TechSpot

Multiple instances of explorer.exe, rundll and in task manager.

By SisterWicked
Nov 9, 2014
  1. This morning I noticed that a huge chunk of my Firefox thumbnails were gone, the history completely wiped, and system was slow. As I have cats, I assumed they had gotten on the desk and jostled the keyboard around in that way that always seems to mess up a computer, and since Firefox was open, that was the victim.
    When I opened task manager, I noticed 5-6 instances of iexplorer, rundll and explorer running, consuming a great deal of resources, so I ended all but the needed explorer instance. This problem has reoccurred several times, even after running MalwareBytes and deleting all found problems and rebooting. I really know nothing about malware and etc, but I must have this computer functioning because my medically required home phone runs from it. These are my system specs, such as they are:

    Microsoft Windows XPSP3
    AMD Athlon Processor 2650e
    1.61GHz, 2.75GB of RAM (though I know I have 3 installed)
    The computer itself is an eMachines mini tower PC.

    Can anyone help me?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    Thank you so much for your fast reply.
    As requested, I have run the programs, but I cannot get the MWB 2.0 to run on this computer, and

    even when I ran all the available version and database updates in my version, it did not update to

    2.0 :( . I downloaded and installed the Comodo AV program as well.
    In any case, here are the logs generated:

    LOG 1-



    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2014.11.09.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Avalon :: DENOFINIQUITY [administrator]

    11/9/2014 4:53:41 PM
    mbam-log-2014-11-09 (16-53-41).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

    Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 476829
    Time elapsed: 5 hour(s), 18 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 7
    HKLM\SYSTEM\CurrentControlSet\Services\MaintainerSvc1.92.5302915

    (PUP.Optional.MaintainerSvc.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) ->

    Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gt

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted

    successfully.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted

    successfully.
    HKCU\Software\systweak\ssd (PUP.Optional.SystemSpeedup) -> Quarantined and deleted

    successfully.
    HKLM\SOFTWARE\systweak\ssd (PUP.Optional.SystemSpeedup) -> Quarantined and deleted

    successfully.

    Registry Values Detected: 4
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|0da1ec (Trojan.Ransom.ED) -> Data:

    C:\0da1ecf\0da1ecf.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|0da1ecf (Trojan.Ransom.ED) -> Data:

    C:\Documents and Settings\Avalon\Application Data\0da1ecf.exe -> Quarantined and deleted

    successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ChromeUpdate (Trojan.Agent.ED) ->

    Data: C:\Documents and Settings\Avalon\Application Data\FrameworkUpdate7\ChromeUpdate.exe

    -> Quarantined and deleted successfully.
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0X2O1C0R2R1R ->

    Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKCU\Software\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Astromenda.A) -> Bad:

    (http://astromenda.com/?f=1&a=ast_clickconnect_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBt

    B0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD

    1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzz0D0F0AzztGtByCzz0EtGyB0CtDtBtGyDtC0D0EtGtA

    yByB0AzzyB0EyC0EyD0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0EyC0CtD0EyCtBtGyDyCyD0

    DtGyEtDyBtCtGzytBtC0BtGtDzzzytB0CyD0F0A0EyD0CyD2Q&cr=1262273424&ir=) Good:

    (www.google.com) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 36
    C:\0da1ecf\0da1ecf.exe (Trojan.Ransom.ED) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Avalon\Application Data\0da1ecf.exe (Trojan.Ransom.ED) ->

    Quarantined and deleted successfully.
    C:\Documents and Settings\Avalon\Application Data\FrameworkUpdate7\ChromeUpdate.exe

    (Trojan.Agent.ED) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application

    Data\ecbaef90-5696-41e1-a1c3-3e8112ce2840\maintainer.exe (PUP.Optional.MaintainerSvc.A) ->

    Quarantined and deleted successfully.
    C:\Documents and Settings\Avalon\Local Settings\Temp\1A2.tmp (Trojan.Agent.ED) ->

    Quarantined and deleted successfully.
    C:\Documents and Settings\Avalon\Local Settings\Temp\1A3.tmp (Trojan.Agent.ED) ->

    Quarantined and deleted successfully.
    C:\Documents and Settings\Avalon\Local Settings\Temp\3Q3qVOS4.exe.part

    (Adware.OxyPumper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Avalon\Local Settings\Temp\Fv3SzrPu.exe.part

    (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Avalon\Local Settings\Temp\llw.dll (Trojan.Downloader.ED) ->

    Quarantined and deleted successfully.
    C:\Documents and Settings\Avalon\Local Settings\Temp\UPaCl684.exe.part

    (PUP.Optional.Vassana) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Avalon\My

    Documents\Downloads\Bean_-_The_Movie_[1997]_DVDrip_[English]_-_DAVENET.exe

    (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Avalon\Start Menu\Programs\Startup\0da1ecf.exe (Trojan.Ransom.ED)

    -> Quarantined and deleted successfully.
    C:\Program Files\Framed Display\bin\plugins\FramedDisplay.Bromon.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\Program Files\Framed Display\bin\plugins\FramedDisplay.BroStats.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\Program Files\Framed Display\bin\plugins\FramedDisplay.BrowserAdapter.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\Program Files\Framed Display\bin\plugins\FramedDisplay.CompatibilityChecker.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\Program Files\Framed Display\bin\plugins\FramedDisplay.FFUpdate.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\Program Files\Framed Display\bin\plugins\FramedDisplay.IEUpdate.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\Program Files\Framed Display\bin\plugins\FramedDisplay.PurBrowseG.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\System Volume

    Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP411\A0136577.dll

    (PUP.Optional.FramedDisplay.A) -> Quarantined and deleted successfully.
    C:\System Volume

    Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP415\A0136814.exe

    (PUP.Optional.Sambreel.A) -> Quarantined and deleted successfully.
    C:\System Volume

    Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP415\A0136818.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\System Volume

    Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP415\A0136819.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\System Volume

    Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP415\A0136820.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\System Volume

    Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP415\A0136821.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\System Volume

    Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP415\A0136822.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\System Volume

    Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP415\A0136824.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\System Volume

    Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP415\A0136826.dll

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
    C:\System Volume

    Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP415\A0136872.exe

    (PUP.Optional.FramedDisplay.A) -> Quarantined and deleted successfully.
    C:\System Volume

    Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP415\A0136873.exe

    (PUP.Optional.FramedDisplay.A) -> Quarantined and deleted successfully.
    C:\System Volume

    Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP421\A0137348.exe

    (Trojan.Ransom.ED) -> Quarantined and deleted successfully.
    C:\WINDOWS\Installer\{33E54705-BC94-4C77-9AE8-71791BC84D1B}\msiexec.exe

    (Trojan.Ransom.ED) -> Quarantined and deleted successfully.
    C:\WINDOWS\Installer\{B153FD8C-2D80-4152-A1DF-7191336D515C}\msiexec.exe

    (Trojan.Ransom.ED) -> Quarantined and deleted successfully.
    C:\WINDOWS\Installer\{C07E5623-82BC-4EB1-AFEF-7234A6D927D8}\msiexec.exe

    (Trojan.Agent.ED) -> Quarantined and deleted successfully.
    C:\WINDOWS\Installer\{C4A73773-97E4-402C-A3E8-7834FD61E29E}\msiexec.exe

    (Trojan.Agent.ED) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gt.sys

    (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.

    (end)


    LOG 2-

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/2/2010 12:45:13 PM
    System Uptime: 11/9/2014 10:19:49 PM (2 hours ago)
    .
    Motherboard: eMachines | | WMCP61M
    Processor: AMD Athlon(tm) Processor 2650e | Socket AM2 | 1607/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 43.755 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 149 GiB total, 15.493 GiB free.
    I: is CDROM ()
    L: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP405: 10/28/2014 1:08:29 AM - System Checkpoint
    RP406: 10/28/2014 6:58:04 AM - System Checkpoint
    RP407: 10/29/2014 9:21:28 AM - System Checkpoint
    RP408: 10/31/2014 2:24:46 AM - System Checkpoint
    RP409: 11/1/2014 4:27:34 AM - System Checkpoint
    RP410: 11/1/2014 3:11:13 PM - Revo Uninstaller's restore point - WSE_Astromenda
    RP411: 11/1/2014 3:15:30 PM - Revo Uninstaller's restore point - Framed Display
    RP412: 11/1/2014 3:20:10 PM - Revo Uninstaller's restore point - Advanced-System Protector
    RP413: 11/1/2014 3:21:15 PM - Revo Uninstaller's restore point - RegClean-Pro
    RP414: 11/1/2014 3:21:58 PM - Revo Uninstaller's restore point - Slim Toolbar 1.3
    RP415: 11/1/2014 3:22:49 PM - Revo Uninstaller's restore point - WeatherBug®
    RP416: 11/8/2014 9:58:03 AM - System Checkpoint
    RP417: 11/4/2014 10:42:16 AM - System Checkpoint
    RP418: 11/5/2014 7:53:04 PM - System Checkpoint
    RP419: 11/6/2014 7:58:25 PM - System Checkpoint
    RP420: 11/7/2014 9:22:49 PM - System Checkpoint
    RP421: 11/9/2014 11:20:31 AM - System Checkpoint
    .
    ==== Image File Execution Options =============
    .
    IFEO: Your Image File Name Here without a path - ntsd -d
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================




    There was no DDS.txt file generated, and searching my C drive also failed to locate any such file :(
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please disable "word wrap" in Notepad because your logs are hard to read.

    Then...

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    I don't have word wrap on.
    There were two logs:
    LOG 1

    07:38:37.0656 0x0ac4 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
    07:38:44.0750 0x0ac4 ============================================================
    07:38:44.0750 0x0ac4 Current date / time: 2014/11/11 07:38:44.0750
    07:38:44.0750 0x0ac4 SystemInfo:
    07:38:44.0750 0x0ac4
    07:38:44.0750 0x0ac4 OS Version: 5.1.2600 ServicePack: 3.0
    07:38:44.0750 0x0ac4 Product type: Workstation
    07:38:44.0750 0x0ac4 ComputerName: DENOFINIQUITY
    07:38:44.0750 0x0ac4 UserName: Avalon
    07:38:44.0750 0x0ac4 Windows directory: C:\WINDOWS
    07:38:44.0750 0x0ac4 System windows directory: C:\WINDOWS
    07:38:44.0750 0x0ac4 Processor architecture: Intel x86
    07:38:44.0750 0x0ac4 Number of processors: 1
    07:38:44.0750 0x0ac4 Page size: 0x1000
    07:38:44.0750 0x0ac4 Boot type: Normal boot
    07:38:44.0750 0x0ac4 ============================================================
    07:38:48.0078 0x0ac4 KLMD registered as C:\WINDOWS\system32\drivers\85651039.sys
    07:38:49.0671 0x0ac4 System UUID: {4DE08A7D-3ED1-B383-299A-ED69322E8CEB}
    07:38:54.0437 0x0ac4 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    07:38:54.0453 0x0ac4 Drive \Device\Harddisk1\DR2 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    07:38:54.0593 0x0ac4 Drive \Device\Harddisk2\DR3 - Size: 0xE8CFFA6000 ( 931.25 Gb ), SectorSize: 0x200, Cylinders: 0x1DADE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    07:38:56.0359 0x0ac4 ============================================================
    07:38:56.0359 0x0ac4 \Device\Harddisk0\DR0:
    07:38:56.0359 0x0ac4 MBR partitions:
    07:38:56.0359 0x0ac4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
    07:38:56.0359 0x0ac4 \Device\Harddisk1\DR2:
    07:38:56.0406 0x0ac4 MBR partitions:
    07:38:56.0406 0x0ac4 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
    07:38:56.0406 0x0ac4 \Device\Harddisk2\DR3:
    07:38:56.0406 0x0ac4 MBR partitions:
    07:38:56.0406 0x0ac4 \Device\Harddisk2\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7467E800
    07:38:56.0406 0x0ac4 ============================================================
    07:38:56.0406 0x0ac4 C: <-> \Device\Harddisk0\DR0\Partition1
    07:38:56.0437 0x0ac4 G: <-> \Device\Harddisk1\DR2\Partition1
    07:38:56.0484 0x0ac4 K: <-> \Device\Harddisk2\DR3\Partition1
    07:38:56.0484 0x0ac4 ============================================================
    07:38:56.0484 0x0ac4 Initialize success
    07:38:56.0484 0x0ac4 ============================================================
    07:39:01.0437 0x0374 ============================================================
    07:39:01.0437 0x0374 Scan started
    07:39:01.0437 0x0374 Mode: Manual;
    07:39:01.0437 0x0374 ============================================================
    07:39:01.0437 0x0374 KSN ping started
    07:39:16.0187 0x0374 KSN ping finished: true
    07:39:17.0921 0x0374 ================ Scan system memory ========================
    07:39:17.0953 0x0374 System memory - ok
    07:39:17.0953 0x0374 ================ Scan services =============================
    07:39:18.0156 0x0374 Abiosdsk - ok
    07:39:18.0171 0x0374 abp480n5 - ok
    07:39:18.0265 0x0374 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    07:39:18.0281 0x0374 ACPI - ok
    07:39:18.0421 0x0374 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    07:39:18.0437 0x0374 ACPIEC - ok
    07:39:18.0578 0x0374 [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    07:39:18.0609 0x0374 AdobeFlashPlayerUpdateSvc - ok
    07:39:18.0625 0x0374 adpu160m - ok
    07:39:18.0718 0x0374 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
    07:39:18.0750 0x0374 aec - ok
    07:39:18.0781 0x0374 [ 38D7B715504DA4741DF35E3594FE2099, FE00E93E78DA0F5C1373DB78E4975422950384BA5404760064068016EEFEE0F1 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    07:39:18.0812 0x0374 AFD - ok
    07:39:18.0937 0x0374 [ 6416F9B6B220F0A890525C38235AFAD7, C2A643E1BA75CD00C1C7F62475A7122AA95530A835AE62CF0FD9EADFA07B7EBD ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
    07:39:19.0109 0x0374 AgereModemAudio - ok
    07:39:19.0375 0x0374 [ 7560F465F1CE69C53BF17559EE195548, 18D134C393FBD4E28464F090BE7B32CC6B39BC8B835F06DBE689DDE38847AD6F ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    07:39:19.0843 0x0374 AgereSoftModem - ok
    07:39:19.0859 0x0374 Aha154x - ok
    07:39:19.0875 0x0374 aic78u2 - ok
    07:39:19.0890 0x0374 aic78xx - ok
    07:39:19.0921 0x0374 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    07:39:19.0921 0x0374 Alerter - ok
    07:39:19.0968 0x0374 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
    07:39:19.0984 0x0374 ALG - ok
    07:39:20.0000 0x0374 AliIde - ok
    07:39:20.0328 0x0374 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
    07:39:20.0703 0x0374 Ambfilt - ok
    07:39:20.0750 0x0374 [ 0A4D13B388C814560BD69C3A496ECFA8, 71ADD4C4A5C6465EA27F572DE608C348896C4C557D136718CCDD9919144F7986 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    07:39:20.0765 0x0374 AmdK8 - ok
    07:39:20.0781 0x0374 amsint - ok
    07:39:20.0796 0x0374 anvsnddrv - ok
    07:39:20.0843 0x0374 [ C1C6EA3F8ACD2A9818C0A73A5F63B9B6, 739FFF33CBBC4F8E8613906760D36286AB249A5C4004BF000D76CABB48D35433 ] Apowersoft_AudioDevice C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys
    07:39:20.0859 0x0374 Apowersoft_AudioDevice - ok
    07:39:21.0015 0x0374 [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    07:39:21.0031 0x0374 Apple Mobile Device - ok
    07:39:21.0031 0x0374 AppMgmt - ok
    07:39:21.0046 0x0374 asc - ok
    07:39:21.0062 0x0374 asc3350p - ok
    07:39:21.0078 0x0374 asc3550 - ok
    07:39:21.0250 0x0374 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    07:39:21.0281 0x0374 aspnet_state - ok
    07:39:21.0312 0x0374 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    07:39:21.0312 0x0374 AsyncMac - ok
    07:39:21.0375 0x0374 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    07:39:21.0390 0x0374 atapi - ok
    07:39:21.0406 0x0374 Atdisk - ok
    07:39:21.0421 0x0374 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    07:39:21.0437 0x0374 Atmarpc - ok
    07:39:21.0468 0x0374 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    07:39:21.0468 0x0374 AudioSrv - ok
    07:39:21.0531 0x0374 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    07:39:21.0546 0x0374 audstub - ok
    07:39:21.0562 0x0374 AvgLdx86 - ok
    07:39:21.0562 0x0374 AvgMfx86 - ok
    07:39:21.0578 0x0374 AvgTdiX - ok
    07:39:21.0656 0x0374 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    07:39:21.0671 0x0374 Beep - ok
    07:39:21.0781 0x0374 [ F13D1AA04F1F02399EB87F011584B7C0, 92E8FACAEDA7A36424ABDF2F2096F9980E140D8312706E541BD9D363B6572BC7 ] BITS C:\WINDOWS\system32\qmgr.dll
    07:39:21.0875 0x0374 BITS - ok
    07:39:22.0000 0x0374 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    07:39:22.0078 0x0374 Bonjour Service - ok
    07:39:22.0156 0x0374 [ 7E39A3EDC13B076E70FDB9A6F6D7A4B4, 08EDBC3996F7104D4C259ADDA6672D1C37C547BA4DCE590C1FF749D23B8C403B ] Browser C:\WINDOWS\System32\browser.dll
    07:39:22.0375 0x0374 Browser - ok
    07:39:22.0406 0x0374 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    07:39:22.0406 0x0374 cbidf2k - ok
    07:39:22.0437 0x0374 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    07:39:22.0453 0x0374 CCDECODE - ok
    07:39:22.0468 0x0374 cd20xrnt - ok
    07:39:22.0500 0x0374 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    07:39:22.0515 0x0374 Cdaudio - ok
    07:39:22.0546 0x0374 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    07:39:22.0546 0x0374 Cdfs - ok
    07:39:22.0625 0x0374 [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    07:39:22.0687 0x0374 Cdrom - ok
    07:39:22.0781 0x0374 [ 61305C679E5766A03A09C0E966939206, E85EC9D23C81A2F8C08B439FA34F43C475A26C38DF4B4B40758CFC0D64C50C17 ] CFRMD C:\WINDOWS\system32\DRIVERS\CFRMD.sys
    07:39:22.0781 0x0374 CFRMD - ok
    07:39:22.0796 0x0374 Changer - ok
    07:39:22.0828 0x0374 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
    07:39:22.0828 0x0374 CiSvc - ok
    07:39:22.0859 0x0374 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    07:39:22.0859 0x0374 ClipSrv - ok
    07:39:22.0937 0x0374 [ E7FEED85EBA61455717A421E55217428, 26B1129601A49BB40B8A01BB8B3F1002F05C6189DDBD44DA889CA7C5B76CDCB3 ] CLPSLauncher C:\Program Files\Common Files\COMODO\launcher_service.exe
    07:39:22.0937 0x0374 CLPSLauncher - ok
    07:39:23.0015 0x0374 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    07:39:23.0078 0x0374 clr_optimization_v2.0.50727_32 - ok
    07:39:23.0171 0x0374 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    07:39:23.0234 0x0374 clr_optimization_v4.0.30319_32 - ok
    07:39:24.0265 0x0374 [ DFACF6F69457E3EE2CE81EDCB4693674, E04CA54BCF6C75C6382423A5BC965744E76EB67E6448C1094AD4C4DBE02670DB ] CmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    07:39:24.0468 0x0374 CmdAgent - ok
    07:39:24.0562 0x0374 [ 5C634AABDD28F349C6457BEEE84D4D7B, 2227EC6C47CCD7B82744AB4976D065887967710E7E37CB5567916702BF7FA008 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
    07:39:24.0562 0x0374 cmderd - ok
    07:39:24.0687 0x0374 [ 16F731584ECBA307EB4AD9C4D8507B27, D309691DDE199137367FAD32F730CFD21A498E7498E91BCAAB772F5472A06F14 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
    07:39:24.0718 0x0374 cmdGuard - ok
    07:39:24.0750 0x0374 [ 1FAAF13D85A36D448238F53C42FE7A67, 09B23F591291C53616EF28E8D4842707AB9E445BA3D2D74BEAC98C7C2AF2D430 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
    07:39:24.0750 0x0374 cmdHlp - ok
    07:39:24.0765 0x0374 CmdIde - ok
    07:39:25.0093 0x0374 [ A665EF912EEFD99EA557C6AB35CA1021, D8B53E70DF25E036F02D3707CF18ED2980F42A99D655230A9F7804E5F5D4BAB4 ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
    07:39:25.0406 0x0374 cmdvirth - ok
    07:39:25.0421 0x0374 COMSysApp - ok
    07:39:25.0453 0x0374 Cpqarray - ok
    07:39:25.0500 0x0374 cpuz132 - ok
    07:39:25.0562 0x0374 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    07:39:25.0578 0x0374 CryptSvc - ok
    07:39:25.0593 0x0374 dac2w2k - ok
    07:39:25.0609 0x0374 dac960nt - ok
    07:39:25.0671 0x0374 [ 429C06453A89C59FF038CDF5044C3617, C172D51E5A0C685931B07E5506EBF1D88CCA1C8CE114642015A65B5235E1DDC1 ] DaShenAudio_simple C:\WINDOWS\system32\drivers\DaShenAudio.sys
    07:39:25.0921 0x0374 DaShenAudio_simple - ok
    07:39:25.0984 0x0374 [ 58F25291031DE092C19F0E9320A23296, 3FF1568CC5E746C9196C2BF3D5CBF304B4D6CBAF3A36B438C95AB073EF0D670A ] DbusAudio C:\WINDOWS\system32\drivers\DbusAudio.sys
    07:39:26.0203 0x0374 DbusAudio - ok
    07:39:26.0234 0x0374 [ D67CE2951CD6C85C82949664701A9B7B, 7D314616883A216EB4BCD5033D4C9A08FEF0D90A935A96ECD1132E2E34839DD3 ] DbusVideo C:\WINDOWS\system32\DRIVERS\DbusVideo.sys
    07:39:26.0468 0x0374 DbusVideo - ok
    07:39:26.0593 0x0374 [ 9222562D44021B988B9F9F62207FB6F2, AB92E30C03536D174DA896D0BFA076020B15C2D0CDD4BADE5469EA0198704039 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    07:39:26.0609 0x0374 DcomLaunch - ok
    07:39:26.0640 0x0374 [ C51DE19619D50CBD03708647ACA10E70, 701869D644DB6EDDF5016DBC86F1B799FFDDEA3CBA35203C6C417DB5B6E89597 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    07:39:26.0656 0x0374 Dhcp - ok
    07:39:26.0687 0x0374 [ 47B6AAEC570F2C11D8BAD80A064D8ED1, 83AAFD7D2E44BAD967430AF72ABEC3E8F2985BAF71D06ADFC2B92EC4CD644012 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    07:39:26.0921 0x0374 Disk - ok
    07:39:27.0437 0x0374 [ BED6C434543F09868689D4720EE03C97, ED6F1BDA7E1CCF0893CE282AC38EC807E2A2E44FBD66433420C335197713B939 ] Diskeeper C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
    07:39:27.0859 0x0374 Diskeeper - ok
    07:39:27.0921 0x0374 [ 15919F538DA1C44DE65C7E079F968806, FDA534A8640E03DAC5E93C18C36DE7F5FBDBE368A493867AB7535C4477289E7A ] DKDFM C:\WINDOWS\system32\drivers\DKDFM.sys
    07:39:27.0921 0x0374 DKDFM - ok
    07:39:27.0968 0x0374 [ 6302AE9BF87AA4FFBF03ECD7395454C1, 2569F87428E12C9838BC2A7A2077E6ABA16AAEB5AB36DFAB3BCEF513569FD1BB ] DKRtWrt C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys
    07:39:27.0984 0x0374 DKRtWrt - ok
    07:39:28.0000 0x0374 [ 67F57907F48861A5B26A236A110A426E, DFBA60E77F63AF1781D2E97F07555867211D3CF1F9096AFAE1AE8283AF9836A7 ] DKTLFSMF C:\WINDOWS\system32\drivers\DKTLFSMF.sys
    07:39:28.0015 0x0374 DKTLFSMF - ok
    07:39:28.0015 0x0374 dmadmin - ok
    07:39:28.0187 0x0374 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    07:39:28.0343 0x0374 dmboot - ok
    07:39:28.0406 0x0374 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    07:39:28.0437 0x0374 dmio - ok
    07:39:28.0468 0x0374 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    07:39:28.0468 0x0374 dmload - ok
    07:39:28.0484 0x0374 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
    07:39:28.0500 0x0374 dmserver - ok
    07:39:28.0546 0x0374 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    07:39:28.0562 0x0374 DMusic - ok
    07:39:28.0593 0x0374 [ FE120AC2244572B2FA4023B7270E956E, FA6591480B0B89507A10A49B7344D535513D6304C49F8DD6EDFA9E2CF73C87D7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    07:39:28.0765 0x0374 Dnscache - ok
    07:39:28.0828 0x0374 [ B4109C8C3D54C83246997A777724F318, 5ADD03B169498CBE4550C1FDD0D7E1E51C97A1DB117BCA8581A5CFDEED8EF1D3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    07:39:28.0859 0x0374 Dot3svc - ok
    07:39:28.0875 0x0374 dpti2o - ok
    07:39:29.0312 0x0374 [ 803569711F5976AD4A1469A091617946, 9FCFAE663992126B43EF9C729172A27D0B10CA758251D687430361D3A08BB4E2 ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
    07:39:30.0046 0x0374 DragonUpdater - ok
    07:39:30.0109 0x0374 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    07:39:30.0109 0x0374 drmkaud - ok
    07:39:30.0156 0x0374 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
    07:39:30.0171 0x0374 EapHost - ok
    07:39:30.0265 0x0374 [ D57F1811D8258D8D277CD9F53657EEF9, 2C7732DA3DCFC82F60F063F2EC9FA09F9D38D5CFBE80C850DED44DE43BDB666D ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
    07:39:30.0500 0x0374 epmntdrv - ok
    07:39:30.0531 0x0374 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
    07:39:30.0546 0x0374 ERSvc - ok
    07:39:30.0578 0x0374 [ F1DE3EEF501DDA7DDF99F2EDF0C5540E, 8D604553A3F5DB03BFFD50473ECB6F05EBCFCC6B5E1F149322830DBD6C806866 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
    07:39:30.0593 0x0374 EuGdiDrv - ok
    07:39:30.0656 0x0374 [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] Eventlog C:\WINDOWS\system32\services.exe
    07:39:30.0656 0x0374 Eventlog - ok
    07:39:30.0703 0x0374 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC, 51EDCDEB437A8984C086CC19C25958CBF0B8EB18FEA21173D1DCCDC39B6E64E1 ] EventSystem C:\WINDOWS\system32\es.dll
    07:39:30.0765 0x0374 EventSystem - ok
    07:39:30.0828 0x0374 [ 4D893323DAE445E34A4C9038B0551BC9, 39EE6D1EA496568368F7E8167EFE444CAEDD34A760EC9107EC383D8D17485EFD ] exFat C:\WINDOWS\system32\drivers\exFat.sys
    07:39:31.0109 0x0374 exFat - ok
    07:39:31.0171 0x0374 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    07:39:31.0203 0x0374 Fastfat - ok
    07:39:31.0296 0x0374 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    07:39:31.0312 0x0374 FastUserSwitchingCompatibility - ok
    07:39:31.0359 0x0374 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    07:39:31.0359 0x0374 Fdc - ok
    07:39:31.0406 0x0374 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    07:39:31.0421 0x0374 Fips - ok
    07:39:31.0437 0x0374 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    07:39:31.0453 0x0374 Flpydisk - ok
    07:39:31.0515 0x0374 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    07:39:31.0515 0x0374 FltMgr - ok
    07:39:31.0593 0x0374 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    07:39:31.0609 0x0374 FontCache3.0.0.0 - ok
    07:39:31.0640 0x0374 [ 30D42943A54704EF13E2562911DBFCEA, 6E0904E60A2F8B62BD34E5EDA2DA2240DFBCE1288C58CB4D819F0025ECF76763 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    07:39:31.0828 0x0374 Fs_Rec - ok
    07:39:31.0875 0x0374 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    07:39:31.0875 0x0374 Ftdisk - ok
    07:39:31.0921 0x0374 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    07:39:31.0937 0x0374 GEARAspiWDM - ok
    07:39:32.0421 0x0374 [ 39B47A50DC3D5E898298468307765710, 06268FF65CF69E2B0822477C2D1DA44721B1ADBE4F06C0D3AC0B70C2A18D8DC6 ] GeekBuddyRSP C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
    07:39:32.0843 0x0374 GeekBuddyRSP - ok
    07:39:32.0921 0x0374 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    07:39:32.0937 0x0374 Gpc - ok
    07:39:33.0015 0x0374 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    07:39:33.0046 0x0374 HDAudBus - ok
    07:39:33.0171 0x0374 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    07:39:33.0171 0x0374 helpsvc - ok
    07:39:33.0218 0x0374 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
    07:39:33.0234 0x0374 HidServ - ok
    07:39:33.0265 0x0374 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    07:39:33.0265 0x0374 HidUsb - ok
    07:39:33.0328 0x0374 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    07:39:33.0359 0x0374 hkmsvc - ok
    07:39:33.0406 0x0374 [ 0E69D8294A78C7AB4A7CEE1F5F9D2546, E121E60DD8A3C2C0FD696F02490E4E09DDBB285521BCA79A74FD94FEE743808C ] HMD C:\WINDOWS\system32\DRIVERS\hmd.sys
    07:39:33.0640 0x0374 HMD - ok
    07:39:33.0656 0x0374 hpn - ok
    07:39:33.0734 0x0374 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    07:39:33.0796 0x0374 HTTP - ok
    07:39:33.0843 0x0374 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    07:39:33.0859 0x0374 HTTPFilter - ok
    07:39:33.0859 0x0374 i2omgmt - ok
    07:39:33.0875 0x0374 i2omp - ok
    07:39:33.0921 0x0374 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    07:39:33.0921 0x0374 i8042prt - ok
    07:39:34.0140 0x0374 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    07:39:34.0359 0x0374 idsvc - ok
    07:39:34.0437 0x0374 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    07:39:34.0453 0x0374 Imapi - ok
    07:39:34.0515 0x0374 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
    07:39:34.0546 0x0374 ImapiService - ok
    07:39:34.0562 0x0374 ini910u - ok
    07:39:34.0640 0x0374 [ F84E7F907434450B00E753D44AEC8EAA, A4C0C5230471B3D3FF4AA4B76A8E5F3986DD8FB8C2A2E180CDF216216FC8B10A ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
    07:39:34.0656 0x0374 Inspect - ok
    07:39:35.0703 0x0374 [ 9FD8007927E633F2C581809F11048B22, 5764ACA5EEAE9DE4F8E919C37CAA9EA79F1D7EAB1D35E61B93F1EEE621EDF07B ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    07:39:37.0187 0x0374 IntcAzAudAddService - ok
    07:39:37.0250 0x0374 IntelIde - ok
    07:39:37.0281 0x0374 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    07:39:37.0281 0x0374 Ip6Fw - ok
    07:39:37.0328 0x0374 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    07:39:37.0343 0x0374 IpFilterDriver - ok
    07:39:37.0359 0x0374 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    07:39:37.0375 0x0374 IpInIp - ok
    07:39:37.0406 0x0374 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    07:39:37.0437 0x0374 IpNat - ok
    07:39:37.0484 0x0374 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    07:39:37.0500 0x0374 IPSec - ok
    07:39:37.0531 0x0374 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    07:39:37.0531 0x0374 IRENUM - ok
    07:39:37.0578 0x0374 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    07:39:37.0593 0x0374 isapnp - ok
    07:39:37.0656 0x0374 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    07:39:37.0671 0x0374 Kbdclass - ok
    07:39:37.0718 0x0374 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    07:39:37.0750 0x0374 kbdhid - ok
    07:39:37.0812 0x0374 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    07:39:37.0843 0x0374 kmixer - ok
    07:39:37.0890 0x0374 [ C6EBF1D6AD71DF30DB49B8D3287E1368, 09A8F5BCE774BA8881195AB390692048C3B05EDC8C0BF3ACBC673FD391A29D72 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    07:39:37.0906 0x0374 KSecDD - ok
    07:39:37.0968 0x0374 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    07:39:38.0171 0x0374 LanmanServer - ok
    07:39:38.0265 0x0374 [ 3B9324D60DD321BAB7BF6F77931D3FD1, 060F32C57CF9ABE9039CDD51A7CA9DE33ED407E17ECA20DAA3AB0F795E798511 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    07:39:38.0296 0x0374 lanmanworkstation - ok
    07:39:38.0312 0x0374 lbrtfdc - ok
    07:39:38.0406 0x0374 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    07:39:38.0406 0x0374 LmHosts - ok
    07:39:38.0531 0x0374 [ BA1347822D01B2D29C14CF09663A6457, AF300C059017CA06FA7D0DC5E148159A6EE509CEF9DC6E90557BA38ACF3185E8 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
    07:39:38.0593 0x0374 LVRS - ok
    07:39:38.0625 0x0374 [ 6DFE7F2E8E8A337263AA5C92A215F161, 4F40CF8B2BD6023C1C238240CBD12351B06EDB586F8A0B28CECBE15A69637B2F ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    07:39:38.0828 0x0374 MBAMProtector - ok
    07:39:39.0000 0x0374 [ 43683E970F008C93C9429EF428147A54, 43DA75CC34423E045E811DD339295B56E785756D9E54BF2DF2B5489BBDD51216 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    07:39:39.0312 0x0374 MBAMService - ok
    07:39:39.0390 0x0374 [ 894B552E5579E5BA740B597F9642006C, 107E6452C7C7141865BF13D5BCB843B072E8F24FF4C106300446BBFBAFA9EA56 ] MDA_NTDRV C:\WINDOWS\system32\MDA_NTDRV.sys
    07:39:39.0390 0x0374 MDA_NTDRV - ok
    07:39:39.0609 0x0374 [ 690B8DE37E8D57A43C17B49AA40CAA3D, E193986843574F564E43A156A939CE3C5DA0CFBD94A97FA9D2B3D525420C287B ] MF NTFS Monitor C:\DOCUME~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE
    07:39:40.0015 0x0374 MF NTFS Monitor - ok
    07:39:40.0078 0x0374 [ F241E02A2B54C935C287DD1A48854A24, 12756AB28E12B1F743A7C52655A2B0D9A797404B09398B95D6FA5CCA6CEB523C ] mfmonitor C:\WINDOWS\system32\DRIVERS\mfmonitor_x86.sys
    07:39:40.0343 0x0374 mfmonitor - ok
    07:39:40.0421 0x0374 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    07:39:40.0437 0x0374 Modem - ok
    07:39:40.0718 0x0374 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
    07:39:41.0000 0x0374 Monfilt - ok
    07:39:41.0062 0x0374 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    07:39:41.0062 0x0374 Mouclass - ok
    07:39:41.0093 0x0374 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    07:39:41.0093 0x0374 mouhid - ok
    07:39:41.0109 0x0374 [ 1A1FAA5102466F418494E94FF9B0B091, 0E2145D001178095C46C34FD05BE3587B6440AEF6E2A301A50F5C357504BC95F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    07:39:41.0390 0x0374 MountMgr - ok
    07:39:41.0500 0x0374 [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    07:39:41.0796 0x0374 MozillaMaintenance - ok
    07:39:41.0812 0x0374 mraid35x - ok
    07:39:41.0859 0x0374 [ 65E818C473E220B6AB762E1966296FD1, 1E2C606A3F91F1F1043C1CF46A044502F631BF20D6826A1AFD53F88E490EE7EE ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    07:39:42.0171 0x0374 MRxDAV - ok
    07:39:42.0281 0x0374 [ FB7DFD15D760AD339837A470F0E780D3, 2E087BE9F57202B3564D20AB0645FD18F1F2AC687040410EC6298B0CF3757087 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    07:39:42.0328 0x0374 MRxSmb - ok
    07:39:42.0390 0x0374 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    07:39:42.0390 0x0374 MSDTC - ok
    07:39:42.0437 0x0374 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    07:39:42.0437 0x0374 Msfs - ok
    07:39:42.0453 0x0374 MSIServer - ok
    07:39:42.0500 0x0374 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    07:39:42.0515 0x0374 MSKSSRV - ok
    07:39:42.0531 0x0374 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    07:39:42.0531 0x0374 MSPCLOCK - ok
    07:39:42.0562 0x0374 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    07:39:42.0562 0x0374 MSPQM - ok
    07:39:42.0609 0x0374 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    07:39:42.0609 0x0374 mssmbios - ok
    07:39:42.0656 0x0374 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    07:39:42.0656 0x0374 MSTEE - ok
    07:39:42.0687 0x0374 [ 6546FE6639499FA4BEF180BDF08266A1, 7DBC0171CD3D5BA888CA4DC9A1668F5D05F7320A373A06BA620EE1180525703A ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    07:39:42.0937 0x0374 Mup - ok
    07:39:42.0984 0x0374 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    07:39:43.0000 0x0374 NABTSFEC - ok
    07:39:43.0078 0x0374 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
    07:39:43.0140 0x0374 napagent - ok
    07:39:43.0203 0x0374 [ B5B1080D35974C0E718D64280761BCD5, C12C8FF5AE344381FAA413FC05E273B856D5D9151C2C69898C54D32B393EE1A4 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    07:39:43.0218 0x0374 NDIS - ok
    07:39:43.0265 0x0374 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    07:39:43.0265 0x0374 NdisIP - ok
    07:39:43.0312 0x0374 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    07:39:43.0312 0x0374 NdisTapi - ok
    07:39:43.0390 0x0374 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    07:39:43.0390 0x0374 Ndisuio - ok
    07:39:43.0421 0x0374 [ B053A8411045FD0664B389A090CB2BBC, 6EC2E4C9EACB71AFF2CDA0C6DF8B635268328B8BC31D2F9754140A18BF4D5B7F ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    07:39:43.0437 0x0374 NdisWan - ok
    07:39:43.0500 0x0374 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    07:39:43.0687 0x0374 NDProxy - ok
    07:39:43.0703 0x0374 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    07:39:43.0718 0x0374 NetBIOS - ok
    07:39:43.0781 0x0374 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    07:39:43.0812 0x0374 NetBT - ok
    07:39:43.0875 0x0374 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
    07:39:43.0906 0x0374 NetDDE - ok
    07:39:43.0937 0x0374 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    07:39:43.0937 0x0374 NetDDEdsdm - ok
    07:39:43.0984 0x0374 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
    07:39:43.0984 0x0374 Netlogon - ok
    07:39:44.0046 0x0374 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
    07:39:44.0062 0x0374 Netman - ok
    07:39:44.0125 0x0374 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    07:39:44.0218 0x0374 NetTcpPortSharing - ok
    07:39:44.0296 0x0374 [ 290C1A30DEFC723BBE10910AC2D6F6D0, B9CC2882B2A8F27B77FB6291471E07574281A16AAF14DC5D4B97BE7A4589CB59 ] Nla C:\WINDOWS\System32\mswsock.dll
    07:39:44.0328 0x0374 Nla - ok
    07:39:44.0343 0x0374 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    07:39:44.0359 0x0374 Npfs - ok
    07:39:44.0500 0x0374 [ AE8CAD8F28DB13B515A68510A539B0B8, 3889CBF5B2A9AFCD5D46A2B472B3BE30584C0C1105E12C608EBF07D7B209F54A ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    07:39:44.0843 0x0374 Ntfs - ok
    07:39:44.0859 0x0374 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    07:39:44.0859 0x0374 NtLmSsp - ok
    07:39:44.0953 0x0374 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    07:39:45.0046 0x0374 NtmsSvc - ok
    07:39:45.0093 0x0374 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
    07:39:45.0093 0x0374 Null - ok
    07:39:46.0984 0x0374 [ CB0CE8DE9F66A297CD86EB98921B8E58, 171A23DDBCB33E5327009E9B75D7726ECEE62152EF30C438CC12D6D009F91A36 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    07:39:49.0468 0x0374 nv - ok
    07:39:49.0562 0x0374 [ C03E15101F6D9E82CD9B0E7D715F5DE3, A4BE217D24C652D4A80A9EDF3A443888F5FCE7EE53725F42212959ECEB9685C4 ] nvatabus C:\WINDOWS\system32\drivers\nvatabus.sys
    07:39:49.0578 0x0374 nvatabus - ok
    07:39:49.0656 0x0374 [ 7D275ECDA4628318912F6C945D5CF963, 78C5125F5A9B5EE1A5AC394BB0D9EDA954EB35103B588B6A98D41E2C32354A96 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    07:39:49.0656 0x0374 NVENETFD - ok
    07:39:49.0718 0x0374 [ B64AACEFAD2BE5BFF5353FE681253C67, A4D81BF67E6D4DBD559C27C8103277D30DA5B37269E0FD6571FC273DA21E892F ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    07:39:49.0734 0x0374 nvnetbus - ok
    07:39:49.0828 0x0374 [ 1F31A588CC83A7B76715F9549515C161, 8F04A6D6192D52BB92B5A2BC7C7EAF2B834ED8336D9170932D1F6C25A46571A0 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
    07:39:49.0843 0x0374 nvsvc - ok
    07:39:49.0890 0x0374 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    07:39:49.0890 0x0374 NwlnkFlt - ok
    07:39:49.0906 0x0374 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    07:39:49.0921 0x0374 NwlnkFwd - ok
    07:39:49.0984 0x0374 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    07:39:50.0000 0x0374 Parport - ok
    07:39:50.0015 0x0374 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    07:39:50.0015 0x0374 PartMgr - ok
    07:39:50.0062 0x0374 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    07:39:50.0078 0x0374 ParVdm - ok
    07:39:50.0109 0x0374 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
     
  6. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    07:39:50.0125 0x0374 PCI - ok
    07:39:50.0140 0x0374 PCIDump - ok
    07:39:50.0156 0x0374 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    07:39:50.0156 0x0374 PCIIde - ok
    07:39:50.0187 0x0374 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    07:39:50.0218 0x0374 Pcmcia - ok
    07:39:50.0234 0x0374 PDCOMP - ok
    07:39:50.0234 0x0374 PDFRAME - ok
    07:39:50.0250 0x0374 PDRELI - ok
    07:39:50.0265 0x0374 PDRFRAME - ok
    07:39:50.0281 0x0374 perc2 - ok
    07:39:50.0296 0x0374 perc2hib - ok
    07:39:50.0375 0x0374 [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] PlugPlay C:\WINDOWS\system32\services.exe
    07:39:50.0375 0x0374 PlugPlay - ok
    07:39:50.0390 0x0374 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    07:39:50.0406 0x0374 PolicyAgent - ok
    07:39:50.0437 0x0374 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    07:39:50.0453 0x0374 PptpMiniport - ok
    07:39:50.0468 0x0374 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    07:39:50.0468 0x0374 ProtectedStorage - ok
    07:39:50.0500 0x0374 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    07:39:50.0531 0x0374 PSched - ok
    07:39:50.0546 0x0374 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    07:39:50.0562 0x0374 Ptilink - ok
    07:39:50.0578 0x0374 ql1080 - ok
    07:39:50.0578 0x0374 Ql10wnt - ok
    07:39:50.0593 0x0374 ql12160 - ok
    07:39:50.0609 0x0374 ql1240 - ok
    07:39:50.0625 0x0374 ql1280 - ok
    07:39:50.0640 0x0374 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    07:39:50.0640 0x0374 RasAcd - ok
    07:39:50.0703 0x0374 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
    07:39:50.0718 0x0374 RasAuto - ok
    07:39:50.0765 0x0374 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    07:39:50.0765 0x0374 Rasl2tp - ok
    07:39:50.0828 0x0374 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
    07:39:50.0875 0x0374 RasMan - ok
    07:39:50.0890 0x0374 [ 2C9D4620A0FD35DE1828370B392F6E2D, FAC9DFC34CDC4194B3724D0A2B64BD5CB3823F15B654CA7B7673917E9F0792A4 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    07:39:51.0109 0x0374 RasPppoe - ok
    07:39:51.0125 0x0374 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    07:39:51.0125 0x0374 Raspti - ok
    07:39:51.0171 0x0374 [ 77050C6615F6EB5402F832B27FD695E0, 8BEDCB0687349DAEA3DDEA04857A03BF8EAB73F2651170E6EE3D7A4838BACE90 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    07:39:51.0531 0x0374 Rdbss - ok
    07:39:51.0546 0x0374 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    07:39:51.0562 0x0374 RDPCDD - ok
    07:39:51.0625 0x0374 [ C7D9BC54354B8C706ABF172D48313F1B, 48065B6914F29AAA3010CCBC78A3ED4ADC25C98D2E6778559DCCF986FA36E21E ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    07:39:51.0656 0x0374 RDPWD - ok
    07:39:51.0718 0x0374 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    07:39:51.0750 0x0374 RDSessMgr - ok
    07:39:51.0796 0x0374 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    07:39:51.0812 0x0374 redbook - ok
    07:39:51.0875 0x0374 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    07:39:51.0890 0x0374 RemoteAccess - ok
    07:39:51.0921 0x0374 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
    07:39:51.0953 0x0374 RpcLocator - ok
    07:39:52.0046 0x0374 [ 9222562D44021B988B9F9F62207FB6F2, AB92E30C03536D174DA896D0BFA076020B15C2D0CDD4BADE5469EA0198704039 ] RpcSs C:\WINDOWS\system32\rpcss.dll
    07:39:52.0078 0x0374 RpcSs - ok
    07:39:52.0156 0x0374 [ 743D7D59767073A617B1DCC6C546F234, DE08EEC475F97F616BACF125B441B3542CEA3B017E2E98D94BE9FB1E13D13C99 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
    07:39:52.0375 0x0374 rspndr - ok
    07:39:52.0437 0x0374 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
    07:39:52.0484 0x0374 RSVP - ok
    07:39:52.0531 0x0374 SABKUTIL - ok
    07:39:52.0531 0x0374 SABProcEnum - ok
    07:39:52.0578 0x0374 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
    07:39:52.0578 0x0374 SamSs - ok
    07:39:52.0640 0x0374 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    07:39:52.0671 0x0374 SCardSvr - ok
    07:39:52.0750 0x0374 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    07:39:52.0781 0x0374 Schedule - ok
    07:39:52.0859 0x0374 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    07:39:52.0890 0x0374 Secdrv - ok
    07:39:52.0937 0x0374 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
    07:39:52.0937 0x0374 seclogon - ok
    07:39:52.0968 0x0374 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
    07:39:52.0984 0x0374 SENS - ok
    07:39:53.0015 0x0374 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    07:39:53.0031 0x0374 Serial - ok
    07:39:53.0093 0x0374 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    07:39:53.0109 0x0374 Sfloppy - ok
    07:39:53.0218 0x0374 [ 4F10A2FA76B5BD54CD68AFA94E8ADB39, 768BD6CFE2BD5F0D9D9CBB6A4BE3FAB690AFB1FF77444C5219D9A36080256481 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    07:39:53.0515 0x0374 SharedAccess - ok
    07:39:53.0578 0x0374 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    07:39:53.0609 0x0374 ShellHWDetection - ok
    07:39:53.0609 0x0374 Simbad - ok
    07:39:53.0687 0x0374 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    07:39:53.0718 0x0374 SkypeUpdate - ok
    07:39:53.0750 0x0374 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    07:39:53.0750 0x0374 SLIP - ok
    07:39:53.0765 0x0374 Sparrow - ok
    07:39:53.0828 0x0374 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    07:39:53.0828 0x0374 splitter - ok
    07:39:53.0890 0x0374 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    07:39:54.0109 0x0374 Spooler - ok
    07:39:54.0140 0x0374 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    07:39:54.0156 0x0374 sr - ok
    07:39:54.0218 0x0374 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
    07:39:54.0265 0x0374 srservice - ok
    07:39:54.0328 0x0374 [ 9B390283569EA58D43D2586032B892F5, FADC0AD9D8F715290F02A6A59B284A6AD53C5BD13933B1D3ECC03C558C9D5885 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    07:39:54.0421 0x0374 Srv - ok
    07:39:54.0468 0x0374 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    07:39:54.0500 0x0374 SSDPSRV - ok
    07:39:54.0625 0x0374 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    07:39:54.0703 0x0374 stisvc - ok
    07:39:54.0734 0x0374 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    07:39:54.0750 0x0374 streamip - ok
    07:39:54.0796 0x0374 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    07:39:54.0796 0x0374 swenum - ok
    07:39:54.0828 0x0374 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    07:39:54.0843 0x0374 swmidi - ok
    07:39:54.0859 0x0374 symc810 - ok
    07:39:54.0859 0x0374 symc8xx - ok
    07:39:54.0875 0x0374 sym_hi - ok
    07:39:54.0890 0x0374 sym_u3 - ok
    07:39:54.0921 0x0374 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    07:39:54.0937 0x0374 sysaudio - ok
    07:39:54.0984 0x0374 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    07:39:55.0015 0x0374 SysmonLog - ok
    07:39:55.0828 0x0374 [ 629021756C8FC4C579849A823C471CB3, 09C6D3FB5D95E79202DCCE79A2CEA72000B6D4D80AC79D106C1213823352C6A8 ] TabletServicePen C:\WINDOWS\system32\Pen_Tablet.exe
    07:39:57.0062 0x0374 TabletServicePen - ok
    07:39:57.0140 0x0374 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719, AEB6D9616BC7083BEF1D199CC7E0307DDF9A63541E60380697749F7B6497E847 ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
    07:39:57.0343 0x0374 taphss - ok
    07:39:57.0437 0x0374 [ E2B32B10ACC5D97623275AAFB67E5F03, 470EE68D78D09DD924CDC34E607801EB31C3E1482A823923D4324A36A0F96E2B ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    07:39:57.0781 0x0374 TapiSrv - ok
    07:39:57.0875 0x0374 [ 367DE8E5F638C091F49273144274F629, 4285BB499ECE306531BFDAA023E31557EAD73CB2FE8B3C7891D519F138C8FA86 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    07:39:58.0296 0x0374 Tcpip - ok
    07:39:58.0343 0x0374 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    07:39:58.0343 0x0374 TDPIPE - ok
    07:39:58.0390 0x0374 [ C0578456F29E5F26285F81B7B71FE57D, D1744D3C242E014EBB242FFA2F21AE9398D7568A23E443855A94DF14D1A72885 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    07:39:58.0562 0x0374 TDTCP - ok
    07:39:58.0609 0x0374 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    07:39:58.0609 0x0374 TermDD - ok
    07:39:58.0687 0x0374 [ 5128852A18AE46C387F87BF27DA4C9DD, C4E012E03067C2658AB89B0A673F2091CDD8D52673DBCE8699D27EACC4CF6CDA ] TermService C:\WINDOWS\System32\termsrv.dll
    07:39:58.0765 0x0374 TermService - ok
    07:39:58.0812 0x0374 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
    07:39:58.0812 0x0374 Themes - ok
    07:39:58.0828 0x0374 TosIde - ok
    07:39:58.0906 0x0374 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    07:39:58.0937 0x0374 TrkWks - ok
    07:39:58.0968 0x0374 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    07:39:58.0984 0x0374 Udfs - ok
    07:39:59.0000 0x0374 ultra - ok
    07:39:59.0109 0x0374 [ BB879DCFD22926EFBEB3298129898CBB, 2A24E6CD5D6E0CEA3082C0699A2371084CC1268B31BC714098EA0D0C11B3AFAC ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
    07:39:59.0296 0x0374 UnlockerDriver5 - ok
    07:39:59.0406 0x0374 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    07:39:59.0484 0x0374 Update - ok
    07:39:59.0531 0x0374 Update Framed Display - ok
    07:39:59.0578 0x0374 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
    07:39:59.0625 0x0374 upnphost - ok
    07:39:59.0656 0x0374 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
    07:39:59.0656 0x0374 UPS - ok
    07:39:59.0718 0x0374 [ E919708DB44ED8543A7C017953148330, 226D032912D396117213FC29CD0BB5A8B2F872DD91D92F254F2F1FE392481B61 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    07:39:59.0734 0x0374 usbaudio - ok
    07:39:59.0796 0x0374 [ C18D6C74953621346DF6B0A11F80C1CC, 4C1B3E8F3F658E356A955108FF84FB5C95244CB2A9D323AA0DFAEF92927C66C5 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    07:39:59.0984 0x0374 usbccgp - ok
    07:40:00.0015 0x0374 [ 52674B5DBEE499342A599C7771ABECAA, A8F3FB78DAB0E7187FD07CB7CEA72862DB4BC115F347ABEB9E155BB4CF34A671 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    07:40:00.0203 0x0374 usbehci - ok
    07:40:00.0218 0x0374 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    07:40:00.0234 0x0374 usbhub - ok
    07:40:00.0265 0x0374 [ C5E11CD822ADF0019A5A862D9C4E2222, 17BB70CD0D88ABE628E7CE4508E0F38511DAAFE33A50B483AC6B2CCAE3F3DEB7 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
    07:40:00.0484 0x0374 usbohci - ok
    07:40:00.0515 0x0374 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    07:40:00.0531 0x0374 usbstor - ok
    07:40:00.0578 0x0374 [ EE1C82338F2B831B2A863935C831DB21, 15E76058A4446245EA807A2BB62B3DA5D772980D37A317BC40C56D9D9ABF6C44 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    07:40:00.0890 0x0374 usbvideo - ok
    07:40:00.0921 0x0374 Util Framed Display - ok
    07:40:00.0953 0x0374 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    07:40:00.0968 0x0374 VgaSave - ok
    07:40:00.0984 0x0374 ViaIde - ok
    07:40:01.0031 0x0374 [ 9F8A0D0CBB2FA265A754516128C00E22, 906678898949399FA484FE45E5663CC678BEFDF69694CA1D5433093F87EF66A8 ] W32Time C:\WINDOWS\system32\w32time.dll
    07:40:01.0062 0x0374 W32Time - ok
    07:40:01.0125 0x0374 [ 427A8BC96F16C40DF81C2D2F4EDD32DD, C65B089140D4A7218FC5B6EEDCCE498DF1F71BBE375762C9092FAC02CAE1CEC7 ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
    07:40:01.0359 0x0374 wacommousefilter - ok
    07:40:01.0406 0x0374 [ 51D580F30D1A1F2EA4965AF6ABC2BCB2, 19DD805E733E04173F9699E829E08E3D89B7723D3404314467577FA565EA25CE ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
    07:40:01.0640 0x0374 wacomvhid - ok
    07:40:01.0671 0x0374 [ 889459833432B161CB99CFDF84A1A9BB, 0E8AC800639D89CFE6248FCDD8CEC16AC73C27526E0E4BA70200542ADE50B5E5 ] WacomVKHid C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
    07:40:01.0906 0x0374 WacomVKHid - ok
    07:40:01.0953 0x0374 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    07:40:01.0968 0x0374 Wanarp - ok
    07:40:01.0984 0x0374 WDICA - ok
    07:40:02.0015 0x0374 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    07:40:02.0031 0x0374 wdmaud - ok
    07:40:02.0062 0x0374 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
    07:40:02.0093 0x0374 WebClient - ok
    07:40:02.0250 0x0374 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    07:40:02.0281 0x0374 winmgmt - ok
    07:40:02.0343 0x0374 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    07:40:02.0343 0x0374 WmdmPmSN - ok
    07:40:02.0406 0x0374 [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    07:40:02.0421 0x0374 WmiAcpi - ok
    07:40:02.0484 0x0374 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    07:40:02.0531 0x0374 WmiApSrv - ok
    07:40:02.0718 0x0374 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    07:40:02.0937 0x0374 WMPNetworkSvc - ok
    07:40:03.0140 0x0374 [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    07:40:03.0312 0x0374 WPFFontCache_v0400 - ok
    07:40:03.0406 0x0374 [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(1) C:\WINDOWS\system32\drivers\VirtualAudio1.sys
    07:40:03.0421 0x0374 WsAudio_Device(1) - ok
    07:40:03.0453 0x0374 [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(2) C:\WINDOWS\system32\drivers\VirtualAudio2.sys
    07:40:03.0468 0x0374 WsAudio_Device(2) - ok
    07:40:03.0484 0x0374 [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(3) C:\WINDOWS\system32\drivers\VirtualAudio3.sys
    07:40:03.0500 0x0374 WsAudio_Device(3) - ok
    07:40:03.0531 0x0374 [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(4) C:\WINDOWS\system32\drivers\VirtualAudio4.sys
    07:40:03.0531 0x0374 WsAudio_Device(4) - ok
    07:40:03.0546 0x0374 [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(5) C:\WINDOWS\system32\drivers\VirtualAudio5.sys
    07:40:03.0546 0x0374 WsAudio_Device(5) - ok
    07:40:03.0578 0x0374 [ 4160CBE59D9B5BE22E4C3897E8DB9D56, 8E79ED5925A803225DF4AE069F3FEE606A48BB2526E994BF9C4947543A580211 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
    07:40:03.0593 0x0374 WsAudio_DeviceS(1) - ok
    07:40:03.0609 0x0374 [ 4160CBE59D9B5BE22E4C3897E8DB9D56, 8E79ED5925A803225DF4AE069F3FEE606A48BB2526E994BF9C4947543A580211 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
    07:40:03.0625 0x0374 WsAudio_DeviceS(2) - ok
    07:40:03.0640 0x0374 [ 4160CBE59D9B5BE22E4C3897E8DB9D56, 8E79ED5925A803225DF4AE069F3FEE606A48BB2526E994BF9C4947543A580211 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
    07:40:03.0640 0x0374 WsAudio_DeviceS(3) - ok
    07:40:03.0656 0x0374 [ 4160CBE59D9B5BE22E4C3897E8DB9D56, 8E79ED5925A803225DF4AE069F3FEE606A48BB2526E994BF9C4947543A580211 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
    07:40:03.0671 0x0374 WsAudio_DeviceS(4) - ok
    07:40:03.0687 0x0374 [ 4160CBE59D9B5BE22E4C3897E8DB9D56, 8E79ED5925A803225DF4AE069F3FEE606A48BB2526E994BF9C4947543A580211 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
    07:40:03.0703 0x0374 WsAudio_DeviceS(5) - ok
    07:40:03.0750 0x0374 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    07:40:03.0781 0x0374 wscsvc - ok
    07:40:03.0828 0x0374 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    07:40:03.0828 0x0374 WSTCODEC - ok
    07:40:03.0921 0x0374 [ F37569C373A4475007835ED77593475C, D5FB6ED3E46BA32A3A4B0D553887E5B7B82F9A247B7CB5A888AD9A515CEDBE49 ] WTouchService C:\Program Files\WTouch\WTouchService.exe
    07:40:04.0140 0x0374 WTouchService - ok
    07:40:04.0203 0x0374 [ AAE1A6FFBA2B0436E91795120F48C461, B26EABDBB7E0E101643C0D68CBF2CB6A3DD7E685D939EBD1BFAD5E7AE8E352B7 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    07:40:04.0203 0x0374 wuauserv - ok
    07:40:04.0265 0x0374 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    07:40:04.0281 0x0374 WudfPf - ok
    07:40:04.0312 0x0374 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    07:40:04.0328 0x0374 WudfRd - ok
    07:40:04.0359 0x0374 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    07:40:04.0390 0x0374 WudfSvc - ok
    07:40:04.0500 0x0374 [ 349B8D2BB755E8C3B0E3E82A87663E55, 1C1F93C34527AA9C70694D2246829A48E54270063E16D04B357ACD0314B7EAD4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    07:40:04.0531 0x0374 WZCSVC - ok
    07:40:04.0593 0x0374 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    07:40:04.0625 0x0374 xmlprov - ok
    07:40:04.0640 0x0374 ================ Scan global ===============================
    07:40:04.0687 0x0374 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
    07:40:04.0796 0x0374 [ 6DC05976FB5B8E1358EAC8BEDFD1FA47, 2B3D44451AFB46179F1F841C45265465A8D668D76E19150DADE96ACCD7291779 ] C:\WINDOWS\system32\winsrv.dll
    07:40:05.0203 0x0374 [ 6DC05976FB5B8E1358EAC8BEDFD1FA47, 2B3D44451AFB46179F1F841C45265465A8D668D76E19150DADE96ACCD7291779 ] C:\WINDOWS\system32\winsrv.dll
    07:40:05.0265 0x0374 [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] C:\WINDOWS\system32\services.exe
    07:40:05.0281 0x0374 [ Global ] - ok
    07:40:05.0281 0x0374 ================ Scan MBR ==================================
    07:40:05.0328 0x0374 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    07:40:05.0640 0x0374 \Device\Harddisk0\DR0 - ok
    07:40:05.0640 0x0374 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR2
    07:40:05.0796 0x0374 \Device\Harddisk1\DR2 - ok
    07:40:06.0375 0x0374 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR3
    07:40:06.0406 0x0374 \Device\Harddisk2\DR3 - ok
    07:40:06.0406 0x0374 ================ Scan VBR ==================================
    07:40:06.0421 0x0374 [ A8642B0BD454ADBBFDACF1BDB67961CC ] \Device\Harddisk0\DR0\Partition1
    07:40:06.0468 0x0374 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
    07:40:06.0468 0x0374 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
    07:40:08.0968 0x0374 [ 1ABD7D6B020303D6AD2A4A1C2296261C ] \Device\Harddisk1\DR2\Partition1
    07:40:09.0031 0x0374 \Device\Harddisk1\DR2\Partition1 - ok
    07:40:09.0062 0x0374 [ 5D479012637ABB9D019E67D8986FC6A4 ] \Device\Harddisk2\DR3\Partition1
    07:40:09.0140 0x0374 \Device\Harddisk2\DR3\Partition1 - ok
    07:40:09.0140 0x0374 ================ Scan generic autorun ======================
    07:40:09.0218 0x0374 [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\WINDOWS\system32\NeroCheck.exe
    07:40:09.0250 0x0374 NeroFilterCheck - ok
    07:40:09.0265 0x0374 nwiz - ok
    07:40:09.0265 0x0374 NvMediaCenter - ok
    07:40:09.0281 0x0374 NvCplDaemon - ok
    07:40:12.0578 0x0374 [ A4590A4C7D3C517C91C44F68643B7408, 2AAF9FCD90866F4249CFF88A89E936E5934101662FA646615003418CAB63052B ] C:\WINDOWS\RTHDCPL.EXE
    07:40:16.0562 0x0374 RTHDCPL - ok
    07:40:16.0734 0x0374 [ 8FFDB89A0FB7C8ABC3A8825E38047341, B9107FAA3A885CD9A08C20F78D31C3642FA76812E417F41C4F2ADF7D90CA8C72 ] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    07:40:17.0078 0x0374 LWS - ok
    07:40:17.0140 0x0374 [ 255E405D801CF01247390F38F92D8042, B0A4C2B6F40D7AD177DBD40C26B579D67CC9A95552970D9F6F0C7DE372CE2A2F ] C:\Program Files\Unlocker\UnlockerAssistant.exe
    07:40:17.0140 0x0374 UnlockerAssistant - ok
    07:40:17.0218 0x0374 [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    07:40:17.0234 0x0374 APSDaemon - ok
    07:40:17.0328 0x0374 [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files\QuickTime\qttask.exe
    07:40:17.0437 0x0374 QuickTime Task - ok
    07:40:17.0656 0x0374 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    07:40:17.0828 0x0374 Adobe ARM - ok
    07:40:18.0328 0x0374 [ 511094F4CA43ED5D98B6BCFA7EE01554, 308DA64308F50B9D3230D97216F3893577F04EFDC007338248242AE548290FDC ] C:\Program Files\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
    07:40:18.0796 0x0374 EaseUS EPM tray - ok
    07:40:18.0875 0x0374 [ 9024F249C19EF3DE439670442ACB648D, CF92CE9F1D72385F86D23F7221A91A943F36C81060FD8103880F8CAE9171C6F4 ] C:\Program Files\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe
    07:40:18.0937 0x0374 EaseUS EPM Tray Agent - ok
    07:40:19.0375 0x0374 [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    07:40:19.0734 0x0374 DivXUpdate - ok
    07:40:19.0875 0x0374 [ 84DB35F319E5B67838A4877C11748866, 642FB172DC9DD2A8EF59E4CB36789710451D97CB22C76442907DA578CD854407 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    07:40:20.0296 0x0374 Malwarebytes' Anti-Malware - ok
    07:40:20.0468 0x0374 [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
    07:40:20.0843 0x0374 SunJavaUpdateSched - ok
    07:40:21.0078 0x0374 [ 376FB589890E90BAA3D05867E44116E9, 287F0B0555E0A025C6F7F6C18B6FA79B849172AAB4ACC9406D726570DC6ABE87 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    07:40:21.0343 0x0374 COMODO Internet Security - ok
    07:40:21.0796 0x0374 [ 39B47A50DC3D5E898298468307765710, 06268FF65CF69E2B0822477C2D1DA44721B1ADBE4F06C0D3AC0B70C2A18D8DC6 ] C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
    07:40:21.0875 0x0374 tvncontrol - ok
    07:40:21.0890 0x0374 KernelFaultCheck - ok
    07:40:21.0937 0x0374 [ B49510E85763CA05C9466C778EE7646A, E975130F88869B1543DFCE289561BADB089D315ECA7E39BB8C29CC9614C026F6 ] C:\Documents and Settings\Avalon\Application Data\{00007BD9-6398-2AAC-6877-F6296D398152}.exe
    07:40:22.0359 0x0374 ‮tluafed - ok
    07:40:22.0406 0x0374 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
    07:40:22.0406 0x0374 ctfmon.exe - ok
    07:40:22.0515 0x0374 swg - ok
    07:40:22.0625 0x0374 [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files\QuickTime\qttask.exe
    07:40:22.0656 0x0374 QuickTime Task - ok
    07:40:22.0765 0x0374 [ 7C0AA66E6352337EF923BA8B3AEB099D, C5498B7CBB6D8359BBFFBF998CF903626780D494B6AB88FC5951A7DE576DA3F6 ] C:\Documents and Settings\Avalon\Application Data\mjusbsp\cdloader2.exe
    07:40:23.0062 0x0374 cdloader - ok
    07:40:23.0078 0x0374 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
    07:40:23.0093 0x0374 ctfmon.exe - ok
    07:40:23.0250 0x0374 [ 10B2E1CDCF3151482590016B10310BA7, B9F9ECAC6AF4D0B661676C7CDB959614C506D6F5A787B2A2671F3457770F07B4 ] C:\Program Files\uTorrent\uTorrent.exe
    07:40:23.0328 0x0374 uTorrent - ok
    07:40:23.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:24.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:25.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:26.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:27.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:28.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:29.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:30.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:31.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:32.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:33.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:34.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:35.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:36.0328 0x0374 Waiting for KSN requests completion. In queue: 18
    07:40:37.0328 0x0374 Have new async UDS detects: 1
    07:40:37.0328 0x0374 ‮tluafed - detected UDS:DangerousObject.Multi.Generic ( 0 )
    07:40:37.0468 0x0374 ‮tluafed ( UDS:DangerousObject.Multi.Generic ) - infected
    07:40:37.0468 0x0374 Force sending object to P2P due to detect: C:\Documents and Settings\Avalon\Application Data\{00007BD9-6398-2AAC-6877-F6296D398152}.exe
    07:40:40.0140 0x0374 Object send P2P result: true
    07:40:42.0796 0x0374 AV detected via SS1: COMODO Antivirus, 6.0, enabled, updated
    07:40:42.0796 0x0374 AV detected via SS1: AVG Anti-Virus Free, 9.0, enabled, outofdate
    07:40:42.0812 0x0374 FW detected via SS1: COMODO Firewall, 6.0, enabled
    07:40:45.0312 0x0374 ============================================================
    07:40:45.0312 0x0374 Scan finished
    07:40:45.0312 0x0374 ============================================================
    07:40:45.0328 0x0d58 Detected object count: 2
    07:40:45.0328 0x0d58 Actual detected object count: 2
    07:41:18.0281 0x0d58 \Device\Harddisk0\DR0\Partition1 - copied to quarantine
    07:41:18.0328 0x0d58 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
    07:41:18.0328 0x0d58 \Device\Harddisk0\DR0\Partition1 - ok
    07:41:18.0328 0x0d58 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
    07:41:18.0453 0x0d58 C:\Documents and Settings\Avalon\Application Data\{00007BD9-6398-2AAC-6877-F6296D398152}.exe - copied to quarantine
    07:41:18.0453 0x0d58 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run:‮tluafed - will be deleted on reboot
    07:41:18.0453 0x0d58 C:\Documents and Settings\Avalon\Application Data\{00007BD9-6398-2AAC-6877-F6296D398152}.exe - will be deleted on reboot
    07:41:18.0453 0x0d58 ‮tluafed ( UDS:DangerousObject.Multi.Generic ) - User select action: Delete
    07:41:19.0765 0x0d58 KLMD registered as C:\WINDOWS\system32\drivers\42995235.sys
    07:41:26.0937 0x0070 Deinitialize success
     
  7. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    LOG 2
    07:45:08.0656 0x0590 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
    07:45:09.0140 0x0590 ============================================================
    07:45:09.0140 0x0590 Current date / time: 2014/11/11 07:45:09.0140
    07:45:09.0140 0x0590 SystemInfo:
    07:45:09.0140 0x0590
    07:45:09.0140 0x0590 OS Version: 5.1.2600 ServicePack: 3.0
    07:45:09.0140 0x0590 Product type: Workstation
    07:45:09.0140 0x0590 ComputerName: DENOFINIQUITY
    07:45:09.0140 0x0590 UserName: Avalon
    07:45:09.0140 0x0590 Windows directory: C:\WINDOWS
    07:45:09.0140 0x0590 System windows directory: C:\WINDOWS
    07:45:09.0140 0x0590 Processor architecture: Intel x86
    07:45:09.0140 0x0590 Number of processors: 1
    07:45:09.0140 0x0590 Page size: 0x1000
    07:45:09.0140 0x0590 Boot type: Normal boot
    07:45:09.0140 0x0590 ============================================================
    07:45:09.0140 0x0590 BG loaded
    07:45:10.0000 0x0590 System UUID: {4DE08A7D-3ED1-B383-299A-ED69322E8CEB}
    07:45:12.0953 0x0590 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
    07:45:12.0968 0x0590 Drive \Device\Harddisk1\DR2 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    07:45:13.0000 0x0590 Drive \Device\Harddisk2\DR3 - Size: 0xE8CFFA6000 ( 931.25 Gb ), SectorSize: 0x200, Cylinders: 0x1DADE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    07:45:13.0234 0x0590 ============================================================
    07:45:13.0234 0x0590 \Device\Harddisk0\DR0:
    07:45:13.0234 0x0590 MBR partitions:
    07:45:13.0234 0x0590 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
    07:45:13.0234 0x0590 \Device\Harddisk1\DR2:
    07:45:13.0265 0x0590 MBR partitions:
    07:45:13.0265 0x0590 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
    07:45:13.0265 0x0590 \Device\Harddisk2\DR3:
    07:45:13.0281 0x0590 MBR partitions:
    07:45:13.0281 0x0590 \Device\Harddisk2\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7467E800
    07:45:13.0281 0x0590 ============================================================
    07:45:13.0359 0x0590 C: <-> \Device\Harddisk0\DR0\Partition1
    07:45:13.0390 0x0590 G: <-> \Device\Harddisk1\DR2\Partition1
    07:45:13.0421 0x0590 K: <-> \Device\Harddisk2\DR3\Partition1
    07:45:13.0421 0x0590 ============================================================
    07:45:13.0421 0x0590 Initialize success
    07:45:13.0421 0x0590 ============================================================
    07:45:15.0796 0x0148 ============================================================
    07:45:15.0796 0x0148 Scan started
    07:45:15.0796 0x0148 Mode: Manual;
    07:45:15.0796 0x0148 ============================================================
    07:45:15.0796 0x0148 KSN ping started
    07:45:30.0453 0x0148 KSN ping finished: true
    07:45:41.0062 0x0148 ================ Scan system memory ========================
    07:45:41.0078 0x0148 System memory - ok
    07:45:41.0078 0x0148 ================ Scan services =============================
    07:45:46.0609 0x0148 Abiosdsk - ok
    07:45:46.0625 0x0148 abp480n5 - ok
    07:45:46.0718 0x0148 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    07:45:47.0156 0x0148 ACPI - ok
    07:45:48.0312 0x0148 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    07:45:48.0640 0x0148 ACPIEC - ok
    07:45:49.0046 0x0148 [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    07:45:49.0265 0x0148 AdobeFlashPlayerUpdateSvc - ok
    07:45:49.0296 0x0148 adpu160m - ok
    07:45:49.0703 0x0148 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
    07:45:49.0718 0x0148 aec - ok
    07:45:49.0843 0x0148 [ 38D7B715504DA4741DF35E3594FE2099, FE00E93E78DA0F5C1373DB78E4975422950384BA5404760064068016EEFEE0F1 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    07:45:49.0906 0x0148 AFD - ok
    07:45:50.0546 0x0148 [ 6416F9B6B220F0A890525C38235AFAD7, C2A643E1BA75CD00C1C7F62475A7122AA95530A835AE62CF0FD9EADFA07B7EBD ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
    07:45:50.0562 0x0148 AgereModemAudio - ok
    07:45:51.0656 0x0148 [ 7560F465F1CE69C53BF17559EE195548, 18D134C393FBD4E28464F090BE7B32CC6B39BC8B835F06DBE689DDE38847AD6F ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    07:45:51.0812 0x0148 AgereSoftModem - ok
    07:45:51.0843 0x0148 Aha154x - ok
    07:45:51.0875 0x0148 aic78u2 - ok
    07:45:52.0125 0x0148 aic78xx - ok
    07:45:52.0406 0x0148 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    07:45:52.0468 0x0148 Alerter - ok
    07:45:52.0500 0x0148 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
    07:45:52.0578 0x0148 ALG - ok
    07:45:52.0578 0x0148 AliIde - ok
    07:45:53.0375 0x0148 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
    07:45:54.0343 0x0148 Ambfilt - ok
    07:45:54.0421 0x0148 [ 0A4D13B388C814560BD69C3A496ECFA8, 71ADD4C4A5C6465EA27F572DE608C348896C4C557D136718CCDD9919144F7986 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    07:45:54.0484 0x0148 AmdK8 - ok
    07:45:54.0500 0x0148 amsint - ok
    07:45:54.0531 0x0148 anvsnddrv - ok
    07:45:56.0468 0x0148 [ C1C6EA3F8ACD2A9818C0A73A5F63B9B6, 739FFF33CBBC4F8E8613906760D36286AB249A5C4004BF000D76CABB48D35433 ] Apowersoft_AudioDevice C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys
    07:45:56.0546 0x0148 Apowersoft_AudioDevice - ok
    07:45:56.0890 0x0148 [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    07:45:56.0906 0x0148 Apple Mobile Device - ok
    07:45:56.0921 0x0148 AppMgmt - ok
    07:45:57.0031 0x0148 asc - ok
    07:45:57.0046 0x0148 asc3350p - ok
    07:45:57.0062 0x0148 asc3550 - ok
    07:45:57.0312 0x0148 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    07:45:57.0562 0x0148 aspnet_state - ok
    07:45:57.0703 0x0148 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    07:45:57.0828 0x0148 AsyncMac - ok
    07:45:58.0812 0x0148 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    07:45:58.0968 0x0148 atapi - ok
    07:45:59.0046 0x0148 Atdisk - ok
    07:45:59.0125 0x0148 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    07:45:59.0281 0x0148 Atmarpc - ok
    07:45:59.0375 0x0148 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    07:46:00.0093 0x0148 AudioSrv - ok
    07:46:00.0328 0x0148 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    07:46:00.0500 0x0148 audstub - ok
    07:46:00.0546 0x0148 AvgLdx86 - ok
    07:46:00.0656 0x0148 AvgMfx86 - ok
    07:46:00.0718 0x0148 AvgTdiX - ok
    07:46:01.0203 0x0148 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    07:46:01.0296 0x0148 Beep - ok
    07:46:01.0578 0x0148 [ F13D1AA04F1F02399EB87F011584B7C0, 92E8FACAEDA7A36424ABDF2F2096F9980E140D8312706E541BD9D363B6572BC7 ] BITS C:\WINDOWS\system32\qmgr.dll
    07:46:02.0203 0x0148 BITS - ok
    07:46:02.0390 0x0148 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    07:46:02.0593 0x0148 Bonjour Service - ok
    07:46:02.0859 0x0148 [ 7E39A3EDC13B076E70FDB9A6F6D7A4B4, 08EDBC3996F7104D4C259ADDA6672D1C37C547BA4DCE590C1FF749D23B8C403B ] Browser C:\WINDOWS\System32\browser.dll
    07:46:02.0921 0x0148 Browser - ok
    07:46:03.0078 0x0148 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    07:46:03.0296 0x0148 cbidf2k - ok
    07:46:03.0500 0x0148 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    07:46:03.0578 0x0148 CCDECODE - ok
    07:46:03.0718 0x0148 cd20xrnt - ok
    07:46:03.0859 0x0148 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    07:46:03.0890 0x0148 Cdaudio - ok
    07:46:04.0015 0x0148 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    07:46:04.0078 0x0148 Cdfs - ok
    07:46:04.0281 0x0148 [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    07:46:04.0359 0x0148 Cdrom - ok
    07:46:04.0500 0x0148 [ 61305C679E5766A03A09C0E966939206, E85EC9D23C81A2F8C08B439FA34F43C475A26C38DF4B4B40758CFC0D64C50C17 ] CFRMD C:\WINDOWS\system32\DRIVERS\CFRMD.sys
    07:46:04.0546 0x0148 CFRMD - ok
    07:46:04.0593 0x0148 Changer - ok
    07:46:04.0703 0x0148 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
    07:46:04.0765 0x0148 CiSvc - ok
    07:46:04.0875 0x0148 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    07:46:04.0953 0x0148 ClipSrv - ok
    07:46:05.0062 0x0148 [ E7FEED85EBA61455717A421E55217428, 26B1129601A49BB40B8A01BB8B3F1002F05C6189DDBD44DA889CA7C5B76CDCB3 ] CLPSLauncher C:\Program Files\Common Files\COMODO\launcher_service.exe
    07:46:05.0140 0x0148 CLPSLauncher - ok
    07:46:05.0359 0x0148 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    07:46:05.0671 0x0148 clr_optimization_v2.0.50727_32 - ok
    07:46:05.0812 0x0148 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    07:46:07.0125 0x0148 clr_optimization_v4.0.30319_32 - ok
    07:46:09.0250 0x0148 [ DFACF6F69457E3EE2CE81EDCB4693674, E04CA54BCF6C75C6382423A5BC965744E76EB67E6448C1094AD4C4DBE02670DB ] CmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    07:46:09.0609 0x0148 CmdAgent - ok
    07:46:09.0718 0x0148 [ 5C634AABDD28F349C6457BEEE84D4D7B, 2227EC6C47CCD7B82744AB4976D065887967710E7E37CB5567916702BF7FA008 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
    07:46:09.0906 0x0148 cmderd - ok
    07:46:10.0062 0x0148 [ 16F731584ECBA307EB4AD9C4D8507B27, D309691DDE199137367FAD32F730CFD21A498E7498E91BCAAB772F5472A06F14 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
    07:46:10.0234 0x0148 cmdGuard - ok
    07:46:10.0312 0x0148 [ 1FAAF13D85A36D448238F53C42FE7A67, 09B23F591291C53616EF28E8D4842707AB9E445BA3D2D74BEAC98C7C2AF2D430 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
    07:46:10.0406 0x0148 cmdHlp - ok
    07:46:10.0453 0x0148 CmdIde - ok
    07:46:11.0218 0x0148 [ A665EF912EEFD99EA557C6AB35CA1021, D8B53E70DF25E036F02D3707CF18ED2980F42A99D655230A9F7804E5F5D4BAB4 ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
    07:46:12.0203 0x0148 cmdvirth - ok
    07:46:12.0265 0x0148 COMSysApp - ok
    07:46:12.0593 0x0148 Cpqarray - ok
    07:46:12.0781 0x0148 cpuz132 - ok
    07:46:12.0875 0x0148 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    07:46:13.0078 0x0148 CryptSvc - ok
    07:46:13.0109 0x0148 dac2w2k - ok
    07:46:13.0156 0x0148 dac960nt - ok
    07:46:13.0515 0x0148 [ 429C06453A89C59FF038CDF5044C3617, C172D51E5A0C685931B07E5506EBF1D88CCA1C8CE114642015A65B5235E1DDC1 ] DaShenAudio_simple C:\WINDOWS\system32\drivers\DaShenAudio.sys
    07:46:13.0546 0x0148 DaShenAudio_simple - ok
    07:46:13.0781 0x0148 [ 58F25291031DE092C19F0E9320A23296, 3FF1568CC5E746C9196C2BF3D5CBF304B4D6CBAF3A36B438C95AB073EF0D670A ] DbusAudio C:\WINDOWS\system32\drivers\DbusAudio.sys
    07:46:13.0906 0x0148 DbusAudio - ok
    07:46:14.0296 0x0148 [ D67CE2951CD6C85C82949664701A9B7B, 7D314616883A216EB4BCD5033D4C9A08FEF0D90A935A96ECD1132E2E34839DD3 ] DbusVideo C:\WINDOWS\system32\DRIVERS\DbusVideo.sys
    07:46:14.0468 0x0148 DbusVideo - ok
    07:46:14.0781 0x0148 [ 9222562D44021B988B9F9F62207FB6F2, AB92E30C03536D174DA896D0BFA076020B15C2D0CDD4BADE5469EA0198704039 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    07:46:14.0984 0x0148 DcomLaunch - ok
    07:46:15.0093 0x0148 [ C51DE19619D50CBD03708647ACA10E70, 701869D644DB6EDDF5016DBC86F1B799FFDDEA3CBA35203C6C417DB5B6E89597 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    07:46:15.0234 0x0148 Dhcp - ok
    07:46:15.0312 0x0148 [ 47B6AAEC570F2C11D8BAD80A064D8ED1, 83AAFD7D2E44BAD967430AF72ABEC3E8F2985BAF71D06ADFC2B92EC4CD644012 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    07:46:15.0453 0x0148 Disk - ok
    07:46:16.0218 0x0148 [ BED6C434543F09868689D4720EE03C97, ED6F1BDA7E1CCF0893CE282AC38EC807E2A2E44FBD66433420C335197713B939 ] Diskeeper C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
    07:46:16.0343 0x0148 Diskeeper - ok
    07:46:16.0468 0x0148 [ 15919F538DA1C44DE65C7E079F968806, FDA534A8640E03DAC5E93C18C36DE7F5FBDBE368A493867AB7535C4477289E7A ] DKDFM C:\WINDOWS\system32\drivers\DKDFM.sys
    07:46:16.0656 0x0148 DKDFM - ok
    07:46:16.0875 0x0148 [ 6302AE9BF87AA4FFBF03ECD7395454C1, 2569F87428E12C9838BC2A7A2077E6ABA16AAEB5AB36DFAB3BCEF513569FD1BB ] DKRtWrt C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys
    07:46:16.0937 0x0148 DKRtWrt - ok
    07:46:17.0015 0x0148 [ 67F57907F48861A5B26A236A110A426E, DFBA60E77F63AF1781D2E97F07555867211D3CF1F9096AFAE1AE8283AF9836A7 ] DKTLFSMF C:\WINDOWS\system32\drivers\DKTLFSMF.sys
    07:46:17.0546 0x0148 DKTLFSMF - ok
    07:46:17.0734 0x0148 dmadmin - ok
    07:46:18.0015 0x0148 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    07:46:18.0859 0x0148 dmboot - ok
    07:46:19.0125 0x0148 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    07:46:19.0609 0x0148 dmio - ok
    07:46:21.0000 0x0148 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    07:46:21.0187 0x0148 dmload - ok
    07:46:21.0343 0x0148 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
    07:46:21.0812 0x0148 dmserver - ok
    07:46:22.0000 0x0148 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    07:46:22.0218 0x0148 DMusic - ok
    07:46:22.0390 0x0148 [ FE120AC2244572B2FA4023B7270E956E, FA6591480B0B89507A10A49B7344D535513D6304C49F8DD6EDFA9E2CF73C87D7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    07:46:23.0406 0x0148 Dnscache - ok
    07:46:23.0546 0x0148 [ B4109C8C3D54C83246997A777724F318, 5ADD03B169498CBE4550C1FDD0D7E1E51C97A1DB117BCA8581A5CFDEED8EF1D3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    07:46:24.0890 0x0148 Dot3svc - ok
    07:46:24.0953 0x0148 dpti2o - ok
    07:46:26.0281 0x0148 [ 803569711F5976AD4A1469A091617946, 9FCFAE663992126B43EF9C729172A27D0B10CA758251D687430361D3A08BB4E2 ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
    07:46:26.0437 0x0148 DragonUpdater - ok
    07:46:28.0203 0x0148 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    07:46:28.0265 0x0148 drmkaud - ok
    07:46:28.0328 0x0148 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
    07:46:28.0609 0x0148 EapHost - ok
    07:46:29.0703 0x0148 [ D57F1811D8258D8D277CD9F53657EEF9, 2C7732DA3DCFC82F60F063F2EC9FA09F9D38D5CFBE80C850DED44DE43BDB666D ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
    07:46:29.0828 0x0148 epmntdrv - ok
    07:46:29.0953 0x0148 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
    07:46:38.0781 0x0148 ERSvc - ok
    07:46:40.0453 0x0148 [ F1DE3EEF501DDA7DDF99F2EDF0C5540E, 8D604553A3F5DB03BFFD50473ECB6F05EBCFCC6B5E1F149322830DBD6C806866 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
    07:46:40.0593 0x0148 EuGdiDrv - ok
    07:46:41.0406 0x0148 [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] Eventlog C:\WINDOWS\system32\services.exe
    07:46:41.0500 0x0148 Eventlog - ok
    07:46:41.0718 0x0148 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC, 51EDCDEB437A8984C086CC19C25958CBF0B8EB18FEA21173D1DCCDC39B6E64E1 ] EventSystem C:\WINDOWS\system32\es.dll
    07:46:42.0062 0x0148 EventSystem - ok
    07:46:42.0156 0x0148 [ 4D893323DAE445E34A4C9038B0551BC9, 39EE6D1EA496568368F7E8167EFE444CAEDD34A760EC9107EC383D8D17485EFD ] exFat C:\WINDOWS\system32\drivers\exFat.sys
    07:46:42.0625 0x0148 exFat - ok
    07:46:42.0968 0x0148 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    07:46:43.0109 0x0148 Fastfat - ok
    07:46:43.0703 0x0148 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    07:46:44.0031 0x0148 FastUserSwitchingCompatibility - ok
    07:46:44.0125 0x0148 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    07:46:44.0234 0x0148 Fdc - ok
    07:46:44.0656 0x0148 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    07:46:44.0781 0x0148 Fips - ok
    07:46:44.0906 0x0148 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    07:46:44.0984 0x0148 Flpydisk - ok
    07:46:45.0359 0x0148 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    07:46:45.0515 0x0148 FltMgr - ok
    07:46:45.0781 0x0148 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    07:46:46.0296 0x0148 FontCache3.0.0.0 - ok
    07:46:46.0437 0x0148 [ 30D42943A54704EF13E2562911DBFCEA, 6E0904E60A2F8B62BD34E5EDA2DA2240DFBCE1288C58CB4D819F0025ECF76763 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    07:46:46.0671 0x0148 Fs_Rec - ok
    07:46:46.0765 0x0148 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    07:46:46.0828 0x0148 Ftdisk - ok
    07:46:46.0953 0x0148 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    07:46:46.0984 0x0148 GEARAspiWDM - ok
    07:46:48.0546 0x0148 [ 39B47A50DC3D5E898298468307765710, 06268FF65CF69E2B0822477C2D1DA44721B1ADBE4F06C0D3AC0B70C2A18D8DC6 ] GeekBuddyRSP C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
    07:46:48.0859 0x0148 GeekBuddyRSP - ok
    07:46:49.0000 0x0148 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    07:46:49.0234 0x0148 Gpc - ok
    07:46:49.0343 0x0148 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    07:46:49.0421 0x0148 HDAudBus - ok
    07:46:49.0906 0x0148 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    07:46:49.0937 0x0148 helpsvc - ok
    07:46:50.0046 0x0148 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
    07:46:50.0093 0x0148 HidServ - ok
    07:46:50.0203 0x0148 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    07:46:50.0250 0x0148 HidUsb - ok
    07:46:50.0406 0x0148 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    07:46:50.0578 0x0148 hkmsvc - ok
    07:46:51.0062 0x0148 [ 0E69D8294A78C7AB4A7CEE1F5F9D2546, E121E60DD8A3C2C0FD696F02490E4E09DDBB285521BCA79A74FD94FEE743808C ] HMD C:\WINDOWS\system32\DRIVERS\hmd.sys
    07:46:51.0078 0x0148 HMD - ok
    07:46:51.0109 0x0148 hpn - ok
    07:46:51.0468 0x0148 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    07:46:51.0531 0x0148 HTTP - ok
    07:46:51.0625 0x0148 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    07:46:52.0656 0x0148 HTTPFilter - ok
    07:46:52.0687 0x0148 i2omgmt - ok
    07:46:52.0734 0x0148 i2omp - ok
    07:46:52.0875 0x0148 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    07:46:52.0906 0x0148 i8042prt - ok
    07:46:55.0968 0x0148 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    07:46:56.0859 0x0148 idsvc - ok
    07:46:57.0062 0x0148 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    07:46:57.0078 0x0148 Imapi - ok
    07:46:59.0890 0x0148 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
    07:46:59.0953 0x0148 ImapiService - ok
    07:46:59.0984 0x0148 ini910u - ok
    07:47:00.0171 0x0148 [ F84E7F907434450B00E753D44AEC8EAA, A4C0C5230471B3D3FF4AA4B76A8E5F3986DD8FB8C2A2E180CDF216216FC8B10A ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
    07:47:00.0296 0x0148 Inspect - ok
    07:47:03.0078 0x0148 [ 9FD8007927E633F2C581809F11048B22, 5764ACA5EEAE9DE4F8E919C37CAA9EA79F1D7EAB1D35E61B93F1EEE621EDF07B ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    07:47:03.0437 0x0148 IntcAzAudAddService - ok
    07:47:03.0484 0x0148 IntelIde - ok
    07:47:03.0703 0x0148 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    07:47:03.0921 0x0148 Ip6Fw - ok
    07:47:04.0484 0x0148 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    07:47:04.0640 0x0148 IpFilterDriver - ok
    07:47:04.0765 0x0148 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    07:47:04.0812 0x0148 IpInIp - ok
    07:47:04.0953 0x0148 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    07:47:05.0000 0x0148 IpNat - ok
    07:47:05.0078 0x0148 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    07:47:05.0125 0x0148 IPSec - ok
    07:47:05.0343 0x0148 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    07:47:05.0437 0x0148 IRENUM - ok
    07:47:05.0515 0x0148 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    07:47:05.0640 0x0148 isapnp - ok
    07:47:05.0750 0x0148 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    07:47:06.0062 0x0148 Kbdclass - ok
    07:47:06.0187 0x0148 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    07:47:06.0375 0x0148 kbdhid - ok
    07:47:06.0593 0x0148 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    07:47:06.0984 0x0148 kmixer - ok
    07:47:07.0062 0x0148 [ C6EBF1D6AD71DF30DB49B8D3287E1368, 09A8F5BCE774BA8881195AB390692048C3B05EDC8C0BF3ACBC673FD391A29D72 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    07:47:07.0281 0x0148 KSecDD - ok
    07:47:07.0406 0x0148 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    07:47:07.0437 0x0148 LanmanServer - ok
    07:47:07.0750 0x0148 [ 3B9324D60DD321BAB7BF6F77931D3FD1, 060F32C57CF9ABE9039CDD51A7CA9DE33ED407E17ECA20DAA3AB0F795E798511 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    07:47:07.0828 0x0148 lanmanworkstation - ok
    07:47:07.0843 0x0148 lbrtfdc - ok
    07:47:08.0250 0x0148 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    07:47:08.0859 0x0148 LmHosts - ok
    07:47:09.0171 0x0148 [ BA1347822D01B2D29C14CF09663A6457, AF300C059017CA06FA7D0DC5E148159A6EE509CEF9DC6E90557BA38ACF3185E8 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
    07:47:09.0203 0x0148 LVRS - ok
    07:47:09.0312 0x0148 [ 6DFE7F2E8E8A337263AA5C92A215F161, 4F40CF8B2BD6023C1C238240CBD12351B06EDB586F8A0B28CECBE15A69637B2F ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    07:47:09.0406 0x0148 MBAMProtector - ok
    07:47:10.0015 0x0148 [ 43683E970F008C93C9429EF428147A54, 43DA75CC34423E045E811DD339295B56E785756D9E54BF2DF2B5489BBDD51216 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    07:47:10.0640 0x0148 MBAMService - ok
    07:47:10.0687 0x0148 [ 894B552E5579E5BA740B597F9642006C, 107E6452C7C7141865BF13D5BCB843B072E8F24FF4C106300446BBFBAFA9EA56 ] MDA_NTDRV C:\WINDOWS\system32\MDA_NTDRV.sys
    07:47:10.0796 0x0148 MDA_NTDRV - ok
    07:47:11.0718 0x0148 [ 690B8DE37E8D57A43C17B49AA40CAA3D, E193986843574F564E43A156A939CE3C5DA0CFBD94A97FA9D2B3D525420C287B ] MF NTFS Monitor C:\DOCUME~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE
    07:47:11.0750 0x0148 MF NTFS Monitor - ok
    07:47:11.0859 0x0148 [ F241E02A2B54C935C287DD1A48854A24, 12756AB28E12B1F743A7C52655A2B0D9A797404B09398B95D6FA5CCA6CEB523C ] mfmonitor C:\WINDOWS\system32\DRIVERS\mfmonitor_x86.sys
    07:47:11.0875 0x0148 mfmonitor - ok
    07:47:12.0000 0x0148 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    07:47:12.0015 0x0148 Modem - ok
    07:47:12.0484 0x0148 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
    07:47:13.0390 0x0148 Monfilt - ok
    07:47:13.0500 0x0148 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    07:47:13.0562 0x0148 Mouclass - ok
    07:47:13.0687 0x0148 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    07:47:13.0703 0x0148 mouhid - ok
    07:47:13.0750 0x0148 [ 1A1FAA5102466F418494E94FF9B0B091, 0E2145D001178095C46C34FD05BE3587B6440AEF6E2A301A50F5C357504BC95F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    07:47:13.0828 0x0148 MountMgr - ok
    07:47:15.0328 0x0148 [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    07:47:15.0375 0x0148 MozillaMaintenance - ok
    07:47:15.0406 0x0148 mraid35x - ok
    07:47:15.0531 0x0148 [ 65E818C473E220B6AB762E1966296FD1, 1E2C606A3F91F1F1043C1CF46A044502F631BF20D6826A1AFD53F88E490EE7EE ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    07:47:15.0640 0x0148 MRxDAV - ok
    07:47:15.0859 0x0148 [ FB7DFD15D760AD339837A470F0E780D3, 2E087BE9F57202B3564D20AB0645FD18F1F2AC687040410EC6298B0CF3757087 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    07:47:16.0328 0x0148 MRxSmb - ok
    07:47:16.0390 0x0148 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    07:47:16.0484 0x0148 MSDTC - ok
    07:47:16.0531 0x0148 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    07:47:16.0562 0x0148 Msfs - ok
    07:47:16.0562 0x0148 MSIServer - ok
    07:47:16.0640 0x0148 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    07:47:16.0687 0x0148 MSKSSRV - ok
    07:47:16.0765 0x0148 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    07:47:16.0812 0x0148 MSPCLOCK - ok
    07:47:16.0859 0x0148 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    07:47:16.0937 0x0148 MSPQM - ok
    07:47:16.0984 0x0148 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    07:47:17.0000 0x0148 mssmbios - ok
    07:47:17.0109 0x0148 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    07:47:17.0125 0x0148 MSTEE - ok
    07:47:17.0203 0x0148 [ 6546FE6639499FA4BEF180BDF08266A1, 7DBC0171CD3D5BA888CA4DC9A1668F5D05F7320A373A06BA620EE1180525703A ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    07:47:17.0265 0x0148 Mup - ok
    07:47:17.0359 0x0148 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    07:47:17.0531 0x0148 NABTSFEC - ok
    07:47:17.0781 0x0148 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
    07:47:18.0000 0x0148 napagent - ok
    07:47:18.0203 0x0148 [ B5B1080D35974C0E718D64280761BCD5, C12C8FF5AE344381FAA413FC05E273B856D5D9151C2C69898C54D32B393EE1A4 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    07:47:18.0515 0x0148 NDIS - ok
    07:47:18.0546 0x0148 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    07:47:18.0640 0x0148 NdisIP - ok
    07:47:18.0781 0x0148 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    07:47:18.0796 0x0148 NdisTapi - ok
    07:47:18.0953 0x0148 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    07:47:19.0093 0x0148 Ndisuio - ok
    07:47:19.0265 0x0148 [ B053A8411045FD0664B389A090CB2BBC, 6EC2E4C9EACB71AFF2CDA0C6DF8B635268328B8BC31D2F9754140A18BF4D5B7F ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    07:47:19.0328 0x0148 NdisWan - ok
    07:47:19.0421 0x0148 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    07:47:19.0468 0x0148 NDProxy - ok
    07:47:19.0546 0x0148 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    07:47:19.0609 0x0148 NetBIOS - ok
    07:47:19.0687 0x0148 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    07:47:19.0765 0x0148 NetBT - ok
    07:47:19.0843 0x0148 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
    07:47:20.0171 0x0148 NetDDE - ok
    07:47:20.0203 0x0148 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    07:47:20.0296 0x0148 NetDDEdsdm - ok
    07:47:20.0421 0x0148 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
    07:47:21.0046 0x0148 Netlogon - ok
    07:47:21.0328 0x0148 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
    07:47:21.0500 0x0148 Netman - ok
    07:47:21.0828 0x0148 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    07:47:22.0281 0x0148 NetTcpPortSharing - ok
    07:47:22.0437 0x0148 [ 290C1A30DEFC723BBE10910AC2D6F6D0, B9CC2882B2A8F27B77FB6291471E07574281A16AAF14DC5D4B97BE7A4589CB59 ] Nla C:\WINDOWS\System32\mswsock.dll
    07:47:22.0625 0x0148 Nla - ok
    07:47:22.0703 0x0148 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    07:47:22.0765 0x0148 Npfs - ok
    07:47:22.0937 0x0148 [ AE8CAD8F28DB13B515A68510A539B0B8, 3889CBF5B2A9AFCD5D46A2B472B3BE30584C0C1105E12C608EBF07D7B209F54A ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    07:47:23.0437 0x0148 Ntfs - ok
    07:47:23.0531 0x0148 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    07:47:23.0796 0x0148 NtLmSsp - ok
    07:47:24.0046 0x0148 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    07:47:24.0281 0x0148 NtmsSvc - ok
    07:47:24.0343 0x0148 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
    07:47:24.0375 0x0148 Null - ok
    07:47:28.0828 0x0148 [ CB0CE8DE9F66A297CD86EB98921B8E58, 171A23DDBCB33E5327009E9B75D7726ECEE62152EF30C438CC12D6D009F91A36 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    07:47:29.0593 0x0148 nv - ok
     
  8. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    07:47:29.0718 0x0148 [ C03E15101F6D9E82CD9B0E7D715F5DE3, A4BE217D24C652D4A80A9EDF3A443888F5FCE7EE53725F42212959ECEB9685C4 ] nvatabus C:\WINDOWS\system32\drivers\nvatabus.sys
    07:47:29.0828 0x0148 nvatabus - ok
    07:47:29.0937 0x0148 [ 7D275ECDA4628318912F6C945D5CF963, 78C5125F5A9B5EE1A5AC394BB0D9EDA954EB35103B588B6A98D41E2C32354A96 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    07:47:29.0984 0x0148 NVENETFD - ok
    07:47:30.0265 0x0148 [ B64AACEFAD2BE5BFF5353FE681253C67, A4D81BF67E6D4DBD559C27C8103277D30DA5B37269E0FD6571FC273DA21E892F ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    07:47:30.0265 0x0148 nvnetbus - ok
    07:47:30.0406 0x0148 [ 1F31A588CC83A7B76715F9549515C161, 8F04A6D6192D52BB92B5A2BC7C7EAF2B834ED8336D9170932D1F6C25A46571A0 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
    07:47:30.0500 0x0148 nvsvc - ok
    07:47:30.0687 0x0148 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    07:47:31.0000 0x0148 NwlnkFlt - ok
    07:47:31.0562 0x0148 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    07:47:31.0718 0x0148 NwlnkFwd - ok
    07:47:31.0906 0x0148 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    07:47:31.0937 0x0148 Parport - ok
    07:47:32.0015 0x0148 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    07:47:32.0125 0x0148 PartMgr - ok
    07:47:32.0343 0x0148 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    07:47:32.0593 0x0148 ParVdm - ok
    07:47:32.0765 0x0148 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    07:47:32.0953 0x0148 PCI - ok
    07:47:32.0984 0x0148 PCIDump - ok
    07:47:33.0187 0x0148 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    07:47:33.0250 0x0148 PCIIde - ok
    07:47:33.0437 0x0148 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    07:47:33.0796 0x0148 Pcmcia - ok
    07:47:33.0812 0x0148 PDCOMP - ok
    07:47:33.0906 0x0148 PDFRAME - ok
    07:47:33.0937 0x0148 PDRELI - ok
    07:47:34.0046 0x0148 PDRFRAME - ok
    07:47:34.0093 0x0148 perc2 - ok
    07:47:34.0250 0x0148 perc2hib - ok
    07:47:34.0937 0x0148 [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] PlugPlay C:\WINDOWS\system32\services.exe
    07:47:35.0093 0x0148 PlugPlay - ok
    07:47:35.0265 0x0148 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    07:47:35.0296 0x0148 PolicyAgent - ok
    07:47:35.0500 0x0148 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    07:47:35.0515 0x0148 PptpMiniport - ok
    07:47:35.0609 0x0148 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    07:47:35.0656 0x0148 ProtectedStorage - ok
    07:47:35.0812 0x0148 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    07:47:35.0906 0x0148 PSched - ok
    07:47:36.0062 0x0148 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    07:47:36.0125 0x0148 Ptilink - ok
    07:47:36.0218 0x0148 ql1080 - ok
    07:47:36.0250 0x0148 Ql10wnt - ok
    07:47:36.0265 0x0148 ql12160 - ok
    07:47:36.0421 0x0148 ql1240 - ok
    07:47:36.0546 0x0148 ql1280 - ok
    07:47:36.0671 0x0148 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    07:47:36.0765 0x0148 RasAcd - ok
    07:47:37.0031 0x0148 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
    07:47:37.0375 0x0148 RasAuto - ok
    07:47:37.0546 0x0148 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    07:47:37.0656 0x0148 Rasl2tp - ok
    07:47:37.0765 0x0148 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
    07:47:38.0031 0x0148 RasMan - ok
    07:47:38.0250 0x0148 [ 2C9D4620A0FD35DE1828370B392F6E2D, FAC9DFC34CDC4194B3724D0A2B64BD5CB3823F15B654CA7B7673917E9F0792A4 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    07:47:38.0453 0x0148 RasPppoe - ok
    07:47:38.0640 0x0148 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    07:47:38.0828 0x0148 Raspti - ok
    07:47:38.0984 0x0148 [ 77050C6615F6EB5402F832B27FD695E0, 8BEDCB0687349DAEA3DDEA04857A03BF8EAB73F2651170E6EE3D7A4838BACE90 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    07:47:39.0187 0x0148 Rdbss - ok
    07:47:39.0390 0x0148 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    07:47:39.0578 0x0148 RDPCDD - ok
    07:47:39.0843 0x0148 [ C7D9BC54354B8C706ABF172D48313F1B, 48065B6914F29AAA3010CCBC78A3ED4ADC25C98D2E6778559DCCF986FA36E21E ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    07:47:40.0171 0x0148 RDPWD - ok
    07:47:40.0359 0x0148 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    07:47:41.0296 0x0148 RDSessMgr - ok
    07:47:41.0421 0x0148 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    07:47:41.0625 0x0148 redbook - ok
    07:47:41.0906 0x0148 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    07:47:42.0437 0x0148 RemoteAccess - ok
    07:47:42.0562 0x0148 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
    07:47:43.0312 0x0148 RpcLocator - ok
    07:47:43.0718 0x0148 [ 9222562D44021B988B9F9F62207FB6F2, AB92E30C03536D174DA896D0BFA076020B15C2D0CDD4BADE5469EA0198704039 ] RpcSs C:\WINDOWS\system32\rpcss.dll
    07:47:44.0500 0x0148 RpcSs - ok
    07:47:44.0609 0x0148 [ 743D7D59767073A617B1DCC6C546F234, DE08EEC475F97F616BACF125B441B3542CEA3B017E2E98D94BE9FB1E13D13C99 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
    07:47:44.0718 0x0148 rspndr - ok
    07:47:44.0906 0x0148 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
    07:47:45.0890 0x0148 RSVP - ok
    07:47:46.0015 0x0148 SABKUTIL - ok
    07:47:46.0109 0x0148 SABProcEnum - ok
    07:47:46.0281 0x0148 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
    07:47:46.0640 0x0148 SamSs - ok
    07:47:46.0765 0x0148 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    07:47:48.0062 0x0148 SCardSvr - ok
    07:47:48.0265 0x0148 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    07:47:49.0281 0x0148 Schedule - ok
    07:47:49.0609 0x0148 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    07:47:49.0921 0x0148 Secdrv - ok
    07:47:50.0015 0x0148 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
    07:47:51.0015 0x0148 seclogon - ok
    07:47:51.0140 0x0148 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
    07:47:52.0078 0x0148 SENS - ok
    07:47:52.0171 0x0148 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    07:47:52.0859 0x0148 Serial - ok
    07:47:53.0531 0x0148 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    07:47:54.0328 0x0148 Sfloppy - ok
    07:47:54.0500 0x0148 [ 4F10A2FA76B5BD54CD68AFA94E8ADB39, 768BD6CFE2BD5F0D9D9CBB6A4BE3FAB690AFB1FF77444C5219D9A36080256481 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    07:47:54.0953 0x0148 SharedAccess - ok
    07:47:55.0125 0x0148 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    07:47:55.0296 0x0148 ShellHWDetection - ok
    07:47:55.0296 0x0148 Simbad - ok
    07:47:55.0515 0x0148 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    07:47:55.0562 0x0148 SkypeUpdate - ok
    07:47:55.0625 0x0148 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    07:47:55.0671 0x0148 SLIP - ok
    07:47:55.0765 0x0148 Sparrow - ok
    07:47:55.0875 0x0148 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    07:47:55.0890 0x0148 splitter - ok
    07:47:56.0000 0x0148 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    07:47:56.0046 0x0148 Spooler - ok
    07:47:56.0234 0x0148 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    07:47:56.0437 0x0148 sr - ok
    07:47:56.0609 0x0148 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
    07:47:56.0671 0x0148 srservice - ok
    07:47:56.0953 0x0148 [ 9B390283569EA58D43D2586032B892F5, FADC0AD9D8F715290F02A6A59B284A6AD53C5BD13933B1D3ECC03C558C9D5885 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    07:47:57.0250 0x0148 Srv - ok
    07:47:57.0531 0x0148 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    07:47:57.0781 0x0148 SSDPSRV - ok
    07:47:58.0015 0x0148 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    07:47:58.0140 0x0148 stisvc - ok
    07:47:58.0390 0x0148 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    07:47:58.0656 0x0148 streamip - ok
    07:47:59.0187 0x0148 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    07:47:59.0437 0x0148 swenum - ok
    07:47:59.0531 0x0148 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    07:47:59.0546 0x0148 swmidi - ok
    07:47:59.0578 0x0148 symc810 - ok
    07:47:59.0625 0x0148 symc8xx - ok
    07:47:59.0656 0x0148 sym_hi - ok
    07:47:59.0656 0x0148 sym_u3 - ok
    07:47:59.0718 0x0148 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    07:47:59.0734 0x0148 sysaudio - ok
    07:47:59.0843 0x0148 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    07:48:00.0015 0x0148 SysmonLog - ok
    07:48:01.0671 0x0148 [ 629021756C8FC4C579849A823C471CB3, 09C6D3FB5D95E79202DCCE79A2CEA72000B6D4D80AC79D106C1213823352C6A8 ] TabletServicePen C:\WINDOWS\system32\Pen_Tablet.exe
    07:48:02.0109 0x0148 TabletServicePen - ok
    07:48:02.0250 0x0148 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719, AEB6D9616BC7083BEF1D199CC7E0307DDF9A63541E60380697749F7B6497E847 ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
    07:48:02.0437 0x0148 taphss - ok
    07:48:02.0546 0x0148 [ E2B32B10ACC5D97623275AAFB67E5F03, 470EE68D78D09DD924CDC34E607801EB31C3E1482A823923D4324A36A0F96E2B ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    07:48:03.0531 0x0148 TapiSrv - ok
    07:48:03.0734 0x0148 [ 367DE8E5F638C091F49273144274F629, 4285BB499ECE306531BFDAA023E31557EAD73CB2FE8B3C7891D519F138C8FA86 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    07:48:04.0000 0x0148 Tcpip - ok
    07:48:04.0171 0x0148 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    07:48:04.0468 0x0148 TDPIPE - ok
    07:48:04.0546 0x0148 [ C0578456F29E5F26285F81B7B71FE57D, D1744D3C242E014EBB242FFA2F21AE9398D7568A23E443855A94DF14D1A72885 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    07:48:04.0937 0x0148 TDTCP - ok
    07:48:05.0296 0x0148 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    07:48:07.0265 0x0148 TermDD - ok
    07:48:07.0453 0x0148 [ 5128852A18AE46C387F87BF27DA4C9DD, C4E012E03067C2658AB89B0A673F2091CDD8D52673DBCE8699D27EACC4CF6CDA ] TermService C:\WINDOWS\System32\termsrv.dll
    07:48:09.0046 0x0148 TermService - ok
    07:48:09.0171 0x0148 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
    07:48:11.0328 0x0148 Themes - ok
    07:48:11.0421 0x0148 TosIde - ok
    07:48:11.0640 0x0148 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    07:48:13.0046 0x0148 TrkWks - ok
    07:48:13.0359 0x0148 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    07:48:13.0796 0x0148 Udfs - ok
    07:48:13.0921 0x0148 ultra - ok
    07:48:14.0171 0x0148 [ BB879DCFD22926EFBEB3298129898CBB, 2A24E6CD5D6E0CEA3082C0699A2371084CC1268B31BC714098EA0D0C11B3AFAC ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
    07:48:14.0734 0x0148 UnlockerDriver5 - ok
    07:48:14.0921 0x0148 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    07:48:16.0000 0x0148 Update - ok
    07:48:16.0109 0x0148 Update Framed Display - ok
    07:48:16.0281 0x0148 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
    07:48:18.0593 0x0148 upnphost - ok
    07:48:18.0734 0x0148 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
    07:48:19.0968 0x0148 UPS - ok
    07:48:20.0093 0x0148 [ E919708DB44ED8543A7C017953148330, 226D032912D396117213FC29CD0BB5A8B2F872DD91D92F254F2F1FE392481B61 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    07:48:20.0781 0x0148 usbaudio - ok
    07:48:20.0953 0x0148 [ C18D6C74953621346DF6B0A11F80C1CC, 4C1B3E8F3F658E356A955108FF84FB5C95244CB2A9D323AA0DFAEF92927C66C5 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    07:48:21.0171 0x0148 usbccgp - ok
    07:48:21.0484 0x0148 [ 52674B5DBEE499342A599C7771ABECAA, A8F3FB78DAB0E7187FD07CB7CEA72862DB4BC115F347ABEB9E155BB4CF34A671 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    07:48:23.0062 0x0148 usbehci - ok
    07:48:23.0156 0x0148 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    07:48:24.0984 0x0148 usbhub - ok
    07:48:25.0968 0x0148 [ C5E11CD822ADF0019A5A862D9C4E2222, 17BB70CD0D88ABE628E7CE4508E0F38511DAAFE33A50B483AC6B2CCAE3F3DEB7 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
    07:48:27.0125 0x0148 usbohci - ok
    07:48:27.0281 0x0148 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    07:48:27.0500 0x0148 usbstor - ok
    07:48:27.0640 0x0148 [ EE1C82338F2B831B2A863935C831DB21, 15E76058A4446245EA807A2BB62B3DA5D772980D37A317BC40C56D9D9ABF6C44 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    07:48:27.0906 0x0148 usbvideo - ok
    07:48:27.0984 0x0148 Util Framed Display - ok
    07:48:28.0250 0x0148 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    07:48:29.0250 0x0148 VgaSave - ok
    07:48:29.0375 0x0148 ViaIde - ok
    07:48:29.0578 0x0148 [ 9F8A0D0CBB2FA265A754516128C00E22, 906678898949399FA484FE45E5663CC678BEFDF69694CA1D5433093F87EF66A8 ] W32Time C:\WINDOWS\system32\w32time.dll
    07:48:30.0734 0x0148 W32Time - ok
    07:48:31.0156 0x0148 [ 427A8BC96F16C40DF81C2D2F4EDD32DD, C65B089140D4A7218FC5B6EEDCCE498DF1F71BBE375762C9092FAC02CAE1CEC7 ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
    07:48:31.0609 0x0148 wacommousefilter - ok
    07:48:31.0750 0x0148 [ 51D580F30D1A1F2EA4965AF6ABC2BCB2, 19DD805E733E04173F9699E829E08E3D89B7723D3404314467577FA565EA25CE ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
    07:48:32.0640 0x0148 wacomvhid - ok
    07:48:32.0765 0x0148 [ 889459833432B161CB99CFDF84A1A9BB, 0E8AC800639D89CFE6248FCDD8CEC16AC73C27526E0E4BA70200542ADE50B5E5 ] WacomVKHid C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
    07:48:33.0359 0x0148 WacomVKHid - ok
    07:48:33.0453 0x0148 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    07:48:33.0750 0x0148 Wanarp - ok
    07:48:33.0781 0x0148 WDICA - ok
    07:48:33.0984 0x0148 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    07:48:34.0187 0x0148 wdmaud - ok
    07:48:34.0437 0x0148 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
    07:48:35.0312 0x0148 WebClient - ok
    07:48:35.0890 0x0148 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    07:48:36.0421 0x0148 winmgmt - ok
    07:48:36.0765 0x0148 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    07:48:37.0390 0x0148 WmdmPmSN - ok
    07:48:37.0546 0x0148 [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    07:48:37.0843 0x0148 WmiAcpi - ok
    07:48:38.0093 0x0148 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    07:48:38.0343 0x0148 WmiApSrv - ok
    07:48:38.0812 0x0148 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    07:48:40.0187 0x0148 WMPNetworkSvc - ok
    07:48:40.0687 0x0148 [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    07:48:41.0812 0x0148 WPFFontCache_v0400 - ok
    07:48:42.0093 0x0148 [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(1) C:\WINDOWS\system32\drivers\VirtualAudio1.sys
    07:48:42.0640 0x0148 WsAudio_Device(1) - ok
    07:48:42.0781 0x0148 [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(2) C:\WINDOWS\system32\drivers\VirtualAudio2.sys
    07:48:42.0968 0x0148 WsAudio_Device(2) - ok
    07:48:43.0125 0x0148 [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(3) C:\WINDOWS\system32\drivers\VirtualAudio3.sys
    07:48:43.0562 0x0148 WsAudio_Device(3) - ok
    07:48:43.0578 0x0148 [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(4) C:\WINDOWS\system32\drivers\VirtualAudio4.sys
    07:48:43.0640 0x0148 WsAudio_Device(4) - ok
    07:48:43.0656 0x0148 [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(5) C:\WINDOWS\system32\drivers\VirtualAudio5.sys
    07:48:43.0703 0x0148 WsAudio_Device(5) - ok
    07:48:43.0796 0x0148 [ 4160CBE59D9B5BE22E4C3897E8DB9D56, 8E79ED5925A803225DF4AE069F3FEE606A48BB2526E994BF9C4947543A580211 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
    07:48:43.0921 0x0148 WsAudio_DeviceS(1) - ok
    07:48:44.0062 0x0148 [ 4160CBE59D9B5BE22E4C3897E8DB9D56, 8E79ED5925A803225DF4AE069F3FEE606A48BB2526E994BF9C4947543A580211 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
    07:48:44.0546 0x0148 WsAudio_DeviceS(2) - ok
    07:48:44.0812 0x0148 [ 4160CBE59D9B5BE22E4C3897E8DB9D56, 8E79ED5925A803225DF4AE069F3FEE606A48BB2526E994BF9C4947543A580211 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
    07:48:45.0234 0x0148 WsAudio_DeviceS(3) - ok
    07:48:45.0328 0x0148 [ 4160CBE59D9B5BE22E4C3897E8DB9D56, 8E79ED5925A803225DF4AE069F3FEE606A48BB2526E994BF9C4947543A580211 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
    07:48:46.0062 0x0148 WsAudio_DeviceS(4) - ok
    07:48:46.0218 0x0148 [ 4160CBE59D9B5BE22E4C3897E8DB9D56, 8E79ED5925A803225DF4AE069F3FEE606A48BB2526E994BF9C4947543A580211 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
    07:48:47.0062 0x0148 WsAudio_DeviceS(5) - ok
    07:48:47.0234 0x0148 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    07:48:48.0968 0x0148 wscsvc - ok
    07:48:49.0093 0x0148 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    07:48:50.0093 0x0148 WSTCODEC - ok
    07:48:50.0265 0x0148 [ F37569C373A4475007835ED77593475C, D5FB6ED3E46BA32A3A4B0D553887E5B7B82F9A247B7CB5A888AD9A515CEDBE49 ] WTouchService C:\Program Files\WTouch\WTouchService.exe
    07:48:50.0796 0x0148 WTouchService - ok
    07:48:50.0984 0x0148 [ AAE1A6FFBA2B0436E91795120F48C461, B26EABDBB7E0E101643C0D68CBF2CB6A3DD7E685D939EBD1BFAD5E7AE8E352B7 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    07:48:52.0828 0x0148 wuauserv - ok
    07:48:52.0921 0x0148 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    07:48:53.0968 0x0148 WudfPf - ok
    07:48:54.0062 0x0148 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    07:48:54.0968 0x0148 WudfRd - ok
    07:48:55.0078 0x0148 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    07:48:56.0203 0x0148 WudfSvc - ok
    07:48:56.0703 0x0148 [ 349B8D2BB755E8C3B0E3E82A87663E55, 1C1F93C34527AA9C70694D2246829A48E54270063E16D04B357ACD0314B7EAD4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    07:48:57.0390 0x0148 WZCSVC - ok
    07:48:57.0484 0x0148 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    07:48:57.0765 0x0148 xmlprov - ok
    07:48:57.0812 0x0148 ================ Scan global ===============================
    07:48:57.0937 0x0148 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
    07:48:58.0156 0x0148 [ 6DC05976FB5B8E1358EAC8BEDFD1FA47, 2B3D44451AFB46179F1F841C45265465A8D668D76E19150DADE96ACCD7291779 ] C:\WINDOWS\system32\winsrv.dll
    07:48:58.0406 0x0148 [ 6DC05976FB5B8E1358EAC8BEDFD1FA47, 2B3D44451AFB46179F1F841C45265465A8D668D76E19150DADE96ACCD7291779 ] C:\WINDOWS\system32\winsrv.dll
    07:48:58.0562 0x0148 [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] C:\WINDOWS\system32\services.exe
    07:48:58.0562 0x0148 [ Global ] - ok
    07:48:58.0562 0x0148 ================ Scan MBR ==================================
    07:48:58.0625 0x0148 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    07:49:06.0109 0x0148 \Device\Harddisk0\DR0 - ok
    07:49:06.0281 0x0148 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR2
    07:49:06.0296 0x0148 \Device\Harddisk1\DR2 - ok
    07:49:06.0890 0x0148 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR3
    07:49:06.0906 0x0148 \Device\Harddisk2\DR3 - ok
    07:49:06.0906 0x0148 ================ Scan VBR ==================================
    07:49:06.0984 0x0148 [ 3538804133F43A88E36277C94C8FF9F5 ] \Device\Harddisk0\DR0\Partition1
    07:49:07.0093 0x0148 \Device\Harddisk0\DR0\Partition1 - ok
    07:49:07.0109 0x0148 [ 1ABD7D6B020303D6AD2A4A1C2296261C ] \Device\Harddisk1\DR2\Partition1
    07:49:07.0171 0x0148 \Device\Harddisk1\DR2\Partition1 - ok
    07:49:07.0218 0x0148 [ 5D479012637ABB9D019E67D8986FC6A4 ] \Device\Harddisk2\DR3\Partition1
    07:49:07.0296 0x0148 \Device\Harddisk2\DR3\Partition1 - ok
    07:49:07.0296 0x0148 ================ Scan generic autorun ======================
    07:49:07.0406 0x0148 [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\WINDOWS\system32\NeroCheck.exe
    07:49:07.0546 0x0148 NeroFilterCheck - ok
    07:49:07.0546 0x0148 nwiz - ok
    07:49:07.0562 0x0148 NvMediaCenter - ok
    07:49:07.0578 0x0148 NvCplDaemon - ok
    07:49:13.0234 0x0148 [ A4590A4C7D3C517C91C44F68643B7408, 2AAF9FCD90866F4249CFF88A89E936E5934101662FA646615003418CAB63052B ] C:\WINDOWS\RTHDCPL.EXE
    07:49:15.0281 0x0148 RTHDCPL - ok
    07:49:15.0578 0x0148 [ 8FFDB89A0FB7C8ABC3A8825E38047341, B9107FAA3A885CD9A08C20F78D31C3642FA76812E417F41C4F2ADF7D90CA8C72 ] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    07:49:15.0687 0x0148 LWS - ok
    07:49:15.0812 0x0148 [ 255E405D801CF01247390F38F92D8042, B0A4C2B6F40D7AD177DBD40C26B579D67CC9A95552970D9F6F0C7DE372CE2A2F ] C:\Program Files\Unlocker\UnlockerAssistant.exe
    07:49:15.0828 0x0148 UnlockerAssistant - ok
    07:49:16.0031 0x0148 [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    07:49:16.0156 0x0148 APSDaemon - ok
    07:49:16.0359 0x0148 [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files\QuickTime\qttask.exe
    07:49:16.0390 0x0148 QuickTime Task - ok
    07:49:16.0921 0x0148 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    07:49:17.0171 0x0148 Adobe ARM - ok
    07:49:18.0156 0x0148 [ 511094F4CA43ED5D98B6BCFA7EE01554, 308DA64308F50B9D3230D97216F3893577F04EFDC007338248242AE548290FDC ] C:\Program Files\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
    07:49:19.0015 0x0148 EaseUS EPM tray - ok
    07:49:19.0218 0x0148 [ 9024F249C19EF3DE439670442ACB648D, CF92CE9F1D72385F86D23F7221A91A943F36C81060FD8103880F8CAE9171C6F4 ] C:\Program Files\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe
    07:49:19.0296 0x0148 EaseUS EPM Tray Agent - ok
    07:49:20.0187 0x0148 [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    07:49:20.0515 0x0148 DivXUpdate - ok
    07:49:20.0687 0x0148 [ 84DB35F319E5B67838A4877C11748866, 642FB172DC9DD2A8EF59E4CB36789710451D97CB22C76442907DA578CD854407 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    07:49:20.0734 0x0148 Malwarebytes' Anti-Malware - ok
    07:49:20.0953 0x0148 [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
    07:49:21.0109 0x0148 SunJavaUpdateSched - ok
    07:49:21.0484 0x0148 [ 376FB589890E90BAA3D05867E44116E9, 287F0B0555E0A025C6F7F6C18B6FA79B849172AAB4ACC9406D726570DC6ABE87 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    07:49:21.0671 0x0148 COMODO Internet Security - ok
    07:49:22.0375 0x0148 [ 39B47A50DC3D5E898298468307765710, 06268FF65CF69E2B0822477C2D1DA44721B1ADBE4F06C0D3AC0B70C2A18D8DC6 ] C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
    07:49:22.0593 0x0148 tvncontrol - ok
    07:49:22.0656 0x0148 KernelFaultCheck - ok
    07:49:22.0656 0x0148 ‮tluafed - ok
    07:49:22.0734 0x0148 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
    07:49:22.0781 0x0148 ctfmon.exe - ok
    07:49:23.0031 0x0148 swg - ok
    07:49:23.0218 0x0148 [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files\QuickTime\qttask.exe
    07:49:23.0250 0x0148 QuickTime Task - ok
    07:49:23.0437 0x0148 [ 7C0AA66E6352337EF923BA8B3AEB099D, C5498B7CBB6D8359BBFFBF998CF903626780D494B6AB88FC5951A7DE576DA3F6 ] C:\Documents and Settings\Avalon\Application Data\mjusbsp\cdloader2.exe
    07:49:23.0453 0x0148 cdloader - ok
    07:49:23.0531 0x0148 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
    07:49:23.0562 0x0148 ctfmon.exe - ok
    07:49:23.0796 0x0148 [ 10B2E1CDCF3151482590016B10310BA7, B9F9ECAC6AF4D0B661676C7CDB959614C506D6F5A787B2A2671F3457770F07B4 ] C:\Program Files\uTorrent\uTorrent.exe
    07:49:23.0984 0x0148 uTorrent - ok
    07:49:24.0000 0x0148 Waiting for KSN requests completion. In queue: 17
    07:49:25.0000 0x0148 Waiting for KSN requests completion. In queue: 17
    07:49:26.0015 0x0148 Waiting for KSN requests completion. In queue: 17
    07:49:35.0953 0x0148 AV detected via SS1: COMODO Antivirus, 6.0, enabled, updated
    07:49:35.0953 0x0148 AV detected via SS1: AVG Anti-Virus Free, 9.0, enabled, outofdate
    07:49:36.0015 0x0148 FW detected via SS1: COMODO Firewall, 6.0, enabled
    07:49:49.0921 0x0148 ============================================================
    07:49:49.0921 0x0148 Scan finished
    07:49:49.0921 0x0148 ============================================================
    07:49:50.0296 0x0140 Detected object count: 0
    07:49:50.0296 0x0140 Actual detected object count: 0
    07:51:11.0218 0x035c Deinitialize success
    Sorry for the late reply, we headed to bed early because computer was too laggy to watch anything online and it would restart when trying to open onboard video files sometimes.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Very good :)

    [​IMG] Re-run DDS and see if you can get both logs now.

    [​IMG] See if you can download and install current MBAM version now.

    Post all logs.
     
  10. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    As I said, that version of MWB locks up the computer, I tried upgrading several months back when I got the computer. I'm guessing it's just too old/not enough CPU power :(
    After running DDS, I did get two logs.

    dds.txt:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 11.25.2
    Run by Avalon at 20:09:32 on 2014-11-11
    .
    ============== Running Processes ================
    .
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    uDefault_Page_URL = www.google.com
    mStart Page = www.google.com
    mDefault_Page_URL = www.google.com
    uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:cs@3DToonTubeHD.com
    uSearchAssistant = www.google.com
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
    uRun: [cdloader] "c:\documents and settings\avalon\application data\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MediaFire Tray] <no file>
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [EaseUS EPM tray] c:\program files\easeus\easeus partition master 10.0\bin\EpmNews.exe
    mRun: [EaseUS EPM Tray Agent] "c:\program files\easeus\easeus partition master 10.0\bin\traypopupe\TrayTipAgentE.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
    mRun: [tvncontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave
    mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
    dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x0829 -f audio -m logitech -d 13.51.823.0
    StartupFolder: c:\docume~1\avalon\startm~1\programs\startup\megasync.lnk - c:\documents and settings\all users\application data\megasync\MEGAsync.exe
    StartupFolder: c:\docume~1\avalon\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
    StartupFolder: c:\docume~1\avalon\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\Desktop.32/D_ALL_LINK
    IE: &Download using 4shared Desktop - c:\program files\4shared desktop\Desktop.32/D_ONE_LINK
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
    TCP: NameServer = 8.8.8.8 8.8.4.4 209.55.27.13
    TCP: Interfaces\{CA0B60E3-0C43-4E1D-828B-E3B76FA2723F} : DHCPNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: crypt32chain - crypt32.dll
    Notify: cryptnet - cryptnet.dll
    Notify: cscdll - cscdll.dll
    Notify: dimsntfy - c:\windows\system32\dimsntfy.dll
    Notify: ScCertProp - wlnotify.dll
    Notify: Schedule - wlnotify.dll
    Notify: sclgntfy - sclgntfy.dll
    Notify: SensLogn - WlNotify.dll
    Notify: termsrv - wlnotify.dll
    Notify: WgaLogon - WgaLogon.dll
    Notify: wlballoon - wlnotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 216.239.32.20 google.com www.google.com
    Hosts: 216.239.32.20 google.com www.google.ad
    Hosts: 216.239.32.20 google.com www.google.ae
    Hosts: 216.239.32.20 google.com www.google.com.af
    Hosts: 216.239.32.20 google.com www.google.com.ag
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\avalon\application data\mozilla\firefox\profiles\mydm192n.default\
    FF - prefs.js: browser.search.selectedEngine - Astromenda
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\avalon\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1211151.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_189.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.astrmndasr.hmpg - true
    FF - user.js: extensions.astrmndasr.hmpgUrl - hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzz0D0F0AzztGtByCzz0EtGyB0CtDtBtGyDtC0D0EtGtAyByB0AzzyB0EyC0EyD0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0EyC0CtD0EyCtBtGyDyCyD0DtGyEtDyBtCtGzytBtC0BtGtDzzzytB0CyD0F0A0EyD0CyD2Q&cr=1262273424&ir=
    FF - user.js: extensions.astrmndasr.dfltSrch - true
    FF - user.js: extensions.astrmndasr.srchPrvdr - Astromenda
    FF - user.js: extensions.astrmndasr.dnsErr - true
    FF - user.js: extensions.astrmndasr_i.newTab - true
    FF - user.js: extensions.astrmndasr.newTabUrl - hxxp://astromenda.com/?f=2&a=ast_clickconnect_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzz0D0F0AzztGtByCzz0EtGyB0CtDtBtGyDtC0D0EtGtAyByB0AzzyB0EyC0EyD0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0EyC0CtD0EyCtBtGyDyCyD0DtGyEtDyBtCtGzytBtC0BtGtDzzzytB0CyD0F0A0EyD0CyD2Q&cr=1262273424&ir=
    FF - user.js: extensions.astrmndasr.tlbrSrchUrl - hxxp://astromenda.com/?f=3&a=ast_clickconnect_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzz0D0F0AzztGtByCzz0EtGyB0CtDtBtGyDtC0D0EtGtAyByB0AzzyB0EyC0EyD0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0EyC0CtD0EyCtBtGyDyCyD0DtGyEtDyBtCtGzytBtC0BtGtDzzzytB0CyD0F0A0EyD0CyD2Q&cr=1262273424&ir=&q=
    FF - user.js: extensions.astrmndasr.id - 001D72B2207162F7
    FF - user.js: extensions.astrmndasr.instlDay - 16375
    FF - user.js: extensions.astrmndasr.vrsn -
    FF - user.js: extensions.astrmndasr.vrsni -
    FF - user.js: extensions.astrmndasr_i.vrsnTs - 13:46:21
    FF - user.js: extensions.astrmndasr.prtnrId - WSE_Astromenda
    FF - user.js: extensions.astrmndasr.prdct - astrmndasr
    FF - user.js: extensions.astrmndasr.aflt - ast_clickconnect_14_44_ff
    FF - user.js: extensions.astrmndasr_i.smplGrp - none
    FF - user.js: extensions.astrmndasr.tlbrId -
    FF - user.js: extensions.astrmndasr.instlRef - 142905_b
    FF - user.js: extensions.astrmndasr.dfltLng -
    FF - user.js: extensions.astrmndasr.appId - {9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
    FF - user.js: extensions.astrmndasr.excTlbr - false
    FF - user.js: extensions.astrmndasr.cr - 1262273424
    FF - user.js: extensions.astrmndasr.cd - 2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzz0D0F0AzztGtByCzz0EtGyB0CtDtBtGyDtC0D0EtGtAyByB0AzzyB0EyC0EyD0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0EyC0CtD0EyCtBtGyDyCyD0DtGyEtDyBtCtGzytBtC0BtGtDzzzytB0CyD0F0A0EyD0CyD2Q
    FF - user.js: extensions.astrmndasr.AL - 2
    .
    .
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== File Associations ===============
    .
    FileExt: .ini: inifile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2014-11-11 12:41:18 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-11-10 09:34:39 -------- d-----w- c:\program files\common files\COMODO
    2014-11-10 08:55:31 305984 ----a-w- c:\windows\system32\drivers\sfi.dat
    2014-11-10 05:05:44 -------- d-s---w- c:\documents and settings\all users\application data\Shared Space
    2014-11-10 05:03:25 48392 ----a-w- c:\windows\system32\certsentry.dll
    2014-11-10 04:55:33 -------- d-----w- c:\documents and settings\avalon\local settings\application data\COMODO
    2014-11-10 04:54:32 -------- d-----w- c:\program files\Comodo
    2014-11-10 04:54:02 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
    2014-11-10 04:49:36 -------- d-----w- c:\documents and settings\all users\application data\Comodo
    2014-11-09 18:46:00 -------- d-----w- c:\documents and settings\avalon\application data\FrameworkUpdate7
    2014-11-09 18:45:56 -------- d--h--w- C:\0da1ecf
    2014-11-03 09:41:42 -------- d-----w- c:\documents and settings\all users\application data\Oracle
    2014-11-01 19:50:12 -------- d-----w- c:\documents and settings\all users\application data\ecbaef90-5696-41e1-a1c3-3e8112ce2840
    2014-11-01 17:48:23 -------- d-----w- c:\documents and settings\avalon\local settings\application data\IsolatedStorage
    2014-11-01 17:46:58 -------- d-----w- c:\program files\Framed Display
    2014-11-01 17:46:24 -------- d-----w- c:\documents and settings\avalon\application data\Systweak
    2014-11-01 17:46:19 18248 ----a-w- c:\windows\system32\roboot.exe
    2014-10-26 13:41:43 -------- d-----w- c:\documents and settings\avalon\local settings\application data\Condusiv_Technologies
    2014-10-26 13:41:43 -------- d-----w- c:\documents and settings\avalon\application data\Condusiv_Technologies
    2014-10-26 09:55:56 85328 ----a-w- c:\windows\system32\drivers\DKTLFSMF.sys
    2014-10-26 09:55:55 35120 ----a-w- c:\windows\system32\drivers\DKDFM.sys
    2014-10-26 09:55:51 44496 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys
    2014-10-26 09:55:48 -------- d-----w- c:\program files\common files\Diskeeper Corporation
    2014-10-26 09:55:47 -------- d-----w- c:\documents and settings\all users\application data\Condusiv Technologies
    2014-10-26 09:55:44 -------- d-----w- c:\program files\Windows Home Server
    2014-10-26 09:44:43 -------- d-----w- c:\program files\Diskeeper Setup Files
    2014-10-14 07:23:03 -------- d-----w- c:\program files\DAMN NFO Viewer
    .
    ==================== Find3M ====================
    .
    2014-11-03 09:41:56 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-11-03 09:41:55 146432 ----a-w- c:\windows\system32\javacpl.cpl
    2014-10-20 16:39:51 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-10-20 16:39:50 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 20:12:57.60 ===============


    attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 216.239.32.20 google.com www.google.com
    Hosts: 216.239.32.20 google.com www.google.ad
    Hosts: 216.239.32.20 google.com www.google.ae
    Hosts: 216.239.32.20 google.com www.google.com.af
    Hosts: 216.239.32.20 google.com www.google.com.ag
    Hosts: 216.239.32.20 google.com www.google.com.ai
    Hosts: 216.239.32.20 google.com www.google.al
    Hosts: 216.239.32.20 google.com www.google.am
    Hosts: 216.239.32.20 google.com www.google.co.ao
    Hosts: 216.239.32.20 google.com www.google.com.ar
    Hosts: 216.239.32.20 google.com www.google.as
    Hosts: 216.239.32.20 google.com www.google.at
    Hosts: 216.239.32.20 google.com www.google.com.au
    Hosts: 216.239.32.20 google.com www.google.az
    Hosts: 216.239.32.20 google.com www.google.ba
    Hosts: 216.239.32.20 google.com www.google.com.bd
    Hosts: 216.239.32.20 google.com www.google.be
    Hosts: 216.239.32.20 google.com www.google.bf
    Hosts: 216.239.32.20 google.com www.google.bg
    Hosts: 216.239.32.20 google.com www.google.com.bh
    Hosts: 216.239.32.20 google.com www.google.bi
    Hosts: 216.239.32.20 google.com www.google.bj
    Hosts: 216.239.32.20 google.com www.google.com.bn
    Hosts: 216.239.32.20 google.com www.google.com.bo
    Hosts: 216.239.32.20 google.com www.google.com.br
    Hosts: 216.239.32.20 google.com www.google.bs
    Hosts: 216.239.32.20 google.com www.google.bt
    Hosts: 216.239.32.20 google.com www.google.co.bw
    Hosts: 216.239.32.20 google.com www.google.by
    Hosts: 216.239.32.20 google.com www.google.com.bz
    Hosts: 216.239.32.20 google.com www.google.ca
    Hosts: 216.239.32.20 google.com www.google.cd
    Hosts: 216.239.32.20 google.com www.google.cf
    Hosts: 216.239.32.20 google.com www.google.cg
    Hosts: 216.239.32.20 google.com www.google.ch
    Hosts: 216.239.32.20 google.com www.google.ci
    Hosts: 216.239.32.20 google.com www.google.co.ck
    Hosts: 216.239.32.20 google.com www.google.cl
    Hosts: 216.239.32.20 google.com www.google.cm
    Hosts: 216.239.32.20 google.com www.google.cn
    Hosts: 216.239.32.20 google.com www.google.com.co
    Hosts: 216.239.32.20 google.com www.google.co.cr
    Hosts: 216.239.32.20 google.com www.google.com.cu
    Hosts: 216.239.32.20 google.com www.google.cv
    Hosts: 216.239.32.20 google.com www.google.com.cy
    Hosts: 216.239.32.20 google.com www.google.cz
    Hosts: 216.239.32.20 google.com www.google.de
    Hosts: 216.239.32.20 google.com www.google.dj
    Hosts: 216.239.32.20 google.com www.google.dk
    Hosts: 216.239.32.20 google.com www.google.dm
    Hosts: 216.239.32.20 google.com www.google.com.do
    Hosts: 216.239.32.20 google.com www.google.dz
    Hosts: 216.239.32.20 google.com www.google.com.ec
    Hosts: 216.239.32.20 google.com www.google.ee
    Hosts: 216.239.32.20 google.com www.google.com.eg
    Hosts: 216.239.32.20 google.com www.google.es
    Hosts: 216.239.32.20 google.com www.google.com.et
    Hosts: 216.239.32.20 google.com www.google.fi
    Hosts: 216.239.32.20 google.com www.google.com.fj
    Hosts: 216.239.32.20 google.com www.google.fm
    Hosts: 216.239.32.20 google.com www.google.fr
    Hosts: 216.239.32.20 google.com www.google.ga
    Hosts: 216.239.32.20 google.com www.google.ge
    Hosts: 216.239.32.20 google.com www.google.gg
    Hosts: 216.239.32.20 google.com www.google.com.gh
    Hosts: 216.239.32.20 google.com www.google.com.gi
    Hosts: 216.239.32.20 google.com www.google.gl
    Hosts: 216.239.32.20 google.com www.google.gm
    Hosts: 216.239.32.20 google.com www.google.gp
    Hosts: 216.239.32.20 google.com www.google.gr
    Hosts: 216.239.32.20 google.com www.google.com.gt
    Hosts: 216.239.32.20 google.com www.google.gy
    Hosts: 216.239.32.20 google.com www.google.com.hk
    Hosts: 216.239.32.20 google.com www.google.hn
    Hosts: 216.239.32.20 google.com www.google.hr
    Hosts: 216.239.32.20 google.com www.google.ht
    Hosts: 216.239.32.20 google.com www.google.hu
    Hosts: 216.239.32.20 google.com www.google.co.id
    Hosts: 216.239.32.20 google.com www.google.ie
    Hosts: 216.239.32.20 google.com www.google.co.il
    Hosts: 216.239.32.20 google.com www.google.im
    Hosts: 216.239.32.20 google.com www.google.co.in
    Hosts: 216.239.32.20 google.com www.google.iq
    Hosts: 216.239.32.20 google.com www.google.is
    Hosts: 216.239.32.20 google.com www.google.it
    Hosts: 216.239.32.20 google.com www.google.je
    Hosts: 216.239.32.20 google.com www.google.com.jm
    Hosts: 216.239.32.20 google.com www.google.jo
    Hosts: 216.239.32.20 google.com www.google.co.jp
    Hosts: 216.239.32.20 google.com www.google.co.ke
    Hosts: 216.239.32.20 google.com www.google.com.kh
    Hosts: 216.239.32.20 google.com www.google.ki
    Hosts: 216.239.32.20 google.com www.google.kg
    Hosts: 216.239.32.20 google.com www.google.co.kr
    Hosts: 216.239.32.20 google.com www.google.com.kw
    Hosts: 216.239.32.20 google.com www.google.kz
    Hosts: 216.239.32.20 google.com www.google.la
    Hosts: 216.239.32.20 google.com www.google.com.lb
    Hosts: 216.239.32.20 google.com www.google.li
    Hosts: 216.239.32.20 google.com www.google.lk
    Hosts: 216.239.32.20 google.com www.google.co.ls
    Hosts: 216.239.32.20 google.com www.google.lt
    Hosts: 216.239.32.20 google.com www.google.lu
    Hosts: 216.239.32.20 google.com www.google.lv
    Hosts: 216.239.32.20 google.com www.google.com.ly
    Hosts: 216.239.32.20 google.com www.google.co.ma
    Hosts: 216.239.32.20 google.com www.google.md
    Hosts: 216.239.32.20 google.com www.google.me
    Hosts: 216.239.32.20 google.com www.google.mg
    Hosts: 216.239.32.20 google.com www.google.mk
    Hosts: 216.239.32.20 google.com www.google.ml
    Hosts: 216.239.32.20 google.com www.google.com.mm
    Hosts: 216.239.32.20 google.com www.google.mn
    Hosts: 216.239.32.20 google.com www.google.ms
    Hosts: 216.239.32.20 google.com www.google.com.mt
    Hosts: 216.239.32.20 google.com www.google.mu
    Hosts: 216.239.32.20 google.com www.google.mv
    Hosts: 216.239.32.20 google.com www.google.mw
    Hosts: 216.239.32.20 google.com www.google.com.mx
    Hosts: 216.239.32.20 google.com www.google.com.my
    Hosts: 216.239.32.20 google.com www.google.co.mz
    Hosts: 216.239.32.20 google.com www.google.com.na
    Hosts: 216.239.32.20 google.com www.google.com.nf
    Hosts: 216.239.32.20 google.com www.google.com.ng
    Hosts: 216.239.32.20 google.com www.google.com.ni
    Hosts: 216.239.32.20 google.com www.google.ne
    Hosts: 216.239.32.20 google.com www.google.nl
    Hosts: 216.239.32.20 google.com www.google.no
    Hosts: 216.239.32.20 google.com www.google.com.np
    Hosts: 216.239.32.20 google.com www.google.nr
    Hosts: 216.239.32.20 google.com www.google.nu
    Hosts: 216.239.32.20 google.com www.google.co.nz
    Hosts: 216.239.32.20 google.com www.google.com.om
    Hosts: 216.239.32.20 google.com www.google.com.pa
    Hosts: 216.239.32.20 google.com www.google.com.pe
    Hosts: 216.239.32.20 google.com www.google.com.pg
    Hosts: 216.239.32.20 google.com www.google.com.ph
    Hosts: 216.239.32.20 google.com www.google.com.pk
    Hosts: 216.239.32.20 google.com www.google.pl
    Hosts: 216.239.32.20 google.com www.google.pn
    Hosts: 216.239.32.20 google.com www.google.com.pr
    Hosts: 216.239.32.20 google.com www.google.ps
    Hosts: 216.239.32.20 google.com www.google.pt
    Hosts: 216.239.32.20 google.com www.google.com.py
    Hosts: 216.239.32.20 google.com www.google.com.qa
    Hosts: 216.239.32.20 google.com www.google.ro
    Hosts: 216.239.32.20 google.com www.google.ru
    Hosts: 216.239.32.20 google.com www.google.rw
    Hosts: 216.239.32.20 google.com www.google.com.sa
    Hosts: 216.239.32.20 google.com www.google.com.sb
    Hosts: 216.239.32.20 google.com www.google.sc
    Hosts: 216.239.32.20 google.com www.google.se
    Hosts: 216.239.32.20 google.com www.google.com.sg
    Hosts: 216.239.32.20 google.com www.google.sh
    Hosts: 216.239.32.20 google.com www.google.si
    Hosts: 216.239.32.20 google.com www.google.sk
    Hosts: 216.239.32.20 google.com www.google.com.sl
    Hosts: 216.239.32.20 google.com www.google.sn
    Hosts: 216.239.32.20 google.com www.google.so
    Hosts: 216.239.32.20 google.com www.google.sm
    Hosts: 216.239.32.20 google.com www.google.st
    Hosts: 216.239.32.20 google.com www.google.com.sv
    Hosts: 216.239.32.20 google.com www.google.td
    Hosts: 216.239.32.20 google.com www.google.tg
    Hosts: 216.239.32.20 google.com www.google.co.th
    Hosts: 216.239.32.20 google.com www.google.com.tj
    Hosts: 216.239.32.20 google.com www.google.tk
    Hosts: 216.239.32.20 google.com www.google.tl
    Hosts: 216.239.32.20 google.com www.google.tm
    Hosts: 216.239.32.20 google.com www.google.tn
    Hosts: 216.239.32.20 google.com www.google.to
    Hosts: 216.239.32.20 google.com www.google.com.tr
    Hosts: 216.239.32.20 google.com www.google.tt
    Hosts: 216.239.32.20 google.com www.google.com.tw
    Hosts: 216.239.32.20 google.com www.google.co.tz
    Hosts: 216.239.32.20 google.com www.google.com.ua
    Hosts: 216.239.32.20 google.com www.google.co.ug
    Hosts: 216.239.32.20 google.com www.google.co.uk
    Hosts: 216.239.32.20 google.com www.google.com.uy
    Hosts: 216.239.32.20 google.com www.google.co.uz
    Hosts: 216.239.32.20 google.com www.google.com.vc
    Hosts: 216.239.32.20 google.com www.google.co.ve
    Hosts: 216.239.32.20 google.com www.google.vg
    Hosts: 216.239.32.20 google.com www.google.co.vi
    Hosts: 216.239.32.20 google.com www.google.com.vn
    Hosts: 216.239.32.20 google.com www.google.vu
    Hosts: 216.239.32.20 google.com www.google.ws
    Hosts: 216.239.32.20 google.com www.google.rs
    Hosts: 216.239.32.20 google.com www.google.co.za
    Hosts: 216.239.32.20 google.com www.google.co.zm
    Hosts: 216.239.32.20 google.com www.google.co.zw
    Hosts: 216.239.32.20 google.com www.google.cat
    .
    ==== Installed Programs ======================
    .
    @ NRVTech Complete System Restore
    µTorrent
    7-Zip 9.20
    Adobe Digital Editions 3.0
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Reader XI (11.0.08)
    Adobe Shockwave Player 12.1
    Aimersoft DRM Media Converter(Build 1.4.7.2)
    AoA Audio Extractor
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 2.0.5
    Avidemux 2.6 (32-bit)
    B-Jigsaw 7
    Bad CD DVD Reader 1.0
    Bamboo
    BBC iPlayer Downloads
    Bonjour
    CameraHelperMsi
    CCleaner
    Cheetah Video Converter
    Combined Community Codec Pack 2014-07-13
    Comodo Dragon
    COMODO Internet Security Premium
    CoreAVC Professional Edition (remove only)
    Diskeeper 12 Professional
    DivX ??
    EaseUS Partition Master 10.0
    Easy MP3 Sound Recorder 2.01
    erLT
    FBReader for Windows
    FormatFactory 3.3.2.0
    Free Sound Recorder v9.7.2
    GeekBuddy
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Java 7 Update 67
    Java 8 Update 25
    Java Auto Updater
    Logitech Webcam Software
    LSI PCI-SV92EX Soft Modem
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Pictures And Video
    LWS Twitter
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    magicJack
    Malwarebytes Anti-Malware version 1.62.0.1300
    MediaFire Desktop
    MEGAsync
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 1.1 Service Pack 1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Reader
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    mIRC
    Mozilla Firefox 32.0.3 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    Multi Password Recovery
    Nero Suite
    Notepad++
    NpackdCL
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    Paint.NET v3.5.11
    QuickTime
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.95
    Roadkil's Unstoppable Copier Version 5.2
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2723135-v2)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype™ 6.16
    swMSM
    Trillian
    Tweak UI
    Unity Web Player
    Unlocker 1.9.2
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.6195
    WD FAT32 Formatter
    WebFldrs XP
    Windows Media Format 11 runtime
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    WinRAR 5.01 (32-bit)
    Yahoo! Install Manager
    Yahoo! Messenger
    Yahoo! Widgets
    Yawcam 0.4.1
    .
    ==== End Of File ===========================
     
  11. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    Also noticed some porn pop-ups and page ads today, haven't had those before :-(
    I'll try installing MWB 2.0 in safe mode, but after how it lagged then locked before, I don't have much hope, especially when the version I have isn't blocked or laggy :(
     
  12. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    It won't let me edit the post.
    I managed to get MWB 2.0 to run, but it's using 100% CPU as well as memory. No idea how long the scan will take but if it doesn't lock up I'll post the log when it finishes. Thank you for your help.
     
  13. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    Here is the MWB log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/11/2014
    Scan Time: 8:25:21 PM
    Logfile: mbamlog2.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.12.02
    Rootkit Database: v2014.11.11.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Avalon

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 365401
    Time Elapsed: 1 hr, 26 min, 0 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 2
    PUP.Hacktool.Patcher, C:\Program Files\Multi Password Recovery\multi.password.recovery.1.x-2.x-patch.exe, No Action By User, [f2f08bafd5a7ae8830a2d92c30d07f81],
    PUP.Optional.BPlug, C:\Documents and Settings\Avalon\Local Settings\Temp\is2056939940\1DE257BB_stp.EXE, Quarantined, [a63cea50b1cb9d99f82c18ab0bf68977],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  14. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Good :)

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  15. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    RogueKiller V10.0.5.0 [Nov 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Avalon [Administrator]
    Mode : Delete -- Date : 11/13/2014 01:10:54

    ¤¤¤ Processes : 2 ¤¤¤
    [Suspicious.Path] MFUSNM~1.EXE -- C:\DOCUME~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE[7] -> Killed [TermProc]
    [Suspicious.Path] explorer.exe -- C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX32.dll[-] -> Unloaded

    ¤¤¤ Registry : 21 ¤¤¤
    [PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -> Deleted
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced | (default) : {05B38830-F4E9-4329-978B-1DD28605D202} -> Deleted
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637} -> Deleted
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ?tluafed? : C:\Documents and Settings\Avalon\Application Data\{00007BD9-6398-2AAC-6877-F6296D398152}.exe [x] -> Deleted
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MF NTFS Monitor (C:\DOCUME~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE) -> Not selected
    [Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 (\??\C:\Program Files\Unlocker\UnlockerDriver5.sys) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MF NTFS Monitor (C:\DOCUME~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MF NTFS Monitor (C:\DOCUME~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE) -> Not selected
    [PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1715567821-1004336348-1801674531-1006\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com/?ilc=1 -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 8.8.8.8 8.8.4.4 209.55.27.13 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 8.8.8.8 8.8.4.4 209.55.27.13 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 8.8.8.8 8.8.4.4 209.55.27.13 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CA0B60E3-0C43-4E1D-828B-E3B76FA2723F} | DhcpNameServer : 8.8.8.8 8.8.4.4 209.55.27.13 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CA0B60E3-0C43-4E1D-828B-E3B76FA2723F} | DhcpNameServer : 8.8.8.8 8.8.4.4 209.55.27.13 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CA0B60E3-0C43-4E1D-828B-E3B76FA2723F} | DhcpNameServer : 8.8.8.8 8.8.4.4 209.55.27.13 [UNITED STATES (US)] -> Not selected
    [PUM.Desktop] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 1 ¤¤¤
    [Suspicious.Path][File] MEGAsync.lnk -- C:\Documents and Settings\Avalon\Start Menu\Programs\Startup\MEGAsync.lnk [LNK@] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MEGAsync\MEGAsync.exe -> Not selected

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 9 (Driver: Loaded) ¤¤¤
    [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\DKDFM @ Unknown (DKDFM.sys)
    [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\DKDFM @ Unknown (DKDFM.sys)
    [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\DKDFM @ Unknown (DKDFM.sys)
    [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\DKDFM @ Unknown (DKDFM.sys)
    [IAT:Inl] (explorer.exe @ themeui.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2201102 (jmp 0xffffffff8579066e)
    [IAT:Inl] (explorer.exe @ ieframe.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2201102 (jmp 0xffffffff8579066e)
    [IAT:Inl] (explorer.exe @ WPDShServiceObj.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2201102 (jmp 0xffffffff8579066e)
    [IAT:Inl] (explorer.exe @ mydocs.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2201102 (jmp 0xffffffff8579066e)
    [IAT:Inl] (explorer.exe @ zipfldr.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2201102 (jmp 0xffffffff8579066e)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD1600AAJS-22L7A0 +++++
    --- User ---
    [MBR] 739b17a5f2a7e4093ffcacea8863ec39
    [BSP] 1422ee8be9e08b7c7d29afbca18d5ee4 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152617 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: ST916082 7AS USB Device +++++
    --- User ---
    [MBR] 2ab5be8f8b49ad85ec02865896d62610
    [BSP] 3a61cb688026c534e8cdb98a7fde7561 : HP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: Generic- Multi-Card USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_SCN_11132014_010838.log



    RogueKiller V10.0.5.0 [Nov 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Avalon [Administrator]
    Mode : Delete -- Date : 11/13/2014 01:12:27

    ¤¤¤ Processes : 2 ¤¤¤
    [Suspicious.Path] MFUSNM~1.EXE -- C:\DOCUME~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE[7] -> Killed [TermProc]
    [Suspicious.Path] explorer.exe -- C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX32.dll[-] -> Unloaded

    ¤¤¤ Registry : 21 ¤¤¤
    [PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -> ERROR [0]
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced | (default) : {05B38830-F4E9-4329-978B-1DD28605D202} -> ERROR [0]
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637} -> ERROR [0]
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ?tluafed? : C:\Documents and Settings\Avalon\Application Data\{00007BD9-6398-2AAC-6877-F6296D398152}.exe [x] -> ERROR [0]
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MF NTFS Monitor (C:\DOCUME~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE) -> Not selected
    [Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 (\??\C:\Program Files\Unlocker\UnlockerDriver5.sys) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MF NTFS Monitor (C:\DOCUME~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MF NTFS Monitor (C:\DOCUME~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE) -> Not selected
    [PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1715567821-1004336348-1801674531-1006\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com/?ilc=1 -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 8.8.8.8 8.8.4.4 209.55.27.13 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 8.8.8.8 8.8.4.4 209.55.27.13 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 8.8.8.8 8.8.4.4 209.55.27.13 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CA0B60E3-0C43-4E1D-828B-E3B76FA2723F} | DhcpNameServer : 8.8.8.8 8.8.4.4 209.55.27.13 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CA0B60E3-0C43-4E1D-828B-E3B76FA2723F} | DhcpNameServer : 8.8.8.8 8.8.4.4 209.55.27.13 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CA0B60E3-0C43-4E1D-828B-E3B76FA2723F} | DhcpNameServer : 8.8.8.8 8.8.4.4 209.55.27.13 [UNITED STATES (US)] -> Not selected
    [PUM.Desktop] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 1 ¤¤¤
    [Suspicious.Path][File] MEGAsync.lnk -- C:\Documents and Settings\Avalon\Start Menu\Programs\Startup\MEGAsync.lnk [LNK@] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MEGAsync\MEGAsync.exe -> Not selected

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 9 (Driver: Loaded) ¤¤¤
    [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\DKDFM @ Unknown (DKDFM.sys)
    [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\DKDFM @ Unknown (DKDFM.sys)
    [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\DKDFM @ Unknown (DKDFM.sys)
    [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\DKDFM @ Unknown (DKDFM.sys)
    [IAT:Inl] (explorer.exe @ themeui.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2201102 (jmp 0xffffffff8579066e)
    [IAT:Inl] (explorer.exe @ ieframe.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2201102 (jmp 0xffffffff8579066e)
    [IAT:Inl] (explorer.exe @ WPDShServiceObj.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2201102 (jmp 0xffffffff8579066e)
    [IAT:Inl] (explorer.exe @ mydocs.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2201102 (jmp 0xffffffff8579066e)
    [IAT:Inl] (explorer.exe @ zipfldr.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2201102 (jmp 0xffffffff8579066e)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD1600AAJS-22L7A0 +++++
    --- User ---
    [MBR] 739b17a5f2a7e4093ffcacea8863ec39
    [BSP] 1422ee8be9e08b7c7d29afbca18d5ee4 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152617 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: ST916082 7AS USB Device +++++
    --- User ---
    [MBR] 2ab5be8f8b49ad85ec02865896d62610
    [BSP] 3a61cb688026c534e8cdb98a7fde7561 : HP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: Generic- Multi-Card USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_SCN_11132014_010838.log - RKreport_DEL_11132014_011053.log - RKreport_DEL_11132014_011146.log - RKreport_DEL_11132014_011152.log
    RKreport_DEL_11132014_011211.log - RKreport_DEL_11132014_011214.log - RKreport_DEL_11132014_011218.log - RKreport_DEL_11132014_011223.log



    Malwarebytes Anti-Rootkit BETA 1.08.1.1001
    www.malwarebytes.org

    Database version: v2014.11.13.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Avalon :: DENOFINIQUITY [administrator]

    11/13/2014 1:18:05 AM
    mbar-log-2014-11-13 (01-18-05).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 359910
    Time elapsed: 56 minute(s), 24 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)



    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.1.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, G:\ DRIVE_FIXED
    CPU speed: 1.607000 GHz
    Memory total: 2951135232, free: 1749323776

    Downloaded database version: v2014.11.13.03
    Downloaded database version: v2014.11.12.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    11/13/2014 01:16:41
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    didr.sys
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    PartMgr.sys
    atapi.sys
    DKDFM.sys
    \WINDOWS\system32\drivers\FLTMGR.SYS
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    sr.sys
    DKTLFSMF.sys
    KSecDD.sys
    Ntfs.sys
    inspect.sys
    \WINDOWS\System32\DRIVERS\NDIS.SYS
    \WINDOWS\System32\DRIVERS\TDI.SYS
    Mup.sys
    \SystemRoot\system32\DRIVERS\AmdK8.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\nvnetbus.sys
    \SystemRoot\system32\DRIVERS\NVNRM.SYS
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\nv4_mini.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\wacomvhid.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\WacomVKHid.sys
    \SystemRoot\system32\drivers\DaShenAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\VirtualAudio1.sys
    \SystemRoot\system32\drivers\VirtualAudio2.sys
    \SystemRoot\system32\drivers\VirtualAudio3.sys
    \SystemRoot\system32\drivers\VirtualAudio4.sys
    \SystemRoot\system32\drivers\VirtualAudio5.sys
    \SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
    \SystemRoot\system32\drivers\WsAudio_DeviceS(2).sys
    \SystemRoot\system32\drivers\WsAudio_DeviceS(3).sys
    \SystemRoot\system32\drivers\WsAudio_DeviceS(4).sys
    \SystemRoot\system32\drivers\WsAudio_DeviceS(5).sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\wacommousefilter.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\NVENETFD.sys
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \SystemRoot\System32\DRIVERS\cmderd.sys
    \SystemRoot\System32\DRIVERS\cmdguard.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\CFRMD.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\System32\DRIVERS\cmdhlp.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\hmd.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\nv4_disp.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\mfmonitor_x86.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\DKRtWrt.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR3
    Upper Device Object: 0xffffffff88914680
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000095\
    Lower Device Object: 0xffffffff8a5f5ea0
    Lower Device Driver Name: \Driver\usbstor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR2
    Upper Device Object: 0xffffffff8896dab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000094\
    Lower Device Object: 0xffffffff8ac0cae8
    Lower Device Driver Name: \Driver\usbstor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8ac86ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-7\
    Lower Device Object: 0xffffffff8acf7be0
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8ac86ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8ac859e0, DeviceName: Unknown, DriverName: \Driver\DKDFM\
    DevicePointer: 0xffffffff8ac7dc18, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8ac86ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8acf7818, DeviceName: \Device\00000074\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8acf7be0, DeviceName: \Device\Ide\IdeDeviceP3T0L0-7\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: F7777F80

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 312560577
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff8896dab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8897c9e0, DeviceName: Unknown, DriverName: \Driver\DKDFM\
    DevicePointer: 0xffffffff889df920, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8896dab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8ac0cae8, DeviceName: \Device\00000094\, DriverName: \Driver\usbstor\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 9715E3E2

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 312576000

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff88914680, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff88911020, DeviceName: Unknown, DriverName: \Driver\DKDFM\
    DevicePointer: 0xffffffff88914458, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff88914680, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a5f5ea0, DeviceName: \Device\00000095\, DriverName: \Driver\usbstor\
    ------------ End ----------
    File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
    File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
    File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-I.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
     
  16. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  17. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    Thanks. Here is Combofix.txt:


    ComboFix 14-11-12.01 - Avalon 11/14/2014 4:04:35.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2139 [GMT -5:00]
    Running from: C:\Documents and Settings\Avalon\Desktop\ComboFix.exe
    AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\Avalon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    C:\Documents and Settings\Avalon\Start Menu\Programs\Trillian.lnk
    C:\WINDOWS\security\logs\scecomp.log
    C:\WINDOWS\system32\roboot.exe
    C:\WINDOWS\system32\win32.dll




    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BLOCK_READER
    -------\Legacy_GLOBALUPDATE
    -------\Legacy_NPF
    -------\Service_BLOCK_READER


    ((((((((((((((((((((((((( Files Created from 2014-10-14 to 2014-11-14 )))))))))))))))))))))))))))))))


    2014-11-14 08:44:37 . 2014-11-14 08:47:59 -------- d-----w- C:\AVG_Remover
    2014-11-13 06:16:41 . 2014-11-13 07:23:06 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-11-13 05:59:01 . 2014-11-13 05:59:01 34808 ----a-w- C:\WINDOWS\system32\drivers\TrueSight.sys
    2014-11-13 05:58:56 . 2014-11-13 05:59:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\RogueKiller
    2014-11-12 01:23:06 . 2014-11-13 06:16:40 115928 ----a-w- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    2014-11-12 01:20:52 . 2014-11-13 06:16:01 55000 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys
    2014-11-12 01:20:50 . 2014-11-12 01:21:23 -------- d-----w- C:\Program Files\Malwarebytes Anti-Malware
    2014-11-11 12:41:18 . 2014-11-11 12:41:18 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-11-10 09:08:57 . 2014-11-10 09:08:57 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
    2014-11-10 05:03:31 . 2014-11-10 05:03:58 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
    2014-11-10 05:03:25 . 2014-11-10 05:03:25 48392 ----a-w- C:\WINDOWS\system32\certsentry.dll
    2014-11-10 04:55:33 . 2014-11-14 08:30:53 -------- d-----w- C:\Documents and Settings\Avalon\Local Settings\Application Data\COMODO
    2014-11-10 04:49:36 . 2014-11-14 09:33:54 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Comodo
    2014-11-09 18:46:00 . 2014-11-10 03:17:39 -------- d-----w- C:\Documents and Settings\Avalon\Application Data\FrameworkUpdate7
    2014-11-09 18:45:56 . 2014-11-10 03:17:39 -------- d-----w- C:\0da1ecf
    2014-11-03 09:42:39 . 2014-11-03 09:42:39 -------- d-----w- C:\Program Files\Common Files\Java
    2014-11-03 09:41:42 . 2014-11-03 09:43:17 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Oracle
    2014-11-01 19:50:12 . 2014-11-09 19:01:46 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ecbaef90-5696-41e1-a1c3-3e8112ce2840
    2014-11-01 17:48:23 . 2014-11-01 17:48:23 -------- d-----w- C:\Documents and Settings\Avalon\Local Settings\Application Data\IsolatedStorage
    2014-11-01 17:46:58 . 2014-11-01 22:13:40 -------- d-----w- C:\Program Files\Framed Display
    2014-11-01 17:46:24 . 2014-11-01 19:21:17 -------- d-----w- C:\Documents and Settings\Avalon\Application Data\Systweak
    2014-10-26 13:41:43 . 2014-10-26 13:41:43 -------- d-----w- C:\Documents and Settings\Avalon\Local Settings\Application Data\Condusiv_Technologies
    2014-10-26 13:41:43 . 2014-10-26 13:41:43 -------- d-----w- C:\Documents and Settings\Avalon\Application Data\Condusiv_Technologies
    2014-10-26 09:55:56 . 2012-07-09 18:54:56 85328 ----a-w- C:\WINDOWS\system32\drivers\DKTLFSMF.sys
    2014-10-26 09:55:55 . 2012-04-05 06:32:52 35120 ----a-w- C:\WINDOWS\system32\drivers\DKDFM.sys
    2014-10-26 09:55:51 . 2012-06-18 23:14:42 44496 ----a-w- C:\WINDOWS\system32\drivers\DKRtWrt.sys
    2014-10-26 09:55:48 . 2014-10-26 09:55:48 -------- d-----w- C:\Program Files\Common Files\Diskeeper Corporation
    2014-10-26 09:55:47 . 2014-10-26 09:55:47 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Condusiv Technologies
    2014-10-26 09:55:44 . 2014-10-26 09:55:44 -------- d-----w- C:\Program Files\Windows Home Server
    2014-10-26 09:44:43 . 2014-10-26 09:56:10 -------- d-----w- C:\Program Files\Diskeeper Setup Files
    2014-10-23 21:49:06 . 2014-10-23 21:49:07 -------- d-----w- C:\Program Files\Microsoft Silverlight
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2014-11-12 18:13:17 . 2013-12-20 19:10:06 71344 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-11-12 18:13:17 . 2013-12-20 19:10:06 701104 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-11-03 09:41:56 . 2014-08-10 19:34:14 96680 ----a-w- C:\WINDOWS\system32\WindowsAccessBridge.dll
    2014-11-03 09:41:55 . 2010-04-02 17:02:01 146432 ----a-w- C:\WINDOWS\system32\javacpl.cpl
    2014-10-01 16:11:10 . 2014-08-08 08:22:10 23256 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys


    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.

    [-] 2009-07-16 20:18:48 . 64670487D29BCE2FAEC17229C8649C83 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]
    @="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"
    [HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]
    2013-12-06 16:42:49 80896 ----a-w- C:\Program Files\MediaFire Desktop\MediaFireIcon3_002c0.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]
    @="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"
    [HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]
    2013-12-06 16:43:01 76288 ----a-w- C:\Program Files\MediaFire Desktop\MediaFireIcon_002c0.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]
    @="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"
    [HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]
    2013-12-06 16:42:48 77824 ----a-w- C:\Program Files\MediaFire Desktop\MediaFireIcon2_002c0.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]
    @="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"
    [HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]
    2013-12-06 16:42:50 76288 ----a-w- C:\Program Files\MediaFire Desktop\MediaFireIcon4_002c0.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconReadOnly]
    @="{7995D0FC-769B-4197-AEC0-991921CB99E1}"
    [HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]
    2013-12-06 16:42:51 76288 ----a-w- C:\Program Files\MediaFire Desktop\MediaFireIcon5_002c0.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="C:\Documents and Settings\Avalon\Application Data\mjusbsp\cdloader2.exe" [2014-07-04 16:55:24 51592]
    "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2014-03-30 09:02:35 394616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50:42 155648]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2010-01-12 02:17:44 110696]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2010-01-12 02:17:44 13666408]
    "RTHDCPL"="RTHDCPL.EXE" [2010-02-10 04:33:22 18790432]
    "LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 05:38:44 204136]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2010-07-04 19:51:26 17408]
    "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 05:52:12 43848]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2013-05-01 08:59:04 421888]
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 06:04:16 959904]
    "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 05:26:44 1861968]
    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 20:39:42 507776]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2012-09-21 19:08:30 466648]

    C:\Documents and Settings\Avalon\Start Menu\Programs\Startup\
    MEGAsync.lnk - C:\Documents and Settings\All Users\Application Data\MEGAsync\MEGAsync.exe [2014-9-19 4034560]
    Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2014-4-7 2622832]
    Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Documents and Settings\\Avalon\\Application Data\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Trillian\\plugins\\skypekit.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\Java\\jre7\\bin\\java.exe"=
    "C:\\Program Files\\mIRC\\mIRC.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
    "C:\\Program Files\\Java\\jre1.8.0_25\\bin\\javaw.exe"=
    "C:\\Documents and Settings\\Avalon\\Application Data\\mjusbsp\\magicJack.exe"=

    R0 DKDFM;Device Filter Manager Driver;C:\WINDOWS\system32\drivers\DKDFM.sys [10/26/2014 4:55:55 AM 35120]
    R0 DKTLFSMF;Telemetry File System Mini Filter Driver;C:\WINDOWS\system32\drivers\DKTLFSMF.sys [10/26/2014 4:55:56 AM 85328]
    R2 MF NTFS Monitor;MediaFire NTFS Monitor;C:\DOCUME~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE [2/15/2014 11:56:38 PM 457944]
    R2 mfmonitor;mfmonitor;C:\WINDOWS\system32\drivers\mfmonitor_x86.sys [2/15/2014 11:56:27 PM 19160]
    R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [6/16/2014 10:34:44 PM 4408616]
    R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [6/16/2014 10:35:39 PM 112936]
    R3 DaShenAudio_simple;DaShen Audio Filter Driver (DaShen Copyright);C:\WINDOWS\system32\drivers\DaShenAudio.sys [3/4/2014 7:45:39 PM 29656]
    R3 DKRtWrt;DKRtWrt;C:\WINDOWS\system32\drivers\DKRtWrt.sys [10/26/2014 4:55:51 AM 44496]
    R3 WsAudio_Device(1);WsAudio_Device(1);C:\WINDOWS\system32\drivers\VirtualAudio1.sys [1/1/2014 10:12:51 PM 27496]
    R3 WsAudio_Device(2);WsAudio_Device(2);C:\WINDOWS\system32\drivers\VirtualAudio2.sys [1/1/2014 10:12:51 PM 27496]
    R3 WsAudio_Device(3);WsAudio_Device(3);C:\WINDOWS\system32\drivers\VirtualAudio3.sys [1/1/2014 10:12:51 PM 27496]
    R3 WsAudio_Device(4);WsAudio_Device(4);C:\WINDOWS\system32\drivers\VirtualAudio4.sys [1/1/2014 10:12:51 PM 27496]
    R3 WsAudio_Device(5);WsAudio_Device(5);C:\WINDOWS\system32\drivers\VirtualAudio5.sys [1/1/2014 10:12:51 PM 27496]
    R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys [1/1/2014 11:15:21 PM 25704]
    R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys [1/1/2014 11:15:47 PM 25704]
    R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys [1/1/2014 11:16:06 PM 25704]
    R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys [1/1/2014 11:16:26 PM 25704]
    R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys [1/1/2014 11:16:47 PM 25704]
    S1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
    S2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files\Comodo\Dragon\dragon_updater.exe --> C:\Program Files\Comodo\Dragon\dragon_updater.exe [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [10/23/2013 8:15:08 AM 172192]
    S2 Update Framed Display;Update Framed Display;"C:\Program Files\Framed Display\updateFramedDisplay.exe" --> C:\Program Files\Framed Display\updateFramedDisplay.exe [?]
    S2 Util Framed Display;Util Framed Display;"C:\Program Files\Framed Display\bin\utilFramedDisplay.exe" --> C:\Program Files\Framed Display\bin\utilFramedDisplay.exe [?]
    S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [2/24/2011 6:25:50 PM 1691480]
    S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\WINDOWS\system32\drivers\anvsnddrv.sys --> C:\WINDOWS\system32\drivers\anvsnddrv.sys [?]
    S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [1/1/2014 8:01:35 PM 26032]
    S3 DbusAudio;DbusAudio;C:\WINDOWS\system32\drivers\DbusAudio.sys [3/4/2014 6:43:57 PM 23608]
    S3 DbusVideo;DbusVideo;C:\WINDOWS\system32\drivers\DbusVideo.sys [3/4/2014 6:43:57 PM 5688]
    S3 MDA_NTDRV;MDA_NTDRV;C:\WINDOWS\system32\MDA_NTDRV.sys [2/25/2013 4:10:06 AM 18200]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - WS2IFSL

    Contents of the 'Scheduled Tasks' folder

    2014-11-14 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-20 19:10:06 . 2014-11-12 18:13:17]

    2014-11-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57:16 . 2011-06-01 22:57:16]

    2014-11-14 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FB6836BA-3D20-4754-828A-DE9B7DB54941}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2003-03-31 12:00:00 . 2009-07-16 19:13:22]
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Log is incomplete.
    Please post entire log.
     
  19. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    ComboFix 14-11-15.01 - Avalon 11/14/2014 17:54:59.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2252 [GMT -5:00]
    Running from: c:\documents and settings\Avalon\Desktop\ComboFix.exe
    AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Avalon\Application Data\FrameworkUpdate7
    c:\documents and settings\Avalon\Local Settings\Application Data\assembly\tmp
    .
    ---- Previous Run -------
    .
    c:\documents and settings\Avalon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    c:\documents and settings\Avalon\Start Menu\Programs\Trillian.lnk
    c:\windows\security\logs\scecomp.log
    c:\windows\system32\roboot.exe
    c:\windows\system32\win32.dll
    .
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_BLOCK_READER
    -------\Legacy_GLOBALUPDATE
    -------\Legacy_NPF
    -------\Service_BLOCK_READER
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-10-14 to 2014-11-14 )))))))))))))))))))))))))))))))
    .
    .
    2014-11-14 08:44 . 2014-11-14 08:47 -------- d-----w- C:\AVG_Remover
    2014-11-13 06:16 . 2014-11-13 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-11-13 05:59 . 2014-11-13 05:59 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-11-13 05:58 . 2014-11-13 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
    2014-11-12 01:23 . 2014-11-13 06:16 115928 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-12 01:20 . 2014-11-13 06:16 55000 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-12 01:20 . 2014-11-12 01:21 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-11-11 12:41 . 2014-11-11 12:41 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-11-10 09:08 . 2014-11-10 09:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
    2014-11-10 05:03 . 2014-11-10 05:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
    2014-11-10 05:03 . 2014-11-10 05:03 48392 ----a-w- c:\windows\system32\certsentry.dll
    2014-11-10 04:55 . 2014-11-14 08:30 -------- d-----w- c:\documents and settings\Avalon\Local Settings\Application Data\COMODO
    2014-11-10 04:49 . 2014-11-14 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
    2014-11-09 18:45 . 2014-11-10 03:17 -------- d-----w- C:\0da1ecf
    2014-11-03 09:42 . 2014-11-03 09:42 -------- d-----w- c:\program files\Common Files\Java
    2014-11-03 09:41 . 2014-11-03 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Oracle
    2014-11-01 19:50 . 2014-11-09 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ecbaef90-5696-41e1-a1c3-3e8112ce2840
    2014-11-01 17:48 . 2014-11-01 17:48 -------- d-----w- c:\documents and settings\Avalon\Local Settings\Application Data\IsolatedStorage
    2014-11-01 17:46 . 2014-11-01 22:13 -------- d-----w- c:\program files\Framed Display
    2014-11-01 17:46 . 2014-11-01 19:21 -------- d-----w- c:\documents and settings\Avalon\Application Data\Systweak
    2014-10-26 13:41 . 2014-10-26 13:41 -------- d-----w- c:\documents and settings\Avalon\Local Settings\Application Data\Condusiv_Technologies
    2014-10-26 13:41 . 2014-10-26 13:41 -------- d-----w- c:\documents and settings\Avalon\Application Data\Condusiv_Technologies
    2014-10-26 09:55 . 2012-07-09 18:54 85328 ----a-w- c:\windows\system32\drivers\DKTLFSMF.sys
    2014-10-26 09:55 . 2012-04-05 06:32 35120 ----a-w- c:\windows\system32\drivers\DKDFM.sys
    2014-10-26 09:55 . 2012-06-18 23:14 44496 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys
    2014-10-26 09:55 . 2014-10-26 09:55 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
    2014-10-26 09:55 . 2014-10-26 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Condusiv Technologies
    2014-10-26 09:55 . 2014-10-26 09:55 -------- d-----w- c:\program files\Windows Home Server
    2014-10-26 09:44 . 2014-10-26 09:56 -------- d-----w- c:\program files\Diskeeper Setup Files
    2014-10-23 21:49 . 2014-10-23 21:49 -------- d-----w- c:\program files\Microsoft Silverlight
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-12 18:13 . 2013-12-20 19:10 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-11-12 18:13 . 2013-12-20 19:10 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-11-03 09:41 . 2014-08-10 19:34 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-11-03 09:41 . 2010-04-02 17:02 146432 ----a-w- c:\windows\system32\javacpl.cpl
    2014-10-01 16:11 . 2014-08-08 08:22 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-07-16 . 64670487D29BCE2FAEC17229C8649C83 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]
    @="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"
    [HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]
    2013-12-06 16:42 80896 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon3_002c0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]
    @="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"
    [HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]
    2013-12-06 16:43 76288 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon_002c0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]
    @="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"
    [HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]
    2013-12-06 16:42 77824 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon2_002c0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]
    @="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"
    [HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]
    2013-12-06 16:42 76288 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon4_002c0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconReadOnly]
    @="{7995D0FC-769B-4197-AEC0-991921CB99E1}"
    [HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]
    2013-12-06 16:42 76288 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon5_002c0.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\documents and settings\Avalon\Application Data\mjusbsp\cdloader2.exe" [2014-07-04 51592]
    "MediaFire Tray"="" [BU]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2014-03-30 394616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "nwiz"="nwiz.exe" [BU]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
    "RTHDCPL"="RTHDCPL.EXE" [2010-02-10 18790432]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2012-09-21 466648]
    .
    c:\documents and settings\Avalon\Start Menu\Programs\Startup\
    MEGAsync.lnk - c:\documents and settings\All Users\Application Data\MEGAsync\MEGAsync.exe [2014-9-19 4034560]
    Trillian.lnk - c:\program files\Trillian\trillian.exe [2014-4-7 2622832]
    Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    avgrsstx.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\Avalon\\Application Data\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Trillian\\plugins\\skypekit.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
    "c:\\Program Files\\mIRC\\mIRC.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
    "c:\\Program Files\\Java\\jre1.8.0_25\\bin\\javaw.exe"=
    "c:\\Documents and Settings\\Avalon\\Application Data\\mjusbsp\\magicJack.exe"=
    .
    R0 DKDFM;Device Filter Manager Driver;c:\windows\system32\drivers\DKDFM.sys [10/26/2014 4:55 AM 35120]
    R0 DKTLFSMF;Telemetry File System Mini Filter Driver;c:\windows\system32\drivers\DKTLFSMF.sys [10/26/2014 4:55 AM 85328]
    R2 mfmonitor;mfmonitor;c:\windows\system32\drivers\mfmonitor_x86.sys [2/15/2014 11:56 PM 19160]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [6/16/2014 10:34 PM 4408616]
    R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [6/16/2014 10:35 PM 112936]
    R3 DaShenAudio_simple;DaShen Audio Filter Driver (DaShen Copyright);c:\windows\system32\drivers\DaShenAudio.sys [3/4/2014 7:45 PM 29656]
    R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [10/26/2014 4:55 AM 44496]
    R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys [1/1/2014 10:12 PM 27496]
    R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys [1/1/2014 10:12 PM 27496]
    R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys [1/1/2014 10:12 PM 27496]
    R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys [1/1/2014 10:12 PM 27496]
    R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys [1/1/2014 10:12 PM 27496]
    R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [1/1/2014 11:15 PM 25704]
    R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [1/1/2014 11:15 PM 25704]
    R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [1/1/2014 11:16 PM 25704]
    R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [1/1/2014 11:16 PM 25704]
    R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [1/1/2014 11:16 PM 25704]
    S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
    S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe --> c:\program files\Comodo\Dragon\dragon_updater.exe [?]
    S2 MF NTFS Monitor;MediaFire NTFS Monitor;c:\docume~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE [2/15/2014 11:56 PM 457944]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 8:15 AM 172192]
    S2 Update Framed Display;Update Framed Display;"c:\program files\Framed Display\updateFramedDisplay.exe" --> c:\program files\Framed Display\updateFramedDisplay.exe [?]
    S2 Util Framed Display;Util Framed Display;"c:\program files\Framed Display\bin\utilFramedDisplay.exe" --> c:\program files\Framed Display\bin\utilFramedDisplay.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/24/2011 6:25 PM 1691480]
    S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys --> c:\windows\system32\drivers\anvsnddrv.sys [?]
    S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [1/1/2014 8:01 PM 26032]
    S3 DbusAudio;DbusAudio;c:\windows\system32\drivers\DbusAudio.sys [3/4/2014 6:43 PM 23608]
    S3 DbusVideo;DbusVideo;c:\windows\system32\drivers\DbusVideo.sys [3/4/2014 6:43 PM 5688]
    S3 MDA_NTDRV;MDA_NTDRV;c:\windows\system32\MDA_NTDRV.sys [2/25/2013 4:10 AM 18200]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-20 18:13]
    .
    2014-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2014-11-14 c:\windows\Tasks\User_Feed_Synchronization-{FB6836BA-3D20-4754-828A-DE9B7DB54941}.job
    - c:\windows\system32\msfeedssync.exe [2003-03-31 19:13]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.google.com
    mStart Page = www.google.com
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:cs@3DToonTubeHD.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = www.google.com
    IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ALL_LINK
    IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ONE_LINK
    Trusted Zone: tumblr.com\www
    TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
    FF - ProfilePath - c:\documents and settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\
    FF - prefs.js: browser.search.selectedEngine - Astromenda
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: extensions.astrmndasr.hmpg - true
    FF - user.js: extensions.astrmndasr.hmpgUrl - hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzz0D0F0AzztGtByCzz0EtGyB0CtDtBtGyDtC0D0EtGtAyByB0AzzyB0EyC0EyD0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0EyC0CtD0EyCtBtGyDyCyD0DtGyEtDyBtCtGzytBtC0BtGtDzzzytB0CyD0F0A0EyD0CyD2Q&cr=1262273424&ir=
    FF - user.js: extensions.astrmndasr.dfltSrch - true
    FF - user.js: extensions.astrmndasr.srchPrvdr - Astromenda
    FF - user.js: extensions.astrmndasr.dnsErr - true
    FF - user.js: extensions.astrmndasr_i.newTab - true
    FF - user.js: extensions.astrmndasr.newTabUrl - hxxp://astromenda.com/?f=2&a=ast_clickconnect_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzz0D0F0AzztGtByCzz0EtGyB0CtDtBtGyDtC0D0EtGtAyByB0AzzyB0EyC0EyD0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0EyC0CtD0EyCtBtGyDyCyD0DtGyEtDyBtCtGzytBtC0BtGtDzzzytB0CyD0F0A0EyD0CyD2Q&cr=1262273424&ir=
    FF - user.js: extensions.astrmndasr.tlbrSrchUrl - hxxp://astromenda.com/?f=3&a=ast_clickconnect_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzz0D0F0AzztGtByCzz0EtGyB0CtDtBtGyDtC0D0EtGtAyByB0AzzyB0EyC0EyD0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0EyC0CtD0EyCtBtGyDyCyD0DtGyEtDyBtCtGzytBtC0BtGtDzzzytB0CyD0F0A0EyD0CyD2Q&cr=1262273424&ir=&q=
    FF - user.js: extensions.astrmndasr.id - 001D72B2207162F7
    FF - user.js: extensions.astrmndasr.instlDay - 16375
    FF - user.js: extensions.astrmndasr.vrsn -
    FF - user.js: extensions.astrmndasr.vrsni -
    FF - user.js: extensions.astrmndasr_i.vrsnTs - 13:46
    FF - user.js: extensions.astrmndasr.prtnrId - WSE_Astromenda
    FF - user.js: extensions.astrmndasr.prdct - astrmndasr
    FF - user.js: extensions.astrmndasr.aflt - ast_clickconnect_14_44_ff
    FF - user.js: extensions.astrmndasr_i.smplGrp - none
    FF - user.js: extensions.astrmndasr.tlbrId -
    FF - user.js: extensions.astrmndasr.instlRef - 142905_b
    FF - user.js: extensions.astrmndasr.dfltLng -
    FF - user.js: extensions.astrmndasr.appId - {9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
    FF - user.js: extensions.astrmndasr.excTlbr - false
    FF - user.js: extensions.astrmndasr.cr - 1262273424
    FF - user.js: extensions.astrmndasr.cd - 2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzzzzzz0D0F0AzztGtByCzz0EtGyB0CtDtBtGyDtC0D0EtGtAyByB0AzzyB0EyC0EyD0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0EyC0CtD0EyCtBtGyDyCyD0DtGyEtDyBtCtGzytBtC0BtGtDzzzytB0CyD0F0A0EyD0CyD2Q
    FF - user.js: extensions.astrmndasr.AL - 2
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-LSI Soft Modem - c:\windows\agrsmdel
    AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\documents and settings\All Users\Application Data\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-11-14 18:03
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1688)
    c:\windows\system32\WININET.dll
    c:\program files\MediaFire Desktop\MediaFireIcon3_002c0.dll
    c:\program files\MediaFire Desktop\MediaFireIcon_002c0.dll
    c:\program files\MediaFire Desktop\MediaFireIcon2_002c0.dll
    c:\program files\MediaFire Desktop\MediaFireIcon4_002c0.dll
    c:\program files\MediaFire Desktop\MediaFireIcon5_002c0.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\system32\nvcpl.dll
    c:\windows\system32\nvapi.dll
    c:\program files\NVIDIA Corporation\nView\nvshell.dll
    .
    Completion time: 2014-11-14 19:23:18
    ComboFix-quarantined-files.txt 2014-11-15 00:23
    .
    Pre-Run: 41,705,070,592 bytes free
    Post-Run: 41,699,803,136 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 94648010AAFC5A7DE29FB05030E2E43D
    8F558EB6672622401DA993E1E865C861
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Good :)

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  21. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    # AdwCleaner v4.101 - Report created 15/11/2014 at 03:31:49
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-07.1 [Local]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Avalon - DENOFINIQUITY
    # Running from : C:\Documents and Settings\Avalon\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : Util Framed Display
    [#] Service Deleted : Update Framed Display

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\Framed Display
    Folder Deleted : C:\Documents and Settings\Avalon\Application Data\Systweak
    Folder Deleted : C:\Documents and Settings\Avalon\My Documents\Aimersoft Video Converter Ultimate
    File Deleted : C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\user.js

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{41F19F7E-A640-4C34-BCFD-12FADF52473B}
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\Framed Display
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v32.0.3 (x86 en-US)

    [mydm192n.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Astromenda");
    [mydm192n.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");
    [mydm192n.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutC[...]
    [mydm192n.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_clickconnect_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1Czu[...]
    [mydm192n.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
    [mydm192n.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
    [mydm192n.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_clickconnect_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1C[...]

    *************************

    AdwCleaner[R0].txt - [13856 octets] - [29/09/2014 22:07:08]
    AdwCleaner[R1].txt - [326 octets] - [15/11/2014 03:21:45]
    AdwCleaner[R2].txt - [3291 octets] - [15/11/2014 03:23:27]
    AdwCleaner[S0].txt - [14240 octets] - [29/09/2014 22:12:45]
    AdwCleaner[S1].txt - [3331 octets] - [15/11/2014 03:31:49]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3391 octets] ##########




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.7 (11.08.2014:1)
    OS: Microsoft Windows XP x86
    Ran by Avalon on Sat 11/15/2014 at 3:39:01.43
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Program Files\005"



    ~~~ FireFox

    Successfully deleted the following from C:\Documents and Settings\Avalon\Application Data\mozilla\firefox\profiles\mydm192n.default\prefs.js

    user_pref("extensions.BlockSite.blacklist", "safesear.ch/?type=20140925-125-ff-sr");
    user_pref("extensions.xkit7.extension_go_to_dash", "{\"script\":\"//* TITLE Go-To-Dash **//\\r\\n//* VERSION 1.0 REV F **//\\r\\n//* DESCRIPTION View a post on a blog on your
    user_pref("extensions.xkit7.extension_one_click_postage", "{\"script\":\"//* TITLE One-Click Postage **//\\r\\n//* VERSION 3.3 REV C **//\\r\\n//* DESCRIPTION Lets you easily
    user_pref("extensions.xkit7.extension_one_click_reply", "{\"script\":\"//* TITLE One-Click Reply **//\\r\\n//* VERSION 1.9 REV F **//\\r\\n//* DESCRIPTION Lets you reply to no
    user_pref("extensions.xkit7.extension_tweaks", "{\"script\":\"//* TITLE Tweaks **//\\r\\n//* VERSION 2.8 REV D **//\\r\\n//* DESCRIPTION Various little tweaks for your dashboa
    user_pref("extensions.xkit7.extension_xkit_patches", "{\"script\":\"//* TITLE XKit Patches **//\\r\\n//* VERSION 2.4 REV C **//\\r\\n//* DESCRIPTION Patches framework **//\\r\
    user_pref("extensions.xkit7.extension_xkit_preferences", "{\"script\":\"//* TITLE XKit Preferences **//\\r\\n//* VERSION 3.1 REV H **//\\r\\n//* DESCRIPTION Lets you customize
    Emptied folder: C:\Documents and Settings\Avalon\Application Data\mozilla\firefox\profiles\mydm192n.default\minidumps [3 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 11/15/2014 at 3:44:23.64
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014 01
    Ran by Avalon (administrator) on DENOFINIQUITY on 15-11-2014 03:46:42
    Running from C:\Documents and Settings\Avalon\Desktop
    Loaded Profile: Avalon (Available profiles: Avalon)
    Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
    (Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
    () C:\DOCUME~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE
    (Wacom Technology, Corp.) C:\WINDOWS\system32\Pen_Tablet.exe
    (Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
    (Wacom Technology, Corp.) C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    (Wacom Technology, Corp.) C:\WINDOWS\system32\Pen_Tablet.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
    (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Cerulean Studios) C:\Program Files\Trillian\trillian.exe
    () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
    HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
    HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18790432 2010-02-09] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
    HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
    HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\...\Run: [cdloader] => C:\Documents and Settings\Avalon\Application Data\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
    HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\...\Run: [MediaFire Tray] => [X]
    HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [394616 2014-03-30] (BitTorrent, Inc.)
    HKU\S-1-5-18\...\RunOnce: [WUAppSetup] => C:\Program Files\Common Files\logishrd\WUApp32.exe [466648 2012-09-21] ()
    Startup: C:\Documents and Settings\Avalon\Start Menu\Programs\Startup\MEGAsync.lnk
    ShortcutTarget: MEGAsync.lnk -> C:\Documents and Settings\All Users\Application Data\MEGAsync\MEGAsync.exe (Mega Limited)
    Startup: C:\Documents and Settings\Avalon\Start Menu\Programs\Startup\Trillian.lnk
    ShortcutTarget: Trillian.lnk -> C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
    Startup: C:\Documents and Settings\Avalon\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
    ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
    ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files\MediaFire Desktop\MediaFireIcon3_002c0.dll (TODO: <Company name>)
    ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files\MediaFire Desktop\MediaFireIcon_002c0.dll (TODO: <Company name>)
    ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files\MediaFire Desktop\MediaFireIcon2_002c0.dll (TODO: <Company name>)
    ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files\MediaFire Desktop\MediaFireIcon4_002c0.dll (TODO: <Company name>)
    ShellIconOverlayIdentifiers: [MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files\MediaFire Desktop\MediaFireIcon5_002c0.dll (TODO: <Company name>)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
    SearchScopes: HKCU - DefaultScope {41F19F7E-A640-4C34-BCFD-12FADF52473B} URL =
    SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
    FF Extension: Ant Video Downloader - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\anttoolbar@ant(2).com [2014-04-08]
    FF Extension: Flash Video Downloader - Full HD Download - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\artur.dubovoy@gmail.com [2014-11-12]
    FF Extension: FoxyProxy Standard - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\foxyproxy-basic@eric.h.jung [2014-09-09]
    FF Extension: NetVideoHunter - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\netvideohunter@netvideohunter.com [2014-07-30]
    FF Extension: Remove It Permanently - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322} [2014-11-09]
    FF Extension: No Name - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2013-12-21]
    FF Extension: Flashblock - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-12-19]
    FF Extension: DownloadHelper - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
    FF Extension: Flash and Video Download - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-10-13]
    FF Extension: Block site - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-02-22]
    FF Extension: 1 Click Image Download - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\1clickImageDownloadOverlay@final.ca.xpi [2014-01-02]
    FF Extension: 4shared Desktop Plugin - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\4sharedCopyLinks.xpi [2013-03-14]
    FF Extension: MEGA - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\firefox@mega.co.nz.xpi [2014-10-24]
    FF Extension: Google search link fix - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2014-01-02]
    FF Extension: Memory Restart - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\memoryrestart@teamextension.com.xpi [2014-02-22]
    FF Extension: Restartless Restart - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\restartless.restart@erikvold.com.xpi [2014-02-22]
    FF Extension: Thumbnail Zoom Plus - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2014-01-02]
    FF Extension: FlashGot - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-02-16]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-02]
    FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
    FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
    FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}

    Chrome:
    =======

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
    R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2163064 2012-07-27] (Condusiv Technologies)
    R2 MF NTFS Monitor; C:\Documents and Settings\Avalon\Application Data\MediaFire Desktop\MFUsnMonitorService.exe [457944 2014-02-11] ()
    R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [112936 2009-07-15] (Wacom Technology, Corp.)
    S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
    R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices) [File not signed]
    S3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    R3 DaShenAudio_simple; C:\WINDOWS\System32\drivers\DaShenAudio.sys [29656 2014-02-27] (DaShen Development Team)
    S3 DbusAudio; C:\WINDOWS\System32\drivers\DbusAudio.sys [23608 2012-01-24] (Windows (R) Win 7 DDK provider)
    S3 DbusVideo; C:\WINDOWS\System32\DRIVERS\DbusVideo.sys [5688 2012-01-24] (Windows (R) Win 7 DDK provider)
    R0 DKDFM; C:\WINDOWS\System32\drivers\DKDFM.sys [35120 2012-04-05] (Condusiv Technologies)
    R3 DKRtWrt; C:\WINDOWS\System32\DRIVERS\DKRtWrt.sys [44496 2012-06-18] (Condusiv Technologies)
    R0 DKTLFSMF; C:\WINDOWS\System32\drivers\DKTLFSMF.sys [85328 2012-07-09] (Condusiv Technologies)
    S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [18200 2013-02-25] ()
    R2 mfmonitor; C:\WINDOWS\System32\DRIVERS\mfmonitor_x86.sys [19160 2013-12-06] (Windows (R) Win 7 DDK provider)
    S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    R0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [100736 2009-07-17] (NVIDIA Corporation) [File not signed]
    R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
    R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
    S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2012-01-04] (AnchorFree Inc)
    R3 WsAudio_Device(1); C:\WINDOWS\System32\drivers\VirtualAudio1.sys [27496 2013-01-25] (Wondershare)
    R3 WsAudio_Device(2); C:\WINDOWS\System32\drivers\VirtualAudio2.sys [27496 2013-01-25] (Wondershare)
    R3 WsAudio_Device(3); C:\WINDOWS\System32\drivers\VirtualAudio3.sys [27496 2013-01-25] (Wondershare)
    R3 WsAudio_Device(4); C:\WINDOWS\System32\drivers\VirtualAudio4.sys [27496 2013-01-25] (Wondershare)
    R3 WsAudio_Device(5); C:\WINDOWS\System32\drivers\VirtualAudio5.sys [27496 2013-01-25] (Wondershare)
    R3 WsAudio_DeviceS(1); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-12-24] (Wondershare)
    R3 WsAudio_DeviceS(2); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-12-24] (Wondershare)
    R3 WsAudio_DeviceS(3); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-12-24] (Wondershare)
    R3 WsAudio_DeviceS(4); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-12-24] (Wondershare)
    R3 WsAudio_DeviceS(5); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-12-24] (Wondershare)
    S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
    S3 catchme; \??\C:\DOCUME~1\Avalon\LOCALS~1\Temp\catchme.sys [X]
    S3 cpuz132; \??\C:\DOCUME~1\Michael\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
    S4 IntelIde; No ImagePath
    U5 Messenger; C:\WINDOWS\system32\svchost.exe [14848 2009-07-16] (Microsoft Corporation)
    S1 SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
    S3 SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
    U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2009-07-16] (Microsoft Corporation)
    U3 TlntSvr; No ImagePath
    U3 VSS; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-15 03:46 - 2014-11-15 03:47 - 00018532 _____ () C:\Documents and Settings\Avalon\Desktop\FRST.txt
    2014-11-15 03:46 - 2014-11-15 03:46 - 00000000 ____D () C:\FRST
    2014-11-15 03:44 - 2014-11-15 03:44 - 00002089 _____ () C:\Documents and Settings\Avalon\Desktop\JRT.txt
    2014-11-15 03:38 - 2014-11-08 08:06 - 01706808 _____ (Thisisu) C:\Documents and Settings\Avalon\Desktop\JRT_NEW.exe
    2014-11-15 03:37 - 2014-11-15 03:45 - 00005574 _____ () C:\Documents and Settings\Avalon\Desktop\for post.txt
    2014-11-15 03:37 - 2014-11-15 03:37 - 00000000 ___SH () C:\DkHyperbootSync
    2014-11-14 23:29 - 2014-11-14 23:29 - 02140160 _____ () C:\Documents and Settings\Avalon\Desktop\AdwCleaner.exe
    2014-11-14 23:28 - 2014-11-14 23:28 - 01108480 _____ (Farbar) C:\Documents and Settings\Avalon\Desktop\FRST.exe
    2014-11-14 19:23 - 2014-11-15 03:47 - 00000000 ____D () C:\Documents and Settings\Avalon\Local Settings\temp
    2014-11-14 19:23 - 2014-11-14 19:23 - 00021211 _____ () C:\ComboFix.txt
    2014-11-14 19:23 - 2014-11-14 19:23 - 00000000 ____D () C:\Documents and Settings\shawn\Local Settings\temp
    2014-11-14 19:23 - 2014-11-14 19:23 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
    2014-11-14 19:23 - 2014-11-14 19:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
    2014-11-14 17:51 - 2014-11-14 17:51 - 00000000 _RSHD () C:\cmdcons
    2014-11-14 04:29 - 2014-11-14 04:29 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
    2014-11-14 04:29 - 2014-11-14 04:29 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
    2014-11-14 04:29 - 2014-11-14 04:29 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
    2014-11-14 04:29 - 2014-11-14 04:29 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
    2014-11-14 04:29 - 2014-11-14 04:29 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
    2014-11-14 03:59 - 2014-11-14 03:59 - 00000437 _____ () C:\Boot.bak
    2014-11-14 03:59 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
    2014-11-14 03:55 - 2013-01-17 13:40 - 473148250 _____ () C:\Documents and Settings\Avalon\Desktop\Pitch Perfect.mp4
    2014-11-14 03:54 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
    2014-11-14 03:54 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
    2014-11-14 03:54 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2014-11-14 03:54 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2014-11-14 03:54 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2014-11-14 03:54 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2014-11-14 03:54 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
    2014-11-14 03:54 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
    2014-11-14 03:54 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
    2014-11-14 03:44 - 2014-11-14 03:47 - 00000000 ____D () C:\AVG_Remover
    2014-11-14 03:11 - 2014-11-14 19:23 - 00000000 ____D () C:\Qoobox
    2014-11-14 03:10 - 2014-11-14 18:03 - 00000000 ____D () C:\WINDOWS\erdnt
    2014-11-13 14:00 - 2014-11-13 14:00 - 00000000 _____ () C:\Documents and Settings\Avalon\Desktop\New Bitmap Image (2).bmp
    2014-11-13 12:53 - 2014-11-13 12:54 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\books
    2014-11-13 11:42 - 2014-11-14 17:46 - 05598504 ____R (Swearware) C:\Documents and Settings\Avalon\Desktop\ComboFix.exe
    2014-11-13 01:16 - 2014-11-13 02:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-11-13 01:15 - 2014-11-13 08:01 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\mbar
    2014-11-13 00:59 - 2014-11-13 00:59 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2014-11-13 00:58 - 2014-11-13 00:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
    2014-11-12 20:45 - 2014-11-14 23:29 - 00001748 _____ () C:\Documents and Settings\Avalon\Desktop\antivirus instructions.txt
    2014-11-11 20:23 - 2014-11-13 01:16 - 00115928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-11-11 20:21 - 2014-11-11 20:21 - 00000781 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-11 20:21 - 2014-11-11 20:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-11 20:20 - 2014-11-13 01:16 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-11-11 20:20 - 2014-11-11 20:21 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-11-11 07:41 - 2014-11-11 07:41 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-11-10 04:48 - 2014-11-10 04:48 - 00081920 _____ () C:\WINDOWS\Minidump\Mini111014-01.dmp
    2014-11-10 04:08 - 2014-11-10 04:08 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
    2014-11-10 02:02 - 2014-11-10 02:40 - 517531287 _____ () C:\Documents and Settings\Avalon\Desktop\Kuiba Movie 2 (魁拔2之大战元泱界).rmvb
    2014-11-10 01:54 - 2014-11-11 03:27 - 1052176497 _____ () C:\Documents and Settings\Avalon\Desktop\[EMTP-Raws][KUIBA][BDrip][x264_FLACx2_AC3][Hi10P].mkv
    2014-11-10 01:51 - 2014-11-10 02:01 - 222576640 _____ () C:\Documents and Settings\Avalon\Desktop\[JustBLThings-aarinfantasy] Hybrid Child OVA 1 [5E53E27E].avi
    2014-11-10 00:05 - 2014-11-14 04:29 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
    2014-11-10 00:03 - 2014-11-10 00:03 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
    2014-11-10 00:03 - 2014-11-10 00:03 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
    2014-11-09 23:55 - 2014-11-14 03:30 - 00000000 ____D () C:\Documents and Settings\Avalon\Local Settings\Application Data\COMODO
    2014-11-09 23:55 - 2014-11-14 03:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
    2014-11-09 23:49 - 2014-11-14 04:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo
    2014-11-09 23:38 - 2014-11-09 23:46 - 00001919 _____ () C:\WINDOWS\epplauncher.mif
    2014-11-09 14:49 - 2014-11-09 14:49 - 00008516 _____ () C:\Documents and Settings\Avalon\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-11-09 14:49 - 2014-11-09 14:49 - 00004198 _____ () C:\Documents and Settings\Avalon\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-11-09 14:49 - 2014-11-09 14:49 - 00000268 _____ () C:\Documents and Settings\Avalon\Application Data\DECRYPT_INSTRUCTION.URL
    2014-11-09 14:31 - 2014-11-09 14:31 - 00008516 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
    2014-11-09 14:31 - 2014-11-09 14:31 - 00004198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
    2014-11-09 14:31 - 2014-11-09 14:31 - 00000268 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
    2014-11-09 14:29 - 2014-11-09 14:29 - 00008516 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-11-09 14:29 - 2014-11-09 14:29 - 00004198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-11-09 14:29 - 2014-11-09 14:29 - 00000268 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
    2014-11-09 14:01 - 2014-11-09 14:01 - 00008516 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-11-09 14:01 - 2014-11-09 14:01 - 00008516 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-11-09 14:01 - 2014-11-09 14:01 - 00008516 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
    2014-11-09 14:01 - 2014-11-09 14:01 - 00004198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-11-09 14:01 - 2014-11-09 14:01 - 00004198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-11-09 14:01 - 2014-11-09 14:01 - 00004198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
    2014-11-09 14:01 - 2014-11-09 14:01 - 00000268 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-11-09 14:01 - 2014-11-09 14:01 - 00000268 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-11-09 14:01 - 2014-11-09 14:01 - 00000268 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
    2014-11-09 13:46 - 2014-11-09 13:57 - 00000160 ____H () C:\Documents and Settings\All Users\Application Data\@system3.att
    2014-11-09 13:46 - 2014-11-09 13:56 - 00000424 _____ () C:\Documents and Settings\All Users\Application Data\@system.temp
    2014-11-09 13:46 - 2014-11-09 13:46 - 00000448 ____H () C:\Documents and Settings\Avalon\Application Data\麽鎒駓覜
    2014-11-09 13:45 - 2014-11-09 22:17 - 00000000 ____D () C:\0da1ecf
    2014-11-09 02:11 - 2014-11-09 02:25 - 00001434 _____ () C:\Documents and Settings\Avalon\Desktop\New Text Document (2).txt
    2014-11-09 01:48 - 2014-11-11 03:33 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2014-11-08 22:43 - 2014-11-08 22:43 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Macromedia
    2014-11-08 22:43 - 2014-11-08 22:43 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Adobe
    2014-11-08 22:36 - 2014-11-08 22:36 - 00000351 _____ () C:\WINDOWS\nsw.log
    2014-11-07 00:30 - 2014-11-07 00:30 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\(2014.05.21) Soredemo Sekai wa Utsukushii Original Soundtrack
    2014-11-07 00:25 - 2014-11-07 00:29 - 206067298 _____ () C:\Documents and Settings\Avalon\Desktop\(2014.05.21) Soredemo Sekai wa Utsukushii Original Soundtrack.zip
    2014-11-05 12:29 - 2014-11-07 03:46 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\Deathtrap - Christopher Reeve Crime Eng 720p [H264-mp4]
    2014-11-03 04:42 - 2014-11-03 04:42 - 00000000 ____D () C:\Program Files\Common Files\Java
    2014-11-03 04:41 - 2014-11-03 04:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
    2014-11-02 21:41 - 2014-11-02 21:42 - 01340762 _____ () C:\Documents and Settings\Avalon\Desktop\leave2.bmp
    2014-11-02 21:40 - 2014-11-02 21:40 - 01461510 _____ () C:\Documents and Settings\Avalon\Desktop\leave1.bmp
    2014-11-02 21:33 - 2014-11-02 22:57 - 00000902 _____ () C:\Documents and Settings\Avalon\Desktop\plan.txt
    2014-11-02 21:27 - 2014-11-02 21:27 - 01698502 _____ () C:\Documents and Settings\Avalon\Desktop\sch.bmp
    2014-11-02 01:47 - 2014-11-02 01:47 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\Legend.Tom.Cruise.1985.DivX.DVDRip(Fantasy Adventure - Ridley Scott)
    2014-11-01 14:50 - 2014-11-09 14:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ecbaef90-5696-41e1-a1c3-3e8112ce2840
    2014-11-01 12:48 - 2014-11-01 12:48 - 00000000 ____D () C:\Documents and Settings\Avalon\Local Settings\Application Data\IsolatedStorage
    2014-10-29 11:55 - 2014-10-30 20:17 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\Dr Hook
    2014-10-27 10:12 - 2014-10-29 20:35 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\Mc Frontalot Discography
    2014-10-27 10:04 - 2014-10-30 09:33 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\Mandrake the Magician
    2014-10-26 08:41 - 2014-10-26 08:41 - 00000000 ____D () C:\Documents and Settings\Avalon\Local Settings\Application Data\Condusiv_Technologies
    2014-10-26 08:41 - 2014-10-26 08:41 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Condusiv_Technologies
    2014-10-26 04:55 - 2014-10-26 04:55 - 00000000 ____D () C:\Program Files\Windows Home Server
    2014-10-26 04:55 - 2014-10-26 04:55 - 00000000 ____D () C:\Program Files\Common Files\Diskeeper Corporation
    2014-10-26 04:55 - 2014-10-26 04:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Condusiv Technologies
    2014-10-26 04:55 - 2014-10-26 04:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Condusiv Technologies
    2014-10-26 04:55 - 2012-07-09 13:54 - 00085328 _____ (Condusiv Technologies) C:\WINDOWS\system32\Drivers\DKTLFSMF.sys
    2014-10-26 04:55 - 2012-06-18 18:14 - 00044496 _____ (Condusiv Technologies) C:\WINDOWS\system32\Drivers\DKRtWrt.sys
    2014-10-26 04:55 - 2012-04-05 01:32 - 00035120 _____ (Condusiv Technologies) C:\WINDOWS\system32\Drivers\DKDFM.sys
    2014-10-26 04:44 - 2014-10-26 04:56 - 00000000 ____D () C:\Program Files\Diskeeper Setup Files
    2014-10-26 04:25 - 2014-10-26 04:25 - 00081920 _____ () C:\WINDOWS\Minidump\Mini102614-03.dmp
    2014-10-26 04:24 - 2014-10-26 04:23 - 00081920 _____ () C:\WINDOWS\Minidump\Mini102614-02.dmp
    2014-10-26 04:21 - 2014-10-26 04:20 - 00081920 _____ () C:\WINDOWS\Minidump\Mini102614-01.dmp
    2014-10-26 03:48 - 2014-10-26 03:49 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\movies to get these are NOT complete
    2014-10-23 17:32 - 2014-10-23 17:32 - 00009976 _____ () C:\Documents and Settings\Avalon\Desktop\files.txt
    2014-10-23 16:49 - 2014-10-23 16:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-10-23 16:49 - 2014-10-23 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    2014-10-20 21:19 - 2014-10-20 21:19 - 00018335 _____ () C:\Documents and Settings\Avalon\Desktop\wipthing.html
    2014-10-20 21:17 - 2014-10-20 21:17 - 00018335 _____ () C:\Documents and Settings\Avalon\Desktop\wip.html.txt
    2014-10-19 18:16 - 2014-10-28 00:03 - 00051004 _____ () C:\Documents and Settings\Avalon\Desktop\submariner.txt
    2014-10-17 17:05 - 2014-10-19 10:56 - 00000119 _____ () C:\Documents and Settings\Avalon\Desktop\sttng eps.txt

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-15 03:47 - 2011-01-04 08:58 - 00000426 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FB6836BA-3D20-4754-828A-DE9B7DB54941}.job
    2014-11-15 03:39 - 2010-04-02 06:17 - 00603262 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-11-15 03:37 - 2013-12-20 00:53 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\uTorrent
    2014-11-15 03:37 - 2010-04-02 11:37 - 01768087 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-11-15 03:36 - 2014-06-16 22:35 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\WTablet
    2014-11-15 03:36 - 2010-01-11 21:17 - 00271490 _____ () C:\WINDOWS\system32\NvApps.xml
    2014-11-15 03:36 - 2003-03-31 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-11-15 03:35 - 2010-04-02 06:19 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-11-15 03:35 - 2010-04-02 06:19 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-11-15 03:34 - 2010-04-02 12:03 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-11-15 03:32 - 2010-04-02 12:03 - 00032516 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-11-15 03:31 - 2014-09-29 22:06 - 00000000 ____D () C:\AdwCleaner
    2014-11-15 03:23 - 2013-12-20 09:21 - 00000000 ____D () C:\Program Files\Trillian
    2014-11-15 03:13 - 2013-12-20 14:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-11-14 18:03 - 2003-03-31 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
    2014-11-14 17:51 - 2010-04-02 06:14 - 00000437 __RSH () C:\boot.ini
    2014-11-14 06:01 - 2013-12-29 04:07 - 00000485 _____ () C:\Documents and Settings\Avalon\.webaom
    2014-11-14 04:30 - 2010-04-02 06:15 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
    2014-11-14 04:30 - 2010-04-02 06:15 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.bak
    2014-11-14 04:30 - 2010-04-02 06:14 - 25690112 _____ () C:\WINDOWS\system32\config\software.bak
    2014-11-14 04:30 - 2010-04-02 06:14 - 09175040 _____ () C:\WINDOWS\system32\config\system.bak
    2014-11-14 04:30 - 2010-04-02 06:14 - 01048576 _____ () C:\WINDOWS\system32\config\default.bak
    2014-11-14 03:33 - 2014-06-27 00:44 - 00000000 ____D () C:\Program Files\EaseUS
    2014-11-13 12:53 - 2013-12-19 23:55 - 00181760 _____ () C:\Documents and Settings\Avalon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-11-13 11:27 - 2014-01-05 23:04 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2014-11-13 08:52 - 2014-09-30 03:01 - 00000999 _____ () C:\Documents and Settings\Avalon\Desktop\magicJack.lnk
    2014-11-13 08:12 - 2013-12-22 02:52 - 00001021 _____ () C:\Documents and Settings\Avalon\Start Menu\Programs\magicJack.lnk
    2014-11-13 08:12 - 2013-12-22 02:51 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\mjusbsp
    2014-11-12 13:13 - 2013-12-20 14:10 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-11-12 13:13 - 2013-12-20 14:10 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-11-11 22:12 - 2014-04-19 02:34 - 00000000 ___HD () C:\WINDOWS\PIF
    2014-11-11 21:49 - 2012-11-22 19:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-11-11 20:46 - 2014-01-03 20:59 - 00000000 ____D () C:\Program Files\Multi Password Recovery
    2014-11-11 20:21 - 2012-11-22 19:00 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Malwarebytes
    2014-11-10 00:11 - 2014-08-23 20:04 - 00019063 _____ () C:\WINDOWS\setupapi.log
    2014-11-09 22:19 - 2010-04-02 06:13 - 00000000 ____D () C:\WINDOWS\twain_32
    2014-11-09 14:49 - 2013-12-20 09:22 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Trillian
    2014-11-09 14:42 - 2014-03-05 12:59 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Skype
    2014-11-09 14:41 - 2014-05-25 02:30 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\ooVoo Details
    2014-11-09 14:41 - 2014-02-23 22:32 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Replay Media Catcher 5
    2014-11-09 14:41 - 2011-05-25 13:13 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Mozilla
    2014-11-09 14:33 - 2014-01-06 00:52 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\mIRC
    2014-11-09 14:32 - 2014-03-06 14:39 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\avidemux
    2014-11-09 14:31 - 2014-06-11 23:49 - 00000000 ____D () C:\Documents and Settings\Avalon\.FBReader
    2014-11-09 14:31 - 2014-02-16 00:20 - 00000000 ___HD () C:\Documents and Settings\Avalon\.mediafire
    2014-11-09 14:31 - 2013-12-20 21:06 - 00000000 ____D () C:\Documents and Settings\Avalon\.yawcam
    2014-11-09 14:31 - 2011-05-25 13:30 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Adobe
    2014-11-09 14:31 - 2010-04-02 11:37 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
    2014-11-09 14:29 - 2014-09-25 18:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Npackd
    2014-11-09 14:29 - 2014-01-14 03:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Recisio
    2014-11-09 14:29 - 2011-02-21 09:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MAGIX
    2014-11-09 14:01 - 2014-09-01 11:25 - 00000000 ___SD () C:\Documents and Settings\Administrator
    2014-11-09 14:01 - 2014-07-31 02:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DivX
    2014-11-09 14:01 - 2013-12-20 21:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogiShrd
    2014-11-08 22:37 - 2014-02-24 02:45 - 01434700 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-1004336348-1801674531-1007-0.dat
    2014-11-08 22:37 - 2014-02-24 02:45 - 00764510 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2014-11-08 19:57 - 2014-10-14 01:01 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\Cover Images
    2014-11-07 14:20 - 2014-01-06 00:52 - 00000000 ____D () C:\Program Files\mIRC
    2014-11-07 01:20 - 2014-09-15 03:12 - 00000000 ____D () C:\Documents and Settings\Avalon\My Documents\ebooks
    2014-11-03 04:41 - 2014-08-10 14:34 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
    2014-11-03 04:41 - 2010-04-02 12:02 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
    2014-11-03 04:41 - 2010-04-02 12:01 - 00000000 ____D () C:\Program Files\Java
    2014-11-02 21:16 - 2014-10-06 15:13 - 01552038 _____ () C:\Documents and Settings\Avalon\Desktop\New Bitmap Image.bmp
    2014-11-01 17:12 - 2014-02-24 02:45 - 02150608 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2014-11-01 14:22 - 2014-09-29 21:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Anvisoft
    2014-11-01 14:20 - 2003-03-31 07:00 - 00000609 _____ () C:\WINDOWS\win.ini
    2014-10-27 18:50 - 2014-09-23 10:21 - 00000000 ___RD () C:\Documents and Settings\Avalon\My Documents\MEGA
    2014-10-26 17:00 - 2010-08-31 14:21 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
    2014-10-26 04:55 - 2014-07-25 16:43 - 00000000 ____D () C:\Program Files\Condusiv Technologies
    2014-10-26 04:55 - 2010-04-02 06:13 - 00000000 ____D () C:\WINDOWS\Help
    2014-10-26 04:25 - 2014-04-08 21:02 - 00000000 ____D () C:\WINDOWS\Minidump
    2014-10-26 00:08 - 2010-04-02 11:33 - 00000000 ____D () C:\WINDOWS\system32\Restore
    2014-10-24 23:35 - 2014-09-23 10:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MEGAsync
    2014-10-24 16:23 - 2014-10-03 19:33 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\New Folder (3)
    2014-10-20 12:33 - 2014-09-23 06:47 - 00000624 _____ () C:\Documents and Settings\Avalon\Desktop\mega share account info.txt
    2014-10-20 11:39 - 2014-08-26 22:38 - 00000000 ____D () C:\Documents and Settings\Avalon\Local Settings\Application Data\Adobe

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Avalon\Local Settings\temp\Quarantine.exe
    C:\Documents and Settings\Avalon\Local Settings\temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

    ==================== End Of Log ============================
     
  22. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2014 01
    Ran by Avalon at 2014-11-15 03:47:53
    Running from C:\Documents and Settings\Avalon\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: COMODO Antivirus (Disabled - Up to date) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    @ NRVTech Complete System Restore (HKLM\...\NRVTECH) (Version: - NRV Technology Partners)
    µTorrent (HKLM\...\uTorrent) (Version: 2.2.0 - )
    7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
    Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
    Aimersoft DRM Media Converter(Build 1.4.7.2) (HKLM\...\Aimersoft DRM Media Converter_is1) (Version: - Aimersoft Software)
    AoA Audio Extractor (HKLM\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version: - AoAMedia.com)
    Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.7.8981 - )
    Bad CD DVD Reader 1.0 (HKLM\...\Bad CD DVD Reader_is1) (Version: - Aiv Software)
    Bamboo (HKLM\...\Pen Tablet Driver) (Version: - Wacom Technology Corp.)
    BBC iPlayer Downloads (HKLM\...\{476A047B-BDA1-4B37-BB40-0710C7E9EB61}) (Version: 1.4.1 - BBC)
    B-Jigsaw 7 (HKLM\...\B-Jigsaw_is1) (Version: - )
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
    Cheetah Video Converter (HKLM\...\{60A44E14-F3EF-4EC0-AEF0-7B9885BCB75D}) (Version: - )
    Combined Community Codec Pack 2014-07-13 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
    CoreAVC Professional Edition (remove only) (HKLM\...\CoreAVC Professional Edition) (Version: - )
    Diskeeper 12 Professional (HKLM\...\{E939B548-9BFA-4E1D-94F3-520B384B34C1}) (Version: 16.0.1017.32 - Condusiv Technologies)
    DivX 安装 (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
    Easy MP3 Sound Recorder 2.01 (HKLM\...\{3E1ECEEC-814C-4B53-9E08-9B1F2FA83434}) (Version: 2.01.0000 - Shiyi Software Workroom)
    erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    FBReader for Windows (HKLM\...\FBReader for Windows) (Version: - )
    FormatFactory 3.3.2.0 (HKLM\...\FormatFactory) (Version: 3.3.2.0 - Format Factory)
    Free Sound Recorder v9.7.2 (HKLM\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2014 FreeSoundRecorder Technologies, Inc.)
    Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    MediaFire Desktop (HKLM\...\MediaFire Desktop 0.10.18.9207) (Version: 0.10.18.9207 - MediaFire)
    MEGAsync (HKLM\...\MEGAsync) (Version: - Mega Limited)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Reader (HKLM\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - )
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation) Hidden
    Multi Password Recovery (HKLM\...\Multi Password Recovery) (Version: - )
    Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version: - )
    Notepad++ (HKLM\...\Notepad++) (Version: 5.9.2 - )
    NpackdCL (HKLM\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9621 - NVIDIA Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
    NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.00 - NVIDIA Corporation)
    Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6045 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Roadkil's Unstoppable Copier Version 5.2 (HKLM\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net)
    Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Trillian (HKLM\...\Trillian) (Version: - Cerulean Studios, LLC)
    Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    WD FAT32 Formatter (HKLM\...\{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}) (Version: 2.0.0 - Western Digital Corp)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Rights Management Client with Service Pack 2 (HKLM\...\{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}) (Version: 5.2.95 - Microsoft)
    WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
    Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
    Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Yahoo! Widgets (HKLM\...\Yahoo! Widget Engine) (Version: 4.5.2.0 - Yahoo! Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1715567821-1004336348-1801674531-1007_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Avalon\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
    CustomCLSID: HKU\S-1-5-21-1715567821-1004336348-1801674531-1007_Classes\CLSID\{6F1DC701-9891-11d5-B8C6-444553540001}\InprocServer32 -> C:\Program Files\Trillian\buddy.dll (Cerulean Studios)
    CustomCLSID: HKU\S-1-5-21-1715567821-1004336348-1801674531-1007_Classes\CLSID\{B7125B4E-CA73-47f1-AEAA-6B3EFA553F5A}\InprocServer32 -> C:\Program Files\Trillian\events.dll (Cerulean Studios)

    ==================== Restore Points =========================

    28-10-2014 05:08:29 System Checkpoint
    28-10-2014 10:58:04 System Checkpoint
    29-10-2014 13:21:28 System Checkpoint
    31-10-2014 06:24:46 System Checkpoint
    01-11-2014 08:27:34 System Checkpoint
    01-11-2014 19:11:13 Revo Uninstaller's restore point - WSE_Astromenda
    01-11-2014 19:15:30 Revo Uninstaller's restore point - Framed Display
    01-11-2014 19:20:10 Revo Uninstaller's restore point - Advanced-System Protector
    01-11-2014 19:21:15 Revo Uninstaller's restore point - RegClean-Pro
    01-11-2014 19:21:58 Revo Uninstaller's restore point - Slim Toolbar 1.3
    01-11-2014 19:22:49 Revo Uninstaller's restore point - WeatherBug®
    08-11-2014 14:58:03 System Checkpoint
    04-11-2014 15:42:16 System Checkpoint
    06-11-2014 00:53:04 System Checkpoint
    07-11-2014 00:58:25 System Checkpoint
    08-11-2014 02:22:49 System Checkpoint
    09-11-2014 16:20:31 System Checkpoint
    13-11-2014 06:15:14 saved for antivirus
    14-11-2014 08:09:28 before combofix
    14-11-2014 08:20:03 Revo Uninstaller's restore point - GeekBuddy
    14-11-2014 08:20:27 Removed GeekBuddy.
    14-11-2014 08:25:41 Revo Uninstaller's restore point - COMODO Internet Security Premium
    14-11-2014 08:29:20 Revo Uninstaller's restore point - Comodo Dragon
    14-11-2014 08:30:23 Revo Uninstaller's restore point - Yawcam 0.4.1
    14-11-2014 08:32:15 Revo Uninstaller's restore point - EaseUS Partition Master 10.0

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2003-03-31 07:00 - 2014-11-14 04:34 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{FB6836BA-3D20-4754-828A-DE9B7DB54941}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-02-15 23:56 - 2014-02-11 14:12 - 00457944 _____ () C:\Documents and Settings\Avalon\Application Data\MediaFire Desktop\MFUsnMonitorService.exe
    2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
    2010-07-04 16:32 - 2010-07-04 16:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
    2014-04-07 23:00 - 2014-04-07 23:00 - 00059904 _____ () C:\Program Files\Trillian\zlib1.dll
    2014-04-07 23:00 - 2014-04-07 23:00 - 00187392 _____ () C:\Program Files\Trillian\libpng15.dll
    2014-04-07 23:00 - 2014-04-07 23:00 - 00006656 _____ () c:\program files\trillian\languages\en\trillian.dll
    2014-04-07 23:00 - 2014-04-07 23:00 - 00065536 _____ () C:\Program Files\Trillian\libungif.dll
    2014-04-07 23:00 - 2014-04-07 23:00 - 00003584 _____ () c:\program files\trillian\languages\en\toolkit.dll
    2014-04-07 23:00 - 2014-04-07 23:00 - 00006656 _____ () c:\program files\trillian\languages\en\events.dll
    2014-04-07 23:00 - 2014-04-07 23:00 - 00010752 _____ () c:\program files\trillian\languages\en\buddy.dll
    2014-04-07 23:00 - 2014-04-07 23:00 - 00007168 _____ () c:\program files\trillian\languages\en\talk.dll
    2008-04-14 04:41 - 2008-04-14 04:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2008-04-14 04:42 - 2008-04-14 04:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36661847.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36661847.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1715567821-1004336348-1801674531-500 - Administrator - Enabled)
    ASPNET (S-1-5-21-1715567821-1004336348-1801674531-1003 - Limited - Enabled)
    Avalon (S-1-5-21-1715567821-1004336348-1801674531-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Avalon
    Guest (S-1-5-21-1715567821-1004336348-1801674531-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-1715567821-1004336348-1801674531-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1715567821-1004336348-1801674531-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/15/2014 03:36:23 AM) (Source: Diskeeper) (EventID: 5) (User: )
    Description: Diskeeper Control Center - ERROR
    Unable to check the VSS Shadow Copy status for volume {667B7DC0-D0B0-11E3-80E4-001D72B22071}:\ .

    Error: (11/15/2014 03:36:23 AM) (Source: VSS) (EventID: 12289) (User: )
    Description: OpenService (shSCManager, 'VSS', SERVICE_QUERY_STATUS)0x80070424

    Error: (11/15/2014 03:36:23 AM) (Source: Diskeeper) (EventID: 5) (User: )
    Description: Diskeeper Control Center - ERROR
    Unable to check the VSS Shadow Copy status for volume {35A1C416-6930-11E3-80CB-001D72B22071}:\ .

    Error: (11/15/2014 03:36:23 AM) (Source: VSS) (EventID: 12289) (User: )
    Description: OpenService (shSCManager, 'VSS', SERVICE_QUERY_STATUS)0x80070424

    Error: (11/15/2014 03:36:23 AM) (Source: Diskeeper) (EventID: 5) (User: )
    Description: Diskeeper Control Center - ERROR
    Unable to check the VSS Shadow Copy status for volume {7DF17A87-F679-11E3-80E9-001D72B22071}:\ .

    Error: (11/15/2014 03:36:23 AM) (Source: VSS) (EventID: 12289) (User: )
    Description: OpenService (shSCManager, 'VSS', SERVICE_QUERY_STATUS)0x80070424

    Error: (11/15/2014 03:36:22 AM) (Source: Diskeeper) (EventID: 5) (User: )
    Description: Diskeeper Control Center - ERROR
    Unable to check the VSS Shadow Copy status for volume {FAA60EED-FEF4-11E3-80ED-001D72B22071}:\ .

    Error: (11/15/2014 03:36:22 AM) (Source: VSS) (EventID: 12289) (User: )
    Description: OpenService (shSCManager, 'VSS', SERVICE_QUERY_STATUS)0x80070424

    Error: (11/15/2014 03:36:22 AM) (Source: Diskeeper) (EventID: 5) (User: )
    Description: Diskeeper Control Center - ERROR
    Unable to check the VSS Shadow Copy status for volume {7E9F588C-3E48-11DF-AA1E-806D6172696F}:\ .

    Error: (11/15/2014 03:36:22 AM) (Source: VSS) (EventID: 12289) (User: )
    Description: OpenService (shSCManager, 'VSS', SERVICE_QUERY_STATUS)0x80070424


    System errors:
    =============
    Error: (11/15/2014 03:39:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (11/15/2014 03:36:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    SABKUTIL

    Error: (11/15/2014 03:35:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The COMODO Dragon Update Service service failed to start due to the following error:
    %%2

    Error: (11/15/2014 03:31:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Diskeeper service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/15/2014 03:31:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/15/2014 03:31:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/15/2014 03:31:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TabletServicePen service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/15/2014 03:31:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/15/2014 03:31:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/15/2014 03:31:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (11/15/2014 03:36:23 AM) (Source: Diskeeper) (EventID: 5) (User: )
    Description: Unable to check the VSS Shadow Copy status for volume {667B7DC0-D0B0-11E3-80E4-001D72B22071}:\ .Diskeeper

    Error: (11/15/2014 03:36:23 AM) (Source: VSS) (EventID: 12289) (User: )
    Description: OpenService (shSCManager, 'VSS', SERVICE_QUERY_STATUS)0x80070424

    Error: (11/15/2014 03:36:23 AM) (Source: Diskeeper) (EventID: 5) (User: )
    Description: Unable to check the VSS Shadow Copy status for volume {35A1C416-6930-11E3-80CB-001D72B22071}:\ .Diskeeper

    Error: (11/15/2014 03:36:23 AM) (Source: VSS) (EventID: 12289) (User: )
    Description: OpenService (shSCManager, 'VSS', SERVICE_QUERY_STATUS)0x80070424

    Error: (11/15/2014 03:36:23 AM) (Source: Diskeeper) (EventID: 5) (User: )
    Description: Unable to check the VSS Shadow Copy status for volume {7DF17A87-F679-11E3-80E9-001D72B22071}:\ .Diskeeper

    Error: (11/15/2014 03:36:23 AM) (Source: VSS) (EventID: 12289) (User: )
    Description: OpenService (shSCManager, 'VSS', SERVICE_QUERY_STATUS)0x80070424

    Error: (11/15/2014 03:36:22 AM) (Source: Diskeeper) (EventID: 5) (User: )
    Description: Unable to check the VSS Shadow Copy status for volume {FAA60EED-FEF4-11E3-80ED-001D72B22071}:\ .Diskeeper

    Error: (11/15/2014 03:36:22 AM) (Source: VSS) (EventID: 12289) (User: )
    Description: OpenService (shSCManager, 'VSS', SERVICE_QUERY_STATUS)0x80070424

    Error: (11/15/2014 03:36:22 AM) (Source: Diskeeper) (EventID: 5) (User: )
    Description: Unable to check the VSS Shadow Copy status for volume {7E9F588C-3E48-11DF-AA1E-806D6172696F}:\ .Diskeeper

    Error: (11/15/2014 03:36:22 AM) (Source: VSS) (EventID: 12289) (User: )
    Description: OpenService (shSCManager, 'VSS', SERVICE_QUERY_STATUS)0x80070424


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) Processor 2650e
    Percentage of memory in use: 17%
    Total physical RAM: 2814.42 MB
    Available physical RAM: 2324.92 MB
    Total Pagefile: 4000.25 MB
    Available Pagefile: 3653.75 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1934.13 MB

    ==================== Drives ================================

    Drive c: (Main) (Fixed) (Total:149.04 GB) (Free:38.8 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive g: (EXTERNAL 2) (Fixed) (Total:149.05 GB) (Free:15.49 GB) NTFS
    Drive h: (AllAnime) (Fixed) (Total:931.51 GB) (Free:168.58 GB) NTFS
    Drive j: (Inner_Senshi) (Fixed) (Total:931.51 GB) (Free:447.76 GB) NTFS
    Drive k: (Outer_Senshi) (Fixed) (Total:931.25 GB) (Free:299.56 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: F7777F80)
    Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 9715E3E2)
    Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3559BE5A)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 3 (Size: 931.5 GB) (Disk ID: D3A1338D)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.2 GB) (Disk ID: B9D9B1C6)
    Partition 1: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  23. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    It looks like you're infected with Cryptowall.

    Let's confirm...

    Please download IDTool by Nathan and save the file to the desktop.
    It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.
    • Enter the IDTool directory, right-click on [img=[url]https://sites.google.com/site/cannedfixes/home/hosted-images-tools/IDToolbyNathan.png][/url] icon and select [img=[url]https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg][/url] Run as Administrator to start the tool.[/*]
    • IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree.[/*]
    • Wait patiently until the cool will collect necessary data.[/*]
    • Once the main console is loaded, please press Rescan Computer and Generate a New Report.[/*]
    • When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.[/*]
    • Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience.[/*]
    Please include that in your next reply.
     
  24. SisterWicked

    SisterWicked TS Rookie Topic Starter Posts: 33

    All that came up was this:

    Infection Detection Tool v1.6 - Nathan Scott
    --------------------------------------------
    Date/Time: 11/15/2014 2:08:47 PM
    Operating System: Windows XP
    Service Pack: Service Pack 3
    Version Number: 5.1
    Product Type: Workstation
    --------------------------------------------
    [Detected Flags]
     
  25. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    It looks OK.
    Must be some leftovers then.

    We have one system file missing though.

    Re-run FRST again.
    Type the following in the edit box after "Search Files:".

    volsnap.sys

    Click Search button and post the log (Search.txt) it makes in your reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...