Cannot remove or reinstall Google Chrome

Not much removed, you do have an awful lot of things running on start up ??

Did you reset Firefox back to defaults ?


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 
Just for info

Hi Ken.

Will run tdskiller in a mo. I dont believe I still have firefox installed so I cant reset it. Reset Chrome as requested. Also I'm not aware of 'alot of start up processes' being activated. msconfig shows only 4 initiated a boot time. I'll run what you advised now.
 
log from tdskiller part 1

Hi Ken

Ran as requested. Did not get a request to continue and then reboot machine.

Here is the log. (part 1 as its too long)

22:46:19.0359 0x0e2c TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
22:46:23.0000 0x0e2c ============================================================
22:46:23.0000 0x0e2c Current date / time: 2014/01/23 22:46:23.0000
22:46:23.0000 0x0e2c SystemInfo:
22:46:23.0031 0x0e2c
22:46:23.0031 0x0e2c OS Version: 5.1.2600 ServicePack: 3.0
22:46:23.0031 0x0e2c Product type: Workstation
22:46:23.0031 0x0e2c ComputerName: LAPTOP02
22:46:23.0031 0x0e2c UserName: sean
22:46:23.0031 0x0e2c Windows directory: C:\WINDOWS
22:46:23.0031 0x0e2c System windows directory: C:\WINDOWS
22:46:23.0031 0x0e2c Processor architecture: Intel x86
22:46:23.0031 0x0e2c Number of processors: 2
22:46:23.0031 0x0e2c Page size: 0x1000
22:46:23.0031 0x0e2c Boot type: Normal boot
22:46:23.0031 0x0e2c ============================================================
22:46:27.0375 0x0e2c KLMD registered as C:\WINDOWS\system32\drivers\49004367.sys
22:46:29.0296 0x0e2c System UUID: {0B8DD707-0C7E-5216-2946-898596518924}
22:46:33.0656 0x0e2c Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:46:33.0718 0x0e2c ============================================================
22:46:33.0718 0x0e2c \Device\Harddisk0\DR0:
22:46:33.0718 0x0e2c MBR partitions:
22:46:33.0718 0x0e2c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7D047E, BlocksNum 0xB2DAD1A
22:46:33.0750 0x0e2c \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0xBAAB1D7, BlocksNum 0x6F6D8EA
22:46:33.0750 0x0e2c ============================================================
22:46:33.0843 0x0e2c C: <-> \Device\Harddisk0\DR0\Partition1
22:46:33.0859 0x0e2c D: <-> \Device\Harddisk0\DR0\Partition2
22:46:33.0859 0x0e2c ============================================================
22:46:33.0859 0x0e2c Initialize success
22:46:33.0859 0x0e2c ============================================================
22:47:12.0734 0x0d7c ============================================================
22:47:12.0734 0x0d7c Scan started
22:47:12.0734 0x0d7c Mode: Manual; TDLFS;
22:47:12.0734 0x0d7c ============================================================
22:47:12.0734 0x0d7c KSN ping started
22:47:15.0296 0x0d7c KSN ping finished: true
22:47:17.0343 0x0d7c ================ Scan system memory ========================
22:47:17.0343 0x0d7c System memory - ok
22:47:17.0343 0x0d7c ================ Scan services =============================
22:47:18.0000 0x0d7c Abiosdsk - ok
22:47:18.0015 0x0d7c abp480n5 - ok
22:47:18.0187 0x0d7c [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:47:18.0328 0x0d7c ACPI - ok
22:47:18.0718 0x0d7c [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:47:18.0734 0x0d7c ACPIEC - ok
22:47:19.0031 0x0d7c [ A3E3552E9E99E9A690A12A25973EF30A, 0D457099D79FCCC3DA8B6EB3CD27D7409FEE953A518242043049C0D0A0CC255D ] ACS C:\WINDOWS\system32\acs.exe
22:47:19.0265 0x0d7c ACS - ok
22:47:19.0281 0x0d7c adpu160m - ok
22:47:19.0406 0x0d7c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:47:19.0500 0x0d7c aec - ok
22:47:19.0656 0x0d7c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:47:19.0765 0x0d7c AFD - ok
22:47:19.0781 0x0d7c Aha154x - ok
22:47:19.0796 0x0d7c aic78u2 - ok
22:47:19.0796 0x0d7c aic78xx - ok
22:47:19.0859 0x0d7c [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:47:19.0875 0x0d7c Alerter - ok
22:47:19.0921 0x0d7c [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
22:47:19.0921 0x0d7c ALG - ok
22:47:19.0937 0x0d7c AliIde - ok
22:47:19.0953 0x0d7c amsint - ok
22:47:21.0203 0x0d7c [ FE79366FECD444A16CCA9979134DBEA8, 91D2301E35C89B9FAD5680124EA51DC346159DC78556ACCD935F9B236B9FDCBC ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:47:21.0921 0x0d7c AntiVirSchedulerService - ok
22:47:22.0656 0x0d7c [ FDE9C7030FB1E9E2715E113EE6A10F90, 541F278D743C34C6D9940FC1250B90674EB88EC429D481012F27817DAB1B557A ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:47:23.0343 0x0d7c AntiVirService - ok
22:47:25.0015 0x0d7c [ 29D956C8CB67222D678FAF20D485B25B, 8833B3D2BC6D9ABEFFF77826A0CFE178488B28F98375FE3151CD7A49B5CB18B5 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:47:26.0531 0x0d7c AntiVirWebService - ok
22:47:26.0703 0x0d7c [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:47:26.0843 0x0d7c AppMgmt - ok
22:47:27.0218 0x0d7c [ 6D5F95602B8D0D994D31A864872B38EF, E200D48DB4831D5073D1583067D254CD5C3F70557F07CAF77A26A4672FB32F8E ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
22:47:27.0531 0x0d7c AR5211 - ok
22:47:28.0578 0x0d7c [ 43CB9E73A60D27AD069046B88CC4EFEB, C5E8275F8E5BB5BF2EA79CC68913C900B3EAFDB70DA9A2B5B7F6409B9886D1BB ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
22:47:29.0562 0x0d7c AR5416 - ok
22:47:29.0578 0x0d7c asc - ok
22:47:29.0593 0x0d7c asc3350p - ok
22:47:29.0609 0x0d7c asc3550 - ok
22:47:29.0875 0x0d7c [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:47:29.0890 0x0d7c aspnet_state - ok
22:47:29.0937 0x0d7c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:47:29.0953 0x0d7c AsyncMac - ok
22:47:30.0046 0x0d7c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:47:30.0046 0x0d7c atapi - ok
22:47:30.0109 0x0d7c [ 5DD646E4C9E447D83D7E781EF202F709, 6A54D0E1776CD14E94D1A5C9B89B8C9635A20E23E89C9BF0357AD60EE00D88DE ] AtcL002 C:\WINDOWS\system32\DRIVERS\l251x86.sys
22:47:30.0125 0x0d7c AtcL002 - ok
22:47:30.0125 0x0d7c Atdisk - ok
22:47:30.0578 0x0d7c [ 29B2874B3956B62C0DBEA32D75A8E776, 9C9EB56F9D4052C29EB42894BE5C9010CA9E4EF19E3E11DB7E20846B51E0B876 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:47:30.0859 0x0d7c Ati HotKey Poller - ok
22:47:32.0359 0x0d7c [ A1789368B4A31D2111AF7AEDA0C8D3FC, 34437146050146FE03627BB3B1EE063BB4F10A985C70B317925A6D40E83B85FD ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:47:33.0812 0x0d7c ati2mtag - ok
22:47:33.0906 0x0d7c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:47:33.0937 0x0d7c Atmarpc - ok
22:47:34.0015 0x0d7c [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:47:34.0046 0x0d7c AudioSrv - ok
22:47:34.0093 0x0d7c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:47:34.0093 0x0d7c audstub - ok
22:47:34.0296 0x0d7c [ B8C10FF9369394EB84993F331810CF29, 84D674EF4FB73FD9D1539DFCC52361C2FBAFD5A2DEF1FFF4F1F416721AA80F85 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:47:34.0359 0x0d7c avgntflt - ok
22:47:34.0625 0x0d7c [ 4189E5AB2CAD6F395D87DAAE73EB090F, 8A98667451F0A9E81204BC9DD34B7BDA147FB867F0969361ED6F9C0CD422E49C ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:47:34.0859 0x0d7c avipbb - ok
22:47:34.0937 0x0d7c [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:47:34.0968 0x0d7c avkmgr - ok
22:47:35.0031 0x0d7c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:47:35.0031 0x0d7c Beep - ok
22:47:35.0312 0x0d7c [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
22:47:35.0546 0x0d7c BITS - ok
22:47:35.0703 0x0d7c [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
22:47:35.0781 0x0d7c Browser - ok
22:47:35.0796 0x0d7c btaudio - ok
22:47:35.0812 0x0d7c BTDriver - ok
22:47:35.0843 0x0d7c [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
22:47:35.0859 0x0d7c BthEnum - ok
22:47:35.0921 0x0d7c [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
22:47:35.0953 0x0d7c BTHMODEM - ok
22:47:36.0031 0x0d7c [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
22:47:36.0093 0x0d7c BthPan - ok
22:47:36.0296 0x0d7c [ 662BFD909447DD9CC15B1A1C366583B4, 2E012304336769C24A6EFB4D975BA3F21289827A5EB4C9A8216E941344348447 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
22:47:36.0453 0x0d7c BTHPORT - ok
22:47:36.0515 0x0d7c [ F4C43C66471B87996D95DB7A3A664A37, C7324DBF75376578EC254FD64E2564FEF9A35B58DFE1095389F769F37EA68B21 ] BthServ C:\WINDOWS\System32\bthserv.dll
22:47:36.0546 0x0d7c BthServ - ok
22:47:36.0593 0x0d7c [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
22:47:36.0609 0x0d7c BTHUSB - ok
22:47:36.0625 0x0d7c BTWDNDIS - ok
22:47:36.0640 0x0d7c btwhid - ok
22:47:36.0656 0x0d7c BTWUSB - ok
22:47:36.0890 0x0d7c [ 5EF19C203288228354F8A98F80702D6B, BE38D79A8724372BCB8AB27E1798E7875DF7B40F968416E5313208B0DC8B5F7B ] C2SCSI C:\WINDOWS\system32\drivers\C2SCSI.sys
22:47:37.0062 0x0d7c C2SCSI - ok
22:47:37.0203 0x0d7c catchme - ok
22:47:37.0234 0x0d7c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:47:37.0250 0x0d7c cbidf2k - ok
22:47:37.0281 0x0d7c [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:47:37.0296 0x0d7c CCDECODE - ok
22:47:37.0312 0x0d7c cd20xrnt - ok
22:47:37.0343 0x0d7c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:47:37.0359 0x0d7c Cdaudio - ok
22:47:37.0453 0x0d7c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:47:37.0500 0x0d7c Cdfs - ok
22:47:37.0578 0x0d7c [ 6674BB4A919220D05BD002BBF6081AAA, 4A77D25FA6D4091A7F93B2990A39CDA25C238599A8DA5694D8003C4084066353 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
22:47:37.0609 0x0d7c Cdr4_xp - ok
22:47:37.0640 0x0d7c [ 8822A9246C20AF99686E65710C7D6A5D, E8378C91CA19C6B2552211FD3F05C6477FD53A942EFDF194593AE7D586AE0AD4 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
22:47:37.0671 0x0d7c Cdralw2k - ok
22:47:37.0718 0x0d7c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:47:37.0765 0x0d7c Cdrom - ok
22:47:38.0046 0x0d7c [ 66B9F9C62721F2347211C0C9BCCE4E98, 66688DFAC99F0BE51BE96D5A814698C50D3C38AB9F261C24FD2CC6B0D9D4E2FC ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
22:47:38.0265 0x0d7c cdudf_xp - ok
22:47:38.0265 0x0d7c Changer - ok
22:47:38.0312 0x0d7c [ F6A0F51706CB4B0D5B8718FF69F831BA, C9BD0A1D10293466330B57F0F85B89F0609985C19F40F5B096F897C6C8A144D4 ] Cinemsup C:\WINDOWS\system32\drivers\Cinemsup.sys
22:47:38.0328 0x0d7c Cinemsup - ok
22:47:38.0375 0x0d7c [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:47:38.0375 0x0d7c CiSvc - ok
22:47:38.0406 0x0d7c [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:47:38.0421 0x0d7c ClipSrv - ok
22:47:38.0593 0x0d7c [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:47:38.0687 0x0d7c clr_optimization_v2.0.50727_32 - ok
22:47:38.0828 0x0d7c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:47:38.0937 0x0d7c clr_optimization_v4.0.30319_32 - ok
22:47:38.0984 0x0d7c [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:47:38.0984 0x0d7c CmBatt - ok
22:47:39.0000 0x0d7c CmdIde - ok
22:47:39.0046 0x0d7c [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:47:39.0062 0x0d7c Compbatt - ok
22:47:39.0078 0x0d7c COMSysApp - ok
22:47:39.0109 0x0d7c Cpqarray - ok
22:47:39.0203 0x0d7c [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:47:39.0250 0x0d7c CryptSvc - ok
22:47:39.0265 0x0d7c dac2w2k - ok
22:47:39.0281 0x0d7c dac960nt - ok
22:47:39.0656 0x0d7c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:47:39.0984 0x0d7c DcomLaunch - ok
22:47:40.0109 0x0d7c [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:47:40.0203 0x0d7c Dhcp - ok
22:47:40.0265 0x0d7c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:47:40.0296 0x0d7c Disk - ok
22:47:40.0296 0x0d7c dmadmin - ok
22:47:40.0500 0x0d7c [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:47:40.0671 0x0d7c dmboot - ok
22:47:40.0859 0x0d7c [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:47:40.0984 0x0d7c dmio - ok
22:47:41.0015 0x0d7c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:47:41.0015 0x0d7c dmload - ok
22:47:41.0078 0x0d7c [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
22:47:41.0093 0x0d7c dmserver - ok
22:47:41.0156 0x0d7c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:47:41.0187 0x0d7c DMusic - ok
22:47:41.0265 0x0d7c [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:47:41.0312 0x0d7c Dnscache - ok
22:47:41.0421 0x0d7c [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:47:41.0500 0x0d7c Dot3svc - ok
22:47:41.0515 0x0d7c dpti2o - ok
22:47:41.0531 0x0d7c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:47:41.0531 0x0d7c drmkaud - ok
22:47:41.0640 0x0d7c [ 7DF2E645FBDA7CDE94FCABBA7F0DE4C2, 7F67DD3DDEEC82DCBE44F8FC4D584F4BEC5DD42FB8C45B9A238E1F7E4408E0FE ] drvmcdb C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
22:47:41.0718 0x0d7c drvmcdb - ok
22:47:41.0875 0x0d7c [ 1D5EDA9961B16B8E800639038D7492AD, 2489116240E96D97CF77F50E356ACAAB4B8CF321E53FA6809C044C294BAD1230 ] DVDVRRdr_xp C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
22:47:41.0984 0x0d7c DVDVRRdr_xp - ok
22:47:42.0031 0x0d7c [ DF112F6F01EFEDC21C9BC5CE822CE1D3, 0FD381CD8E5B0328688887D31F8E53CE87AC44CB4DD69E0974A63C1342CBBB5C ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
22:47:42.0046 0x0d7c dvd_2K - ok
22:47:42.0093 0x0d7c [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:47:42.0125 0x0d7c EapHost - ok
22:47:42.0171 0x0d7c [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:47:42.0187 0x0d7c ERSvc - ok
22:47:42.0328 0x0d7c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
22:47:42.0359 0x0d7c Eventlog - ok
22:47:42.0609 0x0d7c [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
22:47:42.0796 0x0d7c EventSystem - ok
22:47:42.0968 0x0d7c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:47:43.0078 0x0d7c Fastfat - ok
22:47:43.0218 0x0d7c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:47:43.0328 0x0d7c FastUserSwitchingCompatibility - ok
22:47:43.0359 0x0d7c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:47:43.0390 0x0d7c Fdc - ok
22:47:43.0437 0x0d7c [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:47:43.0468 0x0d7c Fips - ok
22:47:43.0500 0x0d7c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:47:43.0515 0x0d7c Flpydisk - ok
22:47:43.0640 0x0d7c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:47:43.0734 0x0d7c FltMgr - ok
22:47:43.0843 0x0d7c [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:47:43.0859 0x0d7c FontCache3.0.0.0 - ok
22:47:43.0875 0x0d7c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:47:43.0875 0x0d7c Fs_Rec - ok
22:47:43.0984 0x0d7c [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:47:44.0078 0x0d7c Ftdisk - ok
22:47:44.0125 0x0d7c [ F2F431D1573EE632975C524418655B84, 4AE27D0AE3A35FF18DF7E341698DF62C51698FB964395DDB69C45C778CCCC27E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:47:44.0156 0x0d7c GEARAspiWDM - ok
22:47:44.0156 0x0d7c getPlusHelper - ok
22:47:44.0218 0x0d7c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:47:44.0250 0x0d7c Gpc - ok
22:47:44.0437 0x0d7c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:47:44.0531 0x0d7c gupdate - ok
22:47:44.0640 0x0d7c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:47:44.0640 0x0d7c gupdatem - ok
22:47:44.0859 0x0d7c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:47:45.0000 0x0d7c gusvc - ok
22:47:45.0156 0x0d7c [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:47:45.0265 0x0d7c HDAudBus - ok
22:47:45.0375 0x0d7c [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:47:45.0406 0x0d7c helpsvc - ok
22:47:45.0453 0x0d7c [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:47:45.0468 0x0d7c HidServ - ok
22:47:45.0515 0x0d7c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:47:45.0531 0x0d7c HidUsb - ok
22:47:45.0593 0x0d7c [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:47:45.0625 0x0d7c hkmsvc - ok
22:47:45.0640 0x0d7c hpn - ok
22:47:45.0718 0x0d7c [ CBD09ED9CF6822177EE85AEA4D8816A2, 369897B4609B3FE55F9A82F19E38116E2E6527E349D48A956607EDED71F664D2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
22:47:45.0734 0x0d7c HTCAND32 - ok
22:47:45.0781 0x0d7c [ 04E3B3554076B8192A668EFE88A682A1, 95EE46A1100178CC1989D61897239C09694647CA638E25CED10005730728E7A5 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
22:47:45.0796 0x0d7c htcnprot - ok
22:47:46.0125 0x0d7c [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:47:46.0312 0x0d7c HTTP - ok
22:47:46.0375 0x0d7c [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:47:46.0390 0x0d7c HTTPFilter - ok
22:47:46.0390 0x0d7c i2omgmt - ok
22:47:46.0406 0x0d7c i2omp - ok
22:47:46.0468 0x0d7c [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:47:46.0500 0x0d7c i8042prt - ok
22:47:46.0625 0x0d7c [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:47:46.0656 0x0d7c IDriverT - ok
22:47:47.0109 0x0d7c [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:47:47.0468 0x0d7c idsvc - ok
22:47:47.0546 0x0d7c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:47:47.0578 0x0d7c Imapi - ok
22:47:47.0734 0x0d7c [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
22:47:47.0812 0x0d7c ImapiService - ok
22:47:47.0828 0x0d7c ini910u - ok
22:47:51.0234 0x0d7c [ 47F27AF890DA3E51C633FDD510910115, 87C24975ABF67349B70AFAB18A3C213F60CCD6A23BD5035504D9C831F75232FB ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:47:54.0625 0x0d7c IntcAzAudAddService - ok
22:47:54.0671 0x0d7c IntelIde - ok
22:47:54.0718 0x0d7c [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:47:54.0734 0x0d7c intelppm - ok
22:47:54.0781 0x0d7c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:47:54.0812 0x0d7c Ip6Fw - ok
22:47:54.0875 0x0d7c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:47:54.0890 0x0d7c IpFilterDriver - ok
22:47:54.0921 0x0d7c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:47:54.0937 0x0d7c IpInIp - ok
22:47:55.0015 0x0d7c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:47:55.0093 0x0d7c IpNat - ok
22:47:55.0156 0x0d7c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:47:55.0218 0x0d7c IPSec - ok
22:47:55.0265 0x0d7c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:47:55.0265 0x0d7c IRENUM - ok
22:47:55.0328 0x0d7c [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:47:55.0359 0x0d7c isapnp - ok
22:47:55.0609 0x0d7c [ 691B9B7C0CC1653732717D292D6B305D, 4385B4B686A78912018EF974134FDD71FBE9843DDEDF1E6C305B2AAB342D5902 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
22:47:55.0718 0x0d7c JavaQuickStarterService - ok
22:47:55.0984 0x0d7c [ 928034ECCE50DC6AB6C4CD575B78BD10, 3612A510B9E80C31835FDF43E88309D79317E70209F5788F0ED1174E555AE86F ] JoinMEUI Assistant Service C:\Program Files\PC Suite\JoinMEAssistantServices.exe
22:47:56.0171 0x0d7c JoinMEUI Assistant Service - ok
22:47:56.0234 0x0d7c [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:47:56.0250 0x0d7c Kbdclass - ok
22:47:56.0281 0x0d7c [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:47:56.0296 0x0d7c kbdhid - ok
22:47:56.0312 0x0d7c [ CC2A86D7BBF14977340DCA61BBCBA771, 25A7EFE04D4972FB46DD9F0D89AD7E2168B3B91DF354FC607A29719DE23CE826 ] kbfiltr C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
22:47:56.0312 0x0d7c kbfiltr - ok
22:47:56.0515 0x0d7c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:47:56.0640 0x0d7c kmixer - ok
22:47:56.0765 0x0d7c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:47:56.0843 0x0d7c KSecDD - ok
22:47:56.0937 0x0d7c [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:47:57.0015 0x0d7c lanmanserver - ok
22:47:57.0187 0x0d7c [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:47:57.0312 0x0d7c LanmanWorkstation - ok
22:47:57.0328 0x0d7c lbrtfdc - ok
22:47:57.0390 0x0d7c [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:47:57.0406 0x0d7c LmHosts - ok
22:47:57.0421 0x0d7c LMIInfo - ok
22:47:57.0468 0x0d7c [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
22:47:57.0484 0x0d7c lmimirr - ok
22:47:57.0500 0x0d7c LMIRfsClientNP - ok
22:47:57.0546 0x0d7c [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
22:47:57.0593 0x0d7c LMIRfsDriver - ok
22:47:57.0640 0x0d7c [ 38BFA8FA6D838CBAB58A1C2B49EBF96B, DC3DE8BD62BB9EA8DC35FB3F5623A8B06EC51DFC197278DBF19D773A9537B951 ] massfilter_hs C:\WINDOWS\system32\drivers\massfilter_hs.sys
22:47:57.0656 0x0d7c massfilter_hs - ok
22:47:57.0718 0x0d7c [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:47:57.0734 0x0d7c Messenger - ok
22:47:57.0750 0x0d7c MFE_RR - ok
22:47:57.0796 0x0d7c [ A52ED33515755E825D090A47793B773F, 2DA037C9013260488282FC1DCD22BE746E2155182FA87264044C2FA3706AC914 ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
22:47:57.0812 0x0d7c mmc_2K - ok
22:47:57.0843 0x0d7c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:47:57.0843 0x0d7c mnmdd - ok
22:47:57.0921 0x0d7c [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:47:57.0937 0x0d7c mnmsrvc - ok
22:47:57.0984 0x0d7c [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:47:58.0015 0x0d7c Modem - ok
22:47:58.0046 0x0d7c [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:47:58.0062 0x0d7c MODEMCSA - ok
22:47:58.0109 0x0d7c [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:47:58.0125 0x0d7c Mouclass - ok
22:47:58.0171 0x0d7c [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:47:58.0187 0x0d7c mouhid - ok
22:47:58.0234 0x0d7c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:47:58.0281 0x0d7c MountMgr - ok
22:47:58.0296 0x0d7c mraid35x - ok
22:47:58.0468 0x0d7c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:47:58.0609 0x0d7c MRxDAV - ok
22:47:59.0000 0x0d7c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:47:59.0359 0x0d7c MRxSmb - ok
22:47:59.0406 0x0d7c [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:47:59.0406 0x0d7c MSDTC - ok
22:47:59.0453 0x0d7c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:47:59.0468 0x0d7c Msfs - ok
22:47:59.0484 0x0d7c MSIServer - ok
22:47:59.0546 0x0d7c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:47:59.0546 0x0d7c MSKSSRV - ok
22:47:59.0578 0x0d7c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:47:59.0578 0x0d7c MSPCLOCK - ok
22:47:59.0609 0x0d7c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:47:59.0609 0x0d7c MSPQM - ok
22:47:59.0656 0x0d7c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:47:59.0671 0x0d7c mssmbios - ok
22:47:59.0718 0x0d7c [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:47:59.0734 0x0d7c MSTEE - ok
22:47:59.0781 0x0d7c [ 97AFFA9D95FFE20EEE6229BC6BE166CF, 6E13230AF96A3A5C518EFA21B9B1833E3DE9D6DA05A6E664E305EF18B162E1B9 ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
22:47:59.0796 0x0d7c MTsensor - ok
22:47:59.0921 0x0d7c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:48:00.0015 0x0d7c Mup - ok
22:48:00.0078 0x0d7c [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:48:00.0125 0x0d7c NABTSFEC - ok
22:48:00.0312 0x0d7c [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:48:00.0468 0x0d7c napagent - ok
22:48:00.0656 0x0d7c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:48:00.0796 0x0d7c NDIS - ok
22:48:00.0843 0x0d7c [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:48:00.0859 0x0d7c NdisIP - ok
22:48:00.0906 0x0d7c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:48:00.0921 0x0d7c NdisTapi - ok
 
log from tdskiller part 2

Part 2

22:48:00.0953 0x0d7c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:48:00.0968 0x0d7c Ndisuio - ok
22:48:01.0046 0x0d7c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:48:01.0125 0x0d7c NdisWan - ok
22:48:01.0203 0x0d7c [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:48:01.0281 0x0d7c NDProxy - ok
22:48:01.0328 0x0d7c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:48:01.0359 0x0d7c NetBIOS - ok
22:48:01.0500 0x0d7c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:48:01.0640 0x0d7c NetBT - ok
22:48:01.0750 0x0d7c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
22:48:01.0812 0x0d7c NetDDE - ok
22:48:01.0875 0x0d7c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:48:01.0890 0x0d7c NetDDEdsdm - ok
22:48:01.0937 0x0d7c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:48:01.0937 0x0d7c Netlogon - ok
22:48:02.0093 0x0d7c [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
22:48:02.0250 0x0d7c Netman - ok
22:48:02.0375 0x0d7c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:48:02.0453 0x0d7c NetTcpPortSharing - ok
22:48:02.0671 0x0d7c [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
22:48:02.0843 0x0d7c Nla - ok
22:48:02.0890 0x0d7c NMIndexingService - ok
22:48:02.0953 0x0d7c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:48:02.0968 0x0d7c Npfs - ok
22:48:03.0015 0x0d7c [ 53F7546E8DAEFB3A0813F5E19C4613C9, 3083129855BA0C9435D18A7D2693807F07751E2A3080D968D2777A6457CDFC59 ] NSNDIS5 C:\WINDOWS\system32\NSNDIS5.SYS
22:48:03.0031 0x0d7c NSNDIS5 - ok
22:48:03.0500 0x0d7c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:48:03.0937 0x0d7c Ntfs - ok
22:48:03.0984 0x0d7c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:48:03.0984 0x0d7c NtLmSsp - ok
22:48:04.0296 0x0d7c [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:48:04.0531 0x0d7c NtmsSvc - ok
22:48:04.0578 0x0d7c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
22:48:04.0578 0x0d7c Null - ok
22:48:04.0625 0x0d7c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:48:04.0625 0x0d7c NwlnkFlt - ok
22:48:04.0671 0x0d7c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:48:04.0687 0x0d7c NwlnkFwd - ok
22:48:04.0703 0x0d7c OracleDBConsolesean01 - ok
22:48:04.0718 0x0d7c OracleOraDb10g_home1TNSListener - ok
22:48:04.0859 0x0d7c [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:48:04.0937 0x0d7c ose - ok
22:48:05.0031 0x0d7c [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
22:48:05.0078 0x0d7c Parport - ok
22:48:05.0125 0x0d7c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:48:05.0140 0x0d7c PartMgr - ok
22:48:05.0187 0x0d7c [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:48:05.0203 0x0d7c ParVdm - ok
22:48:05.0328 0x0d7c [ 39B9DCD7040654C2E57D7396736C718E, 70A637A955A2611E5ADA31FDD4B1D7EEECFBC22504A770DA71B502E160AEDAFD ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
22:48:05.0359 0x0d7c PassThru Service - ok
22:48:05.0421 0x0d7c [ FD2041E9BA03DB7764B2248F02475079, DECEED110524BF83B4097188BF24BF0DDE1CE838DF7748B0DC807ABE351EB20A ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:48:05.0437 0x0d7c pccsmcfd - ok
22:48:05.0500 0x0d7c [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:48:05.0546 0x0d7c PCI - ok
22:48:05.0562 0x0d7c PCIDump - ok
22:48:05.0593 0x0d7c [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:48:05.0593 0x0d7c PCIIde - ok
22:48:05.0703 0x0d7c [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:48:05.0781 0x0d7c Pcmcia - ok
22:48:05.0781 0x0d7c PDCOMP - ok
22:48:05.0796 0x0d7c PDFRAME - ok
22:48:05.0812 0x0d7c PDRELI - ok
22:48:05.0828 0x0d7c PDRFRAME - ok
22:48:05.0859 0x0d7c perc2 - ok
22:48:05.0875 0x0d7c perc2hib - ok
22:48:06.0031 0x0d7c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
22:48:06.0031 0x0d7c PlugPlay - ok
22:48:06.0062 0x0d7c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:48:06.0062 0x0d7c PolicyAgent - ok
22:48:06.0125 0x0d7c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:48:06.0156 0x0d7c PptpMiniport - ok
22:48:06.0187 0x0d7c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:48:06.0187 0x0d7c ProtectedStorage - ok
22:48:06.0250 0x0d7c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:48:06.0312 0x0d7c PSched - ok
22:48:06.0390 0x0d7c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:48:06.0406 0x0d7c Ptilink - ok
22:48:06.0515 0x0d7c [ 62D29677F6A7F018C5D49119CEA67DE5, 90D9FE73511EEC27CD6E6EB73E96538C62BA375AEB73AB67C623E71FD2FB07EA ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys
22:48:06.0609 0x0d7c pwd_2k - ok
22:48:06.0671 0x0d7c [ 183EF96BCC2EC3D5294CB2C2C0ECBCD1, 3AC8A3AD4DD23B57B1CF12CD692003B4C8F76358F26246C565DDADDD88B1D39A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:48:06.0687 0x0d7c PxHelp20 - ok
22:48:06.0687 0x0d7c ql1080 - ok
22:48:06.0703 0x0d7c Ql10wnt - ok
22:48:06.0718 0x0d7c ql12160 - ok
22:48:06.0734 0x0d7c ql1240 - ok
22:48:06.0750 0x0d7c ql1280 - ok
22:48:06.0765 0x0d7c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:48:06.0781 0x0d7c RasAcd - ok
22:48:06.0843 0x0d7c [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:48:06.0890 0x0d7c RasAuto - ok
22:48:06.0953 0x0d7c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:48:07.0000 0x0d7c Rasl2tp - ok
22:48:07.0171 0x0d7c [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:48:07.0312 0x0d7c RasMan - ok
22:48:07.0359 0x0d7c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:48:07.0390 0x0d7c RasPppoe - ok
22:48:07.0421 0x0d7c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:48:07.0437 0x0d7c Raspti - ok
22:48:07.0593 0x0d7c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:48:07.0718 0x0d7c Rdbss - ok
22:48:07.0734 0x0d7c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:48:07.0734 0x0d7c RDPCDD - ok
22:48:07.0906 0x0d7c [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:48:08.0046 0x0d7c rdpdr - ok
22:48:08.0203 0x0d7c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:48:08.0312 0x0d7c RDPWD - ok
22:48:08.0468 0x0d7c [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:48:08.0531 0x0d7c RDSessMgr - ok
22:48:08.0593 0x0d7c [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:48:08.0640 0x0d7c redbook - ok
22:48:08.0718 0x0d7c [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:48:08.0750 0x0d7c RemoteAccess - ok
22:48:08.0843 0x0d7c [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:48:08.0890 0x0d7c RemoteRegistry - ok
22:48:08.0953 0x0d7c [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
22:48:08.0984 0x0d7c RFCOMM - ok
22:48:09.0031 0x0d7c [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
22:48:09.0046 0x0d7c ROOTMODEM - ok
22:48:09.0125 0x0d7c [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
22:48:09.0140 0x0d7c RpcLocator - ok
22:48:09.0500 0x0d7c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:48:09.0500 0x0d7c RpcSs - ok
22:48:09.0640 0x0d7c [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:48:09.0703 0x0d7c RSVP - ok
22:48:09.0734 0x0d7c [ DAAF657C0B5BD0595669496857040F75, 4C8910D1CAB5FFAD404FCD1A481094B68AEF338E2625F6B47D9F94F2EBCAFD7E ] RTSTOR C:\WINDOWS\system32\drivers\RTSTOR.SYS
22:48:09.0765 0x0d7c RTSTOR - ok
22:48:09.0781 0x0d7c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
22:48:09.0781 0x0d7c SamSs - ok
22:48:09.0906 0x0d7c [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:48:09.0937 0x0d7c SCardSvr - ok
22:48:10.0125 0x0d7c [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:48:10.0265 0x0d7c Schedule - ok
22:48:10.0343 0x0d7c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:48:10.0359 0x0d7c Secdrv - ok
22:48:10.0437 0x0d7c [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:48:10.0453 0x0d7c seclogon - ok
22:48:10.0562 0x0d7c [ E5B56569A9F79B70314FEDE6C953641E, 41B088CD3AE5A342D44F2FDCB63975E15D79155F56DFC75631663D9C31D98634 ] seehcri C:\WINDOWS\system32\DRIVERS\seehcri.sys
22:48:10.0578 0x0d7c seehcri - ok
22:48:10.0640 0x0d7c [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
22:48:10.0671 0x0d7c SENS - ok
22:48:10.0750 0x0d7c [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
22:48:10.0796 0x0d7c Serial - ok
22:48:10.0875 0x0d7c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:48:10.0875 0x0d7c Sfloppy - ok
22:48:11.0093 0x0d7c [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:48:11.0265 0x0d7c SharedAccess - ok
22:48:11.0453 0x0d7c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:48:11.0453 0x0d7c ShellHWDetection - ok
22:48:11.0468 0x0d7c Simbad - ok
22:48:11.0671 0x0d7c [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:48:11.0796 0x0d7c SkypeUpdate - ok
22:48:11.0843 0x0d7c [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:48:11.0859 0x0d7c SLIP - ok
22:48:11.0875 0x0d7c smserial - ok
22:48:11.0984 0x0d7c [ DB3C22745C0DA4666F3BE31F1AF36B2F, 2FE9A0F157AF9FB3CA03B8D4E706213E63E388206A8C04EF4A84E0D7A364A3A6 ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
22:48:11.0984 0x0d7c SMTPSVC - ok
22:48:19.0812 0x0d7c [ 11BB0E11D42CC3A43D741D9B30839BE1, FDC35289D966A7CB318C5BD646148E1E2BCC0AB9F9FD4243C82FC567D72DDAE9 ] SNPSTD3 C:\WINDOWS\system32\DRIVERS\snpstd3.sys
22:48:27.0906 0x0d7c SNPSTD3 - ok
22:48:28.0015 0x0d7c [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:48:28.0031 0x0d7c SONYPVU1 - ok
22:48:28.0031 0x0d7c Sparrow - ok
22:48:28.0078 0x0d7c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:48:28.0078 0x0d7c splitter - ok
22:48:28.0171 0x0d7c [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B, 130D686A220AF97EBF33DD481B79990F259B4EE38DD95A35CD3D0F0517790FF0 ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:48:28.0171 0x0d7c Spooler - ok
22:48:28.0375 0x0d7c [ 539D0391B680E6FDF5D9004F42902B1B, 861AFB558164CCFA1D7803799CEE1768D85ADD7EE7FF6657CB3CAD81E0A5009E ] sprtsvc_O2 C:\Program Files\O2\bin\sprtsvc.exe
22:48:28.0484 0x0d7c sprtsvc_O2 - ok
22:48:29.0046 0x0d7c [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
22:48:29.0046 0x0d7c Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505, sha256: B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB
22:48:29.0046 0x0d7c sptd - detected LockedFile.Multi.Generic ( 1 )
22:48:31.0484 0x0d7c Detect skipped due to KSN trusted
22:48:31.0484 0x0d7c sptd - ok
22:48:31.0562 0x0d7c [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:48:31.0625 0x0d7c sr - ok
22:48:31.0796 0x0d7c [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
22:48:31.0937 0x0d7c srservice - ok
22:48:32.0296 0x0d7c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:48:32.0562 0x0d7c Srv - ok
22:48:32.0640 0x0d7c [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:48:32.0703 0x0d7c SSDPSRV - ok
22:48:32.0781 0x0d7c [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:48:32.0796 0x0d7c ssmdrv - ok
22:48:33.0062 0x0d7c [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:48:33.0312 0x0d7c stisvc - ok
22:48:33.0343 0x0d7c [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:48:33.0359 0x0d7c streamip - ok
22:48:33.0734 0x0d7c [ 882FC174AC21C536E41351AFF58A7D7D, E33ABEA6FE61C33FD8996A52730BD2F69F38FDD044DEC323B703F704F884C693 ] SupportSoft RemoteAssist C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
22:48:33.0968 0x0d7c SupportSoft RemoteAssist - ok
22:48:34.0000 0x0d7c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:48:34.0015 0x0d7c swenum - ok
22:48:34.0109 0x0d7c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:48:34.0140 0x0d7c swmidi - ok
22:48:34.0156 0x0d7c SwPrv - ok
22:48:34.0187 0x0d7c symc810 - ok
22:48:34.0203 0x0d7c symc8xx - ok
22:48:34.0218 0x0d7c sym_hi - ok
22:48:34.0218 0x0d7c sym_u3 - ok
22:48:34.0406 0x0d7c [ 69BF2DD9B1099D1AA3E7CF14B4B842CD, 0743585BF25131EA6373103EEA086CCAE28ACC92AB918240EE23E37A956CDE0B ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:48:34.0546 0x0d7c SynTP - ok
22:48:34.0625 0x0d7c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:48:34.0687 0x0d7c sysaudio - ok
22:48:34.0796 0x0d7c [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:48:34.0828 0x0d7c SysmonLog - ok
22:48:35.0046 0x0d7c [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:48:35.0250 0x0d7c TapiSrv - ok
22:48:35.0546 0x0d7c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:48:35.0828 0x0d7c Tcpip - ok
22:48:35.0875 0x0d7c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:48:35.0875 0x0d7c TDPIPE - ok
22:48:35.0921 0x0d7c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:48:35.0937 0x0d7c TDTCP - ok
22:48:36.0000 0x0d7c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:48:36.0031 0x0d7c TermDD - ok
22:48:36.0265 0x0d7c [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
22:48:36.0484 0x0d7c TermService - ok
22:48:36.0609 0x0d7c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
22:48:36.0625 0x0d7c Themes - ok
22:48:36.0718 0x0d7c [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:48:36.0734 0x0d7c TlntSvr - ok
22:48:36.0734 0x0d7c TosIde - ok
22:48:36.0828 0x0d7c [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:48:36.0875 0x0d7c TrkWks - ok
22:48:37.0046 0x0d7c [ FD0B16F8828F360390135031D8924CCD, 3227657763FC150ED086C7CD222B9712A8AB78ADABCCE2B5E47509EABE826224 ] UDFReadr C:\WINDOWS\system32\drivers\UDFReadr.sys
22:48:37.0203 0x0d7c UDFReadr - ok
22:48:37.0265 0x0d7c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:48:37.0312 0x0d7c Udfs - ok
22:48:37.0328 0x0d7c ultra - ok
22:48:37.0687 0x0d7c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:48:37.0968 0x0d7c Update - ok
22:48:38.0109 0x0d7c [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
22:48:38.0218 0x0d7c upnphost - ok
22:48:38.0234 0x0d7c [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
22:48:38.0250 0x0d7c UPS - ok
22:48:38.0265 0x0d7c USBAAPL - ok
22:48:38.0328 0x0d7c [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:48:38.0359 0x0d7c usbccgp - ok
22:48:38.0421 0x0d7c [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:48:38.0437 0x0d7c usbehci - ok
22:48:38.0515 0x0d7c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:48:38.0562 0x0d7c usbhub - ok
22:48:38.0609 0x0d7c [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:48:38.0625 0x0d7c usbohci - ok
22:48:38.0671 0x0d7c [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:48:38.0703 0x0d7c usbprint - ok
22:48:38.0765 0x0d7c [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:48:38.0765 0x0d7c usbscan - ok
22:48:38.0828 0x0d7c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:48:38.0843 0x0d7c usbstor - ok
22:48:38.0921 0x0d7c [ FCE98C43B5C5DB8E0DA8EA0E2B45E044, 0F6F3FF106015580009776A1F91FD10371BAF229A2A773436A5783F142CC1A0C ] VClone C:\WINDOWS\system32\DRIVERS\VClone.sys
22:48:38.0937 0x0d7c VClone - ok
22:48:38.0984 0x0d7c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:48:39.0000 0x0d7c VgaSave - ok
22:48:39.0000 0x0d7c ViaIde - ok
22:48:39.0062 0x0d7c [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:48:39.0109 0x0d7c VolSnap - ok
22:48:39.0375 0x0d7c [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
22:48:39.0546 0x0d7c VSS - ok
22:48:39.0703 0x0d7c [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
22:48:39.0828 0x0d7c W32Time - ok
22:48:39.0875 0x0d7c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:48:39.0906 0x0d7c Wanarp - ok
22:48:40.0312 0x0d7c [ 4769596D7CC0F5FA447D2BABC239672A, 1E889FE9FDA0A23F07FD8BAE11204D739033F6795CE7F23FE3EF66A0B76958C8 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:48:40.0671 0x0d7c Wdf01000 - ok
22:48:40.0687 0x0d7c WDICA - ok
22:48:40.0781 0x0d7c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:48:40.0843 0x0d7c wdmaud - ok
22:48:40.0937 0x0d7c [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
22:48:41.0000 0x0d7c WebClient - ok
22:48:41.0218 0x0d7c [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:48:41.0328 0x0d7c winmgmt - ok
22:48:41.0421 0x0d7c [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:48:41.0437 0x0d7c WmdmPmSN - ok
22:48:41.0937 0x0d7c [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:48:42.0437 0x0d7c Wmi - ok
22:48:42.0562 0x0d7c [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:48:42.0609 0x0d7c WmiApSrv - ok
22:48:43.0343 0x0d7c [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:48:44.0046 0x0d7c WMPNetworkSvc - ok
22:48:44.0687 0x0d7c [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:48:45.0171 0x0d7c WPFFontCache_v0400 - ok
22:48:45.0234 0x0d7c [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:48:45.0234 0x0d7c WS2IFSL - ok
22:48:45.0359 0x0d7c [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:48:45.0421 0x0d7c wscsvc - ok
22:48:45.0515 0x0d7c [ 8FEDE6CF2EB103EF1274CE2C9D8EE0E7, 37EF2DBDC357115D9DF0B97982F6A084E36A3FBD3243192AC949C9D90EDA4911 ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
22:48:45.0546 0x0d7c WSIMD - ok
22:48:45.0593 0x0d7c [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:48:45.0609 0x0d7c WSTCODEC - ok
22:48:45.0640 0x0d7c [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:48:45.0656 0x0d7c wuauserv - ok
22:48:45.0765 0x0d7c [ EAA6324F51214D2F6718977EC9CE0DEF, B9DE1521395E09233FE519873702979C3EAF65FEC4B94B12A46CECB16C488543 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:48:45.0843 0x0d7c WudfPf - ok
22:48:45.0953 0x0d7c [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:48:46.0015 0x0d7c WudfRd - ok
22:48:46.0093 0x0d7c [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:48:46.0156 0x0d7c WudfSvc - ok
22:48:46.0578 0x0d7c [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:48:46.0953 0x0d7c WZCSVC - ok
22:48:47.0078 0x0d7c [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:48:47.0140 0x0d7c xmlprov - ok
22:48:47.0250 0x0d7c [ FF737AF88F2198DC63A3BEDF21F3C657, D3EFDDB2C61C41DF9B1601597A04EF67AE8AE878F433271A7AE64D3E1EDC36E6 ] zgwhsdiag C:\WINDOWS\system32\DRIVERS\zgwhsdiag.sys
22:48:47.0296 0x0d7c zgwhsdiag - ok
22:48:47.0375 0x0d7c [ FF737AF88F2198DC63A3BEDF21F3C657, D3EFDDB2C61C41DF9B1601597A04EF67AE8AE878F433271A7AE64D3E1EDC36E6 ] zgwhsmdm C:\WINDOWS\system32\DRIVERS\zgwhsmdm.sys
22:48:47.0437 0x0d7c zgwhsmdm - ok
22:48:47.0578 0x0d7c [ FF737AF88F2198DC63A3BEDF21F3C657, D3EFDDB2C61C41DF9B1601597A04EF67AE8AE878F433271A7AE64D3E1EDC36E6 ] zgwhsnmea C:\WINDOWS\system32\DRIVERS\zgwhsnmea.sys
22:48:47.0640 0x0d7c zgwhsnmea - ok
22:48:47.0687 0x0d7c ================ Scan global ===============================
22:48:47.0765 0x0d7c [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
22:48:48.0062 0x0d7c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
22:48:48.0484 0x0d7c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
22:48:48.0593 0x0d7c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
22:48:48.0593 0x0d7c [ Global ] - ok
22:48:48.0593 0x0d7c ================ Scan MBR ==================================
22:48:48.0640 0x0d7c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:48:49.0437 0x0d7c \Device\Harddisk0\DR0 - ok
22:48:49.0437 0x0d7c ================ Scan VBR ==================================
22:48:49.0453 0x0d7c [ 697FF5EE4E5E4BD427DFF7413B37C9E4 ] \Device\Harddisk0\DR0\Partition1
22:48:49.0468 0x0d7c \Device\Harddisk0\DR0\Partition1 - ok
22:48:49.0484 0x0d7c [ 00F92B32E384127104E9D3B7C0ABBDB7 ] \Device\Harddisk0\DR0\Partition2
22:48:49.0484 0x0d7c \Device\Harddisk0\DR0\Partition2 - ok
22:48:49.0484 0x0d7c Waiting for KSN requests completion. In queue: 66
22:48:50.0484 0x0d7c Waiting for KSN requests completion. In queue: 66
22:48:51.0484 0x0d7c Waiting for KSN requests completion. In queue: 66
22:48:52.0890 0x0d7c AV detected via SS1: Avira Desktop, 14.0.1.519, enabled, updated
22:48:52.0921 0x0d7c FW detected via SS1: ZoneAlarm Firewall, 9.2.106.000, disabled
22:48:52.0921 0x0d7c Win FW state via NFM: disabled
22:48:55.0343 0x0d7c ============================================================
22:48:55.0343 0x0d7c Scan finished
22:48:55.0343 0x0d7c ============================================================
22:48:55.0359 0x0530 Detected object count: 0
22:48:55.0359 0x0530 Actual detected object count: 0
22:49:34.0281 0x05b8 Deinitialize success
 
TDSSkiller is a tool we use to remove Rootkits, this type of infection hides and it not picked up by most scanners but this tool will pick it up if one is installed and there is not, so we can rule that out as slowing down your computer.

I was looking at the report from Combofix, it showed a lot of startup entries, if this is the problem than I can refer you to a windows forum to help you sort them out.

Your saying that you uninstalled Firefox ?

Lets do a fews things

This is just a cleaner that will clean out all your temp files and other not needed garbage

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean




Do this when you have time, it depends on your system, I have seen this run for some users for an hour or so and some many more hours than that, theres no way of telling how long it will take, the important thing is to not have it remove anything, just post the log


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
 
eset log

Morning Ken

Had to uninstall my avira virus check software. Could not get the services to stop.

Here are the contents of the log file.

C:\Qoobox\Quarantine\C\Documents and Settings\sean\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\rsopprov.exe.vir a variant of Win32/Kryptik.BTLV trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP280\A0285422.exe a variant of Win32/Kryptik.BSNE trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP283\A0292243.exe a variant of Win32/Kryptik.BSSH trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP286\A0294430.exe a variant of Win32/Kryptik.BTCC trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP286\A0294435.exe a variant of Win32/Kryptik.BTCC trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP286\A0294442.exe a variant of Win32/Kryptik.BTCC trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP288\A0297428.exe Win32/Caphaw.I trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP288\A0297465.exe Win32/Caphaw.I trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP289\A0297480.exe Win32/Caphaw.I trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP289\A0297503.exe a variant of Win32/Kryptik.BTKO trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP289\A0297512.exe Win32/Caphaw.I trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP291\A0298700.exe a variant of Win32/Kryptik.BTLV trojan


Cheers

Sean
 
Good Morning Sean,

The one file in Qoobox will be removed when we uninstall Combofix , the rest are in a System Restore Point


Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[CLEARALLRESTOREPOINTS]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces

Then run a new scan with OTL and post the new log please
 
otl results after fix

hi Ken

Just to check, running ESET, I ran it in scan mode so did not delete the entries it found. This was correct ??????

Here is log file. I'll run scan now and post it when it finishes

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\sean\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\sean\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Error creating restore point.

[EMPTYJAVA]

User: Administrator

User: All Users

User: Config.Msi

User: Default User

User: LocalService

User: NetworkService

User: sandra
->Java cache emptied: 0 bytes

User: sean
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Config.Msi

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: sandra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: sean
->Temp folder emptied: 21555571 bytes
->Temporary Internet Files folder emptied: 18595223 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 316130882 bytes

Total Files Cleaned = 340.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01252014_103623

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF1F2F.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF4974.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF4B71.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF706.tmp not found!
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\QN73WVP8\showthread[1].php moved successfully.
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\O53L3ND1\search[4].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Yes, but it looks like OTL may not have deleted old restore points so if those entries show up on the new ESET scan go ahead and remove them
 
new OTL scan

Hi Ken

New scan results below. BTW response still very poor on the laptop :(

OTL logfile created on: 25/01/2014 11:02:09 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sean\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 70.47% Memory free
3.10 Gb Paging File | 2.72 Gb Available in Paging File | 87.90% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.43 Gb Total Space | 33.05 Gb Free Space | 36.96% Space Free | Partition Type: NTFS
Drive D: | 55.69 Gb Total Space | 54.69 Gb Free Space | 98.22% Space Free | Partition Type: FAT32

Computer Name: LAPTOP02 | User Name: sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\sean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\WINDOWS\system32\acs.exe (Atheros)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Wireless Console 2\wcourier.exe ()


========== Services (SafeList) ==========

SRV - (OracleOraDb10g_home1TNSListener) -- C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR File not found
SRV - (OracleDBConsolesean01) -- C:\oracle\product\10.1.0\Db_1\bin\nmesrvc.exe File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (JoinMEUI Assistant Service) -- C:\Program Files\PC Suite\JoinMEAssistantServices.exe ()
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2) -- C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (smserial) -- system32\DRIVERS\smserial.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MFE_RR) -- C:\DOCUME~1\sean\LOCALS~1\Temp\mfe_rr.sys File not found
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\sean\LOCALS~1\Temp\catchme.sys File not found
DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found
DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found
DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found
DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- system32\drivers\btaudio.sys File not found
DRV - (axlnvvj6) -- File not found
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (zgwhsnmea) -- C:\WINDOWS\system32\drivers\zgwhsnmea.sys (ZTE Incorporated)
DRV - (zgwhsmdm) -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys (ZTE Incorporated)
DRV - (zgwhsdiag) -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys (ZTE Incorporated)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (C2SCSI) -- C:\WINDOWS\System32\drivers\c2scsi.sys (Sonic Solutions)
DRV - (massfilter_hs) -- C:\WINDOWS\system32\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications, Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows (R) 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{2D63A974-1DA7-4317-98CC-6D625065FF50}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{4B16DFDC-D52F-41E7-B434-2CB3ADD87762}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.1.6
FF - prefs.js..extensions.enabledAddons: canitbecheaper@trafficbroker.co.uk:3.7.12
FF - prefs.js..extensions.enabledAddons: {C99D6302-E652-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.15
FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/05 22:34:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C99D6302-E652-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\sean\Local Settings\Application Data\{C99D6302-E652-11E1-8270-B8AC6F996F26}\

[2008/06/22 06:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Extensions
[2014/01/22 21:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions
[2010/09/25 07:34:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/23 22:48:57 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2011/07/30 10:12:29 | 000,000,000 | ---D | M] (Flash Killer) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\flashkiller@joli.clic
[2014/01/22 21:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged
[2013/12/20 00:10:22 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: Google Docs = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/01/23 18:33:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillsoft.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} http://cam.thesandbar.com/activex/decoder/mpeg4_dec.cab (Moonlight MPEG-4 Video Decoder)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab (GreasyPalmInstallHelper Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1350936625281 (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1350936606734 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam1.ttu.ee/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisbury.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://217.22.201.135/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A97A08D4-B39E-4E5F-A1D4-622F067B28E0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/20 18:37:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/24 22:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/01/24 21:08:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/24 21:08:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\TFC.exe
[2014/01/23 22:44:54 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sean\Desktop\TDSSKiller.exe
[2014/01/23 18:40:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/01/22 21:49:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/22 18:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Napster
[2014/01/21 18:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/21 07:30:52 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\sean\Desktop\JRT.exe
[2014/01/21 07:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Local Settings\Application Data\PCHealth
[2014/01/20 20:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/01/20 19:14:33 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/01/20 19:12:52 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2014/01/20 19:12:05 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2014/01/20 19:12:05 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2014/01/20 17:56:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/19 22:30:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/15 22:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/01/15 22:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/01/15 20:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/15 20:01:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/15 20:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/01/12 21:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Local Settings\Application Data\Spotify
[2014/01/09 07:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2014/01/06 23:31:38 | 000,000,000 | ---D | C] -- C:\dansMemoryStick
[2014/01/06 19:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/06 17:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\My Documents\Probate
[2014/01/05 23:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2014/01/03 22:07:07 | 000,000,000 | ---D | C] -- C:\mumphoto
[2014/01/03 22:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\mumphoto
[2013/12/27 11:04:38 | 000,000,000 | ---D | C] -- C:\Films
[2008/11/10 17:10:00 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll

========== Files - Modified Within 30 Days ==========

[2014/01/25 10:56:37 | 000,912,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/25 10:56:37 | 000,303,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/25 10:52:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/25 10:52:47 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/25 10:50:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/25 10:50:03 | 2079,576,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/25 09:43:27 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/24 21:45:52 | 000,000,328 | -HS- | M] () -- C:\boot.ini
[2014/01/24 21:30:53 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\O2 wireless box II - Home.url
[2014/01/24 21:08:39 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\TFC.exe
[2014/01/23 18:33:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/23 17:42:42 | 005,175,240 | R--- | M] (Swearware) -- C:\Documents and Settings\sean\Desktop\ComboFix.exe
[2014/01/22 18:43:51 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Napster.lnk
[2014/01/21 07:31:06 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\sean\Desktop\JRT.exe
[2014/01/21 06:59:06 | 000,302,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/21 00:39:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/20 17:56:51 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
[2014/01/19 22:30:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/15 20:01:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/15 18:55:39 | 000,449,863 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140121-230115.backup
[2014/01/13 22:26:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/12 23:31:03 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\Google Chrome.lnk
[2014/01/06 22:46:53 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/06 19:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/03 21:20:30 | 000,140,736 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/03 21:15:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/01/02 19:01:02 | 004,819,207 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG

========== Files Created - No Company Name ==========

[2014/01/22 18:43:51 | 000,001,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Napster.lnk
[2014/01/22 18:31:34 | 2079,576,064 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/20 17:56:36 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
[2014/01/19 22:25:50 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/19 22:25:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/15 20:01:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/13 22:26:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/03 21:20:29 | 000,140,736 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/02 19:00:47 | 004,819,207 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG
[2013/12/20 21:11:04 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/09/20 21:05:02 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2013/09/16 00:08:49 | 000,258,602 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/09/15 23:39:33 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\sean\Application Data\Sys2662.Config.Repository.bin
[2013/05/31 22:43:21 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/20 21:43:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/20 21:43:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/20 21:43:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/20 21:43:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/20 21:43:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/22 20:21:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/14 00:31:20 | 004,469,910 | -H-- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\IconCache_sav.db
[2012/03/12 19:20:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\aopr.ini

========== ZeroAccess Check ==========

[2007/12/20 18:51:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 05:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/24 22:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\036DFF98000CC57F180B39EA7B07D287
[2013/04/04 21:49:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/02 12:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/11/02 19:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/10/05 22:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2011/03/08 23:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/05/27 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2013/05/13 16:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/07/14 10:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/01/22 18:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/01/03 09:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/18 22:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/01/07 19:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/04 22:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/08/03 18:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 22:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/29 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/14 20:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2013/05/10 17:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2010/05/31 12:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2013/06/24 15:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\AVG2013
[2012/04/19 23:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\HTC
[2008/10/21 18:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\PC Suite
[2010/04/15 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\Trusteer
[2010/01/02 12:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\DAEMON Tools Lite
[2014/01/11 22:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Dropbox
[2009/02/15 12:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\FreeCall
[2012/04/01 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC
[2012/03/31 23:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2008/05/24 22:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\ieSpell
[2008/10/31 23:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\OfficeUpdate12
[2009/02/28 09:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\PC Suite
[2014/01/12 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Spotify
[2010/03/06 08:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Trusteer
[2011/06/10 18:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\WinBatch
[2008/08/24 07:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Xilisoft Corporation

========== Purity Check ==========



< End of report >
 
You have an infected host file back up

Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
[2014/01/15 18:55:39 | 000,449,863 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140121-230115.backup


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces

Then run a new scan with OTL and post the new log please
 
Question

Hi Ken

Just running eset again at the mo to delete any virus signatures found.

The hosts file, spybot updated this file with the current entries (all pointing back to 127.0.0.1) You still want me to run the script you provided ?

Sean
 
Yes, we need to get rid of that bad hosts file back up.

When where done you can use Spybots host file feature that will protect it
 
log after otl fix

hi Ken

Log file as requested. Will post scan log file when process completed.

All processes killed
========== OTL ==========
C:\WINDOWS\system32\drivers\etc\hosts.20140121-230115.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\sean\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\sean\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Administrator

User: All Users

User: Config.Msi

User: Default User

User: LocalService

User: NetworkService

User: sandra
->Java cache emptied: 0 bytes

User: sean
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Config.Msi

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: sandra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: sean
->Temp folder emptied: 115712 bytes
->Temporary Internet Files folder emptied: 5225103 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 269312 bytes

Total Files Cleaned = 5.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01252014_185642

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF9ED6.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DFA20F.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DFC8DC.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DFCE42.tmp not found!
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\PVLSCPON\online-scanner[1].htm moved successfully.
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\4O8C11JL\search[2].htm moved successfully.
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\4O8C11JL\showthread[2].php moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
log file of otl scan

Hi Ken

Scan results

OTL logfile created on: 25/01/2014 19:12:39 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sean\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 70.47% Memory free
3.10 Gb Paging File | 2.72 Gb Available in Paging File | 87.88% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.43 Gb Total Space | 36.70 Gb Free Space | 41.04% Space Free | Partition Type: NTFS
Drive D: | 55.69 Gb Total Space | 54.69 Gb Free Space | 98.22% Space Free | Partition Type: FAT32

Computer Name: LAPTOP02 | User Name: sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\sean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\WINDOWS\system32\acs.exe (Atheros)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Wireless Console 2\wcourier.exe ()


========== Services (SafeList) ==========

SRV - (OracleOraDb10g_home1TNSListener) -- C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR File not found
SRV - (OracleDBConsolesean01) -- C:\oracle\product\10.1.0\Db_1\bin\nmesrvc.exe File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (JoinMEUI Assistant Service) -- C:\Program Files\PC Suite\JoinMEAssistantServices.exe ()
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2) -- C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (smserial) -- system32\DRIVERS\smserial.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MFE_RR) -- C:\DOCUME~1\sean\LOCALS~1\Temp\mfe_rr.sys File not found
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\sean\LOCALS~1\Temp\catchme.sys File not found
DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found
DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found
DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found
DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- system32\drivers\btaudio.sys File not found
DRV - (aakuzacl) -- File not found
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (zgwhsnmea) -- C:\WINDOWS\system32\drivers\zgwhsnmea.sys (ZTE Incorporated)
DRV - (zgwhsmdm) -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys (ZTE Incorporated)
DRV - (zgwhsdiag) -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys (ZTE Incorporated)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (C2SCSI) -- C:\WINDOWS\System32\drivers\c2scsi.sys (Sonic Solutions)
DRV - (massfilter_hs) -- C:\WINDOWS\system32\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications, Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows (R) 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{2D63A974-1DA7-4317-98CC-6D625065FF50}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{4B16DFDC-D52F-41E7-B434-2CB3ADD87762}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.1.6
FF - prefs.js..extensions.enabledAddons: canitbecheaper@trafficbroker.co.uk:3.7.12
FF - prefs.js..extensions.enabledAddons: {C99D6302-E652-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.15
FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/05 22:34:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C99D6302-E652-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\sean\Local Settings\Application Data\{C99D6302-E652-11E1-8270-B8AC6F996F26}\

[2008/06/22 06:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Extensions
[2014/01/22 21:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions
[2010/09/25 07:34:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/23 22:48:57 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2011/07/30 10:12:29 | 000,000,000 | ---D | M] (Flash Killer) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\flashkiller@joli.clic
[2014/01/22 21:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged
[2013/12/20 00:10:22 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: Google Docs = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/01/25 18:56:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillsoft.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} http://cam.thesandbar.com/activex/decoder/mpeg4_dec.cab (Moonlight MPEG-4 Video Decoder)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab (GreasyPalmInstallHelper Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1350936625281 (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1350936606734 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam1.ttu.ee/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisbury.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://217.22.201.135/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A97A08D4-B39E-4E5F-A1D4-622F067B28E0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/20 18:37:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/24 22:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/01/24 21:08:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/24 21:08:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\TFC.exe
[2014/01/23 22:44:54 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sean\Desktop\TDSSKiller.exe
[2014/01/23 18:40:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/01/22 21:49:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/22 18:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Napster
[2014/01/21 18:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/21 07:30:52 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\sean\Desktop\JRT.exe
[2014/01/21 07:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Local Settings\Application Data\PCHealth
[2014/01/20 20:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/01/20 19:14:33 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/01/20 19:12:52 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2014/01/20 19:12:05 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2014/01/20 19:12:05 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2014/01/20 17:56:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/19 22:30:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/15 22:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/01/15 22:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/01/15 20:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/15 20:01:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/15 20:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/01/12 21:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Local Settings\Application Data\Spotify
[2014/01/09 07:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2014/01/06 23:31:38 | 000,000,000 | ---D | C] -- C:\dansMemoryStick
[2014/01/06 19:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/06 17:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\My Documents\Probate
[2014/01/05 23:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2014/01/03 22:07:07 | 000,000,000 | ---D | C] -- C:\mumphoto
[2014/01/03 22:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\mumphoto
[2013/12/27 11:04:38 | 000,000,000 | ---D | C] -- C:\Films
[2008/11/10 17:10:00 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll

========== Files - Modified Within 30 Days ==========

[2014/01/25 19:08:59 | 000,914,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/25 19:08:57 | 000,304,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/25 19:03:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/25 19:03:42 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/25 19:02:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/25 19:02:07 | 2079,576,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/25 18:56:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/01/25 18:47:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/24 21:45:52 | 000,000,328 | -HS- | M] () -- C:\boot.ini
[2014/01/24 21:30:53 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\O2 wireless box II - Home.url
[2014/01/24 21:08:39 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\TFC.exe
[2014/01/23 17:42:42 | 005,175,240 | R--- | M] (Swearware) -- C:\Documents and Settings\sean\Desktop\ComboFix.exe
[2014/01/22 18:43:51 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Napster.lnk
[2014/01/21 07:31:06 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\sean\Desktop\JRT.exe
[2014/01/21 06:59:06 | 000,302,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/21 00:39:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/20 17:56:51 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
[2014/01/19 22:30:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/15 20:01:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/13 22:26:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/12 23:31:03 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\Google Chrome.lnk
[2014/01/06 22:46:53 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/06 19:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/03 21:20:30 | 000,140,736 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/03 21:15:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/01/02 19:01:02 | 004,819,207 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG

========== Files Created - No Company Name ==========

[2014/01/22 18:43:51 | 000,001,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Napster.lnk
[2014/01/22 18:31:34 | 2079,576,064 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/20 17:56:36 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
[2014/01/19 22:25:50 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/19 22:25:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/15 20:01:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/13 22:26:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/03 21:20:29 | 000,140,736 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/02 19:00:47 | 004,819,207 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG
[2013/12/20 21:11:04 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/09/20 21:05:02 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2013/09/16 00:08:49 | 000,258,602 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/09/15 23:39:33 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\sean\Application Data\Sys2662.Config.Repository.bin
[2013/05/31 22:43:21 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/20 21:43:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/20 21:43:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/20 21:43:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/20 21:43:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/20 21:43:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/22 20:21:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/14 00:31:20 | 004,469,910 | -H-- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\IconCache_sav.db
[2012/03/12 19:20:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\aopr.ini

========== ZeroAccess Check ==========

[2007/12/20 18:51:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 05:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/24 22:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\036DFF98000CC57F180B39EA7B07D287
[2013/04/04 21:49:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/02 12:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/11/02 19:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/10/05 22:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2011/03/08 23:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/05/27 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2013/05/13 16:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/07/14 10:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/01/22 18:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/01/03 09:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/18 22:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/01/07 19:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/04 22:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/08/03 18:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 22:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/29 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/14 20:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2013/05/10 17:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2010/05/31 12:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2013/06/24 15:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\AVG2013
[2012/04/19 23:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\HTC
[2008/10/21 18:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\PC Suite
[2010/04/15 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\Trusteer
[2010/01/02 12:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\DAEMON Tools Lite
[2014/01/11 22:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Dropbox
[2009/02/15 12:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\FreeCall
[2012/04/01 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC
[2012/03/31 23:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2008/05/24 22:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\ieSpell
[2008/10/31 23:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\OfficeUpdate12
[2009/02/28 09:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\PC Suite
[2014/01/12 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Spotify
[2010/03/06 08:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Trusteer
[2011/06/10 18:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\WinBatch
[2008/08/24 07:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Xilisoft Corporation

========== Purity Check ==========



< End of report >
 
for information

Morning Ken.

Laptop stills run like a dog, takes ages to get windows booted up, then ages to get logged on. I'm going to uninstall some of the installed programs to see if that makes any difference.

Can you view archived posts (it was a few years ago) as I've had this issue before and with the help of this forum got rid of the issue. The last post I made to the thread provided what I did.

Firefox, can see it installed. What I will do is install it, remove it, scan with OTL and post the results OK ?

Sean
 
Sounds like a plan, use Revo Uninstaller to remove FF so it will take all the files folders and registry entries with it.

Do you remember the name of the helper that helped you a few years ago, so far all i am finding is this post and the one in the waiting room, did you use the same username that your using now cobolguy
 
I found archived threads , one from 10/08/12 by Blade81 and we have done about everything on this thread that was done then. Is this the same acer computer that was worked on a few years ago ?


Also found this but it wont work for you unless its the same computer, this was a few years ago also


Hi there.

Could not run task manager to see processes running. Could not find out why. Found a utility called processexplorer from internet that allowed me to manage the windows running processes. Seemed there was a power management process (Acer) running that was consuming 90+% cpu. Killed this and malwarebytes was able to run thru to completion. It found lots of stuff !!, cleaned this up and hey presto, laptop working ok.

Cheers
Click to expand...

Go here and delete ERUNT from the startup folder, this could be bogging you down
C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

Let me know if its the same computer , there are a few other things we can try
 
Last edited:
reply

done the remove from start for erunt.

The archive was for an asus laptop, not aser.

researcing the internet it would seem that an excessive hardware interrups and DPC's seems to point to faulty driver :(

I've rebooted and executed both spybot and malwarebyes from startup using f8 and nothing was found.

Only other thing is to get a spare hard drive and rebuild the os onto it and copy data files.

Happy Sunday........


Sean
 
You must log in or register to reply here.
Back
Top