TechSpot

Multiple iexplore processes

By dennis pengelly
Nov 18, 2014
  1. When the explorer.exe process is running it is causing multiple iexplore.exe processes to keep popping up eating up cpu time and memory space and slowing my computer down to a crawl. If I end the explorer.exe process iexplore.exe processes stop popping up. I am running Windows XP withe latest updates available before the support stopped and am concerned about the system crashing while trying to fix this since I cannot reload.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]


    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    Here is my Malwarebytes and DDS scans. Please note that DDS.txt was not created.
     

    Attached Files:

  4. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    Sorry....Didn't realize no attached files:

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Update, 11/19/2014 12:26:47 AM, SYSTEM, DENTECH-CXSLVNS, Scheduler, Malware Database, 2014.11.18.9, 2014.11.19.1,
    Protection, 11/19/2014 12:26:49 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Refresh, Starting,
    Protection, 11/19/2014 12:26:49 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Stopping,
    Protection, 11/19/2014 12:26:50 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Stopped,
    Protection, 11/19/2014 12:30:34 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Refresh, Success,
    Protection, 11/19/2014 12:30:34 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Starting,
    Protection, 11/19/2014 12:31:04 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Started,
    Protection, 11/19/2014 6:56:27 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malware Protection, Starting,
    Protection, 11/19/2014 6:56:27 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malware Protection, Started,
    Protection, 11/19/2014 6:56:27 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Starting,
    Update, 11/19/2014 6:56:55 AM, SYSTEM, DENTECH-CXSLVNS, Scheduler, Malware Database, 2014.11.19.1, 2014.11.19.4,
    Protection, 11/19/2014 6:56:56 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Refresh, Starting,
    Protection, 11/19/2014 6:57:02 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Started,
    Protection, 11/19/2014 6:57:02 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Stopping,
    Protection, 11/19/2014 6:57:02 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Stopped,
    Protection, 11/19/2014 6:57:34 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Refresh, Success,
    Protection, 11/19/2014 6:57:34 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Starting,
    Protection, 11/19/2014 6:58:03 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Started,
    Detection, 11/19/2014 7:10:08 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, IP, 5.149.250.194, 0, Outbound,

    (end)
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/22/2014 9:37:16 AM
    System Uptime: 11/19/2014 6:53:38 AM (1 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0W2562
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 112 GiB total, 51.711 GiB free.
    D: is CDROM ()
    E: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Linksys EG1032 v3 Instant Gigabit Desktop Network Adapter Driver
    Device ID: PCI\VEN_1737&DEV_1032&SUBSYS_00241737&REV_10\4&1C660DD6&0&10F0
    Manufacturer: Linksys, A Division of Cisco Systems, Inc
    Name: Linksys EG1032 v3 Instant Gigabit Desktop Network Adapter Driver
    PNP Device ID: PCI\VEN_1737&DEV_1032&SUBSYS_00241737&REV_10\4&1C660DD6&0&10F0
    Service: RTL8023xp
    .
    ==== System Restore Points ===================
    .
    RP138: 8/27/2014 12:37:21 PM - System Checkpoint
    RP139: 8/29/2014 9:53:40 AM - System Checkpoint
    RP140: 9/5/2014 1:08:53 PM - System Checkpoint
    RP141: 9/6/2014 1:03:11 PM - Software Distribution Service 3.0
    RP142: 9/11/2014 8:08:54 AM - System Checkpoint
    RP143: 9/12/2014 6:35:18 PM - System Checkpoint
    RP144: 9/13/2014 7:04:53 PM - System Checkpoint
    RP145: 9/14/2014 7:52:48 PM - System Checkpoint
    RP146: 9/15/2014 8:52:48 PM - System Checkpoint
    RP147: 9/16/2014 9:52:48 PM - System Checkpoint
    RP148: 9/17/2014 10:52:48 PM - System Checkpoint
    RP149: 9/18/2014 11:52:48 PM - System Checkpoint
    RP150: 9/20/2014 12:52:49 AM - System Checkpoint
    RP151: 9/21/2014 8:07:36 PM - System Checkpoint
    RP152: 9/23/2014 8:08:00 AM - System Checkpoint
    RP153: 9/25/2014 1:04:58 PM - System Checkpoint
    RP154: 9/25/2014 2:15:39 PM - Software Distribution Service 3.0
    RP155: 9/25/2014 3:22:08 PM - Installed Microsoft Fix it 50267
    RP156: 9/29/2014 4:55:28 PM - System Checkpoint
    RP157: 10/12/2014 10:49:15 AM - Installed iTunes
    RP158: 10/15/2014 1:15:23 PM - System Checkpoint
    RP159: 10/16/2014 1:16:17 PM - System Checkpoint
    RP160: 10/17/2014 6:00:47 PM - System Checkpoint
    RP161: 10/20/2014 5:08:47 PM - System Checkpoint
    RP162: 10/21/2014 5:13:52 PM - System Checkpoint
    RP163: 10/22/2014 6:01:28 PM - System Checkpoint
    RP164: 10/23/2014 6:07:52 PM - System Checkpoint
    RP165: 10/24/2014 7:01:46 PM - System Checkpoint
    RP166: 10/25/2014 7:55:39 PM - System Checkpoint
    RP167: 11/5/2014 1:44:44 PM - System Checkpoint
    RP168: 11/6/2014 2:22:17 PM - System Checkpoint
    RP169: 11/7/2014 3:11:40 PM - System Checkpoint
    RP170: 11/9/2014 1:19:51 PM - System Checkpoint
    RP171: 11/12/2014 10:17:14 AM - System Checkpoint
    RP172: 11/13/2014 12:03:01 PM - System Checkpoint
    RP173: 11/15/2014 9:36:55 AM - System Checkpoint
    RP174: 11/17/2014 11:49:25 AM - System Checkpoint
    RP175: 11/18/2014 12:08:31 PM - System Checkpoint
    .
    ==== Image File Execution Options =============
    .
    IFEO: Your Image File Name Here without a path - ntsd -d
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    [​IMG] You posted "protection" log from MBAM instead of "scan" log.
    Please post correct log.

    [​IMG] Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  6. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    The logs follow. TDSKiller created 2 logs....one before restart and one after restart:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/18/2014
    Scan Time: 7:38:49 PM
    Logfile: Malwarebytes Scan Log.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.18.09
    Rootkit Database: v2014.11.18.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: dennis pengelly

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 515306
    Time Elapsed: 1 hr, 25 min, 53 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  7. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    First TDS Scan Part 1

    07:31:52.0468 0x0d28 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
    07:32:13.0375 0x0d28 ============================================================
    07:32:13.0375 0x0d28 Current date / time: 2014/11/20 07:32:13.0375
    07:32:13.0375 0x0d28 SystemInfo:
    07:32:13.0375 0x0d28
    07:32:13.0375 0x0d28 OS Version: 5.1.2600 ServicePack: 3.0
    07:32:13.0375 0x0d28 Product type: Workstation
    07:32:13.0703 0x0d28 ComputerName: DENTECH-CXSLVNS
    07:32:13.0718 0x0d28 UserName: dennis pengelly
    07:32:13.0718 0x0d28 Windows directory: C:\WINDOWS
    07:32:13.0734 0x0d28 System windows directory: C:\WINDOWS
    07:32:13.0734 0x0d28 Processor architecture: Intel x86
    07:32:13.0734 0x0d28 Number of processors: 1
    07:32:13.0734 0x0d28 Page size: 0x1000
    07:32:13.0734 0x0d28 Boot type: Normal boot
    07:32:13.0734 0x0d28 ============================================================
    07:32:27.0796 0x0d28 KLMD registered as C:\WINDOWS\system32\drivers\05286513.sys
    07:32:32.0953 0x0d28 System UUID: {0E24FB42-6D1B-093D-8B81-1B9066C333CC}
    07:32:50.0921 0x0d28 Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 ( 111.76 Gb ), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    07:32:51.0000 0x0d28 ============================================================
    07:32:51.0000 0x0d28 \Device\Harddisk0\DR0:
    07:32:51.0000 0x0d28 MBR partitions:
    07:32:51.0000 0x0d28 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xDF702F8
    07:32:51.0000 0x0d28 ============================================================
    07:32:51.0125 0x0d28 C: <-> \Device\Harddisk0\DR0\Partition1
    07:32:51.0203 0x0d28 ============================================================
    07:32:51.0203 0x0d28 Initialize success
    07:32:51.0203 0x0d28 ============================================================
    07:33:34.0750 0x0bc0 ============================================================
    07:33:34.0750 0x0bc0 Scan started
    07:33:34.0750 0x0bc0 Mode: Manual;
    07:33:34.0750 0x0bc0 ============================================================
    07:33:34.0750 0x0bc0 KSN ping started
    07:33:40.0890 0x0bc0 KSN ping finished: true
    07:33:47.0093 0x0bc0 ================ Scan system memory ========================
    07:33:47.0093 0x0bc0 System memory - ok
    07:33:47.0093 0x0bc0 ================ Scan services =============================
    07:33:47.0328 0x0bc0 a2acc - ok
    07:33:47.0937 0x0bc0 Abiosdsk - ok
    07:33:47.0953 0x0bc0 abp480n5 - ok
    07:33:48.0093 0x0bc0 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    07:33:48.0093 0x0bc0 ACPI - ok
    07:33:49.0546 0x0bc0 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    07:33:49.0546 0x0bc0 ACPIEC - ok
    07:33:49.0875 0x0bc0 [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    07:33:49.0875 0x0bc0 AdobeFlashPlayerUpdateSvc - ok
    07:33:49.0968 0x0bc0 adpu160m - ok
    07:33:50.0015 0x0bc0 [ 11C04B17ED2ABBB4833694BCD644AC90, 4F50E672B8C1CA951EF1E01E969C73968BDB656889849859881333ECD3751A24 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
    07:33:50.0015 0x0bc0 aeaudio - ok
    07:33:50.0109 0x0bc0 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
    07:33:50.0109 0x0bc0 aec - ok
    07:33:50.0281 0x0bc0 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    07:33:50.0296 0x0bc0 AFD - ok
    07:33:50.0468 0x0bc0 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    07:33:50.0468 0x0bc0 agp440 - ok
    07:33:50.0468 0x0bc0 Aha154x - ok
    07:33:50.0500 0x0bc0 aic78u2 - ok
    07:33:50.0500 0x0bc0 aic78xx - ok
    07:33:50.0562 0x0bc0 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    07:33:50.0562 0x0bc0 Alerter - ok
    07:33:50.0718 0x0bc0 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
    07:33:50.0765 0x0bc0 ALG - ok
    07:33:50.0781 0x0bc0 AliIde - ok
    07:33:50.0796 0x0bc0 amsint - ok
    07:33:51.0062 0x0bc0 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    07:33:51.0125 0x0bc0 Apple Mobile Device - ok
    07:33:51.0125 0x0bc0 AppMgmt - ok
    07:33:51.0140 0x0bc0 asc - ok
    07:33:51.0156 0x0bc0 asc3350p - ok
    07:33:51.0156 0x0bc0 asc3550 - ok
    07:33:51.0265 0x0bc0 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    07:33:51.0265 0x0bc0 AsyncMac - ok
    07:33:51.0312 0x0bc0 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    07:33:51.0312 0x0bc0 atapi - ok
    07:33:51.0359 0x0bc0 Atdisk - ok
    07:33:51.0718 0x0bc0 [ BBA22521D24625C7A7B8D57FB20A812E, DD8A296F98893A7FF2201F814556188F046BD529150771AA474DFE5ABD9AD2D6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    07:33:52.0000 0x0bc0 Ati HotKey Poller - ok
    07:33:52.0171 0x0bc0 [ 1C5473C7214A63C3012D5544779D07A3, D71D4131B4145B192ACDBE98648AD33640760FEE5A651812DFA019C6C227D822 ] ATI Remote Wonder II C:\WINDOWS\system32\drivers\ATIRWVD.SYS
    07:33:52.0171 0x0bc0 ATI Remote Wonder II - ok
    07:33:52.0734 0x0bc0 [ 3C7812BEDCDC11F697CD9CB0E449D62F, 88B78FA4FCDE7A02A35052D39ABE691C09C569FD07E9E8A009CFB6569BFF233A ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
    07:33:52.0750 0x0bc0 ATI Smart - ok
    07:33:53.0437 0x0bc0 [ 07AC9A98EA70B5A6655A5797174BD282, 95FE05144A51FC4E3FB75F8C9BA45A9FD0F482A81451102037F72F4D60D8E13B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    07:33:53.0468 0x0bc0 ati2mtag - ok
    07:33:53.0734 0x0bc0 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    07:33:53.0734 0x0bc0 Atmarpc - ok
    07:33:53.0843 0x0bc0 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    07:33:53.0875 0x0bc0 AudioSrv - ok
    07:33:53.0921 0x0bc0 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    07:33:53.0937 0x0bc0 audstub - ok
    07:33:54.0000 0x0bc0 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    07:33:54.0015 0x0bc0 Beep - ok
    07:33:54.0250 0x0bc0 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\System32\qmgr.dll
    07:33:54.0578 0x0bc0 BITS - ok
    07:33:54.0984 0x0bc0 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    07:33:55.0171 0x0bc0 Bonjour Service - ok
    07:33:55.0250 0x0bc0 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
    07:33:55.0296 0x0bc0 Browser - ok
    07:33:55.0343 0x0bc0 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    07:33:55.0375 0x0bc0 cbidf2k - ok
    07:33:55.0500 0x0bc0 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    07:33:55.0500 0x0bc0 CCDECODE - ok
    07:33:55.0515 0x0bc0 cd20xrnt - ok
    07:33:55.0562 0x0bc0 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    07:33:55.0593 0x0bc0 Cdaudio - ok
    07:33:55.0765 0x0bc0 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    07:33:55.0796 0x0bc0 Cdfs - ok
    07:33:55.0875 0x0bc0 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    07:33:55.0875 0x0bc0 Cdrom - ok
    07:33:55.0890 0x0bc0 Changer - ok
    07:33:55.0937 0x0bc0 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
    07:33:55.0937 0x0bc0 CiSvc - ok
    07:33:55.0953 0x0bc0 cleanhlp - ok
    07:33:56.0015 0x0bc0 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    07:33:56.0015 0x0bc0 ClipSrv - ok
    07:33:56.0468 0x0bc0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    07:33:56.0484 0x0bc0 clr_optimization_v4.0.30319_32 - ok
    07:33:56.0500 0x0bc0 CmdIde - ok
    07:33:56.0515 0x0bc0 COMSysApp - ok
    07:33:56.0531 0x0bc0 Cpqarray - ok
    07:33:56.0593 0x0bc0 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    07:33:56.0625 0x0bc0 CryptSvc - ok
    07:33:56.0750 0x0bc0 dac2w2k - ok
    07:33:56.0765 0x0bc0 dac960nt - ok
    07:33:56.0968 0x0bc0 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    07:33:57.0187 0x0bc0 DcomLaunch - ok
    07:33:57.0281 0x0bc0 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    07:33:57.0343 0x0bc0 Dhcp - ok
    07:33:57.0421 0x0bc0 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    07:33:57.0421 0x0bc0 Disk - ok
    07:33:57.0437 0x0bc0 dmadmin - ok
    07:33:57.0875 0x0bc0 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    07:33:57.0906 0x0bc0 dmboot - ok
    07:33:57.0984 0x0bc0 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    07:33:57.0984 0x0bc0 dmio - ok
    07:33:58.0046 0x0bc0 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    07:33:58.0046 0x0bc0 dmload - ok
    07:33:58.0109 0x0bc0 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
    07:33:58.0109 0x0bc0 dmserver - ok
    07:33:58.0203 0x0bc0 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    07:33:58.0203 0x0bc0 DMusic - ok
    07:33:58.0265 0x0bc0 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    07:33:58.0296 0x0bc0 Dnscache - ok
    07:33:58.0437 0x039c Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc
    07:33:58.0453 0x0bc0 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    07:33:58.0453 0x0bc0 Dot3svc - ok
    07:33:58.0484 0x0bc0 dpti2o - ok
    07:33:58.0500 0x0bc0 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    07:33:58.0500 0x0bc0 drmkaud - ok
    07:33:58.0531 0x0bc0 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
    07:33:58.0531 0x0bc0 EapHost - ok
    07:33:58.0593 0x0bc0 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
    07:33:58.0593 0x0bc0 ERSvc - ok
    07:33:58.0687 0x0bc0 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
    07:33:58.0875 0x0bc0 Eventlog - ok
    07:33:59.0015 0x0bc0 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\System32\es.dll
    07:33:59.0140 0x0bc0 EventSystem - ok
    07:33:59.0234 0x0bc0 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    07:33:59.0312 0x0bc0 Fastfat - ok
    07:33:59.0390 0x0bc0 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    07:33:59.0437 0x0bc0 FastUserSwitchingCompatibility - ok
    07:33:59.0500 0x0bc0 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    07:33:59.0500 0x0bc0 Fdc - ok
    07:33:59.0578 0x0bc0 [ 20FE03294AC1429AE88A64C2F754B0D4, 1AAA5F71528C20143E3BE2A93675FC88E34AF1394EB5409103F2C799A5C0B166 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
    07:33:59.0578 0x0bc0 FilterService - ok
    07:33:59.0625 0x0bc0 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    07:33:59.0640 0x0bc0 Fips - ok
    07:33:59.0671 0x0bc0 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    07:33:59.0671 0x0bc0 Flpydisk - ok
    07:33:59.0890 0x0bc0 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    07:33:59.0890 0x0bc0 FltMgr - ok
    07:33:59.0906 0x0bc0 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    07:33:59.0921 0x0bc0 Fs_Rec - ok
    07:33:59.0984 0x0bc0 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    07:34:00.0000 0x0bc0 Ftdisk - ok
    07:34:00.0078 0x0bc0 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    07:34:00.0078 0x0bc0 GEARAspiWDM - ok
    07:34:00.0125 0x0bc0 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    07:34:00.0125 0x0bc0 Gpc - ok
    07:34:00.0265 0x0bc0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    07:34:00.0281 0x0bc0 gupdate - ok
    07:34:00.0328 0x0bc0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    07:34:00.0328 0x0bc0 gupdatem - ok
    07:34:00.0531 0x0bc0 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    07:34:00.0531 0x0bc0 gusvc - ok
    07:34:00.0656 0x0bc0 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    07:34:00.0671 0x0bc0 helpsvc - ok
    07:34:00.0718 0x0bc0 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
    07:34:00.0718 0x0bc0 HidServ - ok
    07:34:00.0875 0x0bc0 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    07:34:00.0875 0x0bc0 hidusb - ok
    07:34:01.0062 0x0bc0 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    07:34:01.0062 0x0bc0 hkmsvc - ok
    07:34:01.0078 0x0bc0 hpn - ok
    07:34:01.0296 0x039c Object send P2P result: true
    07:34:01.0312 0x0bc0 [ 58D4765AB87347DB835D5693ADF652C1, C82C844C29AC9041BEE7D02FB846AA9BC17D7DF0D8295AE31A485CC44B0CC7D7 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    07:34:01.0421 0x0bc0 hpqcxs08 - ok
    07:34:01.0515 0x0bc0 [ 99ED733F614660EB32199BF889DFB7E2, E96CD3DB09639DB9685AF20915BE9097E270D331A2516FA2929B4E2251B2FA61 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    07:34:01.0578 0x0bc0 hpqddsvc - ok
    07:34:01.0640 0x0bc0 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    07:34:01.0640 0x0bc0 HPZid412 - ok
    07:34:01.0687 0x0bc0 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    07:34:01.0687 0x0bc0 HPZipr12 - ok
    07:34:01.0750 0x0bc0 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    07:34:01.0750 0x0bc0 HPZius12 - ok
    07:34:02.0031 0x0bc0 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    07:34:02.0046 0x0bc0 HTTP - ok
    07:34:02.0125 0x0bc0 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    07:34:02.0140 0x0bc0 HTTPFilter - ok
    07:34:02.0140 0x0bc0 i2omgmt - ok
    07:34:02.0171 0x0bc0 i2omp - ok
    07:34:02.0234 0x0bc0 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    07:34:02.0234 0x0bc0 i8042prt - ok
    07:34:02.0265 0x0bc0 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    07:34:02.0265 0x0bc0 Imapi - ok
    07:34:02.0390 0x0bc0 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\System32\imapi.exe
    07:34:02.0390 0x0bc0 ImapiService - ok
    07:34:02.0406 0x0bc0 ini910u - ok
    07:34:02.0421 0x0bc0 IntelIde - ok
    07:34:02.0500 0x0bc0 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    07:34:02.0500 0x0bc0 intelppm - ok
    07:34:02.0625 0x0bc0 [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    07:34:02.0640 0x0bc0 IntuitUpdateServiceV4 - ok
    07:34:02.0687 0x0bc0 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
    07:34:02.0687 0x0bc0 ip6fw - ok
    07:34:02.0750 0x0bc0 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    07:34:02.0750 0x0bc0 IpFilterDriver - ok
    07:34:02.0953 0x0bc0 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    07:34:02.0953 0x0bc0 IpInIp - ok
    07:34:03.0046 0x0bc0 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    07:34:03.0046 0x0bc0 IpNat - ok
    07:34:03.0312 0x0bc0 [ 781ABA6C29AD40259602703A328DAEC6, 2DB936C8DE6D4424C6A10D4200F3D7F97A3A129A3B1064A83AB9846C3A828BE0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    07:34:03.0625 0x0bc0 iPod Service - ok
    07:34:03.0750 0x0bc0 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    07:34:03.0750 0x0bc0 IPSec - ok
    07:34:03.0953 0x0bc0 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    07:34:03.0953 0x0bc0 IRENUM - ok
    07:34:03.0984 0x0bc0 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    07:34:03.0984 0x0bc0 isapnp - ok
    07:34:04.0015 0x0bc0 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    07:34:04.0015 0x0bc0 Kbdclass - ok
    07:34:04.0109 0x0bc0 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    07:34:04.0109 0x0bc0 kbdhid - ok
    07:34:04.0203 0x0bc0 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    07:34:04.0203 0x0bc0 kmixer - ok
    07:34:04.0593 0x0bc0 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    07:34:04.0656 0x0bc0 KSecDD - ok
    07:34:05.0109 0x0bc0 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    07:34:05.0156 0x0bc0 lanmanserver - ok
    07:34:05.0234 0x0bc0 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    07:34:05.0328 0x0bc0 lanmanworkstation - ok
    07:34:05.0359 0x0bc0 lbrtfdc - ok
    07:34:05.0437 0x0bc0 [ 5D2498F99B7F08F372F9BA44C2474816, EF906148D7DEA4FC8A1256B0D290943B5E6FF138B7ED6A215B01F278BD2CD50F ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    07:34:05.0437 0x0bc0 LHidFilt - ok
    07:34:05.0484 0x0bc0 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    07:34:05.0500 0x0bc0 LmHosts - ok
    07:34:05.0531 0x0bc0 [ 4E1B80CC25C2D3BF6FD79E5CDB7787BB, 12DFE7024DD444532B38CC1CAC4C99BF33E2F5DD6E9D97BBCA5B6C4AA858CC7B ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    07:34:05.0531 0x0bc0 LMouFilt - ok
    07:34:05.0625 0x0bc0 [ AF280405C10F0D20F37670B7432E5C2F, 89EDF1B686CA6FE2516A5771AD80D6E8A6B022BA3D31E7988C2D2078CE45BEBA ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
    07:34:05.0625 0x0bc0 lvpopflt - ok
    07:34:05.0703 0x0bc0 [ 8BE71D7EDB8C7494913722059F760DD0, BA02D1EC025BDA8ADAE34483AB6B422A75D0C11392761F83BCB0D0ADB5B1EAE2 ] LVPr2Mon C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
    07:34:05.0718 0x0bc0 LVPr2Mon - ok
    07:34:05.0953 0x0bc0 [ 2333057542C91AE8228BDCCC2E5F2632, 51324D2D468DCDEA039F848585F6C78F99801D2725F7ACED2466E2D20BF112CD ] LVPrcSrv C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    07:34:06.0031 0x0bc0 LVPrcSrv - ok
    07:34:06.0140 0x0bc0 [ E52F5A2CADCF08D07F559962F807A0A2, 5AC12B9D43E593BD037DD4AB0414BC348762CEAEEB9031BF67F81A0E92AB6DC3 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
    07:34:06.0156 0x0bc0 LVRS - ok
    07:34:09.0109 0x0bc0 [ C3D02260BEB2B48DEA1EFDFCA91E4B69, 7A0E53F217E1F57ED81845904886FDE500C09261BE352DC101CEF8B95A235D7D ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    07:34:09.0281 0x0bc0 LVUVC - ok
    07:34:09.0375 0x0bc0 [ D2DED3C333A5D9CB3F4C244B0F0DD877, 5C1D6C2520C24B12AC99B4B1AB8A0C41052B78CEC2E8B52807057B09A03AD81F ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    07:34:09.0375 0x0bc0 MBAMProtector - ok
    07:34:10.0281 0x0bc0 [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    07:34:11.0921 0x0bc0 MBAMScheduler - ok
    07:34:12.0781 0x0bc0 [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    07:34:13.0343 0x0bc0 MBAMService - ok
    07:34:13.0484 0x0bc0 [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    07:34:13.0500 0x0bc0 MBAMSwissArmy - ok
    07:34:13.0562 0x0bc0 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    07:34:13.0562 0x0bc0 Messenger - ok
    07:34:13.0593 0x0bc0 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    07:34:13.0609 0x0bc0 mnmdd - ok
    07:34:13.0656 0x0bc0 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
    07:34:13.0656 0x0bc0 mnmsrvc - ok
    07:34:13.0718 0x0bc0 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    07:34:13.0750 0x0bc0 Modem - ok
    07:34:13.0781 0x0bc0 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    07:34:13.0781 0x0bc0 Mouclass - ok
    07:34:13.0843 0x0bc0 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    07:34:13.0843 0x0bc0 mouhid - ok
    07:34:13.0875 0x0bc0 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    07:34:13.0890 0x0bc0 MountMgr - ok
    07:34:13.0906 0x0bc0 mraid35x - ok
    07:34:13.0984 0x0bc0 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    07:34:13.0984 0x0bc0 MRxDAV - ok
    07:34:14.0343 0x0bc0 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    07:34:14.0375 0x0bc0 MRxSmb - ok
    07:34:14.0421 0x0bc0 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
    07:34:14.0453 0x0bc0 MSDTC - ok
    07:34:14.0515 0x0bc0 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    07:34:14.0531 0x0bc0 Msfs - ok
    07:34:14.0562 0x0bc0 MSIServer - ok
    07:34:14.0625 0x0bc0 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    07:34:14.0625 0x0bc0 MSKSSRV - ok
    07:34:14.0718 0x0bc0 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
     
  8. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    First TDS Scan Part 2

    07:34:14.0718 0x0bc0 MSPCLOCK - ok
    07:34:14.0796 0x0bc0 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    07:34:14.0796 0x0bc0 MSPQM - ok
    07:34:14.0875 0x0bc0 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    07:34:14.0875 0x0bc0 mssmbios - ok
    07:34:14.0906 0x0bc0 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    07:34:14.0906 0x0bc0 MSTEE - ok
    07:34:15.0031 0x0bc0 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    07:34:15.0093 0x0bc0 Mup - ok
    07:34:15.0343 0x0bc0 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    07:34:15.0343 0x0bc0 NABTSFEC - ok
    07:34:15.0640 0x0bc0 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
    07:34:15.0656 0x0bc0 napagent - ok
    07:34:15.0765 0x0bc0 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    07:34:15.0828 0x0bc0 NDIS - ok
    07:34:15.0906 0x0bc0 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    07:34:15.0906 0x0bc0 NdisIP - ok
    07:34:15.0984 0x0bc0 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    07:34:15.0984 0x0bc0 NdisTapi - ok
    07:34:16.0031 0x0bc0 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    07:34:16.0031 0x0bc0 Ndisuio - ok
    07:34:16.0078 0x0bc0 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    07:34:16.0078 0x0bc0 NdisWan - ok
    07:34:16.0281 0x0bc0 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    07:34:16.0312 0x0bc0 NDProxy - ok
    07:34:16.0375 0x0bc0 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    07:34:16.0421 0x0bc0 Net Driver HPZ12 - ok
    07:34:16.0484 0x0bc0 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    07:34:16.0484 0x0bc0 NetBIOS - ok
    07:34:16.0562 0x0bc0 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    07:34:16.0578 0x0bc0 NetBT - ok
    07:34:16.0640 0x0bc0 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
    07:34:16.0656 0x0bc0 NetDDE - ok
    07:34:16.0703 0x0bc0 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    07:34:16.0703 0x0bc0 NetDDEdsdm - ok
    07:34:16.0765 0x0bc0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\System32\lsass.exe
    07:34:16.0765 0x0bc0 Netlogon - ok
    07:34:16.0875 0x0bc0 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
    07:34:16.0968 0x0bc0 Netman - ok
    07:34:17.0109 0x0bc0 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
    07:34:17.0343 0x0bc0 Nla - ok
    07:34:17.0406 0x0bc0 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    07:34:17.0421 0x0bc0 Npfs - ok
    07:34:17.0671 0x0bc0 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    07:34:17.0890 0x0bc0 Ntfs - ok
    07:34:17.0921 0x0bc0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
    07:34:17.0921 0x0bc0 NtLmSsp - ok
    07:34:18.0609 0x0bc0 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    07:34:18.0609 0x0bc0 NtmsSvc - ok
    07:34:18.0656 0x0bc0 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
    07:34:18.0671 0x0bc0 Null - ok
    07:34:18.0734 0x0bc0 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    07:34:18.0734 0x0bc0 NwlnkFlt - ok
    07:34:18.0796 0x0bc0 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    07:34:18.0796 0x0bc0 NwlnkFwd - ok
    07:34:18.0859 0x0bc0 [ CEC7E2C6C1FA00C7AB2F5434F848AE51, 399CF962689652F6B3906F40D20EE7BBDA856CD56031A65C5A1E8718016FCE90 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
    07:34:18.0859 0x0bc0 OMCI - ok
    07:34:18.0968 0x0bc0 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    07:34:18.0968 0x0bc0 Parport - ok
    07:34:18.0984 0x0bc0 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    07:34:19.0015 0x0bc0 PartMgr - ok
    07:34:19.0062 0x0bc0 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    07:34:19.0078 0x0bc0 ParVdm - ok
    07:34:19.0125 0x0bc0 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    07:34:19.0125 0x0bc0 PCI - ok
    07:34:19.0140 0x0bc0 PCIDump - ok
    07:34:19.0156 0x0bc0 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    07:34:19.0156 0x0bc0 PCIIde - ok
    07:34:19.0359 0x0bc0 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    07:34:19.0468 0x0bc0 Pcmcia - ok
    07:34:19.0484 0x0bc0 PDCOMP - ok
    07:34:19.0515 0x0bc0 PDFRAME - ok
    07:34:19.0515 0x0bc0 PDRELI - ok
    07:34:19.0531 0x0bc0 PDRFRAME - ok
    07:34:19.0546 0x0bc0 perc2 - ok
    07:34:19.0578 0x0bc0 perc2hib - ok
    07:34:19.0656 0x0bc0 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
    07:34:19.0656 0x0bc0 PlugPlay - ok
    07:34:19.0687 0x0bc0 [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    07:34:19.0703 0x0bc0 Pml Driver HPZ12 - ok
    07:34:19.0734 0x0bc0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
    07:34:19.0734 0x0bc0 PolicyAgent - ok
    07:34:19.0765 0x0bc0 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    07:34:19.0765 0x0bc0 PptpMiniport - ok
    07:34:19.0812 0x0bc0 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
    07:34:19.0812 0x0bc0 Processor - ok
    07:34:19.0828 0x0bc0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    07:34:19.0828 0x0bc0 ProtectedStorage - ok
    07:34:19.0875 0x0bc0 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    07:34:19.0875 0x0bc0 PSched - ok
    07:34:19.0953 0x0bc0 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    07:34:19.0953 0x0bc0 Ptilink - ok
    07:34:19.0953 0x0bc0 ql1080 - ok
    07:34:19.0968 0x0bc0 Ql10wnt - ok
    07:34:19.0984 0x0bc0 ql12160 - ok
    07:34:19.0984 0x0bc0 ql1240 - ok
    07:34:20.0000 0x0bc0 ql1280 - ok
    07:34:20.0031 0x0bc0 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    07:34:20.0031 0x0bc0 RasAcd - ok
    07:34:20.0109 0x0bc0 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
    07:34:20.0109 0x0bc0 RasAuto - ok
    07:34:20.0156 0x0bc0 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    07:34:20.0156 0x0bc0 Rasl2tp - ok
    07:34:20.0437 0x0bc0 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
    07:34:20.0500 0x0bc0 RasMan - ok
    07:34:20.0531 0x0bc0 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    07:34:20.0531 0x0bc0 RasPppoe - ok
    07:34:20.0562 0x0bc0 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    07:34:20.0562 0x0bc0 Raspti - ok
    07:34:20.0640 0x0bc0 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    07:34:20.0640 0x0bc0 Rdbss - ok
    07:34:20.0671 0x0bc0 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    07:34:20.0687 0x0bc0 RDPCDD - ok
    07:34:20.0812 0x0bc0 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    07:34:20.0859 0x0bc0 RDPWD - ok
    07:34:20.0968 0x0bc0 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    07:34:20.0984 0x0bc0 RDSessMgr - ok
    07:34:21.0078 0x0bc0 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    07:34:21.0093 0x0bc0 RealNetworks Downloader Resolver Service - ok
    07:34:21.0156 0x0bc0 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    07:34:21.0156 0x0bc0 redbook - ok
    07:34:21.0359 0x0bc0 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    07:34:21.0359 0x0bc0 RemoteAccess - ok
    07:34:21.0421 0x0bc0 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe
    07:34:21.0437 0x0bc0 RpcLocator - ok
    07:34:21.0593 0x0bc0 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
    07:34:21.0609 0x0bc0 RpcSs - ok
    07:34:21.0703 0x0bc0 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe
    07:34:21.0718 0x0bc0 RSVP - ok
    07:34:21.0781 0x0bc0 [ 223D721E1334425DF479B58123C9E886, D0B3B68C66E918CDD117E2E5FFEBDE83B892096A1CBEC34F0EB5142BCDF9F0DE ] RTL8023xp C:\WINDOWS\system32\DRIVERS\EG1032xp.sys
    07:34:21.0781 0x0bc0 RTL8023xp - ok
    07:34:21.0812 0x0bc0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
    07:34:21.0812 0x0bc0 SamSs - ok
    07:34:21.0890 0x0bc0 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    07:34:21.0906 0x0bc0 SCardSvr - ok
    07:34:22.0015 0x0bc0 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    07:34:22.0078 0x0bc0 Schedule - ok
    07:34:22.0156 0x0bc0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    07:34:22.0156 0x0bc0 Secdrv - ok
    07:34:22.0328 0x0bc0 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
    07:34:22.0343 0x0bc0 seclogon - ok
    07:34:22.0390 0x0bc0 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
    07:34:22.0406 0x0bc0 SENS - ok
    07:34:22.0421 0x0bc0 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    07:34:22.0421 0x0bc0 serenum - ok
    07:34:22.0468 0x0bc0 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    07:34:22.0468 0x0bc0 Serial - ok
    07:34:22.0531 0x0bc0 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    07:34:22.0546 0x0bc0 Sfloppy - ok
    07:34:22.0703 0x0bc0 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    07:34:22.0812 0x0bc0 SharedAccess - ok
    07:34:22.0890 0x0bc0 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    07:34:22.0890 0x0bc0 ShellHWDetection - ok
    07:34:22.0906 0x0bc0 Simbad - ok
    07:34:22.0953 0x0bc0 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    07:34:22.0953 0x0bc0 SLIP - ok
    07:34:23.0312 0x0bc0 [ 39F9595D2F6F7EB93F45A466789A6F49, 57BF163924D9EA1CC109ABA49899E04D478D9A85195A1161F9611C07A8F58D4D ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
    07:34:23.0328 0x0bc0 smwdm - ok
    07:34:23.0343 0x0bc0 Sparrow - ok
    07:34:23.0453 0x0bc0 [ DC7F26E519331D074E6D3D8A90595364, 4DB650046BB439101F48224E21F69CB10DD441EDA25E1A1895496C5FF1F88C6D ] spkrmon C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    07:34:23.0468 0x0bc0 spkrmon - ok
    07:34:23.0500 0x0bc0 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    07:34:23.0500 0x0bc0 splitter - ok
    07:34:23.0562 0x0bc0 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    07:34:23.0609 0x0bc0 Spooler - ok
    07:34:23.0687 0x0bc0 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    07:34:23.0687 0x0bc0 sr - ok
    07:34:23.0781 0x0bc0 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\System32\srsvc.dll
    07:34:23.0859 0x0bc0 srservice - ok
    07:34:24.0046 0x0bc0 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    07:34:24.0062 0x0bc0 Srv - ok
    07:34:24.0109 0x0bc0 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    07:34:24.0140 0x0bc0 SSDPSRV - ok
    07:34:24.0453 0x0bc0 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    07:34:24.0562 0x0bc0 stisvc - ok
    07:34:24.0609 0x0bc0 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    07:34:24.0609 0x0bc0 streamip - ok
    07:34:24.0640 0x0bc0 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    07:34:24.0640 0x0bc0 swenum - ok
    07:34:24.0687 0x0bc0 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    07:34:24.0703 0x0bc0 swmidi - ok
    07:34:24.0718 0x0bc0 SwPrv - ok
    07:34:24.0734 0x0bc0 symc810 - ok
    07:34:24.0734 0x0bc0 symc8xx - ok
    07:34:24.0750 0x0bc0 sym_hi - ok
    07:34:24.0765 0x0bc0 sym_u3 - ok
    07:34:24.0828 0x0bc0 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    07:34:24.0828 0x0bc0 sysaudio - ok
    07:34:24.0921 0x0bc0 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    07:34:24.0921 0x0bc0 SysmonLog - ok
    07:34:25.0062 0x0bc0 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    07:34:25.0140 0x0bc0 TapiSrv - ok
    07:34:25.0390 0x0bc0 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    07:34:25.0406 0x0bc0 Tcpip - ok
    07:34:25.0484 0x0bc0 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    07:34:25.0515 0x0bc0 TDPIPE - ok
    07:34:25.0562 0x0bc0 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    07:34:25.0562 0x0bc0 TDTCP - ok
    07:34:25.0593 0x0bc0 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    07:34:25.0609 0x0bc0 TermDD - ok
    07:34:25.0734 0x0bc0 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
    07:34:25.0859 0x0bc0 TermService - ok
    07:34:25.0953 0x0bc0 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
    07:34:25.0953 0x0bc0 Themes - ok
    07:34:25.0968 0x0bc0 TosIde - ok
    07:34:26.0046 0x0bc0 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    07:34:26.0078 0x0bc0 TrkWks - ok
    07:34:26.0125 0x0bc0 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    07:34:26.0171 0x0bc0 Udfs - ok
    07:34:26.0171 0x0bc0 ultra - ok
    07:34:26.0500 0x0bc0 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    07:34:26.0500 0x0bc0 Update - ok
    07:34:26.0609 0x0bc0 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
    07:34:26.0609 0x0bc0 upnphost - ok
    07:34:26.0656 0x0bc0 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
    07:34:26.0656 0x0bc0 UPS - ok
    07:34:26.0718 0x0bc0 [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    07:34:26.0734 0x0bc0 USBAAPL - ok
    07:34:26.0781 0x0bc0 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    07:34:26.0781 0x0bc0 usbaudio - ok
    07:34:26.0812 0x0bc0 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    07:34:26.0812 0x0bc0 usbccgp - ok
    07:34:26.0875 0x0bc0 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    07:34:26.0875 0x0bc0 usbehci - ok
    07:34:26.0953 0x0bc0 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    07:34:26.0953 0x0bc0 usbhub - ok
    07:34:26.0984 0x0bc0 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    07:34:26.0984 0x0bc0 usbprint - ok
    07:34:27.0062 0x0bc0 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    07:34:27.0062 0x0bc0 usbscan - ok
    07:34:27.0125 0x0bc0 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    07:34:27.0125 0x0bc0 USBSTOR - ok
    07:34:27.0140 0x0bc0 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    07:34:27.0140 0x0bc0 usbuhci - ok
    07:34:27.0171 0x0bc0 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    07:34:27.0171 0x0bc0 VgaSave - ok
    07:34:27.0187 0x0bc0 ViaIde - ok
    07:34:27.0250 0x0bc0 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    07:34:27.0406 0x0bc0 VolSnap - ok
    07:34:27.0656 0x0bc0 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
    07:34:27.0656 0x0bc0 VSS - ok
    07:34:27.0734 0x0bc0 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\System32\w32time.dll
    07:34:27.0796 0x0bc0 W32Time - ok
    07:34:27.0859 0x0bc0 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    07:34:27.0859 0x0bc0 Wanarp - ok
    07:34:28.0062 0x0bc0 [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    07:34:28.0078 0x0bc0 Wdf01000 - ok
    07:34:28.0093 0x0bc0 WDICA - ok
    07:34:28.0140 0x0bc0 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    07:34:28.0140 0x0bc0 wdmaud - ok
    07:34:28.0187 0x0bc0 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
    07:34:28.0218 0x0bc0 WebClient - ok
    07:34:28.0484 0x0bc0 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    07:34:28.0531 0x0bc0 winmgmt - ok
    07:34:28.0640 0x0bc0 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
    07:34:28.0640 0x0bc0 WmdmPmSN - ok
    07:34:28.0750 0x0bc0 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
    07:34:28.0750 0x0bc0 WmiApSrv - ok
    07:34:29.0140 0x0bc0 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    07:34:29.0171 0x0bc0 WPFFontCache_v0400 - ok
    07:34:29.0250 0x0bc0 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    07:34:29.0406 0x0bc0 wscsvc - ok
    07:34:29.0500 0x0bc0 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    07:34:29.0500 0x0bc0 WSTCODEC - ok
    07:34:29.0546 0x0bc0 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    07:34:29.0578 0x0bc0 wuauserv - ok
    07:34:29.0765 0x0bc0 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    07:34:29.0953 0x0bc0 WZCSVC - ok
    07:34:30.0015 0x0bc0 x10nets - ok
    07:34:30.0125 0x0bc0 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    07:34:30.0140 0x0bc0 xmlprov - ok
    07:34:30.0500 0x0bc0 [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    07:34:30.0750 0x0bc0 YahooAUService - ok
    07:34:30.0765 0x0bc0 ================ Scan global ===============================
    07:34:30.0828 0x0bc0 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
    07:34:30.0968 0x0bc0 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    07:34:31.0187 0x0bc0 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    07:34:31.0265 0x0bc0 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
    07:34:31.0265 0x0bc0 [ Global ] - ok
    07:34:31.0281 0x0bc0 ================ Scan MBR ==================================
    07:34:31.0296 0x0bc0 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    07:34:32.0937 0x0bc0 \Device\Harddisk0\DR0 - ok
    07:34:32.0937 0x0bc0 ================ Scan VBR ==================================
    07:34:32.0968 0x0bc0 [ B47FC8A5BA5CF3654FDD405AB3889977 ] \Device\Harddisk0\DR0\Partition1
    07:34:33.0000 0x0bc0 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
    07:34:33.0000 0x0bc0 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
    07:34:35.0500 0x0bc0 ================ Scan generic autorun ======================
    07:34:35.0734 0x0bc0 [ 2B4EC8708AF814DC49E55404988D010A, E6AFD61DD865D65CFB1B55897DBA57EA7457A6F16D4B3C48AAD996322BFBFBB7 ] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    07:34:35.0875 0x0bc0 ATIPTA - ok
    07:34:35.0875 0x0bc0 ATI DeviceDetect - ok
    07:34:35.0890 0x0bc0 Waiting for KSN requests completion. In queue: 137
    07:34:36.0890 0x0bc0 Waiting for KSN requests completion. In queue: 1
    07:34:37.0890 0x0bc0 Waiting for KSN requests completion. In queue: 1
    07:34:41.0984 0x0bc0 Win FW state via NFM: enabled
    07:34:44.0578 0x0bc0 ============================================================
    07:34:44.0578 0x0bc0 Scan finished
    07:34:44.0578 0x0bc0 ============================================================
    07:34:44.0953 0x08bc Detected object count: 1
    07:34:44.0953 0x08bc Actual detected object count: 1
    07:37:09.0875 0x08bc \Device\Harddisk0\DR0\Partition1 - copied to quarantine
    07:37:09.0921 0x08bc \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
    07:37:09.0984 0x08bc \Device\Harddisk0\DR0\Partition1 - ok
    07:37:09.0984 0x08bc \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
    07:37:13.0140 0x08bc KLMD registered as C:\WINDOWS\system32\drivers\10693154.sys
    07:37:29.0296 0x06a0 Deinitialize success
     
  9. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    Second TDS Scan Part 1

    07:42:05.0812 0x07cc TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
    07:42:08.0093 0x07cc ============================================================
    07:42:08.0093 0x07cc Current date / time: 2014/11/20 07:42:08.0093
    07:42:08.0140 0x07cc SystemInfo:
    07:42:08.0171 0x07cc
    07:42:08.0203 0x07cc OS Version: 5.1.2600 ServicePack: 3.0
    07:42:08.0218 0x07cc Product type: Workstation
    07:42:08.0218 0x07cc ComputerName: DENTECH-CXSLVNS
    07:42:08.0328 0x07cc UserName: dennis pengelly
    07:42:08.0359 0x07cc Windows directory: C:\WINDOWS
    07:42:08.0375 0x07cc System windows directory: C:\WINDOWS
    07:42:08.0375 0x07cc Processor architecture: Intel x86
    07:42:08.0375 0x07cc Number of processors: 1
    07:42:08.0375 0x07cc Page size: 0x1000
    07:42:08.0375 0x07cc Boot type: Normal boot
    07:42:08.0406 0x07cc ============================================================
    07:42:08.0750 0x07cc BG loaded
    07:42:10.0406 0x07cc System UUID: {0E24FB42-6D1B-093D-8B81-1B9066C333CC}
    07:42:14.0578 0x07cc Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 ( 111.76 Gb ), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
    07:42:14.0718 0x07cc ============================================================
    07:42:14.0718 0x07cc \Device\Harddisk0\DR0:
    07:42:14.0718 0x07cc MBR partitions:
    07:42:14.0718 0x07cc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xDF702F8
    07:42:14.0718 0x07cc ============================================================
    07:42:14.0984 0x07cc C: <-> \Device\Harddisk0\DR0\Partition1
    07:42:14.0984 0x07cc ============================================================
    07:42:14.0984 0x07cc Initialize success
    07:42:14.0984 0x07cc ============================================================
    07:42:22.0062 0x09b8 ============================================================
    07:42:22.0062 0x09b8 Scan started
    07:42:22.0062 0x09b8 Mode: Manual;
    07:42:22.0062 0x09b8 ============================================================
    07:42:22.0062 0x09b8 KSN ping started
    07:42:26.0000 0x09b8 KSN ping finished: true
    07:42:35.0640 0x09b8 ================ Scan system memory ========================
    07:42:35.0656 0x09b8 System memory - ok
    07:42:35.0656 0x09b8 ================ Scan services =============================
    07:42:36.0046 0x09b8 a2acc - ok
    07:42:37.0796 0x09b8 Abiosdsk - ok
    07:42:37.0812 0x09b8 abp480n5 - ok
    07:42:37.0984 0x09b8 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    07:42:38.0046 0x09b8 ACPI - ok
    07:42:39.0062 0x09b8 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    07:42:39.0156 0x09b8 ACPIEC - ok
    07:42:39.0765 0x09b8 [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    07:42:39.0890 0x09b8 AdobeFlashPlayerUpdateSvc - ok
    07:42:39.0937 0x09b8 adpu160m - ok
    07:42:40.0296 0x09b8 [ 11C04B17ED2ABBB4833694BCD644AC90, 4F50E672B8C1CA951EF1E01E969C73968BDB656889849859881333ECD3751A24 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
    07:42:40.0296 0x09b8 aeaudio - ok
    07:42:40.0390 0x09b8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
    07:42:40.0390 0x09b8 aec - ok
    07:42:40.0484 0x09b8 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    07:42:40.0500 0x09b8 AFD - ok
    07:42:40.0656 0x09b8 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    07:42:40.0671 0x09b8 agp440 - ok
    07:42:40.0703 0x09b8 Aha154x - ok
    07:42:40.0718 0x09b8 aic78u2 - ok
    07:42:40.0750 0x09b8 aic78xx - ok
    07:42:41.0265 0x09b8 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    07:42:41.0859 0x09b8 Alerter - ok
    07:42:41.0953 0x09b8 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
    07:42:41.0968 0x09b8 ALG - ok
    07:42:42.0031 0x09b8 AliIde - ok
    07:42:42.0140 0x09b8 amsint - ok
    07:42:43.0453 0x09b8 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    07:42:43.0468 0x09b8 Apple Mobile Device - ok
    07:42:43.0562 0x09b8 AppMgmt - ok
    07:42:43.0578 0x09b8 asc - ok
    07:42:43.0781 0x09b8 asc3350p - ok
    07:42:43.0796 0x09b8 asc3550 - ok
    07:42:43.0859 0x09b8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    07:42:43.0921 0x09b8 AsyncMac - ok
    07:42:44.0125 0x09b8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    07:42:44.0140 0x09b8 atapi - ok
    07:42:44.0281 0x09b8 Atdisk - ok
    07:42:44.0609 0x09b8 [ BBA22521D24625C7A7B8D57FB20A812E, DD8A296F98893A7FF2201F814556188F046BD529150771AA474DFE5ABD9AD2D6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    07:42:44.0609 0x09b8 Ati HotKey Poller - ok
    07:42:44.0765 0x09b8 [ 1C5473C7214A63C3012D5544779D07A3, D71D4131B4145B192ACDBE98648AD33640760FEE5A651812DFA019C6C227D822 ] ATI Remote Wonder II C:\WINDOWS\system32\drivers\ATIRWVD.SYS
    07:42:44.0765 0x09b8 ATI Remote Wonder II - ok
    07:42:45.0375 0x09b8 [ 3C7812BEDCDC11F697CD9CB0E449D62F, 88B78FA4FCDE7A02A35052D39ABE691C09C569FD07E9E8A009CFB6569BFF233A ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
    07:42:45.0421 0x09b8 ATI Smart - ok
    07:42:46.0234 0x09b8 [ 07AC9A98EA70B5A6655A5797174BD282, 95FE05144A51FC4E3FB75F8C9BA45A9FD0F482A81451102037F72F4D60D8E13B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    07:42:46.0312 0x09b8 ati2mtag - ok
    07:42:46.0390 0x09b8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    07:42:46.0421 0x09b8 Atmarpc - ok
    07:42:46.0484 0x09b8 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    07:42:46.0484 0x09b8 AudioSrv - ok
    07:42:46.0531 0x09b8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    07:42:46.0531 0x09b8 audstub - ok
    07:42:46.0562 0x09b8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    07:42:46.0578 0x09b8 Beep - ok
    07:42:46.0812 0x09b8 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\System32\qmgr.dll
    07:42:46.0843 0x09b8 BITS - ok
    07:42:47.0546 0x09b8 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    07:42:47.0562 0x09b8 Bonjour Service - ok
    07:42:47.0625 0x09b8 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
    07:42:47.0640 0x09b8 Browser - ok
    07:42:47.0671 0x09b8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    07:42:47.0687 0x09b8 cbidf2k - ok
    07:42:47.0734 0x09b8 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    07:42:47.0796 0x09b8 CCDECODE - ok
    07:42:47.0796 0x09b8 cd20xrnt - ok
    07:42:47.0875 0x09b8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    07:42:47.0875 0x09b8 Cdaudio - ok
    07:42:47.0953 0x09b8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    07:42:47.0953 0x09b8 Cdfs - ok
    07:42:48.0000 0x09b8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    07:42:48.0015 0x09b8 Cdrom - ok
    07:42:48.0015 0x09b8 Changer - ok
    07:42:48.0078 0x09b8 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
    07:42:48.0078 0x09b8 CiSvc - ok
    07:42:48.0078 0x09b8 cleanhlp - ok
    07:42:48.0140 0x09b8 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    07:42:48.0156 0x09b8 ClipSrv - ok
    07:42:48.0359 0x09b8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    07:42:48.0359 0x09b8 clr_optimization_v4.0.30319_32 - ok
    07:42:48.0375 0x09b8 CmdIde - ok
    07:42:48.0390 0x09b8 COMSysApp - ok
    07:42:48.0406 0x09b8 Cpqarray - ok
    07:42:48.0468 0x09b8 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    07:42:48.0468 0x09b8 CryptSvc - ok
    07:42:48.0468 0x09b8 dac2w2k - ok
    07:42:48.0484 0x09b8 dac960nt - ok
    07:42:48.0656 0x09b8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    07:42:48.0671 0x09b8 DcomLaunch - ok
    07:42:48.0750 0x09b8 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    07:42:48.0750 0x09b8 Dhcp - ok
    07:42:48.0796 0x09b8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    07:42:48.0812 0x09b8 Disk - ok
    07:42:48.0812 0x09b8 dmadmin - ok
    07:42:49.0171 0x09b8 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    07:42:49.0593 0x09b8 dmboot - ok
    07:42:49.0671 0x09b8 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    07:42:49.0718 0x09b8 dmio - ok
    07:42:49.0765 0x09b8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    07:42:49.0765 0x09b8 dmload - ok
    07:42:49.0796 0x09b8 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
    07:42:49.0796 0x09b8 dmserver - ok
    07:42:49.0859 0x09b8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    07:42:49.0859 0x09b8 DMusic - ok
    07:42:49.0906 0x09b8 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    07:42:49.0906 0x09b8 Dnscache - ok
    07:42:50.0015 0x09b8 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    07:42:50.0062 0x09b8 Dot3svc - ok
    07:42:50.0062 0x09b8 dpti2o - ok
    07:42:50.0078 0x09b8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    07:42:50.0078 0x09b8 drmkaud - ok
    07:42:50.0109 0x09b8 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
    07:42:50.0125 0x09b8 EapHost - ok
    07:42:50.0156 0x09b8 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
    07:42:50.0156 0x09b8 ERSvc - ok
    07:42:50.0234 0x09b8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
    07:42:50.0250 0x09b8 Eventlog - ok
    07:42:50.0359 0x09b8 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\System32\es.dll
    07:42:50.0359 0x09b8 EventSystem - ok
    07:42:50.0453 0x09b8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    07:42:50.0453 0x09b8 Fastfat - ok
    07:42:50.0531 0x09b8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    07:42:50.0531 0x09b8 FastUserSwitchingCompatibility - ok
    07:42:50.0546 0x09b8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    07:42:50.0562 0x09b8 Fdc - ok
    07:42:50.0609 0x09b8 [ 20FE03294AC1429AE88A64C2F754B0D4, 1AAA5F71528C20143E3BE2A93675FC88E34AF1394EB5409103F2C799A5C0B166 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
    07:42:50.0609 0x09b8 FilterService - ok
    07:42:50.0625 0x09b8 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    07:42:50.0625 0x09b8 Fips - ok
    07:42:50.0656 0x09b8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    07:42:50.0656 0x09b8 Flpydisk - ok
    07:42:50.0734 0x0ee8 Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc
    07:42:50.0734 0x09b8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    07:42:50.0781 0x09b8 FltMgr - ok
    07:42:50.0796 0x09b8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    07:42:50.0796 0x09b8 Fs_Rec - ok
    07:42:50.0859 0x09b8 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    07:42:50.0906 0x09b8 Ftdisk - ok
    07:42:50.0937 0x09b8 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    07:42:50.0937 0x09b8 GEARAspiWDM - ok
    07:42:50.0968 0x09b8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    07:42:50.0968 0x09b8 Gpc - ok
    07:42:51.0062 0x09b8 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    07:42:51.0062 0x09b8 gupdate - ok
    07:42:51.0109 0x09b8 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    07:42:51.0109 0x09b8 gupdatem - ok
    07:42:51.0218 0x09b8 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    07:42:51.0343 0x09b8 gusvc - ok
    07:42:51.0406 0x09b8 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    07:42:51.0421 0x09b8 helpsvc - ok
    07:42:51.0453 0x09b8 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
    07:42:51.0453 0x09b8 HidServ - ok
    07:42:51.0515 0x09b8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    07:42:51.0515 0x09b8 hidusb - ok
    07:42:51.0562 0x09b8 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    07:42:51.0593 0x09b8 hkmsvc - ok
    07:42:51.0593 0x09b8 hpn - ok
    07:42:51.0765 0x09b8 [ 58D4765AB87347DB835D5693ADF652C1, C82C844C29AC9041BEE7D02FB846AA9BC17D7DF0D8295AE31A485CC44B0CC7D7 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    07:42:51.0765 0x09b8 hpqcxs08 - ok
    07:42:51.0828 0x09b8 [ 99ED733F614660EB32199BF889DFB7E2, E96CD3DB09639DB9685AF20915BE9097E270D331A2516FA2929B4E2251B2FA61 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    07:42:51.0843 0x09b8 hpqddsvc - ok
    07:42:51.0875 0x09b8 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    07:42:51.0875 0x09b8 HPZid412 - ok
    07:42:51.0906 0x09b8 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    07:42:51.0906 0x09b8 HPZipr12 - ok
    07:42:51.0937 0x09b8 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    07:42:51.0953 0x09b8 HPZius12 - ok
    07:42:52.0062 0x09b8 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    07:42:52.0078 0x09b8 HTTP - ok
    07:42:52.0109 0x09b8 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    07:42:52.0140 0x09b8 HTTPFilter - ok
    07:42:52.0140 0x09b8 i2omgmt - ok
    07:42:52.0156 0x09b8 i2omp - ok
    07:42:52.0203 0x09b8 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    07:42:52.0203 0x09b8 i8042prt - ok
    07:42:52.0234 0x09b8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    07:42:52.0234 0x09b8 Imapi - ok
    07:42:52.0359 0x09b8 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\System32\imapi.exe
    07:42:52.0359 0x09b8 ImapiService - ok
    07:42:52.0359 0x09b8 ini910u - ok
    07:42:52.0375 0x09b8 IntelIde - ok
    07:42:52.0437 0x09b8 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    07:42:52.0437 0x09b8 intelppm - ok
    07:42:52.0562 0x09b8 [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    07:42:52.0562 0x09b8 IntuitUpdateServiceV4 - ok
    07:42:52.0625 0x09b8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
    07:42:52.0625 0x09b8 ip6fw - ok
    07:42:52.0687 0x09b8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    07:42:52.0703 0x09b8 IpFilterDriver - ok
    07:42:52.0734 0x09b8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    07:42:52.0734 0x09b8 IpInIp - ok
    07:42:53.0796 0x0ee8 Object send P2P result: true
    07:42:53.0812 0x09b8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    07:42:53.0828 0x09b8 IpNat - ok
    07:42:54.0140 0x09b8 [ 781ABA6C29AD40259602703A328DAEC6, 2DB936C8DE6D4424C6A10D4200F3D7F97A3A129A3B1064A83AB9846C3A828BE0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    07:42:54.0140 0x09b8 iPod Service - ok
    07:42:54.0187 0x09b8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    07:42:54.0187 0x09b8 IPSec - ok
    07:42:54.0218 0x09b8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    07:42:54.0234 0x09b8 IRENUM - ok
    07:42:54.0281 0x09b8 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    07:42:54.0296 0x09b8 isapnp - ok
    07:42:54.0328 0x09b8 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    07:42:54.0343 0x09b8 Kbdclass - ok
    07:42:54.0500 0x09b8 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    07:42:54.0515 0x09b8 kbdhid - ok
    07:42:54.0609 0x09b8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    07:42:54.0671 0x09b8 kmixer - ok
    07:42:54.0734 0x09b8 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    07:42:54.0765 0x09b8 KSecDD - ok
    07:42:54.0828 0x09b8 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    07:42:54.0828 0x09b8 lanmanserver - ok
    07:42:54.0890 0x09b8 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    07:42:54.0921 0x09b8 lanmanworkstation - ok
    07:42:54.0921 0x09b8 lbrtfdc - ok
    07:42:54.0968 0x09b8 [ 5D2498F99B7F08F372F9BA44C2474816, EF906148D7DEA4FC8A1256B0D290943B5E6FF138B7ED6A215B01F278BD2CD50F ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    07:42:54.0968 0x09b8 LHidFilt - ok
    07:42:55.0015 0x09b8 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    07:42:55.0031 0x09b8 LmHosts - ok
    07:42:55.0046 0x09b8 [ 4E1B80CC25C2D3BF6FD79E5CDB7787BB, 12DFE7024DD444532B38CC1CAC4C99BF33E2F5DD6E9D97BBCA5B6C4AA858CC7B ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    07:42:55.0046 0x09b8 LMouFilt - ok
    07:42:55.0125 0x09b8 [ AF280405C10F0D20F37670B7432E5C2F, 89EDF1B686CA6FE2516A5771AD80D6E8A6B022BA3D31E7988C2D2078CE45BEBA ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
    07:42:55.0171 0x09b8 lvpopflt - ok
    07:42:55.0218 0x09b8 [ 8BE71D7EDB8C7494913722059F760DD0, BA02D1EC025BDA8ADAE34483AB6B422A75D0C11392761F83BCB0D0ADB5B1EAE2 ] LVPr2Mon C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
    07:42:55.0218 0x09b8 LVPr2Mon - ok
    07:42:55.0343 0x09b8 [ 2333057542C91AE8228BDCCC2E5F2632, 51324D2D468DCDEA039F848585F6C78F99801D2725F7ACED2466E2D20BF112CD ] LVPrcSrv C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    07:42:55.0343 0x09b8 LVPrcSrv - ok
    07:42:55.0453 0x09b8 [ E52F5A2CADCF08D07F559962F807A0A2, 5AC12B9D43E593BD037DD4AB0414BC348762CEAEEB9031BF67F81A0E92AB6DC3 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
    07:42:55.0453 0x09b8 LVRS - ok
    07:42:57.0828 0x09b8 [ C3D02260BEB2B48DEA1EFDFCA91E4B69, 7A0E53F217E1F57ED81845904886FDE500C09261BE352DC101CEF8B95A235D7D ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    07:42:57.0984 0x09b8 LVUVC - ok
    07:42:58.0046 0x09b8 [ D2DED3C333A5D9CB3F4C244B0F0DD877, 5C1D6C2520C24B12AC99B4B1AB8A0C41052B78CEC2E8B52807057B09A03AD81F ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    07:42:58.0046 0x09b8 MBAMProtector - ok
    07:42:58.0734 0x09b8 [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    07:42:58.0781 0x09b8 MBAMScheduler - ok
    07:42:59.0109 0x09b8 [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    07:42:59.0125 0x09b8 MBAMService - ok
    07:42:59.0187 0x09b8 [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    07:42:59.0234 0x09b8 MBAMSwissArmy - ok
    07:42:59.0281 0x09b8 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    07:42:59.0296 0x09b8 Messenger - ok
    07:42:59.0328 0x09b8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    07:42:59.0328 0x09b8 mnmdd - ok
    07:42:59.0390 0x09b8 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
    07:42:59.0406 0x09b8 mnmsrvc - ok
    07:42:59.0453 0x09b8 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    07:42:59.0468 0x09b8 Modem - ok
    07:42:59.0500 0x09b8 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    07:42:59.0500 0x09b8 Mouclass - ok
    07:42:59.0531 0x09b8 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    07:42:59.0531 0x09b8 mouhid - ok
    07:42:59.0765 0x09b8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    07:42:59.0781 0x09b8 MountMgr - ok
    07:42:59.0781 0x09b8 mraid35x - ok
    07:42:59.0859 0x09b8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    07:42:59.0859 0x09b8 MRxDAV - ok
     
  10. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    Second TDS Scan Part 2

    07:43:00.0046 0x09b8 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    07:43:00.0062 0x09b8 MRxSmb - ok
    07:43:00.0109 0x09b8 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
    07:43:00.0109 0x09b8 MSDTC - ok
    07:43:00.0156 0x09b8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    07:43:00.0156 0x09b8 Msfs - ok
    07:43:00.0171 0x09b8 MSIServer - ok
    07:43:00.0187 0x09b8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    07:43:00.0203 0x09b8 MSKSSRV - ok
    07:43:00.0218 0x09b8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    07:43:00.0218 0x09b8 MSPCLOCK - ok
    07:43:00.0234 0x09b8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    07:43:00.0234 0x09b8 MSPQM - ok
    07:43:00.0296 0x09b8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    07:43:00.0296 0x09b8 mssmbios - ok
    07:43:00.0312 0x09b8 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    07:43:00.0312 0x09b8 MSTEE - ok
    07:43:00.0375 0x09b8 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    07:43:00.0406 0x09b8 Mup - ok
    07:43:00.0453 0x09b8 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    07:43:00.0500 0x09b8 NABTSFEC - ok
    07:43:00.0640 0x09b8 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
    07:43:00.0734 0x09b8 napagent - ok
    07:43:00.0843 0x09b8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    07:43:00.0890 0x09b8 NDIS - ok
    07:43:00.0921 0x09b8 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    07:43:00.0921 0x09b8 NdisIP - ok
    07:43:00.0953 0x09b8 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    07:43:00.0953 0x09b8 NdisTapi - ok
    07:43:00.0968 0x09b8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    07:43:00.0968 0x09b8 Ndisuio - ok
    07:43:01.0015 0x09b8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    07:43:01.0015 0x09b8 NdisWan - ok
    07:43:01.0062 0x09b8 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    07:43:01.0062 0x09b8 NDProxy - ok
    07:43:01.0109 0x09b8 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    07:43:01.0109 0x09b8 Net Driver HPZ12 - ok
    07:43:01.0125 0x09b8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    07:43:01.0140 0x09b8 NetBIOS - ok
    07:43:01.0203 0x09b8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    07:43:01.0203 0x09b8 NetBT - ok
    07:43:01.0296 0x09b8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
    07:43:01.0328 0x09b8 NetDDE - ok
    07:43:01.0390 0x09b8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    07:43:01.0390 0x09b8 NetDDEdsdm - ok
    07:43:01.0421 0x09b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\System32\lsass.exe
    07:43:01.0421 0x09b8 Netlogon - ok
    07:43:01.0515 0x09b8 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
    07:43:01.0515 0x09b8 Netman - ok
    07:43:01.0640 0x09b8 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
    07:43:01.0640 0x09b8 Nla - ok
    07:43:01.0656 0x09b8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    07:43:01.0671 0x09b8 Npfs - ok
    07:43:01.0859 0x09b8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    07:43:02.0062 0x09b8 Ntfs - ok
    07:43:02.0078 0x09b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
    07:43:02.0078 0x09b8 NtLmSsp - ok
    07:43:02.0234 0x09b8 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    07:43:02.0453 0x09b8 NtmsSvc - ok
    07:43:02.0531 0x09b8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
    07:43:02.0531 0x09b8 Null - ok
    07:43:02.0578 0x09b8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    07:43:02.0593 0x09b8 NwlnkFlt - ok
    07:43:02.0625 0x09b8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    07:43:02.0640 0x09b8 NwlnkFwd - ok
    07:43:02.0687 0x09b8 [ CEC7E2C6C1FA00C7AB2F5434F848AE51, 399CF962689652F6B3906F40D20EE7BBDA856CD56031A65C5A1E8718016FCE90 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
    07:43:02.0687 0x09b8 OMCI - ok
    07:43:02.0734 0x09b8 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    07:43:02.0734 0x09b8 Parport - ok
    07:43:02.0750 0x09b8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    07:43:02.0765 0x09b8 PartMgr - ok
    07:43:02.0796 0x09b8 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    07:43:02.0796 0x09b8 ParVdm - ok
    07:43:02.0828 0x09b8 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    07:43:02.0859 0x09b8 PCI - ok
    07:43:02.0875 0x09b8 PCIDump - ok
    07:43:02.0875 0x09b8 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    07:43:02.0875 0x09b8 PCIIde - ok
    07:43:02.0953 0x09b8 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    07:43:03.0000 0x09b8 Pcmcia - ok
    07:43:03.0000 0x09b8 PDCOMP - ok
    07:43:03.0015 0x09b8 PDFRAME - ok
    07:43:03.0015 0x09b8 PDRELI - ok
    07:43:03.0031 0x09b8 PDRFRAME - ok
    07:43:03.0046 0x09b8 perc2 - ok
    07:43:03.0046 0x09b8 perc2hib - ok
    07:43:03.0125 0x09b8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
    07:43:03.0125 0x09b8 PlugPlay - ok
    07:43:03.0156 0x09b8 [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    07:43:03.0156 0x09b8 Pml Driver HPZ12 - ok
    07:43:03.0171 0x09b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
    07:43:03.0171 0x09b8 PolicyAgent - ok
    07:43:03.0218 0x09b8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    07:43:03.0218 0x09b8 PptpMiniport - ok
    07:43:03.0234 0x09b8 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
    07:43:03.0234 0x09b8 Processor - ok
    07:43:03.0250 0x09b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    07:43:03.0250 0x09b8 ProtectedStorage - ok
    07:43:03.0281 0x09b8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    07:43:03.0281 0x09b8 PSched - ok
    07:43:03.0328 0x09b8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    07:43:03.0328 0x09b8 Ptilink - ok
    07:43:03.0328 0x09b8 ql1080 - ok
    07:43:03.0343 0x09b8 Ql10wnt - ok
    07:43:03.0343 0x09b8 ql12160 - ok
    07:43:03.0359 0x09b8 ql1240 - ok
    07:43:03.0375 0x09b8 ql1280 - ok
    07:43:03.0390 0x09b8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    07:43:03.0390 0x09b8 RasAcd - ok
    07:43:03.0453 0x09b8 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
    07:43:03.0484 0x09b8 RasAuto - ok
    07:43:03.0531 0x09b8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    07:43:03.0531 0x09b8 Rasl2tp - ok
    07:43:03.0625 0x09b8 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
    07:43:03.0625 0x09b8 RasMan - ok
    07:43:03.0656 0x09b8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    07:43:03.0656 0x09b8 RasPppoe - ok
    07:43:03.0671 0x09b8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    07:43:03.0671 0x09b8 Raspti - ok
    07:43:03.0734 0x09b8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    07:43:03.0750 0x09b8 Rdbss - ok
    07:43:03.0765 0x09b8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    07:43:03.0765 0x09b8 RDPCDD - ok
    07:43:03.0906 0x09b8 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    07:43:03.0953 0x09b8 RDPWD - ok
    07:43:04.0031 0x09b8 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    07:43:04.0125 0x09b8 RDSessMgr - ok
    07:43:04.0234 0x09b8 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    07:43:04.0250 0x09b8 RealNetworks Downloader Resolver Service - ok
    07:43:04.0312 0x09b8 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    07:43:04.0312 0x09b8 redbook - ok
    07:43:04.0375 0x09b8 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    07:43:04.0453 0x09b8 RemoteAccess - ok
    07:43:04.0562 0x09b8 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe
    07:43:04.0593 0x09b8 RpcLocator - ok
    07:43:04.0781 0x09b8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
    07:43:04.0796 0x09b8 RpcSs - ok
    07:43:04.0937 0x09b8 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe
    07:43:05.0015 0x09b8 RSVP - ok
    07:43:05.0093 0x09b8 [ 223D721E1334425DF479B58123C9E886, D0B3B68C66E918CDD117E2E5FFEBDE83B892096A1CBEC34F0EB5142BCDF9F0DE ] RTL8023xp C:\WINDOWS\system32\DRIVERS\EG1032xp.sys
    07:43:05.0093 0x09b8 RTL8023xp - ok
    07:43:05.0109 0x09b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
    07:43:05.0109 0x09b8 SamSs - ok
    07:43:05.0203 0x09b8 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    07:43:05.0281 0x09b8 SCardSvr - ok
    07:43:05.0468 0x09b8 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    07:43:05.0468 0x09b8 Schedule - ok
    07:43:05.0546 0x09b8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    07:43:05.0562 0x09b8 Secdrv - ok
    07:43:05.0593 0x09b8 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
    07:43:05.0609 0x09b8 seclogon - ok
    07:43:05.0687 0x09b8 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
    07:43:05.0687 0x09b8 SENS - ok
    07:43:05.0718 0x09b8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    07:43:05.0718 0x09b8 serenum - ok
    07:43:05.0765 0x09b8 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    07:43:05.0765 0x09b8 Serial - ok
    07:43:05.0843 0x09b8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    07:43:05.0843 0x09b8 Sfloppy - ok
    07:43:06.0000 0x09b8 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    07:43:06.0109 0x09b8 SharedAccess - ok
    07:43:06.0187 0x09b8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    07:43:06.0203 0x09b8 ShellHWDetection - ok
    07:43:06.0218 0x09b8 Simbad - ok
    07:43:06.0281 0x09b8 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    07:43:06.0328 0x09b8 SLIP - ok
    07:43:06.0625 0x09b8 [ 39F9595D2F6F7EB93F45A466789A6F49, 57BF163924D9EA1CC109ABA49899E04D478D9A85195A1161F9611C07A8F58D4D ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
    07:43:06.0640 0x09b8 smwdm - ok
    07:43:06.0640 0x09b8 Sparrow - ok
    07:43:06.0812 0x09b8 [ DC7F26E519331D074E6D3D8A90595364, 4DB650046BB439101F48224E21F69CB10DD441EDA25E1A1895496C5FF1F88C6D ] spkrmon C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    07:43:06.0812 0x09b8 spkrmon - ok
    07:43:06.0875 0x09b8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    07:43:06.0875 0x09b8 splitter - ok
    07:43:06.0953 0x09b8 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    07:43:06.0953 0x09b8 Spooler - ok
    07:43:07.0046 0x09b8 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    07:43:07.0125 0x09b8 sr - ok
    07:43:07.0250 0x09b8 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\System32\srsvc.dll
    07:43:07.0265 0x09b8 srservice - ok
    07:43:07.0546 0x09b8 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    07:43:07.0562 0x09b8 Srv - ok
    07:43:07.0640 0x09b8 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    07:43:07.0640 0x09b8 SSDPSRV - ok
    07:43:07.0828 0x09b8 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    07:43:07.0843 0x09b8 stisvc - ok
    07:43:07.0906 0x09b8 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    07:43:07.0906 0x09b8 streamip - ok
    07:43:07.0953 0x09b8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    07:43:07.0953 0x09b8 swenum - ok
    07:43:08.0015 0x09b8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    07:43:08.0015 0x09b8 swmidi - ok
    07:43:08.0015 0x09b8 SwPrv - ok
    07:43:08.0062 0x09b8 symc810 - ok
    07:43:08.0093 0x09b8 symc8xx - ok
    07:43:08.0125 0x09b8 sym_hi - ok
    07:43:08.0140 0x09b8 sym_u3 - ok
    07:43:08.0203 0x09b8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    07:43:08.0203 0x09b8 sysaudio - ok
    07:43:08.0328 0x09b8 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    07:43:08.0390 0x09b8 SysmonLog - ok
    07:43:08.0578 0x09b8 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    07:43:08.0593 0x09b8 TapiSrv - ok
    07:43:08.0812 0x09b8 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    07:43:08.0828 0x09b8 Tcpip - ok
    07:43:08.0890 0x09b8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    07:43:08.0906 0x09b8 TDPIPE - ok
    07:43:08.0984 0x09b8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    07:43:09.0000 0x09b8 TDTCP - ok
    07:43:09.0046 0x09b8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    07:43:09.0062 0x09b8 TermDD - ok
    07:43:09.0250 0x09b8 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
    07:43:09.0265 0x09b8 TermService - ok
    07:43:09.0718 0x09b8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
    07:43:09.0718 0x09b8 Themes - ok
    07:43:09.0734 0x09b8 TosIde - ok
    07:43:09.0796 0x09b8 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    07:43:09.0812 0x09b8 TrkWks - ok
    07:43:09.0875 0x09b8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    07:43:09.0875 0x09b8 Udfs - ok
    07:43:09.0890 0x09b8 ultra - ok
    07:43:10.0187 0x09b8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    07:43:10.0203 0x09b8 Update - ok
    07:43:10.0359 0x09b8 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
    07:43:10.0437 0x09b8 upnphost - ok
    07:43:10.0515 0x09b8 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
    07:43:10.0578 0x09b8 UPS - ok
    07:43:10.0765 0x09b8 [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    07:43:10.0812 0x09b8 USBAAPL - ok
    07:43:10.0890 0x09b8 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    07:43:10.0890 0x09b8 usbaudio - ok
    07:43:10.0937 0x09b8 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    07:43:10.0937 0x09b8 usbccgp - ok
    07:43:11.0015 0x09b8 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    07:43:11.0015 0x09b8 usbehci - ok
    07:43:11.0125 0x09b8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    07:43:11.0125 0x09b8 usbhub - ok
    07:43:11.0171 0x09b8 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    07:43:11.0171 0x09b8 usbprint - ok
    07:43:11.0265 0x09b8 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    07:43:11.0265 0x09b8 usbscan - ok
    07:43:11.0406 0x09b8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    07:43:11.0453 0x09b8 USBSTOR - ok
    07:43:11.0609 0x09b8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    07:43:11.0609 0x09b8 usbuhci - ok
    07:43:11.0671 0x09b8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    07:43:11.0671 0x09b8 VgaSave - ok
    07:43:11.0671 0x09b8 ViaIde - ok
    07:43:11.0734 0x09b8 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    07:43:11.0750 0x09b8 VolSnap - ok
    07:43:11.0875 0x09b8 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
    07:43:11.0984 0x09b8 VSS - ok
    07:43:12.0062 0x09b8 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\System32\w32time.dll
    07:43:12.0062 0x09b8 W32Time - ok
    07:43:12.0125 0x09b8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    07:43:12.0125 0x09b8 Wanarp - ok
    07:43:12.0328 0x09b8 [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    07:43:12.0343 0x09b8 Wdf01000 - ok
    07:43:12.0343 0x09b8 WDICA - ok
    07:43:12.0390 0x09b8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    07:43:12.0390 0x09b8 wdmaud - ok
    07:43:12.0453 0x09b8 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
    07:43:12.0453 0x09b8 WebClient - ok
    07:43:12.0578 0x09b8 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    07:43:12.0578 0x09b8 winmgmt - ok
    07:43:12.0656 0x09b8 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
    07:43:12.0671 0x09b8 WmdmPmSN - ok
    07:43:12.0765 0x09b8 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
    07:43:12.0812 0x09b8 WmiApSrv - ok
    07:43:13.0140 0x09b8 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    07:43:13.0406 0x09b8 WPFFontCache_v0400 - ok
    07:43:13.0500 0x09b8 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    07:43:13.0500 0x09b8 wscsvc - ok
    07:43:13.0546 0x09b8 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    07:43:13.0546 0x09b8 WSTCODEC - ok
    07:43:13.0578 0x09b8 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    07:43:13.0593 0x09b8 wuauserv - ok
    07:43:13.0781 0x09b8 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    07:43:13.0781 0x09b8 WZCSVC - ok
    07:43:13.0859 0x09b8 x10nets - ok
    07:43:13.0937 0x09b8 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    07:43:13.0984 0x09b8 xmlprov - ok
    07:43:14.0218 0x09b8 [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    07:43:14.0234 0x09b8 YahooAUService - ok
    07:43:14.0234 0x09b8 ================ Scan global ===============================
    07:43:14.0296 0x09b8 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
    07:43:14.0437 0x09b8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    07:43:14.0546 0x09b8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    07:43:14.0609 0x09b8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
    07:43:14.0609 0x09b8 [ Global ] - ok
    07:43:14.0609 0x09b8 ================ Scan MBR ==================================
    07:43:14.0640 0x09b8 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    07:43:14.0953 0x09b8 \Device\Harddisk0\DR0 - ok
    07:43:14.0953 0x09b8 ================ Scan VBR ==================================
    07:43:14.0968 0x09b8 [ F6955C1DEF39845F2D0E0F37C582E01F ] \Device\Harddisk0\DR0\Partition1
    07:43:15.0000 0x09b8 \Device\Harddisk0\DR0\Partition1 - ok
    07:43:15.0000 0x09b8 ================ Scan generic autorun ======================
    07:43:15.0203 0x09b8 [ 2B4EC8708AF814DC49E55404988D010A, E6AFD61DD865D65CFB1B55897DBA57EA7457A6F16D4B3C48AAD996322BFBFBB7 ] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    07:43:15.0203 0x09b8 ATIPTA - ok
    07:43:15.0218 0x09b8 ATI DeviceDetect - ok
    07:43:15.0218 0x09b8 Waiting for KSN requests completion. In queue: 183
    07:43:16.0218 0x09b8 Waiting for KSN requests completion. In queue: 183
    07:43:17.0218 0x09b8 Waiting for KSN requests completion. In queue: 183
    07:43:18.0265 0x09b8 Win FW state via NFM: enabled
    07:43:20.0734 0x09b8 ============================================================
    07:43:20.0734 0x09b8 Scan finished
    07:43:20.0734 0x09b8 ============================================================
    07:43:20.0750 0x09b0 Detected object count: 0
    07:43:20.0750 0x09b0 Actual detected object count: 0
     
  11. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Very good :)

    [​IMG] Re-run DDS and you should get both logs now.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes icon in the system tray and click on Exit.
     
  12. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    Here are both DDS Logs:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/22/2014 9:37:16 AM
    System Uptime: 11/20/2014 2:42:23 PM (7 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0W2562
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 112 GiB total, 51.143 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP138: 8/27/2014 12:37:21 PM - System Checkpoint
    RP139: 8/29/2014 9:53:40 AM - System Checkpoint
    RP140: 9/5/2014 1:08:53 PM - System Checkpoint
    RP141: 9/6/2014 1:03:11 PM - Software Distribution Service 3.0
    RP142: 9/11/2014 8:08:54 AM - System Checkpoint
    RP143: 9/12/2014 6:35:18 PM - System Checkpoint
    RP144: 9/13/2014 7:04:53 PM - System Checkpoint
    RP145: 9/14/2014 7:52:48 PM - System Checkpoint
    RP146: 9/15/2014 8:52:48 PM - System Checkpoint
    RP147: 9/16/2014 9:52:48 PM - System Checkpoint
    RP148: 9/17/2014 10:52:48 PM - System Checkpoint
    RP149: 9/18/2014 11:52:48 PM - System Checkpoint
    RP150: 9/20/2014 12:52:49 AM - System Checkpoint
    RP151: 9/21/2014 8:07:36 PM - System Checkpoint
    RP152: 9/23/2014 8:08:00 AM - System Checkpoint
    RP153: 9/25/2014 1:04:58 PM - System Checkpoint
    RP154: 9/25/2014 2:15:39 PM - Software Distribution Service 3.0
    RP155: 9/25/2014 3:22:08 PM - Installed Microsoft Fix it 50267
    RP156: 9/29/2014 4:55:28 PM - System Checkpoint
    RP157: 10/12/2014 10:49:15 AM - Installed iTunes
    RP158: 10/15/2014 1:15:23 PM - System Checkpoint
    RP159: 10/16/2014 1:16:17 PM - System Checkpoint
    RP160: 10/17/2014 6:00:47 PM - System Checkpoint
    RP161: 10/20/2014 5:08:47 PM - System Checkpoint
    RP162: 10/21/2014 5:13:52 PM - System Checkpoint
    RP163: 10/22/2014 6:01:28 PM - System Checkpoint
    RP164: 10/23/2014 6:07:52 PM - System Checkpoint
    RP165: 10/24/2014 7:01:46 PM - System Checkpoint
    RP166: 10/25/2014 7:55:39 PM - System Checkpoint
    RP167: 11/5/2014 1:44:44 PM - System Checkpoint
    RP168: 11/6/2014 2:22:17 PM - System Checkpoint
    RP169: 11/7/2014 3:11:40 PM - System Checkpoint
    RP170: 11/9/2014 1:19:51 PM - System Checkpoint
    RP171: 11/12/2014 10:17:14 AM - System Checkpoint
    RP172: 11/13/2014 12:03:01 PM - System Checkpoint
    RP173: 11/15/2014 9:36:55 AM - System Checkpoint
    RP174: 11/17/2014 11:49:25 AM - System Checkpoint
    RP175: 11/18/2014 12:08:31 PM - System Checkpoint
    RP176: 11/19/2014 12:14:14 PM - System Checkpoint
    RP177: 11/20/2014 12:15:55 PM - Removed Logitech SetPoint 5.00.
    RP178: 11/20/2014 12:41:13 PM - Software Distribution Service 3.0
    RP179: 11/20/2014 2:37:12 PM - Removed Logitech Vid.
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe Flash Player 15 ActiveX
    Adobe Reader XI (11.0.08)
    AIO_Scan
    AOL Toolbar 5.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Control Panel
    ATI Decoder
    ATI Display Driver
    ATI HYDRAVISION
    ATI Multimedia Center 9.0.0.0
    ATI Remote Wonder 2.3
    ATIRW2
    Bonjour
    BufferChm
    Call of Duty(R) 2
    Call of Duty(R) 2 Patch 1.3
    CameraHelperMsi
    Copy
    CustomerResearchQFolder
    DAO
    Dell ResourceCD
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DJ_AIO_ProductContext
    DJ_AIO_Software
    DJ_AIO_Software_min
    erLT
    eSupportQFolder
    F4100
    F4100_doccd
    F4100_Help
    File Association Helper
    Free M4a to MP3 Converter 8.2
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Windows XP (KB952287)
    HP Customer Participation Program 9.0
    HP Deskjet All-In-One Software 9.0
    HP Imaging Device Functions 9.0
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Solution Center 9.0
    HP Update
    HPProductAssistant
    HPSSupply
    iTunes
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 2.0.3.1025
    MarketResearch
    Microsoft .NET Framework 4 Client Profile
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft ReportViewer 2010 Redistributable
    Microsoft Silverlight
    MMC90
    Mozilla Firefox 33.1.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Pdf2Jpg version 1.2
    PSSWCORE
    QuickTime 7
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    RealUpgrade 1.1
    Scan
    ScopeUserGuide
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2803821-v2)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219-v2)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135-v2)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862152)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868038)
    Security Update for Windows XP (KB2868626)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876331)
    Security Update for Windows XP (KB2892075)
    Security Update for Windows XP (KB2893294)
    Security Update for Windows XP (KB2893984)
    Security Update for Windows XP (KB2898715)
    Security Update for Windows XP (KB2898785)
    Security Update for Windows XP (KB2900986)
    Security Update for Windows XP (KB2914368)
    Security Update for Windows XP (KB2916036)
    Security Update for Windows XP (KB2922229)
    Security Update for Windows XP (KB2929961)
    Security Update for Windows XP (KB2930275)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Skype™ 6.21
    SolutionCenter
    SoundMAX
    Status
    Toolbox
    TrayApp
    TurboTax 2013
    TurboTax 2013 wctiper
    TurboTax 2013 WinPerFedFormset
    TurboTax 2013 WinPerReleaseEngine
    TurboTax 2013 WinPerTaxSupport
    TurboTax 2013 wrapper
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2904266)
    Update for Windows XP (KB2934207)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB973815)
    VideoToolkit01
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Encoder 9 Series
    Windows XP Service Pack 3
    WinZip 19.0
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/20/2014 12:03:49 PM, error: Dhcp [1002] - The IP address lease 192.168.1.114 for the Network Card with network address 00226BC44363 has been denied by the DHCP server 68.114.36.67 (The DHCP Server sent a DHCPNACK message).
    11/20/2014 12:02:00 PM, error: Service Control Manager [7034] - The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).
    11/20/2014 1:19:25 PM, error: Dhcp [1002] - The IP address lease 75.134.11.47 for the Network Card with network address 00226BC44363 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    11/18/2014 9:43:22 AM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 2 time(s).
    11/18/2014 9:13:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Emsisoft Protection Service service to connect.
    11/18/2014 9:13:07 AM, error: Service Control Manager [7000] - The Emsisoft Protection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/18/2014 8:11:08 AM, error: Service Control Manager [7034] - The Emsisoft Protection Service service terminated unexpectedly. It has done this 4 time(s).
    11/18/2014 8:10:01 AM, error: Service Control Manager [7034] - The Emsisoft Protection Service service terminated unexpectedly. It has done this 3 time(s).
    11/18/2014 8:09:24 AM, error: Service Control Manager [7031] - The Emsisoft Protection Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    11/18/2014 7:38:22 AM, error: Service Control Manager [7031] - The Emsisoft Protection Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    11/17/2014 3:05:51 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
    11/17/2014 2:21:27 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
    11/16/2014 8:06:26 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 2 time(s).
    11/16/2014 1:01:50 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================



    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 6.0.2900.5512
    Run by dennis pengelly at 21:31:40 on 2014-11-20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.240 [GMT -5:00]
    .
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\File Association Helper\FAHWindow.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    uProxyServer = 0.0.0.0:80
    uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn13\yt.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users.windows\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: AOL Toolbar Launcher: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
    uRun: [ATI Launchpad] "c:\program files\ati multimedia\main\launchpd.exe"
    uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
    uRun: [Logitech Vid HD] "c:\program files\logitech\vid\vid.exe" -bootmode
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [ATI DeviceDetect] c:\program files\ati multimedia\\program files\ati multimedia\main\ATIDtct.EXE
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [FAHConsole] c:\program files\file association helper\FAHConsole.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    StartupFolder: c:\docume~1\dennis~1.den\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
    IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    TCP: NameServer = 71.10.216.1 71.10.216.2
    TCP: Interfaces\{1C654C1B-F352-41BE-A63C-8ECEC7166322} : DHCPNameServer = 71.10.216.1 71.10.216.2
    Notify: AtiExtEvent - Ati2evxx.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\dennis pengelly.dentech-cxslvns\application data\mozilla\firefox\profiles\uifpypoh.default\
    FF - plugin: c:\documents and settings\all users.windows\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users.windows\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
    FF - plugin: c:\documents and settings\all users.windows\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
    FF - plugin: c:\documents and settings\all users.windows\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2014-1-3 14624]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-3-24 1871160]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-3-24 968504]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-24 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-3-24 114904]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 a2acc;a2acc;\??\c:\program files\emsisoft anti-malware\a2accx86.sys --> c:\program files\emsisoft anti-malware\a2accx86.sys [?]
    S3 cleanhlp;cleanhlp;\??\c:\program files\emsisoft anti-malware\cleanhlp32.sys --> c:\program files\emsisoft anti-malware\cleanhlp32.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
    .
    =============== Created Last 30 ================
    .
    2014-11-20 20:36:41 -------- d-----w- c:\documents and settings\dennis pengelly.dentech-cxslvns\local settings\application data\Mozilla
    2014-11-20 20:36:15 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2014-11-20 20:36:04 48240 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
    2014-11-20 20:36:03 904104 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
    2014-11-20 19:37:48 -------- d-----w- c:\documents and settings\dennis pengelly.dentech-cxslvns\local settings\application data\Logitech® Webcam Software
    2014-11-20 18:43:20 53248 ----a-r- c:\documents and settings\dennis pengelly.dentech-cxslvns\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
    2014-11-20 12:37:09 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-11-18 02:56:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2014-11-18 02:56:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2014-11-18 02:56:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2014-11-18 02:56:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2014-11-18 02:56:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2014-11-18 02:50:47 -------- d-----w- c:\program files\iPod
    2014-11-18 02:50:46 -------- d-----w- c:\program files\iTunes
    2014-11-18 02:47:26 -------- d-----w- c:\documents and settings\all users.windows\application data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2014-11-18 02:05:06 -------- d-----w- c:\documents and settings\all users.windows\application data\Emsisoft
    2014-11-17 20:00:45 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2014-11-16 01:26:50 -------- d-----w- c:\documents and settings\dennis pengelly.dentech-cxslvns\local settings\application data\WinZip
    2014-11-16 01:24:27 -------- d-----w- c:\program files\File Association Helper
    2014-10-22 19:48:43 6000640 ----a-w- c:\program files\GUT141.tmp
    2014-10-22 19:48:43 -------- d-----w- c:\program files\GUM140.tmp
    .
    ==================== Find3M ====================
    .
    2014-11-20 22:16:37 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-12 13:47:24 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-11-12 13:47:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-11-12 13:46:12 17339056 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2014-10-01 16:11:18 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-01 16:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 21:32:56.98 ===============
     
  13. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    I don't see any AV program running.
    Why?
     
  14. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    Malwarebytes is running
     
  15. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    RogueKiller Log

    RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : dennis pengelly [Administrator]
    Mode : Delete -- Date : 11/20/2014 22:13:33

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 15 ¤¤¤
    [PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\DOCUME~1\DENNIS~1.DEN\LOCALS~1\Temp\mbr.sys) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\DOCUME~1\DENNIS~1.DEN\LOCALS~1\Temp\mbr.sys) -> Not selected
    [PUM.Proxy] HKEY_USERS\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 0.0.0.0:80 -> Not selected
    [PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Not selected
    [PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] HKEY_USERS\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C654C1B-F352-41BE-A63C-8ECEC7166322} | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1C654C1B-F352-41BE-A63C-8ECEC7166322} | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1C654C1B-F352-41BE-A63C-8ECEC7166322} | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 5 (Driver: Loaded) ¤¤¤
    [IAT:Addr] (firefox.exe @ SHELL32.dll) USERENV.dll - GetUserProfileDirectoryW : Unknown @ 0x769c6357
    [IAT:Addr] (firefox.exe @ mswsock.dll) DNSAPI.dll - DnsQueryConfigAllocEx : Unknown @ 0x76f27a55
    [IAT:Addr] (firefox.exe @ mswsock.dll) DNSAPI.dll - DnsRecordListFree : Unknown @ 0x76f25b12
    [IAT:Addr] (firefox.exe @ mswsock.dll) DNSAPI.dll - DnsApiFree : Unknown @ 0x76f237a1
    [IAT:Addr] (firefox.exe @ mswsock.dll) DNSAPI.dll - DnsQuery_W : Unknown @ 0x76f22da3

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST3120026AS +++++
    --- User ---
    [MBR] a383a678cd224af9ca496c06637b93d2
    [BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 80325 | Size: 114400 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_11202014_221041.log
     
  16. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Malwarebytes is NOT an AV program.
    When you're done with MBAR...

    Install ONE of these:

    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
    You can keep it or you have to disable it before installing another AV program. How to...

    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    Update, run full scan, report on any findings.
     
  17. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    OK...Going to create restore point and run MBAR
     
  18. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    MBAR Results

    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org

    Database version: v2014.11.21.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    dennis pengelly :: DENTECH-CXSLVNS [administrator]

    11/20/2014 10:50:16 PM
    mbar-log-2014-11-20 (22-50-16).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 506372
    Time elapsed: 1 hour(s), 39 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 6.0.2900.5512

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.992000 GHz
    Memory total: 1072693248, free: 325308416

    Downloaded database version: v2014.11.21.02
    Downloaded database version: v2014.11.18.01
    =======================================
    Initializing...
    This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
    =======================================
    Initializing...
    ------------ Kernel report ------------
    11/20/2014 22:49:20
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\System32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    agp440.sys
    \SystemRoot\System32\DRIVERS\intelppm.sys
    \SystemRoot\System32\DRIVERS\ati2mtag.sys
    \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\usbuhci.sys
    \SystemRoot\System32\DRIVERS\USBPORT.SYS
    \SystemRoot\System32\DRIVERS\usbehci.sys
    \SystemRoot\System32\DRIVERS\EG1032xp.sys
    \SystemRoot\System32\DRIVERS\fdc.sys
    \SystemRoot\System32\DRIVERS\i8042prt.sys
    \SystemRoot\System32\DRIVERS\kbdclass.sys
    \SystemRoot\System32\DRIVERS\serial.sys
    \SystemRoot\System32\DRIVERS\serenum.sys
    \SystemRoot\System32\DRIVERS\parport.sys
    \SystemRoot\System32\DRIVERS\cdrom.sys
    \SystemRoot\System32\DRIVERS\redbook.sys
    \SystemRoot\System32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\System32\DRIVERS\imapi.sys
    \SystemRoot\system32\drivers\smwdm.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\aeaudio.sys
    \SystemRoot\System32\DRIVERS\audstub.sys
    \SystemRoot\System32\DRIVERS\rasl2tp.sys
    \SystemRoot\System32\DRIVERS\ndistapi.sys
    \SystemRoot\System32\DRIVERS\ndiswan.sys
    \SystemRoot\System32\DRIVERS\raspppoe.sys
    \SystemRoot\System32\DRIVERS\raspptp.sys
    \SystemRoot\System32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\psched.sys
    \SystemRoot\System32\DRIVERS\msgpc.sys
    \SystemRoot\System32\DRIVERS\ptilink.sys
    \SystemRoot\System32\DRIVERS\raspti.sys
    \SystemRoot\System32\DRIVERS\termdd.sys
    \SystemRoot\System32\DRIVERS\mouclass.sys
    \SystemRoot\System32\DRIVERS\swenum.sys
    \SystemRoot\System32\DRIVERS\update.sys
    \SystemRoot\System32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\drivers\ATIRWVD.SYS
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\DRIVERS\usbhub.sys
    \SystemRoot\System32\DRIVERS\USBD.SYS
    \SystemRoot\System32\DRIVERS\flpydisk.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\System32\DRIVERS\ipsec.sys
    \SystemRoot\System32\DRIVERS\tcpip.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbios.sys
    \SystemRoot\System32\DRIVERS\rdbss.sys
    \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
    \SystemRoot\System32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\System32\DRIVERS\ipnat.sys
    \SystemRoot\System32\DRIVERS\wanarp.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\lvuvc.sys
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\system32\DRIVERS\lvrs.sys
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\System32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\HPZius12.sys
    \SystemRoot\System32\DRIVERS\hidusb.sys
    \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HPZid412.sys
    \SystemRoot\System32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\HPZipr12.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\atikvmag.dll
    \SystemRoot\System32\ati3duag.dll
    \SystemRoot\System32\ativvaxx.dll
    \SystemRoot\System32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\DRIVERS\mrxdav.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\System32\DRIVERS\ipfltdrv.sys
    \??\C:\DOCUME~1\DENNIS~1.DEN\LOCALS~1\Temp\mbr.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86766ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-5\
    Lower Device Object: 0xffffffff8675ed98
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86766ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86796900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86766ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8675ed98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-5\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 9DC96E9E

    Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 80325 Numsec = 234291960
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 120000000000 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-80325-I.mbam...
    Removing C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  19. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  20. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    Combofix Log

    ComboFix 14-11-18.01 - dennis pengelly 11/21/2014 20:23:04.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.680 [GMT -5:00]
    Running from: c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\My Documents\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    C:\END
    c:\program files\Internet Explorer\SET2CC.tmp
    c:\program files\Internet Explorer\SET2CE.tmp
    c:\windows\$msi31uninstall_kb893803v2$
    c:\windows\dasetup.log
    c:\windows\msdownld.tmp
    c:\windows\system32\AutoRun.inf
    c:\windows\system32\dllcache\wmpvis.dll
    c:\windows\system32\SET2B9.tmp
    c:\windows\system32\SET2BA.tmp
    c:\windows\system32\SET2C0.tmp
    c:\windows\system32\SET2C1.tmp
    c:\windows\system32\SET2C5.tmp
    c:\windows\system32\SET2C6.tmp
    c:\windows\system32\SET2C7.tmp
    c:\windows\system32\WNLT
    c:\windows\wmsysprx.prx
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_LEVEL_QUALITY_WATCHER
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-10-22 to 2014-11-22 )))))))))))))))))))))))))))))))
    .
    .
    2014-11-21 20:41 . 2014-11-21 20:41 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Temp
    2014-11-21 20:39 . 2014-11-21 20:39 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\AVAST Software
    2014-11-21 20:38 . 2014-11-21 20:38 -------- d-----w- c:\windows\jumpshot.com
    2014-11-21 20:34 . 2014-11-21 20:33 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2014-11-21 20:34 . 2014-11-21 20:37 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-11-21 20:34 . 2014-11-21 20:33 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-11-21 20:34 . 2014-11-21 20:33 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-11-21 20:34 . 2014-11-21 20:33 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-11-21 20:34 . 2014-11-21 20:33 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-11-21 20:34 . 2014-11-21 20:33 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2014-11-21 20:34 . 2014-11-22 01:47 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-11-21 20:34 . 2014-11-21 20:33 291352 ----a-w- c:\windows\system32\aswBoot.exe
    2014-11-21 20:33 . 2014-11-21 20:33 43152 ----a-w- c:\windows\avastSS.scr
    2014-11-21 20:29 . 2014-11-21 20:29 -------- d-----w- c:\program files\AVAST Software
    2014-11-21 20:28 . 2014-11-21 20:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
    2014-11-21 17:06 . 2014-11-21 17:06 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\CHARTER
    2014-11-21 17:06 . 2014-11-21 17:06 92504 ----a-r- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Microsoft\Installer\{c9ca25aa-aa3a-4b61-ad9f-070a2ed1a082}\ARPPRODUCTICON.exe
    2014-11-21 17:05 . 2014-11-21 17:05 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter
    2014-11-21 14:47 . 2014-11-21 14:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F-Secure
    2014-11-21 03:49 . 2014-11-21 06:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-11-21 03:01 . 2014-11-21 03:01 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-11-21 03:01 . 2014-11-21 03:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RogueKiller
    2014-11-20 20:36 . 2014-11-20 20:36 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Mozilla
    2014-11-20 20:36 . 2014-11-20 20:36 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2014-11-20 19:37 . 2014-11-20 19:37 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Logitech® Webcam Software
    2014-11-20 18:43 . 2014-11-20 18:43 53248 ----a-r- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2014-11-20 18:39 . 2014-11-20 18:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Logitech
    2014-11-20 12:37 . 2014-11-20 12:37 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-11-18 02:56 . 2014-11-18 02:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2014-11-18 02:56 . 2014-11-18 02:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2014-11-18 02:56 . 2014-11-18 02:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2014-11-18 02:56 . 2014-11-18 02:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2014-11-18 02:56 . 2014-11-18 02:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
    2014-11-18 02:50 . 2014-11-18 02:51 -------- d-----w- c:\program files\iPod
    2014-11-18 02:50 . 2014-11-18 02:51 -------- d-----w- c:\program files\iTunes
    2014-11-18 02:47 . 2014-11-18 02:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2014-11-18 02:05 . 2014-11-18 02:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Emsisoft
    2014-11-17 20:00 . 2014-11-18 14:21 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2014-11-16 01:26 . 2014-11-16 01:27 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\WinZip
    2014-11-16 01:26 . 2014-11-16 01:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
    2014-11-16 01:24 . 2014-11-16 01:24 -------- d-----w- c:\program files\File Association Helper
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-21 20:32 . 2014-11-21 20:34 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1416620858734
    2014-11-21 17:34 . 2014-03-24 19:59 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-21 03:44 . 2014-03-24 19:58 55000 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-12 13:47 . 2014-01-23 15:00 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-11-12 13:47 . 2014-01-23 15:00 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-11-12 13:46 . 2014-07-09 13:44 17339056 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2014-10-22 19:49 . 2014-10-22 19:48 6000640 ----a-w- c:\program files\GUT141.tmp
    2014-10-01 16:11 . 2014-03-24 19:58 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn13\yt.dll" [2014-06-02 1583384]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-11-21 20:33 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\documents and settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\documents and settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\documents and settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\documents and settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2004-03-31 106570]
    "ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-03-23 196608]
    "PCShowServer"="c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\PCShowServerPMWrapper.exe" [2014-10-29 1651072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-24 335872]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 55824]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2014-07-01 295512]
    "FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2014-01-28 616632]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-09-01 152392]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-21 5226600]
    .
    c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Start Menu\Programs\Startup\
    Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "c:\\Documents and Settings\\dennis pengelly\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [11/21/2014 3:34 PM 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [11/21/2014 3:34 PM 206248]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [11/21/2014 3:34 PM 787800]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [11/21/2014 3:34 PM 423784]
    R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [11/21/2014 3:34 PM 24184]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [11/21/2014 3:34 PM 70384]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [1/3/2014 11:44 AM 14624]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [3/24/2014 2:58 PM 1871160]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 2:19 PM 39056]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe [4/1/2011 12:11 AM 450848]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/24/2014 2:58 PM 23256]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [3/24/2014 2:58 PM 968504]
    S3 a2acc;a2acc;\??\c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys --> c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [?]
    S3 cleanhlp;cleanhlp;\??\c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys --> c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [3/24/2014 2:59 PM 114904]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWRVRT
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-11-21 19:06 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-23 13:47]
    .
    2014-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2014-11-22 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-21 20:32]
    .
    2014-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 19:48]
    .
    2014-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 19:48]
    .
    2014-11-22 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    - c:\windows\system32\xp_eos.exe [2014-05-02 01:59]
    .
    2014-09-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    - c:\windows\system32\xp_eos.exe [2014-05-02 01:59]
    .
    2014-11-22 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-790525478-725345543-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
    .
    2014-11-22 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-790525478-725345543-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/?trackid=sp-006
    mStart Page = https://www.google.com/?trackid=sp-006
    mSearch Bar = https://www.google.com/?trackid=sp-006
    uInternet Settings,ProxyServer = 0.0.0.0:80
    uInternet Settings,ProxyOverride = *.local
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    TCP: DhcpNameServer = 71.10.216.1 71.10.216.2
    FF - ProfilePath - c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Mozilla\Firefox\Profiles\uifpypoh.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Logitech Vid HD - c:\program files\Logitech\Vid\vid.exe
    HKLM-Run-ATI DeviceDetect - c:\program files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
    SafeBoot-68122047.sys
    SafeBoot-CleanHlp
    SafeBoot-CleanHlp.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-11-21 20:46
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(740)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(3788)
    c:\program files\File Association Helper\FAHDll.dll
    c:\documents and settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\File Association Helper\FAHWindow.exe
    c:\program files\Analog Devices\SoundMAX\spkrmon.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\System32\rundll32.exe
    c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\NDSPCShowServer.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\System32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2014-11-21 20:52:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-11-22 01:52
    .
    Pre-Run: 53,953,196,032 bytes free
    Post-Run: 55,320,920,064 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 4AC4AE038507367AD3BDB02CE9095887
    8F558EB6672622401DA993E1E865C861
     
  21. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  22. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    AdwCleaner Log

    # AdwCleaner v4.101 - Report created 21/11/2014 at 22:22:00
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-07.1 [Local]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : dennis pengelly - DENTECH-CXSLVNS
    # Running from : C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\My Documents\Downloads\adwcleaner_4.101.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\WINDOWS\system32\ARFC
    Folder Deleted : C:\WINDOWS\system32\jmdp

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

    ***** [ Browsers ] *****

    -\\ Internet Explorer v6.0.2900.5512


    -\\ Mozilla Firefox v33.1.1 (x86 en-US)


    -\\ Google Chrome v39.0.2171.65


    *************************

    AdwCleaner[R0].txt - [2550 octets] - [21/11/2014 22:17:36]
    AdwCleaner[S0].txt - [2505 octets] - [21/11/2014 22:22:00]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2565 octets] ##########


    JRT Log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.9 (11.15.2014:2)
    OS: Microsoft Windows XP x86
    Ran by dennis pengelly on Fri 11/21/2014 at 22:32:18.03
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}



    ~~~ Files



    ~~~ Folders





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 11/21/2014 at 22:39:20.35
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    FRST Logs (Part 1)


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-11-2014
    Ran by dennis pengelly (administrator) on DENTECH-CXSLVNS on 21-11-2014 22:43:21
    Running from C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\My Documents\Downloads
    Loaded Profile: dennis pengelly (Available profiles: dennis pengelly)
    Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 6
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    () C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
    (ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
    (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
    (NDS Technologies) C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\PCShowServerPMWrapper.exe
    (Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
    () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\NDSPCShowServer.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2004-03-23] (ATI Technologies, Inc.)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [55824 2007-07-17] (Logitech, Inc.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
    HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-07-01] (RealNetworks, Inc.)
    HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-21] (AVAST Software)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
    HKU\S-1-5-21-1801674531-790525478-725345543-1004\...\Run: [ATI Launchpad] => C:\Program Files\ATI Multimedia\main\launchpd.exe [106570 2004-03-31] (ATI Technologies Inc.)
    HKU\S-1-5-21-1801674531-790525478-725345543-1004\...\Run: [ATI Remote Control] => C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe [196608 2004-03-23] (ATI Technologies Inc.)
    HKU\S-1-5-21-1801674531-790525478-725345543-1004\...\Run: [PCShowServer] => C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\PCShowServerPMWrapper.exe [1651072 2014-10-29] (NDS Technologies)
    Startup: C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
    Startup: C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-1801674531-790525478-725345543-1004] => 0.0.0.0:80
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
    HKU\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
    URLSearchHook: HKU\S-1-5-21-1801674531-790525478-725345543-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
    URLSearchHook: HKU\S-1-5-21-1801674531-790525478-725345543-1004 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\yt.dll (Yahoo! Inc.)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
    SearchScopes: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    Toolbar: HKLM - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Mozilla\Firefox\Profiles\uifpypoh.default
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1801674531-790525478-725345543-1004: @cisco.com/PlayerPlugin -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\npPlayerPlugin.dll (Cisco)
    FF Plugin HKU\S-1-5-21-1801674531-790525478-725345543-1004: @cisco.com/PlayerPlugin64 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\win64\npPlayerPlugin64.dll (Cisco)
    FF Plugin HKU\S-1-5-21-1801674531-790525478-725345543-1004: Charter.com/PlayerPlugin -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\npPlayerPlugin.dll (Cisco)
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-01]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-21]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR HomePage: Default -> https://www.google.com/
    CHR StartupUrls: Default -> "hxxp://google.com/"
    CHR Profile: C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-28]
    CHR Extension: (Google Drive) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-28]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-02]
    CHR Extension: (YouTube) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-28]
    CHR Extension: (Google Search) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-28]
    CHR Extension: (Avast Online Security) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-21]
    CHR Extension: (RealDownloader) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-09]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-28]
    CHR Extension: (Gmail) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-28]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-03-23] () [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
    S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [61440 2003-06-16] () [File not signed]
    R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
    S3 x10nets; C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-21] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-21] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
    R3 ATI Remote Wonder II; C:\WINDOWS\System32\drivers\ATIRWVD.SYS [258044 2004-01-23] (Jungo) [File not signed]
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-14] (Logitech Inc.)
    R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP)
    R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP)
    R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-21] (Malwarebytes Corporation)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
    R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\EG1032xp.sys [71040 2005-01-31] (Linksys, A Division of Cisco Systems, Inc )
    S3 a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
    S4 IntelIde; No ImagePath
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
    U3 TlntSvr; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-21 22:42 - 2014-11-21 22:43 - 00000000 ____D () C:\FRST
    2014-11-21 22:39 - 2014-11-21 22:39 - 00001206 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\JRT.txt
    2014-11-21 22:32 - 2014-11-21 22:32 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-11-21 22:26 - 2014-11-21 22:26 - 00002645 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\AdwCleaner[S0].txt
    2014-11-21 22:17 - 2014-11-21 22:22 - 00000000 ____D () C:\AdwCleaner
    2014-11-21 20:52 - 2014-11-21 22:43 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp
    2014-11-21 20:52 - 2014-11-21 20:52 - 00019613 _____ () C:\ComboFix.txt
    2014-11-21 20:52 - 2014-11-21 20:52 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
    2014-11-21 20:52 - 2014-11-21 20:52 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
    2014-11-21 20:17 - 2014-01-22 11:38 - 00000211 _____ () C:\Boot.bak
    2014-11-21 20:16 - 2014-11-21 20:17 - 00000000 _RSHD () C:\cmdcons
    2014-11-21 20:16 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
    2014-11-21 20:12 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
    2014-11-21 20:12 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
    2014-11-21 20:12 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2014-11-21 20:12 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2014-11-21 20:12 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2014-11-21 20:12 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2014-11-21 20:12 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
    2014-11-21 20:12 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
    2014-11-21 20:12 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
    2014-11-21 20:11 - 2014-11-21 20:52 - 00000000 ____D () C:\Qoobox
    2014-11-21 20:10 - 2014-11-21 20:50 - 00000000 ____D () C:\WINDOWS\erdnt
    2014-11-21 15:41 - 2014-11-21 15:41 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Temp
    2014-11-21 15:39 - 2014-11-21 15:39 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\AVAST Software
    2014-11-21 15:38 - 2014-11-21 15:38 - 00000000 ____D () C:\WINDOWS\jumpshot.com
    2014-11-21 15:37 - 2014-11-21 22:25 - 00000382 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-11-21 15:37 - 2014-11-21 15:37 - 00001731 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Avast Free Antivirus.lnk
    2014-11-21 15:37 - 2014-11-21 15:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVAST Software
    2014-11-21 15:37 - 2014-11-21 15:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVAST Software
    2014-11-21 15:34 - 2014-11-21 20:47 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
    2014-11-21 15:34 - 2014-11-21 15:37 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
    2014-11-21 15:34 - 2014-11-21 15:33 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-11-21 15:34 - 2014-11-21 15:33 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-11-21 15:34 - 2014-11-21 15:33 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-11-21 15:34 - 2014-11-21 15:33 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-11-21 15:34 - 2014-11-21 15:33 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-11-21 15:34 - 2014-11-21 15:33 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-11-21 15:34 - 2014-11-21 15:33 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-11-21 15:33 - 2014-11-21 15:33 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-11-21 15:29 - 2014-11-21 15:29 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-11-21 15:28 - 2014-11-21 15:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
    2014-11-21 15:28 - 2014-11-21 15:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
    2014-11-21 14:56 - 2014-11-21 21:00 - 00000353 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\Other PC problems.txt
    2014-11-21 14:40 - 2014-11-21 14:40 - 00001507 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\Notepad.lnk
    2014-11-21 12:06 - 2014-11-21 12:06 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\CHARTER
    2014-11-21 12:05 - 2014-11-21 12:05 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter
    2014-11-21 09:47 - 2014-11-21 09:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
    2014-11-21 09:47 - 2014-11-21 09:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
    2014-11-20 22:49 - 2014-11-21 01:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-11-20 22:49 - 2014-11-21 01:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-11-20 22:01 - 2014-11-20 22:01 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2014-11-20 22:01 - 2014-11-20 22:01 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\RogueKiller
    2014-11-20 22:01 - 2014-11-20 22:01 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\RogueKiller
    2014-11-20 15:36 - 2014-11-20 15:37 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Mozilla
    2014-11-20 15:36 - 2014-11-20 15:36 - 00000730 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
    2014-11-20 15:36 - 2014-11-20 15:36 - 00000730 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
    2014-11-20 15:36 - 2014-11-20 15:36 - 00000724 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
    2014-11-20 15:36 - 2014-11-20 15:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-11-20 15:36 - 2014-11-20 15:36 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Mozilla
    2014-11-20 15:36 - 2014-11-20 15:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
    2014-11-20 15:36 - 2014-11-20 15:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
    2014-11-20 15:35 - 2014-11-20 15:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-11-20 14:50 - 2014-11-20 14:50 - 00015648 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2014-11-20 14:37 - 2014-11-20 14:37 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Logitech® Webcam Software
    2014-11-20 13:39 - 2014-11-20 13:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech
    2014-11-20 13:39 - 2014-11-20 13:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech
    2014-11-20 13:38 - 2014-11-20 14:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Logitech
    2014-11-20 13:38 - 2014-11-20 14:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Logitech
    2014-11-20 13:38 - 2014-11-20 13:38 - 00001261 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Logitech Webcam Software .lnk
    2014-11-20 07:37 - 2014-11-20 07:37 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-11-18 07:55 - 2014-11-18 08:00 - 00026551 _____ () C:\WINDOWS\ie8Uninst.log
    2014-11-17 21:56 - 2014-11-17 21:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\QuickTime
    2014-11-17 21:56 - 2014-11-17 21:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\QuickTime
    2014-11-17 21:51 - 2014-11-17 21:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
    2014-11-17 21:51 - 2014-11-17 21:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
    2014-11-17 21:50 - 2014-11-17 21:51 - 00000000 ____D () C:\Program Files\iTunes
    2014-11-17 21:50 - 2014-11-17 21:51 - 00000000 ____D () C:\Program Files\iPod
    2014-11-17 21:47 - 2014-11-17 21:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2014-11-17 21:47 - 2014-11-17 21:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2014-11-17 21:05 - 2014-11-17 21:05 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Emsisoft
    2014-11-17 21:05 - 2014-11-17 21:05 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Emsisoft
    2014-11-17 15:00 - 2014-11-18 09:21 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
    2014-11-15 20:26 - 2014-11-15 20:27 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\WinZip
    2014-11-15 20:26 - 2014-11-15 20:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
    2014-11-15 20:26 - 2014-11-15 20:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
    2014-11-15 20:26 - 2014-11-15 20:26 - 00001732 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\WinZip.lnk
    2014-11-15 20:26 - 2014-11-15 20:26 - 00001732 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\WinZip.lnk
    2014-11-15 20:26 - 2014-11-15 20:26 - 00001732 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\WinZip.lnk
    2014-11-15 20:26 - 2014-11-15 20:26 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinZip
    2014-11-15 20:26 - 2014-11-15 20:26 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinZip
    2014-11-15 20:25 - 2014-11-15 20:26 - 00000000 ____D () C:\Program Files\WinZip
    2014-11-15 20:24 - 2014-11-15 20:24 - 00000000 ____D () C:\Program Files\File Association Helper
    2014-11-15 19:54 - 2014-11-15 17:41 - 70867717 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\WP Productions Movie.MPG
    2014-11-15 19:53 - 2014-11-15 19:53 - 00000529 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\Shortcut to explorer.lnk
    2014-11-12 10:58 - 2014-11-12 11:00 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\Electronic Data Books
    2014-11-07 09:12 - 2014-01-22 09:29 - 00000879 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\WordPad.lnk
    2014-10-22 14:48 - 2014-10-22 14:49 - 06000640 _____ () C:\Program Files\GUT141.tmp
    2014-10-22 14:48 - 2014-10-22 14:48 - 00000000 ____D () C:\Program Files\GUM140.tmp

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-21 22:44 - 2014-01-23 10:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-11-21 22:25 - 2014-07-01 08:32 - 00000298 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-790525478-725345543-1004.job
    2014-11-21 22:25 - 2014-01-22 11:50 - 01545138 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-11-21 22:24 - 2014-07-01 08:32 - 00000306 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-790525478-725345543-1004.job
    2014-11-21 22:24 - 2014-05-02 08:25 - 00000242 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-11-21 22:24 - 2014-01-23 10:00 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-21 22:24 - 2014-01-22 09:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-11-21 22:24 - 2014-01-22 04:15 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-11-21 22:24 - 2014-01-22 04:15 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-11-21 22:23 - 2014-01-22 09:38 - 00032498 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-11-21 22:22 - 2014-01-22 09:39 - 00000178 ___SH () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\ntuser.ini
    2014-11-21 22:22 - 2014-01-22 09:39 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS
    2014-11-21 22:06 - 2014-03-24 14:59 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-11-21 21:59 - 2014-01-23 10:00 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-21 20:52 - 2009-03-09 12:26 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2014-11-21 20:52 - 2009-03-09 12:26 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2014-11-21 20:47 - 2003-07-16 15:47 - 00000227 _____ () C:\WINDOWS\system.ini
    2014-11-21 20:17 - 2014-01-22 04:10 - 00000327 __RSH () C:\boot.ini
    2014-11-21 16:10 - 2014-04-09 09:40 - 00000000 ___RD () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\My Documents\Dropbox
    2014-11-21 16:09 - 2014-04-09 09:36 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Dropbox
    2014-11-21 15:03 - 2014-05-02 07:14 - 00083340 _____ () C:\WINDOWS\setupapi.log
    2014-11-21 14:35 - 2014-01-22 13:01 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Skype
    2014-11-21 14:14 - 2014-03-28 07:54 - 00001813 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
    2014-11-21 13:48 - 2014-09-10 10:35 - 00002265 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk
    2014-11-20 22:44 - 2014-03-24 14:58 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-11-20 14:37 - 2009-03-10 10:06 - 00000000 ____D () C:\Program Files\Logitech
    2014-11-20 13:43 - 2014-01-22 13:55 - 00011870 _____ () C:\WINDOWS\system32\lvcoinst.log
    2014-11-20 13:43 - 2014-01-22 13:54 - 00011659 _____ () C:\WINDOWS\LDPINST.LOG
    2014-11-20 13:43 - 2009-04-03 12:16 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
    2014-11-20 13:39 - 2011-01-11 07:25 - 00000000 ____D () C:\Program Files\Common Files\LWS
    2014-11-20 12:43 - 2013-09-05 16:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-11-20 12:17 - 2014-01-22 04:11 - 00153897 _____ () C:\WINDOWS\setupact.log
    2014-11-20 12:16 - 2014-01-28 12:14 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd
    2014-11-20 12:16 - 2014-01-28 12:14 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd
    2014-11-20 12:16 - 2014-01-22 13:59 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\LogiShrd
    2014-11-20 07:41 - 2011-01-11 07:26 - 00000000 ____D () C:\WINDOWS\system32\logishrd
    2014-11-20 07:40 - 2014-01-22 13:55 - 00000000 _____ () C:\WINDOWS\system32\Drivers\logiflt.iad
    2014-11-18 08:02 - 2014-01-22 09:39 - 00000000 ___RD () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Start Menu\Programs\Accessories
    2014-11-18 08:02 - 2009-03-09 07:05 - 00000000 ____D () C:\WINDOWS\Help
    2014-11-18 08:00 - 2014-01-22 04:12 - 00369938 _____ () C:\WINDOWS\tsoc.log
    2014-11-18 08:00 - 2014-01-22 04:12 - 00336371 _____ () C:\WINDOWS\comsetup.log
    2014-11-18 08:00 - 2014-01-22 04:12 - 00204432 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-11-18 08:00 - 2014-01-22 04:12 - 00149926 _____ () C:\WINDOWS\iis6.log
    2014-11-18 08:00 - 2014-01-22 04:12 - 00053281 _____ () C:\WINDOWS\ocmsn.log
    2014-11-18 08:00 - 2014-01-22 04:12 - 00001393 _____ () C:\WINDOWS\imsins.log
    2014-11-18 07:56 - 2014-01-22 11:34 - 00169367 _____ () C:\WINDOWS\updspapi.log
    2014-11-18 07:55 - 2014-01-22 04:12 - 00956176 _____ () C:\WINDOWS\FaxSetup.log
    2014-11-18 07:55 - 2014-01-22 04:12 - 00476227 _____ () C:\WINDOWS\ocgen.log
    2014-11-18 07:55 - 2014-01-22 04:12 - 00048408 _____ () C:\WINDOWS\msgsocm.log
    2014-11-17 21:56 - 2014-01-22 08:13 - 00000000 ____D () C:\Program Files\QuickTime
    2014-11-17 21:50 - 2014-10-12 09:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2014-11-17 21:50 - 2014-10-12 09:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2014-11-17 21:28 - 2014-01-22 13:28 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\SlimWare Utilities Inc
    2014-11-17 17:24 - 2014-10-12 09:48 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2014-11-16 14:55 - 2014-09-10 10:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
    2014-11-16 14:55 - 2014-09-10 10:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
    2014-11-13 10:34 - 2014-01-22 10:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI MMC
    2014-11-13 10:34 - 2014-01-22 10:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI MMC
    2014-11-12 10:30 - 2014-06-17 07:21 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\SELL
    2014-11-12 09:43 - 2013-09-10 19:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
    2014-11-12 08:47 - 2014-01-23 10:00 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-11-12 08:47 - 2014-01-23 10:00 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-11-12 08:46 - 2014-07-09 08:44 - 17339056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
    2014-11-12 08:14 - 2014-07-17 07:51 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-12 08:14 - 2014-03-24 14:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-11-12 08:14 - 2014-03-24 14:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-12 08:14 - 2014-03-24 14:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-12 08:11 - 2003-07-16 15:53 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-11-05 11:08 - 2014-01-22 04:12 - 00466934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-10-31 23:25 - 2014-01-22 12:33 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    Files to move or delete:
    ====================
    C:\Documents and Settings\dennis pengelly\Application Data\skype.ini


    Some content of TEMP:
    ====================
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\10-2_legacy_xp32-64_dd_ccc.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\1MdMj.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\7HQr2P.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar23.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar37.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\AtiCimUn.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\avg-antivirus-free.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\AvWLF.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\bpuninstall.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\GenericUninstall.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\hsbing_717_active.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\qPwGj.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\SkypeSetup.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\System.Data.SQLite.dll
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst20.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst35.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\uninstaller.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\WSSetup.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\xMts8.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\Y9mSd1.exe
    C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\Quarantine.exe
    C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================


     
  23. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    FRST Logs (Part 2)

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-11-2014
    Ran by dennis pengelly at 2014-11-21 22:44:43
    Running from C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    AIO_Scan (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5097 - )
    ATI Decoder (HKLM\...\InstallShield_{EB452503-A684-4F89-9138-2E590D60478B}) (Version: 3.0.0 - ATI Technologeis Inc.)
    ATI Decoder (Version: 3.0.0 - ATI Technologeis Inc.) Hidden
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.231-060221a1-030895C-ATI - )
    ATI HYDRAVISION (HKLM\...\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}) (Version: 3.25.0006 - )
    ATI Multimedia Center 9.0.0.0 (HKLM\...\InstallShield_{56E005A4-2921-4C77-A4EB-9FF21C1438B5}) (Version: 9.0.0.0 - ATI Technologies)
    ATI Remote Wonder 2.3 (HKLM\...\InstallShield_{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}) (Version: 2.3.0.0 - ATI Technologies)
    ATIRW2 (Version: 2.3.0.0 - ATI Technologies) Hidden
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Call of Duty(R) 2 (HKLM\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.3 - Activision)
    Call of Duty(R) 2 (Version: 1.00.0000 - Activision) Hidden
    Call of Duty(R) 2 Patch 1.3 (Version: 1.3 - ) Hidden
    CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
    Charter TV Player (HKLM\...\{c9ca25aa-aa3a-4b61-ad9f-070a2ed1a082}) (Version: 4.12 - Charter)
    Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DAO (HKLM\...\InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}) (Version: 3.5 - ATI)
    DAO (Version: 3.5 - ATI) Hidden
    Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
    Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DJ_AIO_ProductContext (Version: 90.0.201.000 - Hewlett-Packard) Hidden
    DJ_AIO_Software (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    DJ_AIO_Software_min (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    F4100 (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    F4100_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    F4100_Help (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
    Free M4a to MP3 Converter 8.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
    HP Deskjet All-In-One Software 9.0 (HKLM\...\{706BB40A-4102-4c89-8107-DC68C4EBD19B}) (Version: 9.0 - HP)
    HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
    HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
    HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
    HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.006.002 - Hewlett-Packard)
    HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
    iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
    Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft ReportViewer 2010 Redistributable (HKLM\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    MMC90 (Version: 9.0.0.0 - ATI Technologies) Hidden
    Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Pdf2Jpg version 1.2 (HKLM\...\{533D415A-4151-4AC5-858E-4068524C8051}_is1) (Version: 1.2 - Office Necessities inc.)
    PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
    QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
    ScopeUserGuide (Version: 1.00.0000 - Logitech) Hidden
    Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
    SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3650 - Analog Devices)
    Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
    VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
    WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E4}) (Version: 19.0.11293 - WinZip Computing, S.L. )
    Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{052253BF-F1FF-4686-B231-8D1904DEED68}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{0C03DEC4-B374-44DF-9B0D-38BD942080C4}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Ch (the data entry has 40 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{0F81C552-68AD-4AAB-99D2-26F7F72A423C}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\C (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{1B72D1C3-A1B3-4C87-9552-894CFF74051F}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{1BC0C7E7-0ADF-4FCE-9FBD-70B2DBC3BD48}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{1E1C74D3-EF64-4F13-B631-DFDCEE4572FD}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\L (the data entry has 19 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{1FD9E587-43E1-4F1F-A41F-A6E8B93A5546}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{2D0235FC-1701-4F1C-B36C-84CD8813EDB5}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{31DC369C-75C3-4D8B-9C2D-0B10BF77BA0F}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{343ADE39-3C61-421B-93CB-19C44D33ED9B}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{47231DCA-F7A4-4696-B836-B2430D451226}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\I (the data entry has 19 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{4AC4E235-EB53-4942-B113-931D66A470B8}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 26 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{50021F2A-9C64-4766-A697-84E366A407B1}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{50632C37-EDD8-4B8F-A32B-8E280D942A8E}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{51B894AD-B2D5-48F6-B1D1-C1F0CF849587}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{553E32D1-AAF3-406A-B19E-E575829EC651}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{61F275A6-D089-4005-8971-9416F9AEA003}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\npPlayerPlugin.dll (Cisco)
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{648326CD-6F37-4A8F-BF14-E2BAD67AAAA8}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{6BB1EAF0-7572-4166-9DF4-2A817F5FCD83}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{6F80F85C-FC5C-4C7E-B7ED-9ECCECC7CF57}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\C (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{72A62965-EF25-42E0-97CE-7A2D69BF28C0}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{8A0F754D-9636-4771-A1A6-8A1126E03345}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{8A73CF97-446B-46AD-964C-2C3400CAA60F}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{8B48847D-052F-4153-93B8-7223BFF1C406}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\C (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{8B5F91E9-0032-4560-93B0-4539497C5366}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{941D2E9A-D724-4FB5-94D5-775B70E8C408}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{97637B78-01D0-4A40-A842-68774AA416BB}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{987585FA-DD0C-4E8B-8FC2-89B1181CA701}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{9A5A84A0-2E60-47D1-8C75-278A8D0F41FF}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{9E8F05AF-C18E-4A72-8743-A479EFD255E6}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{A16CA865-CD74-46EC-9432-74579FD657A0}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{A2DF38B5-93D0-44D6-8130-AA80F351F852}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\T (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{A70E086C-1477-4B0C-808A-94EF8271ED39}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\R (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{A7674421-DB75-4081-B0FE-2B378F1FFAEB}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{A8152EA9-8603-4217-9B22-06E801AE1D9C}\localserver32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\PCShowServerPMWrapper.exe (NDS Technologies)
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{ACAB158F-423F-4D59-BEDD-15C9E0CC2DD1}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{B10A3751-CC13-4A25-875B-EEC84674C6C0}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\S (the data entry has 19 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{B1267A8A-D143-41F7-A655-5765A8464796}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{B6C64A50-7BB8-441B-AE31-C4366C84BF00}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{B8217B92-8FDD-4A74-9417-B77BD74F62B7}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{BD75936F-2B69-477E-9E9A-218FFAF35F49}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{BE742811-02F4-4D7E-87C1-886909462A16}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\M (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{D2E87C0B-C06A-4E69-8A41-0AC3117505B4}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{D4A86438-A95B-487D-8B1D-1E67B2A0F379}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\D (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{D7B3EAC0-36D9-459E-AC96-3A88309FDDCC}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{E65E6AAE-9169-4625-B98D-EB903E707116}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{E6BFA606-59F2-4CD6-89C8-DAED6D789027}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{E9AC37A2-E79C-4CA3-A6A8-1884BF9A7852}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{EAD67B06-459C-48B9-90C1-5F2F34D4F83F}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{ECA7C134-E84B-4E6B-A3E2-355FCB853766}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{ED0BD0F4-ECAC-41D2-BD28-0ABFB129F40C}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\V (the data entry has 21 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{F0349E13-BD03-4073-BA25-6B2610C0750D}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{F53E4C9E-703C-41f3-8F69-C7E3D277594B}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{FD995983-DC2B-4B97-B3FE-E9534AA1A769}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
    CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{FE0AA82B-B32A-4D54-BA97-918D2A9F6E70}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).

    ==================== Restore Points =========================

    27-08-2014 16:37:21 System Checkpoint
    29-08-2014 13:53:40 System Checkpoint
    05-09-2014 17:08:53 System Checkpoint
    06-09-2014 17:03:11 Software Distribution Service 3.0
    11-09-2014 12:08:54 System Checkpoint
    12-09-2014 22:35:18 System Checkpoint
    13-09-2014 23:04:53 System Checkpoint
    14-09-2014 23:52:48 System Checkpoint
    16-09-2014 00:52:48 System Checkpoint
    17-09-2014 01:52:48 System Checkpoint
    18-09-2014 02:52:48 System Checkpoint
    19-09-2014 03:52:48 System Checkpoint
    20-09-2014 04:52:49 System Checkpoint
    22-09-2014 00:07:36 System Checkpoint
    23-09-2014 12:08:00 System Checkpoint
    25-09-2014 17:04:58 System Checkpoint
    25-09-2014 18:15:39 Software Distribution Service 3.0
    25-09-2014 19:22:08 Installed Microsoft Fix it 50267
    29-09-2014 20:55:28 System Checkpoint
    12-10-2014 14:49:15 Installed iTunes
    15-10-2014 17:15:23 System Checkpoint
    16-10-2014 17:16:17 System Checkpoint
    17-10-2014 22:00:47 System Checkpoint
    20-10-2014 21:08:47 System Checkpoint
    21-10-2014 21:13:52 System Checkpoint
    22-10-2014 22:01:28 System Checkpoint
    23-10-2014 22:07:52 System Checkpoint
    24-10-2014 23:01:46 System Checkpoint
    25-10-2014 23:55:39 System Checkpoint
    05-11-2014 18:44:44 System Checkpoint
    06-11-2014 19:22:17 System Checkpoint
    07-11-2014 20:11:40 System Checkpoint
    09-11-2014 18:19:51 System Checkpoint
    12-11-2014 15:17:14 System Checkpoint
    13-11-2014 17:03:01 System Checkpoint
    15-11-2014 14:36:55 System Checkpoint
    17-11-2014 16:49:25 System Checkpoint
    18-11-2014 17:08:31 System Checkpoint
    19-11-2014 17:14:14 System Checkpoint
    20-11-2014 17:15:55 Removed Logitech SetPoint 5.00.
    20-11-2014 17:41:13 Software Distribution Service 3.0
    20-11-2014 19:37:12 Removed Logitech Vid.
    21-11-2014 03:41:13 preclean
    21-11-2014 17:05:38 Installed Charter TV Player.
    21-11-2014 20:29:24 avast! antivirus system restore point

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2003-07-16 15:29 - 2014-11-21 20:45 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-790525478-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-790525478-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-11-21 15:35 - 2014-11-21 15:35 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14112101\algo.dll
    2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    2009-03-09 12:33 - 2003-06-16 18:02 - 00061440 ____N () C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
    2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
    2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
    2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
    2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
    2014-11-21 15:33 - 2014-11-21 15:33 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-10-29 12:02 - 2014-10-29 12:02 - 01452400 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\NDSPCShowServer.exe
    2014-10-29 12:02 - 2014-10-29 12:02 - 08305512 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\PCShowServer.dll
    2014-10-29 12:02 - 2014-10-29 12:02 - 03242344 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\DrmSingleton.dll
    2014-10-29 12:02 - 2014-10-29 12:02 - 00339304 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\ndsLogStore.dll
    2014-10-29 12:02 - 2014-10-29 12:02 - 02183536 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\DiscoveryManager.dll
    2014-10-29 12:02 - 2014-10-29 12:02 - 00689016 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\libgstreamer-0.10.dll
    2014-10-29 12:02 - 2014-10-29 12:02 - 01403240 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\libxml2-2.dll
    2014-10-29 12:03 - 2014-10-29 12:03 - 00091992 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\z.dll
    2014-10-29 12:02 - 2014-10-29 12:02 - 00205680 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\libgstbase-0.10.dll
    2014-10-29 12:02 - 2014-10-29 12:02 - 00060288 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\libgstinterfaces-0.10.dll
    2014-10-29 12:02 - 2014-10-29 12:02 - 00043888 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\libgstvideo-0.10.dll
    2014-10-29 12:02 - 2014-10-29 12:02 - 00044912 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\libgstapp-0.10.dll
    2014-10-29 12:02 - 2014-10-29 12:02 - 08236392 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\gsttspplugin.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1801674531-790525478-725345543-500 - Administrator - Enabled)
    dennis pengelly (S-1-5-21-1801674531-790525478-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS
    Guest (S-1-5-21-1801674531-790525478-725345543-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1801674531-790525478-725345543-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1801674531-790525478-725345543-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/17/2014 09:56:12 PM) (Source: MsiInstaller) (EventID: 11406) (User: DENTECH-CXSLVNS)
    Description: Product: QuickTime 7 -- Error 1406. Could not write value to key \Software\Classes\TypeLib\{7B92F833-027D-402B-BFF9-A67697366F4E}\1.0. System error . Verify that you have sufficient access to that key, or contact your support personnel.

    Error: (11/17/2014 09:50:22 PM) (Source: MsiInstaller) (EventID: 11406) (User: DENTECH-CXSLVNS)
    Description: Product: iTunes -- Error 1406. Could not write value to key \CLSID\{80EE9910-D470-4AED-AC5D-987046FDB574}\LocalServer32. System error . Verify that you have sufficient access to that key, or contact your support personnel.

    Error: (11/17/2014 02:22:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
    Processing media-specific event for [drwtsn32.exe!ws!]

    Error: (11/17/2014 02:22:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
    Processing media-specific event for [explorer.exe!ws!]

    Error: (11/15/2014 08:10:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
    Processing media-specific event for [drwtsn32.exe!ws!]

    Error: (11/15/2014 08:10:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
    Processing media-specific event for [explorer.exe!ws!]

    Error: (11/15/2014 08:08:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wturbotax1040dlxamz20130900101.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (11/15/2014 08:07:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application wturbotax1040dlxamz20130900101.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (09/25/2014 00:53:12 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

    Error: (09/25/2014 00:53:12 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.


    System errors:
    =============
    Error: (11/21/2014 10:26:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/21/2014 10:24:37 PM) (Source: 0) (EventID: 1) (User: )
    Description: 0xC0000001HarddiskVolume2

    Error: (11/21/2014 10:12:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/21/2014 10:11:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/21/2014 08:45:44 PM) (Source: 0) (EventID: 1) (User: )
    Description: 0xC0000001HarddiskVolume2

    Error: (11/21/2014 02:50:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/21/2014 01:47:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMService service terminated unexpectedly. It has done this 2 time(s).

    Error: (11/21/2014 01:47:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMScheduler service terminated unexpectedly. It has done this 2 time(s).

    Error: (11/21/2014 09:55:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/21/2014 08:51:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (11/17/2014 09:56:12 PM) (Source: MsiInstaller) (EventID: 11406) (User: DENTECH-CXSLVNS)
    Description: Product: QuickTime 7 -- Error 1406. Could not write value to key \Software\Classes\TypeLib\{7B92F833-027D-402B-BFF9-A67697366F4E}\1.0. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)

    Error: (11/17/2014 09:50:22 PM) (Source: MsiInstaller) (EventID: 11406) (User: DENTECH-CXSLVNS)
    Description: Product: iTunes -- Error 1406. Could not write value to key \CLSID\{80EE9910-D470-4AED-AC5D-987046FDB574}\LocalServer32. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)

    Error: (11/17/2014 02:22:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

    Error: (11/17/2014 02:22:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: explorer.exe6.0.2900.55120.0.0.000000000

    Error: (11/15/2014 08:10:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

    Error: (11/15/2014 08:10:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: explorer.exe6.0.2900.55120.0.0.000000000

    Error: (11/15/2014 08:08:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: wturbotax1040dlxamz20130900101.exe0.0.0.0hungapp0.0.0.000000000

    Error: (11/15/2014 08:07:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: wturbotax1040dlxamz20130900101.exe0.0.0.0hungapp0.0.0.000000000

    Error: (09/25/2014 00:53:12 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: CoCreateInstance0x80040206

    Error: (09/25/2014 00:53:12 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070005


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
    Percentage of memory in use: 39%
    Total physical RAM: 1023 MB
    Available physical RAM: 616.82 MB
    Total Pagefile: 2461.66 MB
    Available Pagefile: 2073.2 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1941.93 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.72 GB) (Free:51.48 GB) NTFS ==>[Drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 9DC96E9E)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  24. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  25. dennis pengelly

    dennis pengelly TS Member Topic Starter Posts: 32

    Fixlog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-11-2014
    Ran by dennis pengelly at 2014-11-21 23:54:32 Run:1
    Running from C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop
    Loaded Profile: dennis pengelly (Available profiles: dennis pengelly)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    ProxyServer: [S-1-5-21-1801674531-790525478-725345543-1004] => 0.0.0.0:80
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    Toolbar: HKLM - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
    Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
    S3 x10nets; C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe [X]
    S3 a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
    S4 IntelIde; No ImagePath
    U3 TlntSvr; No ImagePath
    C:\Documents and Settings\dennis pengelly\Application Data\skype.ini
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\10-2_legacy_xp32-64_dd_ccc.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\1MdMj.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\7HQr2P.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar23.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar37.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\AtiCimUn.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\avg-antivirus-free.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\AvWLF.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\bpuninstall.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\GenericUninstall.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\hsbing_717_active.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\qPwGj.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\SkypeSetup.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\System.Data.SQLite.dll
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst20.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst35.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\uninstaller.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\WSSetup.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\xMts8.exe
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\Y9mSd1.exe
    C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\Quarantine.exe
    C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\sqlite3.dll


    *****************

    HKU\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
    "HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}" => Key not found.
    HKU\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
    "HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}" => Key not found.
    x10nets => Service deleted successfully.
    a2acc => Service deleted successfully.
    catchme => Service deleted successfully.
    cleanhlp => Service deleted successfully.
    IntelIde => Service deleted successfully.
    TlntSvr => Service deleted successfully.
    C:\Documents and Settings\dennis pengelly\Application Data\skype.ini => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\10-2_legacy_xp32-64_dd_ccc.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\1MdMj.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\7HQr2P.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar23.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar37.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\AtiCimUn.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\avg-antivirus-free.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\AvWLF.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\bpuninstall.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\GenericUninstall.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\hsbing_717_active.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\qPwGj.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\SkypeSetup.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\System.Data.SQLite.dll => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst20.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst35.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\uninstaller.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\WSSetup.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\xMts8.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly\Local Settings\temp\Y9mSd1.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\Quarantine.exe => Moved successfully.
    C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\sqlite3.dll => Moved successfully.

    ==== End of Fixlog ====
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...