users\Colleen\AppData\Roaming\Epokzyu
2014-07-22 00:13 . 2014-07-23 01:18 -------- d-----w- c:\users\Colleen\AppData\Roaming\Cuanhoe
2014-07-18 22:12 . 2014-07-22 03:08 -------- d-----w- c:\users\Colleen\AppData\Roaming\Ydukyk
2014-07-18 22:10 . 2014-07-22 03:12 -------- d-----w- c:\users\Colleen\AppData\Roaming\Behymu
2014-07-11 23:02 . 2014-07-11 23:02 -------- d-----w- C:\TDSSKiller_Quarantine
2014-07-10 20:26 . 2014-07-23 02:30 -------- d-----w- C:\FRST
2014-07-01 17:04 . 2014-07-01 17:04 -------- d-----w- c:\program files\ERUNT
2014-06-29 20:07 . 2014-06-29 20:07 110296 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-06-27 23:29 . 2013-09-20 17:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-06-27 23:29 . 2014-06-28 04:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-06-27 23:29 . 2014-06-28 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-06-27 19:54 . 2014-06-27 21:01 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-11 23:43 . 2013-06-04 18:29 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 23:43 . 2013-06-04 18:29 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-26 16:01 . 2014-06-11 01:25 502784 ----a-w- c:\windows\system32\usp10.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]
"HP Deskjet 3510 series (NET)"="c:\program files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"Amazon Cloud Player"="c:\users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-05-08 3145536]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-04-25 4566984]
"Ykifowuhmia"="c:\users\Colleen\AppData\Roaming\Uccini\tuizu.exe" [2014-03-15 433298]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-11-21 106496]
"CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2013-04-29 1497120]
"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2013-06-14 1065504]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2014-03-12 295512]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-02-14 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
.
c:\users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EfficientPIM.lnk - c:\program files\EfficientPIM\EfficientPIM.exe /startup [2014-2-10 14546088]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BDARemote.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Colleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Colleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2006-11-29 04:05 523952 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2012-02-01 17:36 50592 ----a-w- c:\users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-05-08 23:13 103344 ----a-w- c:\program files\Lexmark 8300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-25 03:35 133104 ----atw- c:\users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 03:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-11-28 20:19 52912 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2006-11-01 16:06 413696 ----a-w- c:\program files\Toshiba\Utilities\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 03:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 20:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 22:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2005-12-16 10:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCJCATS]
2006-11-21 20:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcjtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcjmon.exe]
2007-05-08 23:09 205744 ----a-w- c:\program files\Lexmark 8300 Series\lxcjmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 17:00 241714 ----a-w- c:\program files\Microsoft Money\System\Activation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 03:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
2006-07-20 20:45 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-11-09 17:57 3784704 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2006-11-20 20:15 446128 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-05-07 00:04 2017280 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-01-19 00:06 421888 ----a-w- c:\program files\Toshiba\Utilities\SVPWUTIL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-20 14:36 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2006-11-23 01:08 409264 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 15:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-04 23:43]
.
2014-07-23 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27 21:14]
.
2014-07-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
.
2014-07-23 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2114738196-1747254254-1146559385-1000.job
- c:\users\Colleen\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-21 23:36]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 06:08]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 06:08]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000Core.job
- c:\users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 03:35]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000UA.job
- c:\users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 03:35]
.
2014-06-28 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-27 21:13]
.
2014-06-28 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-27 21:13]
.
2014-07-23 c:\windows\Tasks\Security Center Update - 3210807196.job
- c:\users\Colleen\AppData\Roaming\Uccini\tuizu.exe [2014-03-15 14:15]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: sirius.com\www
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Easy Dock - (no file)
HKCU-Run-ckjpbxjx - c:\users\Colleen\AppData\Local\suftslwg.exe
HKLM-Run-Easy Dock - (no file)
HKLM-Run-EfficientPIM - (no file)
SafeBoot-38990000.sys
SafeBoot-92061489.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-22 20:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCJCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-07-22 20:53:13
ComboFix-quarantined-files.txt 2014-07-23 03:52
.
Pre-Run: 16,586,452,992 bytes free
Post-Run: 24,511,291,392 bytes free
.
- - End Of File - - 2C1D6FB6AFB48750A2E3342DE26ADCC9
5B5E648D12FCADC244C1EC30318E1EB9
Hi blueskygal,
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ComboFix Script
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the code-box below into it:
Folder::
c:\users\Colleen\AppData\Roaming\Uccini
c:\users\Colleen\AppData\Roaming\Ewpuzagi
c:\users\Colleen\AppData\Roaming\Ezwuan
c:\users\Colleen\AppData\Roaming\Navovy
c:\users\Colleen\AppData\Roaming\Epokzyu
c:\users\Colleen\AppData\Roaming\Cuanhoe
c:\users\Colleen\AppData\Roaming\Ydukyk
c:\users\Colleen\AppData\Roaming\Behymu
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ykifowuhmia"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, please post the C:\ComboFix.txt for further review.
=========================
In your next post please provide the following:
ComboFix.txt
How is the computer running at the moment?
blueskygal
2014-07-23, 23:34
ComboFix 14-07-22.01 - Colleen 07/23/2014 13:11:24.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1144 [GMT -7:00]
Running from: c:\users\Colleen\Desktop\ComboFix.exe
Command switches used :: c:\users\Colleen\Desktop\CFScript.txt
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Colleen\AppData\Roaming\Behymu
c:\users\Colleen\AppData\Roaming\Cuanhoe
c:\users\Colleen\AppData\Roaming\Epokzyu
c:\users\Colleen\AppData\Roaming\Ewpuzagi
c:\users\Colleen\AppData\Roaming\Ewpuzagi\ykicipr.exe
c:\users\Colleen\AppData\Roaming\Ezwuan
c:\users\Colleen\AppData\Roaming\Navovy
c:\users\Colleen\AppData\Roaming\Uccini
c:\users\Colleen\AppData\Roaming\Uccini\tuizu.exe
c:\users\Colleen\AppData\Roaming\Ydukyk
.
.
((((((((((((((((((((((((( Files Created from 2014-06-23 to 2014-07-23 )))))))))))))))))))))))))))))))
.
.
2014-07-23 20:24 . 2014-07-23 20:26 -------- d-----w- c:\users\Colleen\AppData\Local\temp
2014-07-23 20:24 . 2014-07-23 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-22 23:53 . 2014-07-23 02:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-22 23:53 . 2014-07-22 23:53 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-22 23:50 . 2014-07-22 23:50 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-11 23:02 . 2014-07-11 23:02 -------- d-----w- C:\TDSSKiller_Quarantine
2014-07-10 20:26 . 2014-07-23 02:30 -------- d-----w- C:\FRST
2014-07-01 17:04 . 2014-07-01 17:04 -------- d-----w- c:\program files\ERUNT
2014-06-29 20:07 . 2014-06-29 20:07 110296 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-06-27 23:29 . 2013-09-20 17:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-06-27 23:29 . 2014-06-28 04:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-06-27 23:29 . 2014-06-28 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-06-27 19:54 . 2014-06-27 21:01 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-11 23:43 . 2013-06-04 18:29 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 23:43 . 2013-06-04 18:29 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-26 16:01 . 2014-06-11 01:25 502784 ----a-w- c:\windows\system32\usp10.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]
"HP Deskjet 3510 series (NET)"="c:\program files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"Amazon Cloud Player"="c:\users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-05-08 3145536]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-04-25 4566984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-11-21 106496]
"CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2013-04-29 1497120]
"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2013-06-14 1065504]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2014-03-12 295512]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-02-14 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
.
c:\users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EfficientPIM.lnk - c:\program files\EfficientPIM\EfficientPIM.exe /startup [2014-2-10 14546088]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BDARemote.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Colleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Colleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2006-11-29 04:05 523952 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2012-02-01 17:36 50592 ----a-w- c:\users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-05-08 23:13 103344 ----a-w- c:\program files\Lexmark 8300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-25 03:35 133104 ----atw- c:\users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 03:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-11-28 20:19 52912 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2006-11-01 16:06 413696 ----a-w- c:\program files\Toshiba\Utilities\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 03:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 20:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 22:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2005-12-16 10:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCJCATS]
2006-11-21 20:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcjtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcjmon.exe]
2007-05-08 23:09 205744 ----a-w- c:\program files\Lexmark 8300 Series\lxcjmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 17:00 241714 ----a-w- c:\program files\Microsoft Money\System\Activation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 03:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
2006-07-20 20:45 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-11-09 17:57 3784704 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2006-11-20 20:15 446128 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-05-07 00:04 2017280 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-01-19 00:06 421888 ----a-w- c:\program files\Toshiba\Utilities\SVPWUTIL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-20 14:36 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2006-11-23 01:08 409264 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 15:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-04 23:43]
.
2014-07-23 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27 21:14]
.
2014-07-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
.
2014-07-23 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2114738196-1747254254-1146559385-1000.job
- c:\users\Colleen\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-21 23:36]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 06:08]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 06:08]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000Core.job
- c:\users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 03:35]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000UA.job
- c:\users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 03:35]
.
2014-07-23 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-27 21:13]
.
2014-06-28 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-27 21:13]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: sirius.com\www
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-23 13:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCJCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-07-23 13:30:44
ComboFix-quarantined-files.txt 2014-07-23 20:30
ComboFix2.txt 2014-07-23 03:53
.
Pre-Run: 23,699,828,736 bytes free
Post-Run: 24,149,168,128 bytes free
.
- - End Of File - - D7CE8A1CF67E22F27C01D9E97BDDADE4
5B5E648D12FCADC244C1EC30318E1EB9
blueskygal
2014-07-23, 23:47
I rebooted after the last fix and everything seems fine. Calling up the task list i do not see anymore replicating processes!:crowned:
Hi blueskygal,
I rebooted after the last fix and everything seems fine. Calling up the task list i do not see anymore replicating processes!
Good, we are making some progress. Let's continue ...
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Select Scan tab.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)
Select type of scan to perform:
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMScanTab_zps2c5e74bd.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMScanTab_zps2c5e74bd.gif.html)
Threat Scan < --- Select this type of scan
Custom Scan
Hyper Scan
Next click the Scan button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner
*Note:
It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".
= = = = = = = = = = = = = = = = = = = =
Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
=========================
In your next post please provide the following:
MBAM log
ESET's log.txt
How's the computer running, any symptoms?
blueskygal
2014-07-25, 00:32
It did detect one pur which was quarantined but i don't think that showed in the report.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 7/24/2014
Scan Time: 2:04:49 PM
Logfile: mbam txt.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.24.09
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Colleen
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280755
Time Elapsed: 22 min, 13 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
blueskygal
2014-07-25, 02:37
C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\FRST\Quarantine\C\Users\Colleen\AppData\Local\soisaqtj.exe.xBAD a variant of Win32/Kryptik.CGXY trojan cleaned by deleting - quarantined
C:\Program Files\Wisdom-soft AutoScreenRecorder Free\Toolbar.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Colleen\AppData\Local\suftslwg.exe.vir Win32/TrojanDownloader.Zortob.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Colleen\AppData\Roaming\Ewpuzagi\ykicipr.exe.vir Win32/Spy.Zbot.ABA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Colleen\AppData\Roaming\Uccini\tuizu.exe.vir Win32/Spy.Zbot.ABA trojan cleaned by deleting - quarantined
C:\Users\Colleen\Downloads\CodecPackage.exe a variant of Win32/InstallCore.IK potentially unwanted application deleted - quarantined
:sad::devil::devil:
blueskygal
2014-07-25, 02:43
No replicating processes.. seems to be running slow.
Hi blueskygal,
No replicating processes.. seems to be running slow.
First comment - good, second comment - not so good.
Most of those items removed with ESET were already in a quarantine foler and posed no threat to your system.
=========================
I previously had you download the following tool (Security Check) it should of been saved to your desktop. Please locate it and run a scan as outlined.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Security Check
Re-run Security Check by screen317.
Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) AdwCleaner v3: Scan & Clean (http://www.bleepingcomputer.com/download/adwcleaner/)
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Junkware Removal Tool
Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================
In your next post please provide the following:
checkup.txt
AdwCleaner[S0].txt
JRT.txt
New FRST.txt
blueskygal
2014-07-26, 01:33
Results of screen317's Security Check version 0.99.85
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Spybot - Search and Destroy
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
CCleaner
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 10.1.10 Adobe Reader out of Date!
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
blueskygal
2014-07-26, 01:53
# AdwCleaner v3.216 - Report created 25/07/2014 at 15:45:54
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Colleen - COLLEEN-PC
# Running from : C:\Users\Colleen\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\DriverCure
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Mega Browse
Folder Deleted : C:\Users\Colleen\AppData\Local\PackageAware
Folder Deleted : C:\Users\Colleen\AppData\Local\eMusic
Folder Deleted : C:\Users\Colleen\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Colleen\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Colleen\AppData\LocalLow\eMusic
Folder Deleted : C:\Users\Colleen\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Colleen\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Colleen\AppData\Roaming\IObit\Driver Booster
Folder Deleted : C:\Users\Colleen\AppData\Roaming\eMusic
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\eMusic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\eMusic
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\eMusic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Codec Package Packages
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Digital Sites
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mega Browse
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\eMusic Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16561
-\\ Google Chrome v
[ File : C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={2B971300-05FE-11E3-B9DC-001E3342056B}&crg=3.5000006.10045&st=23
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN59957865520702380&ctid=CT3298570&UM=2
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN59957865520702380&ctid=CT3298570&UM=2&UP=SPFC992021-868E-418F-B819-EBB00B2BCC64&SSPV=
*************************
AdwCleaner[R0].txt - [5301 octets] - [25/07/2014 15:36:21]
AdwCleaner[S0].txt - [5338 octets] - [25/07/2014 15:45:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5398 octets] ##########
Hi blueskygal,
I still need to see the following logs:
JRT.txt
New FRST.txt
blueskygal
2014-07-26, 05:11
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Colleen (administrator) on COLLEEN-PC on 25-07-2014 19:08:36
Running from C:\Users\Colleen\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
( Advanced Software Technologies) C:\Windows\System32\AstSrv.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
( ) C:\Windows\System32\lxcjcoms.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
() C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Efficient Software) C:\Program Files\EfficientPIM\EfficientPIM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cdloader] => C:\Users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Advanced SystemCare 6] => C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Amazon Cloud Player] => C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EfficientPIM.lnk
ShortcutTarget: EfficientPIM.lnk -> C:\Program Files\EfficientPIM\EfficientPIM.exe (Efficient Software)
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - Yahoo! URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://toolbox.webex.com/client/T26L10NSP49EP8/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\system\msdxm.ocx (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program Files\PDFlite\npPdfViewer.dll No File
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Colleen\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-06]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-12]
Chrome:
=======
CHR HomePage: hxxp://my.netzero.net/start/sp.do
CHR Plugin: (Shockwave Flash) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (eMusic Remote Plugin) - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Colleen\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (RealDownloader) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-12]
CHR Extension: (FastestFox for Chrome) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-10-27]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-08-15]
CHR Extension: (Google Wallet) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Readability) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-04-29]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-06-04]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 astcc; C:\Windows\system32\AstSrv.exe [53248 2008-06-11] ( Advanced Software Technologies) [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 lxcj_device; C:\Windows\system32\lxcjcoms.exe [537520 2007-02-08] ( )
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [40960 2006-07-20] () [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 TosCoSrv; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [425648 2006-11-22] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [77824 2006-10-31] (TOSHIBA CORPORATION) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672 2007-03-22] (Gteko Ltd.)
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed]
R2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [68168 2010-05-06] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [68204 2005-09-12] (Microsoft Corporation) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Colleen\AppData\Local\Temp\catchme.sys [X]
U5 Tosrfusb; C:\Windows\System32\Drivers\Tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-25 15:56 - 2014-07-25 15:56 - 00000000 ____D () C:\Windows\ERUNT
2014-07-25 15:54 - 2014-07-25 15:54 - 01016261 _____ (Thisisu) C:\Users\Colleen\Desktop\JRT.exe
2014-07-25 15:48 - 2014-07-25 15:48 - 00000314 _____ () C:\Windows\PFRO.log
2014-07-25 15:36 - 2014-07-25 15:46 - 00000000 ____D () C:\AdwCleaner
2014-07-25 15:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-25 15:34 - 2014-07-25 15:35 - 01354223 _____ () C:\Users\Colleen\Desktop\AdwCleaner.exe
2014-07-24 16:31 - 2014-07-24 16:31 - 00001110 _____ () C:\Users\Colleen\Desktop\ESETScan.txt
2014-07-24 14:43 - 2014-07-24 14:43 - 00000000 ____D () C:\Program Files\ESET
2014-07-24 14:29 - 2014-07-24 14:29 - 00001066 _____ () C:\Users\Colleen\Desktop\mbam txt.txt
2014-07-24 14:03 - 2014-07-24 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 14:03 - 2014-07-24 14:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-24 14:03 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-24 14:03 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-24 13:59 - 2014-07-24 14:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Colleen\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-24 13:59 - 2014-07-24 14:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Colleen\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-23 14:44 - 2014-07-23 14:44 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-07-23 13:30 - 2014-07-23 13:30 - 00017186 _____ () C:\ComboFix.txt
2014-07-23 13:07 - 2014-07-23 13:30 - 00000000 ____D () C:\ComboFix
2014-07-22 20:55 - 2014-07-22 20:55 - 00018974 _____ () C:\Users\Colleen\Desktop\combofix.txt
2014-07-22 20:17 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-22 20:17 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-22 20:17 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-22 20:17 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-22 20:17 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-22 20:17 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-22 20:17 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-22 20:17 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-22 20:00 - 2014-07-23 13:30 - 00000000 ____D () C:\Qoobox
2014-07-22 19:35 - 2014-07-22 19:36 - 05562024 ____R (Swearware) C:\Users\Colleen\Desktop\ComboFix.exe
2014-07-22 17:40 - 2014-07-24 14:01 - 00000000 ____D () C:\Users\Colleen\Desktop\Data 7-22
2014-07-22 16:53 - 2014-07-24 14:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 16:53 - 2014-07-22 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 16:50 - 2014-07-22 18:14 - 00000000 ____D () C:\Users\Colleen\Desktop\mbar
2014-07-22 16:50 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-22 16:48 - 2014-07-22 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Colleen\Downloads\mbar-1.07.0.1012.exe
2014-07-17 14:59 - 2014-07-17 15:00 - 00000000 ____D () C:\Users\Colleen\Documents\My Money
2014-07-16 15:06 - 2014-07-25 19:08 - 00022260 _____ () C:\Users\Colleen\Desktop\FRST.txt
2014-07-16 15:03 - 2014-07-25 19:08 - 00000000 ____D () C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-11 21:16 - 2014-07-21 18:26 - 00008253 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-11 21:16 - 2014-07-21 18:26 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-11 16:29 - 2014-06-06 17:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 16:29 - 2014-06-06 17:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-11 16:29 - 2014-06-06 16:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-11 16:29 - 2014-06-06 16:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-11 16:29 - 2014-06-06 16:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-11 16:29 - 2014-06-06 16:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-11 16:29 - 2014-06-06 16:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-11 16:29 - 2014-06-06 16:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-11 16:29 - 2014-06-06 15:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-11 16:29 - 2014-06-06 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-11 16:29 - 2014-06-06 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-11 16:29 - 2014-06-06 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-11 16:29 - 2014-06-06 15:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-11 16:29 - 2014-06-06 15:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-11 16:29 - 2014-06-06 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-11 16:29 - 2014-06-06 15:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-11 16:29 - 2014-06-06 15:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-11 16:29 - 2014-06-06 15:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-11 16:29 - 2014-06-06 01:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 16:29 - 2014-05-29 23:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D () C:\Users\Colleen\Desktop\Data
2014-07-10 13:32 - 2014-07-10 13:37 - 00046361 _____ () C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:29 - 2014-07-10 13:36 - 00049605 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:26 - 2014-07-25 19:08 - 00000000 ____D () C:\FRST
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:07 - 2014-07-25 19:08 - 01084416 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-10 12:55 - 2014-07-10 12:56 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:21 - 2014-07-08 16:22 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:47 - 2014-07-01 10:48 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-22 20:49 - 00000000 ____D () C:\Windows\ERDNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-27 17:28 - 2014-06-27 17:26 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:26 - 2006-09-18 14:41 - 00000736 _____ () C:\Windows\system32\Drivers\etc\hosts.20140627-172634.backup
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:31 - 2014-07-25 15:49 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-07-23 12:47 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2014-06-27 21:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 16:29 - 2014-06-27 17:14 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-06-27 16:24 - 2014-06-27 16:26 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:21 - 2014-06-27 16:22 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:18 - 2014-06-27 16:20 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 14:59 - 2014-06-27 15:00 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 12:54 - 2014-06-27 14:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-25 19:09 - 2014-07-16 15:06 - 00022260 _____ () C:\Users\Colleen\Desktop\FRST.txt
2014-07-25 19:08 - 2014-07-16 15:03 - 00000000 ____D () C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-25 19:08 - 2014-07-10 13:26 - 00000000 ____D () C:\FRST
2014-07-25 19:08 - 2014-07-10 13:07 - 01084416 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-25 18:58 - 2009-12-22 23:09 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-25 18:43 - 2013-06-04 11:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 18:35 - 2014-03-06 13:01 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2114738196-1747254254-1146559385-1000.job
2014-07-25 18:27 - 2009-06-30 21:59 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000UA.job
2014-07-25 18:12 - 2007-09-01 08:47 - 00000256 _____ () C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2014-07-25 17:48 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 17:48 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 15:58 - 2007-01-10 15:30 - 01517497 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 15:56 - 2014-07-25 15:56 - 00000000 ____D () C:\Windows\ERUNT
2014-07-25 15:54 - 2014-07-25 15:54 - 01016261 _____ (Thisisu) C:\Users\Colleen\Desktop\JRT.exe
2014-07-25 15:49 - 2014-06-27 16:31 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-07-25 15:49 - 2009-12-22 23:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-25 15:48 - 2014-07-25 15:48 - 00000314 _____ () C:\Windows\PFRO.log
2014-07-25 15:48 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 15:47 - 2006-11-02 06:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-25 15:46 - 2014-07-25 15:36 - 00000000 ____D () C:\AdwCleaner
2014-07-25 15:46 - 2009-04-05 13:18 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\IObit
2014-07-25 15:35 - 2014-07-25 15:34 - 01354223 _____ () C:\Users\Colleen\Desktop\AdwCleaner.exe
2014-07-25 15:22 - 2013-12-02 10:59 - 54738944 _____ () C:\Windows\system32\config\software.iobit
2014-07-25 15:22 - 2013-12-02 10:59 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-07-25 15:22 - 2008-01-10 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeskTop Set
2014-07-24 16:37 - 2014-02-10 10:42 - 00000000 ____D () C:\Users\Colleen\Documents\Efficient Organizer AutoBackup
2014-07-24 16:31 - 2014-07-24 16:31 - 00001110 _____ () C:\Users\Colleen\Desktop\ESETScan.txt
2014-07-24 16:23 - 2008-04-05 19:28 - 00000000 ____D () C:\Program Files\Wisdom-soft AutoScreenRecorder Free
2014-07-24 14:43 - 2014-07-24 14:43 - 00000000 ____D () C:\Program Files\ESET
2014-07-24 14:29 - 2014-07-24 14:29 - 00001066 _____ () C:\Users\Colleen\Desktop\mbam txt.txt
2014-07-24 14:04 - 2014-07-22 16:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-24 14:03 - 2014-07-24 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 14:03 - 2014-07-24 14:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-24 14:01 - 2014-07-22 17:40 - 00000000 ____D () C:\Users\Colleen\Desktop\Data 7-22
2014-07-24 14:00 - 2014-07-24 13:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Colleen\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-24 14:00 - 2014-07-24 13:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Colleen\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-24 13:52 - 2008-09-26 13:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 14:45 - 2010-06-05 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 14:44 - 2014-07-23 14:44 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-07-23 13:30 - 2014-07-23 13:30 - 00017186 _____ () C:\ComboFix.txt
2014-07-23 13:30 - 2014-07-23 13:07 - 00000000 ____D () C:\ComboFix
2014-07-23 13:30 - 2014-07-22 20:00 - 00000000 ____D () C:\Qoobox
2014-07-23 13:30 - 2008-08-08 11:05 - 00000000 ____D () C:\Users\Colleen\AppData\Local\Apps\2.0
2014-07-23 13:26 - 2006-11-02 03:23 - 00000215 _____ () C:\Windows\system.ini
2014-07-23 12:47 - 2014-06-27 16:31 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-07-22 20:55 - 2014-07-22 20:55 - 00018974 _____ () C:\Users\Colleen\Desktop\combofix.txt
2014-07-22 20:54 - 2006-11-02 04:18 - 00000000 __RHD () C:\Users\Default
2014-07-22 20:53 - 2006-11-02 04:18 - 00000000 ___RD () C:\Users\Public
2014-07-22 20:49 - 2014-07-01 10:04 - 00000000 ____D () C:\Windows\ERDNT
2014-07-22 19:49 - 2007-08-10 05:54 - 00001356 _____ () C:\Users\Colleen\AppData\Local\d3d9caps.dat
2014-07-22 19:41 - 2013-06-05 14:31 - 00000000 ____D () C:\Program Files\Opera
2014-07-22 19:36 - 2014-07-22 19:35 - 05562024 ____R (Swearware) C:\Users\Colleen\Desktop\ComboFix.exe
2014-07-22 19:27 - 2009-06-30 21:59 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000Core.job
2014-07-22 19:18 - 2014-07-22 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 18:14 - 2014-07-22 16:50 - 00000000 ____D () C:\Users\Colleen\Desktop\mbar
2014-07-22 16:49 - 2014-07-22 16:48 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Colleen\Downloads\mbar-1.07.0.1012.exe
2014-07-21 20:12 - 2009-09-19 03:01 - 00000000 ____D () C:\Windows\CheckSur
2014-07-21 18:26 - 2014-07-11 21:16 - 00008253 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-21 18:26 - 2014-07-11 21:16 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-17 15:00 - 2014-07-17 14:59 - 00000000 ____D () C:\Users\Colleen\Documents\My Money
2014-07-17 15:00 - 2007-07-01 17:52 - 06885376 _____ () C:\Users\Colleen\Documents\My Money.mny
2014-07-17 13:19 - 2013-08-18 10:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-17 13:07 - 2006-11-02 05:47 - 00383968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-16 16:13 - 2006-11-02 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-16 15:21 - 2006-11-02 03:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-11 16:54 - 2006-11-02 04:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-11 16:43 - 2013-06-04 11:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-11 16:43 - 2013-06-04 11:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:36 - 2013-10-03 22:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-11 15:36 - 2013-06-18 21:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-11 15:36 - 2009-04-04 09:34 - 00000000 ____D () C:\Program Files\AVG
2014-07-11 14:59 - 2007-11-17 14:48 - 00000000 ____D () C:\Program Files\lx_Cats
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D () C:\Users\Colleen\Desktop\Data
2014-07-10 13:37 - 2014-07-10 13:32 - 00046361 _____ () C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:36 - 2014-07-10 13:29 - 00049605 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 12:56 - 2014-07-10 12:55 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:14 - 2007-07-02 20:03 - 06866952 ____R () C:\Users\Colleen\Documents\My Money Backup.mbf
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:22 - 2014-07-08 16:21 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:48 - 2014-07-01 10:47 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:59 - 2006-11-02 03:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 21:32 - 2014-06-27 16:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 17:26 - 2014-06-27 17:28 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:18 - 2014-06-27 16:31 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:14 - 2014-06-27 16:29 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:26 - 2014-06-27 16:24 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:22 - 2014-06-27 16:21 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:20 - 2014-06-27 16:18 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:43 - 2014-04-21 15:05 - 00000000 ____D () C:\Users\Colleen\Documents\A NexRep
2014-06-27 15:32 - 2006-11-30 17:44 - 00000000 ____D () C:\Program Files\Google
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 15:00 - 2014-06-27 14:59 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 14:32 - 2007-05-26 14:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Mozilla
2014-06-27 14:32 - 2007-05-26 14:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\Program Files\TOSHIBA Games
2014-06-27 14:30 - 2006-11-02 03:23 - 00000375 _____ () C:\Windows\win.ini
2014-06-27 14:15 - 2006-11-30 17:39 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-27 14:01 - 2014-06-27 12:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 13:07 - 2006-11-30 16:26 - 00000000 ____D () C:\Windows\Panther
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-27 12:35 - 2007-02-04 10:28 - 00000000 ____D () C:\Users\Colleen\AppData\Local\Google
2014-06-27 12:35 - 2006-11-30 17:44 - 00000000 ____D () C:\ProgramData\Google
2014-06-26 13:49 - 2010-06-07 15:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 10:59 - 2014-03-12 11:59 - 00000040 _____ () C:\Users\Colleen\AppData\Roaming\WB.CFG
2014-06-25 12:04 - 2014-04-24 13:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Five9
Some content of TEMP:
====================
C:\Users\Colleen\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-25 16:00
==================== End Of Log ============================
blueskygal
2014-07-26, 05:13
OCD,
I was posting as i was doing but the junkware seemed like it stalled out after the initial scan.
i mean it was probably 1-2 hrs and nothing.
so this is what i have. computer seems faster now.
Hi blueskygal,
I was posting as i was doing but the junkware seemed like it stalled out after the initial scan.
i mean it was probably 1-2 hrs and nothing.
OK, that's fine. Don't worry about running that scan.
=========================
Please make another pass with AdwCleaner.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re- run AdwCleaner
It should be on your desktop
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
In your next post please provide the following:
AdwCleaner[S1].txt
Any remaining issues?
blueskygal
2014-07-26, 23:44
# AdwCleaner v3.216 - Report created 26/07/2014 at 13:39:37
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Colleen - COLLEEN-PC
# Running from : C:\Users\Colleen\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16561
-\\ Google Chrome v
[ File : C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5301 octets] - [25/07/2014 15:36:21]
AdwCleaner[R1].txt - [884 octets] - [26/07/2014 13:32:06]
AdwCleaner[S0].txt - [5478 octets] - [25/07/2014 15:45:54]
AdwCleaner[S1].txt - [806 octets] - [26/07/2014 13:39:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [865 octets] ##########
blueskygal
2014-07-26, 23:46
computer running fine -- seems like you got 'em OCD! Thanks for all your help and patience. I've made a donation to spybot. I think you guys are doing great work!
blueskygal
Hi blueskygal,
Thank you for the donation. :rockon:
Your log appears to be clean.
We have a few items to take care of before we get to the All Clean Speech.
= = = = = = = = = = = = = = = = = = = =
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Remove Disinfection Tools
Download Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Tick the following boxes:
Remove disinfection tools
Create registry backup
Purge system restore
http://i1269.photobucket.com/albums/jj590/OCD-WTT/Delfix_zpsbce6c60b.gif (http://s1269.photobucket.com/user/OCD-WTT/media/Delfix_zpsbce6c60b.gif.html)
Click Run
Any other tools and files found can simply be deleted or uninstall via the Control Panel.
= = = = = = = = = = = = = = = = = = = =
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
Java 7 Update 55
Adobe Reader 8
Adobe Reader 10.1.10
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Update Java
Get the current version of Java (Version 7 Update 65) by going to http://java.com/en/download/installed.jsp
Select the Verify Java Version button and follow the onscreen instructions to update if necessary.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Adobe Reader:
Go to http://get.adobe.com/reader/otherversions/
Use the drop down menu's to select your operating system
Select your language > Select The current version of Adobe Reader for your language
Remove the check mark from the box "Free! McAfee Security Scan Plus"
Click the Download button, and follow the onscreen directions to complete the installation.
Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Disk Defragmenter for Vista
Open Disk Defragmenter by clicking the Start button, > All Programs, > Accessories, > System Tools and then clicking Disk Defragmenter..
If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
Click Defragment Now.
Disk Defragmenter might take from several minutes to a few hours to finish, depending on the size and degree of fragmentation of your hard disk. You can still use your computer during the defragmentation process.
Tutorial: http://windows.microsoft.com/en-US/windows-vista/improve-performance-by-defragmenting-your-hard-disk
=========================
With the above items taken care of let's move on to the All Clean part of the process.
The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
Free Anti-Virus
Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)
Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/).
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)
= = = = = = = = = = = = = = = = = = = =
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
to help protect your computer in the future I recommend that you get the following free program:
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this program to lock down and prevent crypto-ransomeware
http://i1269.photobucket.com/albums/jj590/OCD-WTT/CryptoPrevent_zps7ddc3ebd.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/CryptoPrevent_zps7ddc3ebd.jpg.html)
= = = = = = = = = = = = = = = = = = = =
COMPUTER SECURITY (http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960) - a short guide to staying safer online
= = = = = = = = = = = = = = = = = = = =
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go
Yellow for caution
Red to stop
= = = = = = = = = = = = = = = = = = = =
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)
= = = = = = = = = = = = = = = = = = = =
Make sure you keep your Windows OS current.
Windows XP:
Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
If you are running Windows XP, please take the time to read the information provided at these links.
Windows XP - The Elephant In The Room (http://www.malwareremoval.com/forum/viewtopic.php?p=630064#p630064)
Windows XP - The end of the road (http://techpageone.dell.com/technology/windows-xp-end-road/?dgc=BA&cid=272099&lid=5049884&acd=12309189674467600#.UxUoP4W9Is3)
Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.
Without these you are leaving the back door open.
= = = = = = = = = = = = = = = = = = = =
Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
= = = = = = = = = = = = = = = = = = = =
Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
blueskygal
2014-07-29, 20:17
Hello OCD,
When down your checklist and did as asked.
Re: the anti-virus & cryptoware sw -- i purchased the spybot home version. Doesn't it do these functions?
Thanks.
Blueskyal
P.S. System is running spiffy. I think i know how i got this virus - i opened an email i shouldn't have. i have never done that all these years. also this computer was out of use for 2 years -- so i did all the microsoft updates but probably not the others which made it vulnerable as well.
Hi blueskygal,
Re: the anti-virus & cryptoware sw -- i purchased the spybot home version. Doesn't it do these functions?
The items listed in the bottom portion of my last post are to be implemented as you see fit. Some or all, may or may not apply to your specific situation. Add what you need accordingly. But remember only one (1) Anti-Virus and one (1) Firewall is needed. Using more than one of either is counterproductive.
Also, as you stated you didn't have updates for some of your other software. That too can lead to making your computer vulnerable to infection. Be sure to keep Java and Adobe Flash updated as well as these are two (2) primary programs that are targeted for exploitation.
If you have no other questions or comments I will make your thread solved and close it. Please reply back and let me know. :bigthumb:
blueskygal
2014-07-30, 02:07
:crowned: Everything is good. OK to close case.
Thank you for all your patience and help!
Best regards,
Blueskyga.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
If you still require help, please start a new topic and include fresh DDS and aswMBR logs, along with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.