Solved Multiple iexplore processes

dennis pengelly · Nov 18, 2014

When the explorer.exe process is running it is causing multiple iexplore.exe processes to keep popping up eating up cpu time and memory space and slowing my computer down to a crawl. If I end the explorer.exe process iexplore.exe processes stop popping up. I am running Windows XP withe latest updates available before the support stopped and am concerned about the system crashing while trying to fix this since I cannot reload.

Broni · Nov 18, 2014

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

dennis pengelly · Nov 19, 2014

Here is my Malwarebytes and DDS scans. Please note that DDS.txt was not created.

dennis pengelly · Nov 19, 2014

Sorry....Didn't realize no attached files:

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 11/19/2014 12:26:47 AM, SYSTEM, DENTECH-CXSLVNS, Scheduler, Malware Database, 2014.11.18.9, 2014.11.19.1,
Protection, 11/19/2014 12:26:49 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Refresh, Starting,
Protection, 11/19/2014 12:26:49 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Stopping,
Protection, 11/19/2014 12:26:50 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Stopped,
Protection, 11/19/2014 12:30:34 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Refresh, Success,
Protection, 11/19/2014 12:30:34 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Starting,
Protection, 11/19/2014 12:31:04 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Started,
Protection, 11/19/2014 6:56:27 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malware Protection, Starting,
Protection, 11/19/2014 6:56:27 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malware Protection, Started,
Protection, 11/19/2014 6:56:27 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Starting,
Update, 11/19/2014 6:56:55 AM, SYSTEM, DENTECH-CXSLVNS, Scheduler, Malware Database, 2014.11.19.1, 2014.11.19.4,
Protection, 11/19/2014 6:56:56 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Refresh, Starting,
Protection, 11/19/2014 6:57:02 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Started,
Protection, 11/19/2014 6:57:02 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Stopping,
Protection, 11/19/2014 6:57:02 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Stopped,
Protection, 11/19/2014 6:57:34 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Refresh, Success,
Protection, 11/19/2014 6:57:34 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Starting,
Protection, 11/19/2014 6:58:03 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, Started,
Detection, 11/19/2014 7:10:08 AM, SYSTEM, DENTECH-CXSLVNS, Protection, Malicious Website Protection, IP, 5.149.250.194, 0, Outbound,

(end)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/22/2014 9:37:16 AM
System Uptime: 11/19/2014 6:53:38 AM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0W2562
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 51.711 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys EG1032 v3 Instant Gigabit Desktop Network Adapter Driver
Device ID: PCI\VEN_1737&DEV_1032&SUBSYS_00241737&REV_10\4&1C660DD6&0&10F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc
Name: Linksys EG1032 v3 Instant Gigabit Desktop Network Adapter Driver
PNP Device ID: PCI\VEN_1737&DEV_1032&SUBSYS_00241737&REV_10\4&1C660DD6&0&10F0
Service: RTL8023xp
.
==== System Restore Points ===================
.
RP138: 8/27/2014 12:37:21 PM - System Checkpoint
RP139: 8/29/2014 9:53:40 AM - System Checkpoint
RP140: 9/5/2014 1:08:53 PM - System Checkpoint
RP141: 9/6/2014 1:03:11 PM - Software Distribution Service 3.0
RP142: 9/11/2014 8:08:54 AM - System Checkpoint
RP143: 9/12/2014 6:35:18 PM - System Checkpoint
RP144: 9/13/2014 7:04:53 PM - System Checkpoint
RP145: 9/14/2014 7:52:48 PM - System Checkpoint
RP146: 9/15/2014 8:52:48 PM - System Checkpoint
RP147: 9/16/2014 9:52:48 PM - System Checkpoint
RP148: 9/17/2014 10:52:48 PM - System Checkpoint
RP149: 9/18/2014 11:52:48 PM - System Checkpoint
RP150: 9/20/2014 12:52:49 AM - System Checkpoint
RP151: 9/21/2014 8:07:36 PM - System Checkpoint
RP152: 9/23/2014 8:08:00 AM - System Checkpoint
RP153: 9/25/2014 1:04:58 PM - System Checkpoint
RP154: 9/25/2014 2:15:39 PM - Software Distribution Service 3.0
RP155: 9/25/2014 3:22:08 PM - Installed Microsoft Fix it 50267
RP156: 9/29/2014 4:55:28 PM - System Checkpoint
RP157: 10/12/2014 10:49:15 AM - Installed iTunes
RP158: 10/15/2014 1:15:23 PM - System Checkpoint
RP159: 10/16/2014 1:16:17 PM - System Checkpoint
RP160: 10/17/2014 6:00:47 PM - System Checkpoint
RP161: 10/20/2014 5:08:47 PM - System Checkpoint
RP162: 10/21/2014 5:13:52 PM - System Checkpoint
RP163: 10/22/2014 6:01:28 PM - System Checkpoint
RP164: 10/23/2014 6:07:52 PM - System Checkpoint
RP165: 10/24/2014 7:01:46 PM - System Checkpoint
RP166: 10/25/2014 7:55:39 PM - System Checkpoint
RP167: 11/5/2014 1:44:44 PM - System Checkpoint
RP168: 11/6/2014 2:22:17 PM - System Checkpoint
RP169: 11/7/2014 3:11:40 PM - System Checkpoint
RP170: 11/9/2014 1:19:51 PM - System Checkpoint
RP171: 11/12/2014 10:17:14 AM - System Checkpoint
RP172: 11/13/2014 12:03:01 PM - System Checkpoint
RP173: 11/15/2014 9:36:55 AM - System Checkpoint
RP174: 11/17/2014 11:49:25 AM - System Checkpoint
RP175: 11/18/2014 12:08:31 PM - System Checkpoint
.
==== Image File Execution Options =============
.
IFEO: Your Image File Name Here without a path - ntsd -d
.
==== Installed Programs ======================
.
.
==== End Of File ===========================

Broni · Nov 19, 2014

You posted "protection" log from MBAM instead of "scan" log.
Please post correct log.

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

dennis pengelly · Nov 20, 2014

The logs follow. TDSKiller created 2 logs....one before restart and one after restart:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/18/2014
Scan Time: 7:38:49 PM
Logfile: Malwarebytes Scan Log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.18.09
Rootkit Database: v2014.11.18.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: dennis pengelly

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 515306
Time Elapsed: 1 hr, 25 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

dennis pengelly · Nov 20, 2014

First TDS Scan Part 1

07:31:52.0468 0x0d28 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
07:32:13.0375 0x0d28 ============================================================
07:32:13.0375 0x0d28 Current date / time: 2014/11/20 07:32:13.0375
07:32:13.0375 0x0d28 SystemInfo:
07:32:13.0375 0x0d28
07:32:13.0375 0x0d28 OS Version: 5.1.2600 ServicePack: 3.0
07:32:13.0375 0x0d28 Product type: Workstation
07:32:13.0703 0x0d28 ComputerName: DENTECH-CXSLVNS
07:32:13.0718 0x0d28 UserName: dennis pengelly
07:32:13.0718 0x0d28 Windows directory: C:\WINDOWS
07:32:13.0734 0x0d28 System windows directory: C:\WINDOWS
07:32:13.0734 0x0d28 Processor architecture: Intel x86
07:32:13.0734 0x0d28 Number of processors: 1
07:32:13.0734 0x0d28 Page size: 0x1000
07:32:13.0734 0x0d28 Boot type: Normal boot
07:32:13.0734 0x0d28 ============================================================
07:32:27.0796 0x0d28 KLMD registered as C:\WINDOWS\system32\drivers\05286513.sys
07:32:32.0953 0x0d28 System UUID: {0E24FB42-6D1B-093D-8B81-1B9066C333CC}
07:32:50.0921 0x0d28 Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 ( 111.76 Gb ), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:32:51.0000 0x0d28 ============================================================
07:32:51.0000 0x0d28 \Device\Harddisk0\DR0:
07:32:51.0000 0x0d28 MBR partitions:
07:32:51.0000 0x0d28 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xDF702F8
07:32:51.0000 0x0d28 ============================================================
07:32:51.0125 0x0d28 C: <-> \Device\Harddisk0\DR0\Partition1
07:32:51.0203 0x0d28 ============================================================
07:32:51.0203 0x0d28 Initialize success
07:32:51.0203 0x0d28 ============================================================
07:33:34.0750 0x0bc0 ============================================================
07:33:34.0750 0x0bc0 Scan started
07:33:34.0750 0x0bc0 Mode: Manual;
07:33:34.0750 0x0bc0 ============================================================
07:33:34.0750 0x0bc0 KSN ping started
07:33:40.0890 0x0bc0 KSN ping finished: true
07:33:47.0093 0x0bc0 ================ Scan system memory ========================
07:33:47.0093 0x0bc0 System memory - ok
07:33:47.0093 0x0bc0 ================ Scan services =============================
07:33:47.0328 0x0bc0 a2acc - ok
07:33:47.0937 0x0bc0 Abiosdsk - ok
07:33:47.0953 0x0bc0 abp480n5 - ok
07:33:48.0093 0x0bc0 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:33:48.0093 0x0bc0 ACPI - ok
07:33:49.0546 0x0bc0 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
07:33:49.0546 0x0bc0 ACPIEC - ok
07:33:49.0875 0x0bc0 [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:33:49.0875 0x0bc0 AdobeFlashPlayerUpdateSvc - ok
07:33:49.0968 0x0bc0 adpu160m - ok
07:33:50.0015 0x0bc0 [ 11C04B17ED2ABBB4833694BCD644AC90, 4F50E672B8C1CA951EF1E01E969C73968BDB656889849859881333ECD3751A24 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
07:33:50.0015 0x0bc0 aeaudio - ok
07:33:50.0109 0x0bc0 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:33:50.0109 0x0bc0 aec - ok
07:33:50.0281 0x0bc0 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:33:50.0296 0x0bc0 AFD - ok
07:33:50.0468 0x0bc0 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
07:33:50.0468 0x0bc0 agp440 - ok
07:33:50.0468 0x0bc0 Aha154x - ok
07:33:50.0500 0x0bc0 aic78u2 - ok
07:33:50.0500 0x0bc0 aic78xx - ok
07:33:50.0562 0x0bc0 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:33:50.0562 0x0bc0 Alerter - ok
07:33:50.0718 0x0bc0 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
07:33:50.0765 0x0bc0 ALG - ok
07:33:50.0781 0x0bc0 AliIde - ok
07:33:50.0796 0x0bc0 amsint - ok
07:33:51.0062 0x0bc0 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:33:51.0125 0x0bc0 Apple Mobile Device - ok
07:33:51.0125 0x0bc0 AppMgmt - ok
07:33:51.0140 0x0bc0 asc - ok
07:33:51.0156 0x0bc0 asc3350p - ok
07:33:51.0156 0x0bc0 asc3550 - ok
07:33:51.0265 0x0bc0 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:33:51.0265 0x0bc0 AsyncMac - ok
07:33:51.0312 0x0bc0 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:33:51.0312 0x0bc0 atapi - ok
07:33:51.0359 0x0bc0 Atdisk - ok
07:33:51.0718 0x0bc0 [ BBA22521D24625C7A7B8D57FB20A812E, DD8A296F98893A7FF2201F814556188F046BD529150771AA474DFE5ABD9AD2D6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
07:33:52.0000 0x0bc0 Ati HotKey Poller - ok
07:33:52.0171 0x0bc0 [ 1C5473C7214A63C3012D5544779D07A3, D71D4131B4145B192ACDBE98648AD33640760FEE5A651812DFA019C6C227D822 ] ATI Remote Wonder II C:\WINDOWS\system32\drivers\ATIRWVD.SYS
07:33:52.0171 0x0bc0 ATI Remote Wonder II - ok
07:33:52.0734 0x0bc0 [ 3C7812BEDCDC11F697CD9CB0E449D62F, 88B78FA4FCDE7A02A35052D39ABE691C09C569FD07E9E8A009CFB6569BFF233A ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
07:33:52.0750 0x0bc0 ATI Smart - ok
07:33:53.0437 0x0bc0 [ 07AC9A98EA70B5A6655A5797174BD282, 95FE05144A51FC4E3FB75F8C9BA45A9FD0F482A81451102037F72F4D60D8E13B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
07:33:53.0468 0x0bc0 ati2mtag - ok
07:33:53.0734 0x0bc0 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:33:53.0734 0x0bc0 Atmarpc - ok
07:33:53.0843 0x0bc0 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:33:53.0875 0x0bc0 AudioSrv - ok
07:33:53.0921 0x0bc0 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:33:53.0937 0x0bc0 audstub - ok
07:33:54.0000 0x0bc0 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:33:54.0015 0x0bc0 Beep - ok
07:33:54.0250 0x0bc0 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\System32\qmgr.dll
07:33:54.0578 0x0bc0 BITS - ok
07:33:54.0984 0x0bc0 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:33:55.0171 0x0bc0 Bonjour Service - ok
07:33:55.0250 0x0bc0 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
07:33:55.0296 0x0bc0 Browser - ok
07:33:55.0343 0x0bc0 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:33:55.0375 0x0bc0 cbidf2k - ok
07:33:55.0500 0x0bc0 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:33:55.0500 0x0bc0 CCDECODE - ok
07:33:55.0515 0x0bc0 cd20xrnt - ok
07:33:55.0562 0x0bc0 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:33:55.0593 0x0bc0 Cdaudio - ok
07:33:55.0765 0x0bc0 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:33:55.0796 0x0bc0 Cdfs - ok
07:33:55.0875 0x0bc0 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:33:55.0875 0x0bc0 Cdrom - ok
07:33:55.0890 0x0bc0 Changer - ok
07:33:55.0937 0x0bc0 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:33:55.0937 0x0bc0 CiSvc - ok
07:33:55.0953 0x0bc0 cleanhlp - ok
07:33:56.0015 0x0bc0 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:33:56.0015 0x0bc0 ClipSrv - ok
07:33:56.0468 0x0bc0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:33:56.0484 0x0bc0 clr_optimization_v4.0.30319_32 - ok
07:33:56.0500 0x0bc0 CmdIde - ok
07:33:56.0515 0x0bc0 COMSysApp - ok
07:33:56.0531 0x0bc0 Cpqarray - ok
07:33:56.0593 0x0bc0 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:33:56.0625 0x0bc0 CryptSvc - ok
07:33:56.0750 0x0bc0 dac2w2k - ok
07:33:56.0765 0x0bc0 dac960nt - ok
07:33:56.0968 0x0bc0 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:33:57.0187 0x0bc0 DcomLaunch - ok
07:33:57.0281 0x0bc0 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:33:57.0343 0x0bc0 Dhcp - ok
07:33:57.0421 0x0bc0 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:33:57.0421 0x0bc0 Disk - ok
07:33:57.0437 0x0bc0 dmadmin - ok
07:33:57.0875 0x0bc0 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:33:57.0906 0x0bc0 dmboot - ok
07:33:57.0984 0x0bc0 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:33:57.0984 0x0bc0 dmio - ok
07:33:58.0046 0x0bc0 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:33:58.0046 0x0bc0 dmload - ok
07:33:58.0109 0x0bc0 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
07:33:58.0109 0x0bc0 dmserver - ok
07:33:58.0203 0x0bc0 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:33:58.0203 0x0bc0 DMusic - ok
07:33:58.0265 0x0bc0 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:33:58.0296 0x0bc0 Dnscache - ok
07:33:58.0437 0x039c Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc
07:33:58.0453 0x0bc0 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:33:58.0453 0x0bc0 Dot3svc - ok
07:33:58.0484 0x0bc0 dpti2o - ok
07:33:58.0500 0x0bc0 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:33:58.0500 0x0bc0 drmkaud - ok
07:33:58.0531 0x0bc0 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:33:58.0531 0x0bc0 EapHost - ok
07:33:58.0593 0x0bc0 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:33:58.0593 0x0bc0 ERSvc - ok
07:33:58.0687 0x0bc0 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
07:33:58.0875 0x0bc0 Eventlog - ok
07:33:59.0015 0x0bc0 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\System32\es.dll
07:33:59.0140 0x0bc0 EventSystem - ok
07:33:59.0234 0x0bc0 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:33:59.0312 0x0bc0 Fastfat - ok
07:33:59.0390 0x0bc0 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:33:59.0437 0x0bc0 FastUserSwitchingCompatibility - ok
07:33:59.0500 0x0bc0 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
07:33:59.0500 0x0bc0 Fdc - ok
07:33:59.0578 0x0bc0 [ 20FE03294AC1429AE88A64C2F754B0D4, 1AAA5F71528C20143E3BE2A93675FC88E34AF1394EB5409103F2C799A5C0B166 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
07:33:59.0578 0x0bc0 FilterService - ok
07:33:59.0625 0x0bc0 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:33:59.0640 0x0bc0 Fips - ok
07:33:59.0671 0x0bc0 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:33:59.0671 0x0bc0 Flpydisk - ok
07:33:59.0890 0x0bc0 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
07:33:59.0890 0x0bc0 FltMgr - ok
07:33:59.0906 0x0bc0 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:33:59.0921 0x0bc0 Fs_Rec - ok
07:33:59.0984 0x0bc0 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:34:00.0000 0x0bc0 Ftdisk - ok
07:34:00.0078 0x0bc0 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:34:00.0078 0x0bc0 GEARAspiWDM - ok
07:34:00.0125 0x0bc0 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:34:00.0125 0x0bc0 Gpc - ok
07:34:00.0265 0x0bc0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:34:00.0281 0x0bc0 gupdate - ok
07:34:00.0328 0x0bc0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:34:00.0328 0x0bc0 gupdatem - ok
07:34:00.0531 0x0bc0 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:34:00.0531 0x0bc0 gusvc - ok
07:34:00.0656 0x0bc0 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:34:00.0671 0x0bc0 helpsvc - ok
07:34:00.0718 0x0bc0 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
07:34:00.0718 0x0bc0 HidServ - ok
07:34:00.0875 0x0bc0 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:34:00.0875 0x0bc0 hidusb - ok
07:34:01.0062 0x0bc0 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:34:01.0062 0x0bc0 hkmsvc - ok
07:34:01.0078 0x0bc0 hpn - ok
07:34:01.0296 0x039c Object send P2P result: true
07:34:01.0312 0x0bc0 [ 58D4765AB87347DB835D5693ADF652C1, C82C844C29AC9041BEE7D02FB846AA9BC17D7DF0D8295AE31A485CC44B0CC7D7 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
07:34:01.0421 0x0bc0 hpqcxs08 - ok
07:34:01.0515 0x0bc0 [ 99ED733F614660EB32199BF889DFB7E2, E96CD3DB09639DB9685AF20915BE9097E270D331A2516FA2929B4E2251B2FA61 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
07:34:01.0578 0x0bc0 hpqddsvc - ok
07:34:01.0640 0x0bc0 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:34:01.0640 0x0bc0 HPZid412 - ok
07:34:01.0687 0x0bc0 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:34:01.0687 0x0bc0 HPZipr12 - ok
07:34:01.0750 0x0bc0 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:34:01.0750 0x0bc0 HPZius12 - ok
07:34:02.0031 0x0bc0 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:34:02.0046 0x0bc0 HTTP - ok
07:34:02.0125 0x0bc0 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:34:02.0140 0x0bc0 HTTPFilter - ok
07:34:02.0140 0x0bc0 i2omgmt - ok
07:34:02.0171 0x0bc0 i2omp - ok
07:34:02.0234 0x0bc0 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:34:02.0234 0x0bc0 i8042prt - ok
07:34:02.0265 0x0bc0 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:34:02.0265 0x0bc0 Imapi - ok
07:34:02.0390 0x0bc0 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\System32\imapi.exe
07:34:02.0390 0x0bc0 ImapiService - ok
07:34:02.0406 0x0bc0 ini910u - ok
07:34:02.0421 0x0bc0 IntelIde - ok
07:34:02.0500 0x0bc0 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:34:02.0500 0x0bc0 intelppm - ok
07:34:02.0625 0x0bc0 [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
07:34:02.0640 0x0bc0 IntuitUpdateServiceV4 - ok
07:34:02.0687 0x0bc0 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
07:34:02.0687 0x0bc0 ip6fw - ok
07:34:02.0750 0x0bc0 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:34:02.0750 0x0bc0 IpFilterDriver - ok
07:34:02.0953 0x0bc0 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:34:02.0953 0x0bc0 IpInIp - ok
07:34:03.0046 0x0bc0 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:34:03.0046 0x0bc0 IpNat - ok
07:34:03.0312 0x0bc0 [ 781ABA6C29AD40259602703A328DAEC6, 2DB936C8DE6D4424C6A10D4200F3D7F97A3A129A3B1064A83AB9846C3A828BE0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:34:03.0625 0x0bc0 iPod Service - ok
07:34:03.0750 0x0bc0 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:34:03.0750 0x0bc0 IPSec - ok
07:34:03.0953 0x0bc0 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:34:03.0953 0x0bc0 IRENUM - ok
07:34:03.0984 0x0bc0 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:34:03.0984 0x0bc0 isapnp - ok
07:34:04.0015 0x0bc0 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:34:04.0015 0x0bc0 Kbdclass - ok
07:34:04.0109 0x0bc0 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:34:04.0109 0x0bc0 kbdhid - ok
07:34:04.0203 0x0bc0 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:34:04.0203 0x0bc0 kmixer - ok
07:34:04.0593 0x0bc0 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:34:04.0656 0x0bc0 KSecDD - ok
07:34:05.0109 0x0bc0 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
07:34:05.0156 0x0bc0 lanmanserver - ok
07:34:05.0234 0x0bc0 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:34:05.0328 0x0bc0 lanmanworkstation - ok
07:34:05.0359 0x0bc0 lbrtfdc - ok
07:34:05.0437 0x0bc0 [ 5D2498F99B7F08F372F9BA44C2474816, EF906148D7DEA4FC8A1256B0D290943B5E6FF138B7ED6A215B01F278BD2CD50F ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
07:34:05.0437 0x0bc0 LHidFilt - ok
07:34:05.0484 0x0bc0 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:34:05.0500 0x0bc0 LmHosts - ok
07:34:05.0531 0x0bc0 [ 4E1B80CC25C2D3BF6FD79E5CDB7787BB, 12DFE7024DD444532B38CC1CAC4C99BF33E2F5DD6E9D97BBCA5B6C4AA858CC7B ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
07:34:05.0531 0x0bc0 LMouFilt - ok
07:34:05.0625 0x0bc0 [ AF280405C10F0D20F37670B7432E5C2F, 89EDF1B686CA6FE2516A5771AD80D6E8A6B022BA3D31E7988C2D2078CE45BEBA ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
07:34:05.0625 0x0bc0 lvpopflt - ok
07:34:05.0703 0x0bc0 [ 8BE71D7EDB8C7494913722059F760DD0, BA02D1EC025BDA8ADAE34483AB6B422A75D0C11392761F83BCB0D0ADB5B1EAE2 ] LVPr2Mon C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
07:34:05.0718 0x0bc0 LVPr2Mon - ok
07:34:05.0953 0x0bc0 [ 2333057542C91AE8228BDCCC2E5F2632, 51324D2D468DCDEA039F848585F6C78F99801D2725F7ACED2466E2D20BF112CD ] LVPrcSrv C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
07:34:06.0031 0x0bc0 LVPrcSrv - ok
07:34:06.0140 0x0bc0 [ E52F5A2CADCF08D07F559962F807A0A2, 5AC12B9D43E593BD037DD4AB0414BC348762CEAEEB9031BF67F81A0E92AB6DC3 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
07:34:06.0156 0x0bc0 LVRS - ok
07:34:09.0109 0x0bc0 [ C3D02260BEB2B48DEA1EFDFCA91E4B69, 7A0E53F217E1F57ED81845904886FDE500C09261BE352DC101CEF8B95A235D7D ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
07:34:09.0281 0x0bc0 LVUVC - ok
07:34:09.0375 0x0bc0 [ D2DED3C333A5D9CB3F4C244B0F0DD877, 5C1D6C2520C24B12AC99B4B1AB8A0C41052B78CEC2E8B52807057B09A03AD81F ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
07:34:09.0375 0x0bc0 MBAMProtector - ok
07:34:10.0281 0x0bc0 [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
07:34:11.0921 0x0bc0 MBAMScheduler - ok
07:34:12.0781 0x0bc0 [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
07:34:13.0343 0x0bc0 MBAMService - ok
07:34:13.0484 0x0bc0 [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
07:34:13.0500 0x0bc0 MBAMSwissArmy - ok
07:34:13.0562 0x0bc0 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:34:13.0562 0x0bc0 Messenger - ok
07:34:13.0593 0x0bc0 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:34:13.0609 0x0bc0 mnmdd - ok
07:34:13.0656 0x0bc0 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
07:34:13.0656 0x0bc0 mnmsrvc - ok
07:34:13.0718 0x0bc0 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:34:13.0750 0x0bc0 Modem - ok
07:34:13.0781 0x0bc0 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:34:13.0781 0x0bc0 Mouclass - ok
07:34:13.0843 0x0bc0 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:34:13.0843 0x0bc0 mouhid - ok
07:34:13.0875 0x0bc0 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:34:13.0890 0x0bc0 MountMgr - ok
07:34:13.0906 0x0bc0 mraid35x - ok
07:34:13.0984 0x0bc0 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:34:13.0984 0x0bc0 MRxDAV - ok
07:34:14.0343 0x0bc0 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:34:14.0375 0x0bc0 MRxSmb - ok
07:34:14.0421 0x0bc0 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
07:34:14.0453 0x0bc0 MSDTC - ok
07:34:14.0515 0x0bc0 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:34:14.0531 0x0bc0 Msfs - ok
07:34:14.0562 0x0bc0 MSIServer - ok
07:34:14.0625 0x0bc0 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:34:14.0625 0x0bc0 MSKSSRV - ok
07:34:14.0718 0x0bc0 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

dennis pengelly · Nov 20, 2014

First TDS Scan Part 2

07:34:14.0718 0x0bc0 MSPCLOCK - ok
07:34:14.0796 0x0bc0 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:34:14.0796 0x0bc0 MSPQM - ok
07:34:14.0875 0x0bc0 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:34:14.0875 0x0bc0 mssmbios - ok
07:34:14.0906 0x0bc0 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
07:34:14.0906 0x0bc0 MSTEE - ok
07:34:15.0031 0x0bc0 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:34:15.0093 0x0bc0 Mup - ok
07:34:15.0343 0x0bc0 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:34:15.0343 0x0bc0 NABTSFEC - ok
07:34:15.0640 0x0bc0 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:34:15.0656 0x0bc0 napagent - ok
07:34:15.0765 0x0bc0 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:34:15.0828 0x0bc0 NDIS - ok
07:34:15.0906 0x0bc0 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:34:15.0906 0x0bc0 NdisIP - ok
07:34:15.0984 0x0bc0 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:34:15.0984 0x0bc0 NdisTapi - ok
07:34:16.0031 0x0bc0 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:34:16.0031 0x0bc0 Ndisuio - ok
07:34:16.0078 0x0bc0 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:34:16.0078 0x0bc0 NdisWan - ok
07:34:16.0281 0x0bc0 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:34:16.0312 0x0bc0 NDProxy - ok
07:34:16.0375 0x0bc0 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
07:34:16.0421 0x0bc0 Net Driver HPZ12 - ok
07:34:16.0484 0x0bc0 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:34:16.0484 0x0bc0 NetBIOS - ok
07:34:16.0562 0x0bc0 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:34:16.0578 0x0bc0 NetBT - ok
07:34:16.0640 0x0bc0 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
07:34:16.0656 0x0bc0 NetDDE - ok
07:34:16.0703 0x0bc0 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:34:16.0703 0x0bc0 NetDDEdsdm - ok
07:34:16.0765 0x0bc0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\System32\lsass.exe
07:34:16.0765 0x0bc0 Netlogon - ok
07:34:16.0875 0x0bc0 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
07:34:16.0968 0x0bc0 Netman - ok
07:34:17.0109 0x0bc0 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
07:34:17.0343 0x0bc0 Nla - ok
07:34:17.0406 0x0bc0 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:34:17.0421 0x0bc0 Npfs - ok
07:34:17.0671 0x0bc0 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:34:17.0890 0x0bc0 Ntfs - ok
07:34:17.0921 0x0bc0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
07:34:17.0921 0x0bc0 NtLmSsp - ok
07:34:18.0609 0x0bc0 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:34:18.0609 0x0bc0 NtmsSvc - ok
07:34:18.0656 0x0bc0 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
07:34:18.0671 0x0bc0 Null - ok
07:34:18.0734 0x0bc0 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:34:18.0734 0x0bc0 NwlnkFlt - ok
07:34:18.0796 0x0bc0 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:34:18.0796 0x0bc0 NwlnkFwd - ok
07:34:18.0859 0x0bc0 [ CEC7E2C6C1FA00C7AB2F5434F848AE51, 399CF962689652F6B3906F40D20EE7BBDA856CD56031A65C5A1E8718016FCE90 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
07:34:18.0859 0x0bc0 OMCI - ok
07:34:18.0968 0x0bc0 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:34:18.0968 0x0bc0 Parport - ok
07:34:18.0984 0x0bc0 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:34:19.0015 0x0bc0 PartMgr - ok
07:34:19.0062 0x0bc0 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:34:19.0078 0x0bc0 ParVdm - ok
07:34:19.0125 0x0bc0 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:34:19.0125 0x0bc0 PCI - ok
07:34:19.0140 0x0bc0 PCIDump - ok
07:34:19.0156 0x0bc0 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:34:19.0156 0x0bc0 PCIIde - ok
07:34:19.0359 0x0bc0 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:34:19.0468 0x0bc0 Pcmcia - ok
07:34:19.0484 0x0bc0 PDCOMP - ok
07:34:19.0515 0x0bc0 PDFRAME - ok
07:34:19.0515 0x0bc0 PDRELI - ok
07:34:19.0531 0x0bc0 PDRFRAME - ok
07:34:19.0546 0x0bc0 perc2 - ok
07:34:19.0578 0x0bc0 perc2hib - ok
07:34:19.0656 0x0bc0 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
07:34:19.0656 0x0bc0 PlugPlay - ok
07:34:19.0687 0x0bc0 [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
07:34:19.0703 0x0bc0 Pml Driver HPZ12 - ok
07:34:19.0734 0x0bc0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
07:34:19.0734 0x0bc0 PolicyAgent - ok
07:34:19.0765 0x0bc0 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:34:19.0765 0x0bc0 PptpMiniport - ok
07:34:19.0812 0x0bc0 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
07:34:19.0812 0x0bc0 Processor - ok
07:34:19.0828 0x0bc0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:34:19.0828 0x0bc0 ProtectedStorage - ok
07:34:19.0875 0x0bc0 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:34:19.0875 0x0bc0 PSched - ok
07:34:19.0953 0x0bc0 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:34:19.0953 0x0bc0 Ptilink - ok
07:34:19.0953 0x0bc0 ql1080 - ok
07:34:19.0968 0x0bc0 Ql10wnt - ok
07:34:19.0984 0x0bc0 ql12160 - ok
07:34:19.0984 0x0bc0 ql1240 - ok
07:34:20.0000 0x0bc0 ql1280 - ok
07:34:20.0031 0x0bc0 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:34:20.0031 0x0bc0 RasAcd - ok
07:34:20.0109 0x0bc0 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:34:20.0109 0x0bc0 RasAuto - ok
07:34:20.0156 0x0bc0 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:34:20.0156 0x0bc0 Rasl2tp - ok
07:34:20.0437 0x0bc0 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:34:20.0500 0x0bc0 RasMan - ok
07:34:20.0531 0x0bc0 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:34:20.0531 0x0bc0 RasPppoe - ok
07:34:20.0562 0x0bc0 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:34:20.0562 0x0bc0 Raspti - ok
07:34:20.0640 0x0bc0 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:34:20.0640 0x0bc0 Rdbss - ok
07:34:20.0671 0x0bc0 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:34:20.0687 0x0bc0 RDPCDD - ok
07:34:20.0812 0x0bc0 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:34:20.0859 0x0bc0 RDPWD - ok
07:34:20.0968 0x0bc0 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:34:20.0984 0x0bc0 RDSessMgr - ok
07:34:21.0078 0x0bc0 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
07:34:21.0093 0x0bc0 RealNetworks Downloader Resolver Service - ok
07:34:21.0156 0x0bc0 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:34:21.0156 0x0bc0 redbook - ok
07:34:21.0359 0x0bc0 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:34:21.0359 0x0bc0 RemoteAccess - ok
07:34:21.0421 0x0bc0 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe
07:34:21.0437 0x0bc0 RpcLocator - ok
07:34:21.0593 0x0bc0 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
07:34:21.0609 0x0bc0 RpcSs - ok
07:34:21.0703 0x0bc0 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe
07:34:21.0718 0x0bc0 RSVP - ok
07:34:21.0781 0x0bc0 [ 223D721E1334425DF479B58123C9E886, D0B3B68C66E918CDD117E2E5FFEBDE83B892096A1CBEC34F0EB5142BCDF9F0DE ] RTL8023xp C:\WINDOWS\system32\DRIVERS\EG1032xp.sys
07:34:21.0781 0x0bc0 RTL8023xp - ok
07:34:21.0812 0x0bc0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
07:34:21.0812 0x0bc0 SamSs - ok
07:34:21.0890 0x0bc0 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:34:21.0906 0x0bc0 SCardSvr - ok
07:34:22.0015 0x0bc0 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:34:22.0078 0x0bc0 Schedule - ok
07:34:22.0156 0x0bc0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:34:22.0156 0x0bc0 Secdrv - ok
07:34:22.0328 0x0bc0 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:34:22.0343 0x0bc0 seclogon - ok
07:34:22.0390 0x0bc0 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
07:34:22.0406 0x0bc0 SENS - ok
07:34:22.0421 0x0bc0 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:34:22.0421 0x0bc0 serenum - ok
07:34:22.0468 0x0bc0 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:34:22.0468 0x0bc0 Serial - ok
07:34:22.0531 0x0bc0 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:34:22.0546 0x0bc0 Sfloppy - ok
07:34:22.0703 0x0bc0 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:34:22.0812 0x0bc0 SharedAccess - ok
07:34:22.0890 0x0bc0 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:34:22.0890 0x0bc0 ShellHWDetection - ok
07:34:22.0906 0x0bc0 Simbad - ok
07:34:22.0953 0x0bc0 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:34:22.0953 0x0bc0 SLIP - ok
07:34:23.0312 0x0bc0 [ 39F9595D2F6F7EB93F45A466789A6F49, 57BF163924D9EA1CC109ABA49899E04D478D9A85195A1161F9611C07A8F58D4D ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
07:34:23.0328 0x0bc0 smwdm - ok
07:34:23.0343 0x0bc0 Sparrow - ok
07:34:23.0453 0x0bc0 [ DC7F26E519331D074E6D3D8A90595364, 4DB650046BB439101F48224E21F69CB10DD441EDA25E1A1895496C5FF1F88C6D ] spkrmon C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
07:34:23.0468 0x0bc0 spkrmon - ok
07:34:23.0500 0x0bc0 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:34:23.0500 0x0bc0 splitter - ok
07:34:23.0562 0x0bc0 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:34:23.0609 0x0bc0 Spooler - ok
07:34:23.0687 0x0bc0 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:34:23.0687 0x0bc0 sr - ok
07:34:23.0781 0x0bc0 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\System32\srsvc.dll
07:34:23.0859 0x0bc0 srservice - ok
07:34:24.0046 0x0bc0 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:34:24.0062 0x0bc0 Srv - ok
07:34:24.0109 0x0bc0 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:34:24.0140 0x0bc0 SSDPSRV - ok
07:34:24.0453 0x0bc0 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:34:24.0562 0x0bc0 stisvc - ok
07:34:24.0609 0x0bc0 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:34:24.0609 0x0bc0 streamip - ok
07:34:24.0640 0x0bc0 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:34:24.0640 0x0bc0 swenum - ok
07:34:24.0687 0x0bc0 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:34:24.0703 0x0bc0 swmidi - ok
07:34:24.0718 0x0bc0 SwPrv - ok
07:34:24.0734 0x0bc0 symc810 - ok
07:34:24.0734 0x0bc0 symc8xx - ok
07:34:24.0750 0x0bc0 sym_hi - ok
07:34:24.0765 0x0bc0 sym_u3 - ok
07:34:24.0828 0x0bc0 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:34:24.0828 0x0bc0 sysaudio - ok
07:34:24.0921 0x0bc0 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:34:24.0921 0x0bc0 SysmonLog - ok
07:34:25.0062 0x0bc0 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:34:25.0140 0x0bc0 TapiSrv - ok
07:34:25.0390 0x0bc0 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:34:25.0406 0x0bc0 Tcpip - ok
07:34:25.0484 0x0bc0 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:34:25.0515 0x0bc0 TDPIPE - ok
07:34:25.0562 0x0bc0 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:34:25.0562 0x0bc0 TDTCP - ok
07:34:25.0593 0x0bc0 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:34:25.0609 0x0bc0 TermDD - ok
07:34:25.0734 0x0bc0 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
07:34:25.0859 0x0bc0 TermService - ok
07:34:25.0953 0x0bc0 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
07:34:25.0953 0x0bc0 Themes - ok
07:34:25.0968 0x0bc0 TosIde - ok
07:34:26.0046 0x0bc0 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:34:26.0078 0x0bc0 TrkWks - ok
07:34:26.0125 0x0bc0 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:34:26.0171 0x0bc0 Udfs - ok
07:34:26.0171 0x0bc0 ultra - ok
07:34:26.0500 0x0bc0 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:34:26.0500 0x0bc0 Update - ok
07:34:26.0609 0x0bc0 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
07:34:26.0609 0x0bc0 upnphost - ok
07:34:26.0656 0x0bc0 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
07:34:26.0656 0x0bc0 UPS - ok
07:34:26.0718 0x0bc0 [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
07:34:26.0734 0x0bc0 USBAAPL - ok
07:34:26.0781 0x0bc0 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
07:34:26.0781 0x0bc0 usbaudio - ok
07:34:26.0812 0x0bc0 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:34:26.0812 0x0bc0 usbccgp - ok
07:34:26.0875 0x0bc0 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:34:26.0875 0x0bc0 usbehci - ok
07:34:26.0953 0x0bc0 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:34:26.0953 0x0bc0 usbhub - ok
07:34:26.0984 0x0bc0 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:34:26.0984 0x0bc0 usbprint - ok
07:34:27.0062 0x0bc0 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:34:27.0062 0x0bc0 usbscan - ok
07:34:27.0125 0x0bc0 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:34:27.0125 0x0bc0 USBSTOR - ok
07:34:27.0140 0x0bc0 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:34:27.0140 0x0bc0 usbuhci - ok
07:34:27.0171 0x0bc0 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:34:27.0171 0x0bc0 VgaSave - ok
07:34:27.0187 0x0bc0 ViaIde - ok
07:34:27.0250 0x0bc0 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:34:27.0406 0x0bc0 VolSnap - ok
07:34:27.0656 0x0bc0 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
07:34:27.0656 0x0bc0 VSS - ok
07:34:27.0734 0x0bc0 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\System32\w32time.dll
07:34:27.0796 0x0bc0 W32Time - ok
07:34:27.0859 0x0bc0 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:34:27.0859 0x0bc0 Wanarp - ok
07:34:28.0062 0x0bc0 [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
07:34:28.0078 0x0bc0 Wdf01000 - ok
07:34:28.0093 0x0bc0 WDICA - ok
07:34:28.0140 0x0bc0 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:34:28.0140 0x0bc0 wdmaud - ok
07:34:28.0187 0x0bc0 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
07:34:28.0218 0x0bc0 WebClient - ok
07:34:28.0484 0x0bc0 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:34:28.0531 0x0bc0 winmgmt - ok
07:34:28.0640 0x0bc0 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
07:34:28.0640 0x0bc0 WmdmPmSN - ok
07:34:28.0750 0x0bc0 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
07:34:28.0750 0x0bc0 WmiApSrv - ok
07:34:29.0140 0x0bc0 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:34:29.0171 0x0bc0 WPFFontCache_v0400 - ok
07:34:29.0250 0x0bc0 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:34:29.0406 0x0bc0 wscsvc - ok
07:34:29.0500 0x0bc0 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:34:29.0500 0x0bc0 WSTCODEC - ok
07:34:29.0546 0x0bc0 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:34:29.0578 0x0bc0 wuauserv - ok
07:34:29.0765 0x0bc0 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:34:29.0953 0x0bc0 WZCSVC - ok
07:34:30.0015 0x0bc0 x10nets - ok
07:34:30.0125 0x0bc0 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:34:30.0140 0x0bc0 xmlprov - ok
07:34:30.0500 0x0bc0 [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
07:34:30.0750 0x0bc0 YahooAUService - ok
07:34:30.0765 0x0bc0 ================ Scan global ===============================
07:34:30.0828 0x0bc0 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
07:34:30.0968 0x0bc0 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:34:31.0187 0x0bc0 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:34:31.0265 0x0bc0 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
07:34:31.0265 0x0bc0 [ Global ] - ok
07:34:31.0281 0x0bc0 ================ Scan MBR ==================================
07:34:31.0296 0x0bc0 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:34:32.0937 0x0bc0 \Device\Harddisk0\DR0 - ok
07:34:32.0937 0x0bc0 ================ Scan VBR ==================================
07:34:32.0968 0x0bc0 [ B47FC8A5BA5CF3654FDD405AB3889977 ] \Device\Harddisk0\DR0\Partition1
07:34:33.0000 0x0bc0 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
07:34:33.0000 0x0bc0 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
07:34:35.0500 0x0bc0 ================ Scan generic autorun ======================
07:34:35.0734 0x0bc0 [ 2B4EC8708AF814DC49E55404988D010A, E6AFD61DD865D65CFB1B55897DBA57EA7457A6F16D4B3C48AAD996322BFBFBB7 ] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
07:34:35.0875 0x0bc0 ATIPTA - ok
07:34:35.0875 0x0bc0 ATI DeviceDetect - ok
07:34:35.0890 0x0bc0 Waiting for KSN requests completion. In queue: 137
07:34:36.0890 0x0bc0 Waiting for KSN requests completion. In queue: 1
07:34:37.0890 0x0bc0 Waiting for KSN requests completion. In queue: 1
07:34:41.0984 0x0bc0 Win FW state via NFM: enabled
07:34:44.0578 0x0bc0 ============================================================
07:34:44.0578 0x0bc0 Scan finished
07:34:44.0578 0x0bc0 ============================================================
07:34:44.0953 0x08bc Detected object count: 1
07:34:44.0953 0x08bc Actual detected object count: 1
07:37:09.0875 0x08bc \Device\Harddisk0\DR0\Partition1 - copied to quarantine
07:37:09.0921 0x08bc \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
07:37:09.0984 0x08bc \Device\Harddisk0\DR0\Partition1 - ok
07:37:09.0984 0x08bc \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
07:37:13.0140 0x08bc KLMD registered as C:\WINDOWS\system32\drivers\10693154.sys
07:37:29.0296 0x06a0 Deinitialize success

dennis pengelly · Nov 20, 2014

Second TDS Scan Part 1

07:42:05.0812 0x07cc TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
07:42:08.0093 0x07cc ============================================================
07:42:08.0093 0x07cc Current date / time: 2014/11/20 07:42:08.0093
07:42:08.0140 0x07cc SystemInfo:
07:42:08.0171 0x07cc
07:42:08.0203 0x07cc OS Version: 5.1.2600 ServicePack: 3.0
07:42:08.0218 0x07cc Product type: Workstation
07:42:08.0218 0x07cc ComputerName: DENTECH-CXSLVNS
07:42:08.0328 0x07cc UserName: dennis pengelly
07:42:08.0359 0x07cc Windows directory: C:\WINDOWS
07:42:08.0375 0x07cc System windows directory: C:\WINDOWS
07:42:08.0375 0x07cc Processor architecture: Intel x86
07:42:08.0375 0x07cc Number of processors: 1
07:42:08.0375 0x07cc Page size: 0x1000
07:42:08.0375 0x07cc Boot type: Normal boot
07:42:08.0406 0x07cc ============================================================
07:42:08.0750 0x07cc BG loaded
07:42:10.0406 0x07cc System UUID: {0E24FB42-6D1B-093D-8B81-1B9066C333CC}
07:42:14.0578 0x07cc Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 ( 111.76 Gb ), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
07:42:14.0718 0x07cc ============================================================
07:42:14.0718 0x07cc \Device\Harddisk0\DR0:
07:42:14.0718 0x07cc MBR partitions:
07:42:14.0718 0x07cc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xDF702F8
07:42:14.0718 0x07cc ============================================================
07:42:14.0984 0x07cc C: <-> \Device\Harddisk0\DR0\Partition1
07:42:14.0984 0x07cc ============================================================
07:42:14.0984 0x07cc Initialize success
07:42:14.0984 0x07cc ============================================================
07:42:22.0062 0x09b8 ============================================================
07:42:22.0062 0x09b8 Scan started
07:42:22.0062 0x09b8 Mode: Manual;
07:42:22.0062 0x09b8 ============================================================
07:42:22.0062 0x09b8 KSN ping started
07:42:26.0000 0x09b8 KSN ping finished: true
07:42:35.0640 0x09b8 ================ Scan system memory ========================
07:42:35.0656 0x09b8 System memory - ok
07:42:35.0656 0x09b8 ================ Scan services =============================
07:42:36.0046 0x09b8 a2acc - ok
07:42:37.0796 0x09b8 Abiosdsk - ok
07:42:37.0812 0x09b8 abp480n5 - ok
07:42:37.0984 0x09b8 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:42:38.0046 0x09b8 ACPI - ok
07:42:39.0062 0x09b8 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
07:42:39.0156 0x09b8 ACPIEC - ok
07:42:39.0765 0x09b8 [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:42:39.0890 0x09b8 AdobeFlashPlayerUpdateSvc - ok
07:42:39.0937 0x09b8 adpu160m - ok
07:42:40.0296 0x09b8 [ 11C04B17ED2ABBB4833694BCD644AC90, 4F50E672B8C1CA951EF1E01E969C73968BDB656889849859881333ECD3751A24 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
07:42:40.0296 0x09b8 aeaudio - ok
07:42:40.0390 0x09b8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:42:40.0390 0x09b8 aec - ok
07:42:40.0484 0x09b8 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:42:40.0500 0x09b8 AFD - ok
07:42:40.0656 0x09b8 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
07:42:40.0671 0x09b8 agp440 - ok
07:42:40.0703 0x09b8 Aha154x - ok
07:42:40.0718 0x09b8 aic78u2 - ok
07:42:40.0750 0x09b8 aic78xx - ok
07:42:41.0265 0x09b8 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:42:41.0859 0x09b8 Alerter - ok
07:42:41.0953 0x09b8 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
07:42:41.0968 0x09b8 ALG - ok
07:42:42.0031 0x09b8 AliIde - ok
07:42:42.0140 0x09b8 amsint - ok
07:42:43.0453 0x09b8 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:42:43.0468 0x09b8 Apple Mobile Device - ok
07:42:43.0562 0x09b8 AppMgmt - ok
07:42:43.0578 0x09b8 asc - ok
07:42:43.0781 0x09b8 asc3350p - ok
07:42:43.0796 0x09b8 asc3550 - ok
07:42:43.0859 0x09b8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:42:43.0921 0x09b8 AsyncMac - ok
07:42:44.0125 0x09b8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:42:44.0140 0x09b8 atapi - ok
07:42:44.0281 0x09b8 Atdisk - ok
07:42:44.0609 0x09b8 [ BBA22521D24625C7A7B8D57FB20A812E, DD8A296F98893A7FF2201F814556188F046BD529150771AA474DFE5ABD9AD2D6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
07:42:44.0609 0x09b8 Ati HotKey Poller - ok
07:42:44.0765 0x09b8 [ 1C5473C7214A63C3012D5544779D07A3, D71D4131B4145B192ACDBE98648AD33640760FEE5A651812DFA019C6C227D822 ] ATI Remote Wonder II C:\WINDOWS\system32\drivers\ATIRWVD.SYS
07:42:44.0765 0x09b8 ATI Remote Wonder II - ok
07:42:45.0375 0x09b8 [ 3C7812BEDCDC11F697CD9CB0E449D62F, 88B78FA4FCDE7A02A35052D39ABE691C09C569FD07E9E8A009CFB6569BFF233A ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
07:42:45.0421 0x09b8 ATI Smart - ok
07:42:46.0234 0x09b8 [ 07AC9A98EA70B5A6655A5797174BD282, 95FE05144A51FC4E3FB75F8C9BA45A9FD0F482A81451102037F72F4D60D8E13B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
07:42:46.0312 0x09b8 ati2mtag - ok
07:42:46.0390 0x09b8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:42:46.0421 0x09b8 Atmarpc - ok
07:42:46.0484 0x09b8 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:42:46.0484 0x09b8 AudioSrv - ok
07:42:46.0531 0x09b8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:42:46.0531 0x09b8 audstub - ok
07:42:46.0562 0x09b8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:42:46.0578 0x09b8 Beep - ok
07:42:46.0812 0x09b8 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\System32\qmgr.dll
07:42:46.0843 0x09b8 BITS - ok
07:42:47.0546 0x09b8 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:42:47.0562 0x09b8 Bonjour Service - ok
07:42:47.0625 0x09b8 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
07:42:47.0640 0x09b8 Browser - ok
07:42:47.0671 0x09b8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:42:47.0687 0x09b8 cbidf2k - ok
07:42:47.0734 0x09b8 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:42:47.0796 0x09b8 CCDECODE - ok
07:42:47.0796 0x09b8 cd20xrnt - ok
07:42:47.0875 0x09b8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:42:47.0875 0x09b8 Cdaudio - ok
07:42:47.0953 0x09b8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:42:47.0953 0x09b8 Cdfs - ok
07:42:48.0000 0x09b8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:42:48.0015 0x09b8 Cdrom - ok
07:42:48.0015 0x09b8 Changer - ok
07:42:48.0078 0x09b8 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:42:48.0078 0x09b8 CiSvc - ok
07:42:48.0078 0x09b8 cleanhlp - ok
07:42:48.0140 0x09b8 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:42:48.0156 0x09b8 ClipSrv - ok
07:42:48.0359 0x09b8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:42:48.0359 0x09b8 clr_optimization_v4.0.30319_32 - ok
07:42:48.0375 0x09b8 CmdIde - ok
07:42:48.0390 0x09b8 COMSysApp - ok
07:42:48.0406 0x09b8 Cpqarray - ok
07:42:48.0468 0x09b8 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:42:48.0468 0x09b8 CryptSvc - ok
07:42:48.0468 0x09b8 dac2w2k - ok
07:42:48.0484 0x09b8 dac960nt - ok
07:42:48.0656 0x09b8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:42:48.0671 0x09b8 DcomLaunch - ok
07:42:48.0750 0x09b8 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:42:48.0750 0x09b8 Dhcp - ok
07:42:48.0796 0x09b8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:42:48.0812 0x09b8 Disk - ok
07:42:48.0812 0x09b8 dmadmin - ok
07:42:49.0171 0x09b8 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:42:49.0593 0x09b8 dmboot - ok
07:42:49.0671 0x09b8 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:42:49.0718 0x09b8 dmio - ok
07:42:49.0765 0x09b8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:42:49.0765 0x09b8 dmload - ok
07:42:49.0796 0x09b8 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
07:42:49.0796 0x09b8 dmserver - ok
07:42:49.0859 0x09b8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:42:49.0859 0x09b8 DMusic - ok
07:42:49.0906 0x09b8 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:42:49.0906 0x09b8 Dnscache - ok
07:42:50.0015 0x09b8 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:42:50.0062 0x09b8 Dot3svc - ok
07:42:50.0062 0x09b8 dpti2o - ok
07:42:50.0078 0x09b8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:42:50.0078 0x09b8 drmkaud - ok
07:42:50.0109 0x09b8 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:42:50.0125 0x09b8 EapHost - ok
07:42:50.0156 0x09b8 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:42:50.0156 0x09b8 ERSvc - ok
07:42:50.0234 0x09b8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
07:42:50.0250 0x09b8 Eventlog - ok
07:42:50.0359 0x09b8 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\System32\es.dll
07:42:50.0359 0x09b8 EventSystem - ok
07:42:50.0453 0x09b8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:42:50.0453 0x09b8 Fastfat - ok
07:42:50.0531 0x09b8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:42:50.0531 0x09b8 FastUserSwitchingCompatibility - ok
07:42:50.0546 0x09b8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
07:42:50.0562 0x09b8 Fdc - ok
07:42:50.0609 0x09b8 [ 20FE03294AC1429AE88A64C2F754B0D4, 1AAA5F71528C20143E3BE2A93675FC88E34AF1394EB5409103F2C799A5C0B166 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
07:42:50.0609 0x09b8 FilterService - ok
07:42:50.0625 0x09b8 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:42:50.0625 0x09b8 Fips - ok
07:42:50.0656 0x09b8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:42:50.0656 0x09b8 Flpydisk - ok
07:42:50.0734 0x0ee8 Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc
07:42:50.0734 0x09b8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
07:42:50.0781 0x09b8 FltMgr - ok
07:42:50.0796 0x09b8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:42:50.0796 0x09b8 Fs_Rec - ok
07:42:50.0859 0x09b8 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:42:50.0906 0x09b8 Ftdisk - ok
07:42:50.0937 0x09b8 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:42:50.0937 0x09b8 GEARAspiWDM - ok
07:42:50.0968 0x09b8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:42:50.0968 0x09b8 Gpc - ok
07:42:51.0062 0x09b8 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:42:51.0062 0x09b8 gupdate - ok
07:42:51.0109 0x09b8 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:42:51.0109 0x09b8 gupdatem - ok
07:42:51.0218 0x09b8 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:42:51.0343 0x09b8 gusvc - ok
07:42:51.0406 0x09b8 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:42:51.0421 0x09b8 helpsvc - ok
07:42:51.0453 0x09b8 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
07:42:51.0453 0x09b8 HidServ - ok
07:42:51.0515 0x09b8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:42:51.0515 0x09b8 hidusb - ok
07:42:51.0562 0x09b8 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:42:51.0593 0x09b8 hkmsvc - ok
07:42:51.0593 0x09b8 hpn - ok
07:42:51.0765 0x09b8 [ 58D4765AB87347DB835D5693ADF652C1, C82C844C29AC9041BEE7D02FB846AA9BC17D7DF0D8295AE31A485CC44B0CC7D7 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
07:42:51.0765 0x09b8 hpqcxs08 - ok
07:42:51.0828 0x09b8 [ 99ED733F614660EB32199BF889DFB7E2, E96CD3DB09639DB9685AF20915BE9097E270D331A2516FA2929B4E2251B2FA61 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
07:42:51.0843 0x09b8 hpqddsvc - ok
07:42:51.0875 0x09b8 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:42:51.0875 0x09b8 HPZid412 - ok
07:42:51.0906 0x09b8 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:42:51.0906 0x09b8 HPZipr12 - ok
07:42:51.0937 0x09b8 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:42:51.0953 0x09b8 HPZius12 - ok
07:42:52.0062 0x09b8 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:42:52.0078 0x09b8 HTTP - ok
07:42:52.0109 0x09b8 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:42:52.0140 0x09b8 HTTPFilter - ok
07:42:52.0140 0x09b8 i2omgmt - ok
07:42:52.0156 0x09b8 i2omp - ok
07:42:52.0203 0x09b8 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:42:52.0203 0x09b8 i8042prt - ok
07:42:52.0234 0x09b8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:42:52.0234 0x09b8 Imapi - ok
07:42:52.0359 0x09b8 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\System32\imapi.exe
07:42:52.0359 0x09b8 ImapiService - ok
07:42:52.0359 0x09b8 ini910u - ok
07:42:52.0375 0x09b8 IntelIde - ok
07:42:52.0437 0x09b8 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:42:52.0437 0x09b8 intelppm - ok
07:42:52.0562 0x09b8 [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
07:42:52.0562 0x09b8 IntuitUpdateServiceV4 - ok
07:42:52.0625 0x09b8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
07:42:52.0625 0x09b8 ip6fw - ok
07:42:52.0687 0x09b8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:42:52.0703 0x09b8 IpFilterDriver - ok
07:42:52.0734 0x09b8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:42:52.0734 0x09b8 IpInIp - ok
07:42:53.0796 0x0ee8 Object send P2P result: true
07:42:53.0812 0x09b8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:42:53.0828 0x09b8 IpNat - ok
07:42:54.0140 0x09b8 [ 781ABA6C29AD40259602703A328DAEC6, 2DB936C8DE6D4424C6A10D4200F3D7F97A3A129A3B1064A83AB9846C3A828BE0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:42:54.0140 0x09b8 iPod Service - ok
07:42:54.0187 0x09b8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:42:54.0187 0x09b8 IPSec - ok
07:42:54.0218 0x09b8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:42:54.0234 0x09b8 IRENUM - ok
07:42:54.0281 0x09b8 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:42:54.0296 0x09b8 isapnp - ok
07:42:54.0328 0x09b8 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:42:54.0343 0x09b8 Kbdclass - ok
07:42:54.0500 0x09b8 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:42:54.0515 0x09b8 kbdhid - ok
07:42:54.0609 0x09b8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:42:54.0671 0x09b8 kmixer - ok
07:42:54.0734 0x09b8 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:42:54.0765 0x09b8 KSecDD - ok
07:42:54.0828 0x09b8 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
07:42:54.0828 0x09b8 lanmanserver - ok
07:42:54.0890 0x09b8 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:42:54.0921 0x09b8 lanmanworkstation - ok
07:42:54.0921 0x09b8 lbrtfdc - ok
07:42:54.0968 0x09b8 [ 5D2498F99B7F08F372F9BA44C2474816, EF906148D7DEA4FC8A1256B0D290943B5E6FF138B7ED6A215B01F278BD2CD50F ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
07:42:54.0968 0x09b8 LHidFilt - ok
07:42:55.0015 0x09b8 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:42:55.0031 0x09b8 LmHosts - ok
07:42:55.0046 0x09b8 [ 4E1B80CC25C2D3BF6FD79E5CDB7787BB, 12DFE7024DD444532B38CC1CAC4C99BF33E2F5DD6E9D97BBCA5B6C4AA858CC7B ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
07:42:55.0046 0x09b8 LMouFilt - ok
07:42:55.0125 0x09b8 [ AF280405C10F0D20F37670B7432E5C2F, 89EDF1B686CA6FE2516A5771AD80D6E8A6B022BA3D31E7988C2D2078CE45BEBA ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
07:42:55.0171 0x09b8 lvpopflt - ok
07:42:55.0218 0x09b8 [ 8BE71D7EDB8C7494913722059F760DD0, BA02D1EC025BDA8ADAE34483AB6B422A75D0C11392761F83BCB0D0ADB5B1EAE2 ] LVPr2Mon C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
07:42:55.0218 0x09b8 LVPr2Mon - ok
07:42:55.0343 0x09b8 [ 2333057542C91AE8228BDCCC2E5F2632, 51324D2D468DCDEA039F848585F6C78F99801D2725F7ACED2466E2D20BF112CD ] LVPrcSrv C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
07:42:55.0343 0x09b8 LVPrcSrv - ok
07:42:55.0453 0x09b8 [ E52F5A2CADCF08D07F559962F807A0A2, 5AC12B9D43E593BD037DD4AB0414BC348762CEAEEB9031BF67F81A0E92AB6DC3 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
07:42:55.0453 0x09b8 LVRS - ok
07:42:57.0828 0x09b8 [ C3D02260BEB2B48DEA1EFDFCA91E4B69, 7A0E53F217E1F57ED81845904886FDE500C09261BE352DC101CEF8B95A235D7D ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
07:42:57.0984 0x09b8 LVUVC - ok
07:42:58.0046 0x09b8 [ D2DED3C333A5D9CB3F4C244B0F0DD877, 5C1D6C2520C24B12AC99B4B1AB8A0C41052B78CEC2E8B52807057B09A03AD81F ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
07:42:58.0046 0x09b8 MBAMProtector - ok
07:42:58.0734 0x09b8 [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
07:42:58.0781 0x09b8 MBAMScheduler - ok
07:42:59.0109 0x09b8 [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
07:42:59.0125 0x09b8 MBAMService - ok
07:42:59.0187 0x09b8 [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
07:42:59.0234 0x09b8 MBAMSwissArmy - ok
07:42:59.0281 0x09b8 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:42:59.0296 0x09b8 Messenger - ok
07:42:59.0328 0x09b8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:42:59.0328 0x09b8 mnmdd - ok
07:42:59.0390 0x09b8 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
07:42:59.0406 0x09b8 mnmsrvc - ok
07:42:59.0453 0x09b8 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:42:59.0468 0x09b8 Modem - ok
07:42:59.0500 0x09b8 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:42:59.0500 0x09b8 Mouclass - ok
07:42:59.0531 0x09b8 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:42:59.0531 0x09b8 mouhid - ok
07:42:59.0765 0x09b8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:42:59.0781 0x09b8 MountMgr - ok
07:42:59.0781 0x09b8 mraid35x - ok
07:42:59.0859 0x09b8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:42:59.0859 0x09b8 MRxDAV - ok

dennis pengelly · Nov 20, 2014

Second TDS Scan Part 2

07:43:00.0046 0x09b8 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:43:00.0062 0x09b8 MRxSmb - ok
07:43:00.0109 0x09b8 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
07:43:00.0109 0x09b8 MSDTC - ok
07:43:00.0156 0x09b8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:43:00.0156 0x09b8 Msfs - ok
07:43:00.0171 0x09b8 MSIServer - ok
07:43:00.0187 0x09b8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:43:00.0203 0x09b8 MSKSSRV - ok
07:43:00.0218 0x09b8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:43:00.0218 0x09b8 MSPCLOCK - ok
07:43:00.0234 0x09b8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:43:00.0234 0x09b8 MSPQM - ok
07:43:00.0296 0x09b8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:43:00.0296 0x09b8 mssmbios - ok
07:43:00.0312 0x09b8 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
07:43:00.0312 0x09b8 MSTEE - ok
07:43:00.0375 0x09b8 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:43:00.0406 0x09b8 Mup - ok
07:43:00.0453 0x09b8 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:43:00.0500 0x09b8 NABTSFEC - ok
07:43:00.0640 0x09b8 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:43:00.0734 0x09b8 napagent - ok
07:43:00.0843 0x09b8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:43:00.0890 0x09b8 NDIS - ok
07:43:00.0921 0x09b8 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:43:00.0921 0x09b8 NdisIP - ok
07:43:00.0953 0x09b8 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:43:00.0953 0x09b8 NdisTapi - ok
07:43:00.0968 0x09b8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:43:00.0968 0x09b8 Ndisuio - ok
07:43:01.0015 0x09b8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:43:01.0015 0x09b8 NdisWan - ok
07:43:01.0062 0x09b8 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:43:01.0062 0x09b8 NDProxy - ok
07:43:01.0109 0x09b8 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
07:43:01.0109 0x09b8 Net Driver HPZ12 - ok
07:43:01.0125 0x09b8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:43:01.0140 0x09b8 NetBIOS - ok
07:43:01.0203 0x09b8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:43:01.0203 0x09b8 NetBT - ok
07:43:01.0296 0x09b8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
07:43:01.0328 0x09b8 NetDDE - ok
07:43:01.0390 0x09b8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:43:01.0390 0x09b8 NetDDEdsdm - ok
07:43:01.0421 0x09b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\System32\lsass.exe
07:43:01.0421 0x09b8 Netlogon - ok
07:43:01.0515 0x09b8 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
07:43:01.0515 0x09b8 Netman - ok
07:43:01.0640 0x09b8 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
07:43:01.0640 0x09b8 Nla - ok
07:43:01.0656 0x09b8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:43:01.0671 0x09b8 Npfs - ok
07:43:01.0859 0x09b8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:43:02.0062 0x09b8 Ntfs - ok
07:43:02.0078 0x09b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
07:43:02.0078 0x09b8 NtLmSsp - ok
07:43:02.0234 0x09b8 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:43:02.0453 0x09b8 NtmsSvc - ok
07:43:02.0531 0x09b8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
07:43:02.0531 0x09b8 Null - ok
07:43:02.0578 0x09b8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:43:02.0593 0x09b8 NwlnkFlt - ok
07:43:02.0625 0x09b8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:43:02.0640 0x09b8 NwlnkFwd - ok
07:43:02.0687 0x09b8 [ CEC7E2C6C1FA00C7AB2F5434F848AE51, 399CF962689652F6B3906F40D20EE7BBDA856CD56031A65C5A1E8718016FCE90 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
07:43:02.0687 0x09b8 OMCI - ok
07:43:02.0734 0x09b8 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:43:02.0734 0x09b8 Parport - ok
07:43:02.0750 0x09b8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:43:02.0765 0x09b8 PartMgr - ok
07:43:02.0796 0x09b8 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:43:02.0796 0x09b8 ParVdm - ok
07:43:02.0828 0x09b8 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:43:02.0859 0x09b8 PCI - ok
07:43:02.0875 0x09b8 PCIDump - ok
07:43:02.0875 0x09b8 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:43:02.0875 0x09b8 PCIIde - ok
07:43:02.0953 0x09b8 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:43:03.0000 0x09b8 Pcmcia - ok
07:43:03.0000 0x09b8 PDCOMP - ok
07:43:03.0015 0x09b8 PDFRAME - ok
07:43:03.0015 0x09b8 PDRELI - ok
07:43:03.0031 0x09b8 PDRFRAME - ok
07:43:03.0046 0x09b8 perc2 - ok
07:43:03.0046 0x09b8 perc2hib - ok
07:43:03.0125 0x09b8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
07:43:03.0125 0x09b8 PlugPlay - ok
07:43:03.0156 0x09b8 [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
07:43:03.0156 0x09b8 Pml Driver HPZ12 - ok
07:43:03.0171 0x09b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
07:43:03.0171 0x09b8 PolicyAgent - ok
07:43:03.0218 0x09b8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:43:03.0218 0x09b8 PptpMiniport - ok
07:43:03.0234 0x09b8 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
07:43:03.0234 0x09b8 Processor - ok
07:43:03.0250 0x09b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:43:03.0250 0x09b8 ProtectedStorage - ok
07:43:03.0281 0x09b8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:43:03.0281 0x09b8 PSched - ok
07:43:03.0328 0x09b8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:43:03.0328 0x09b8 Ptilink - ok
07:43:03.0328 0x09b8 ql1080 - ok
07:43:03.0343 0x09b8 Ql10wnt - ok
07:43:03.0343 0x09b8 ql12160 - ok
07:43:03.0359 0x09b8 ql1240 - ok
07:43:03.0375 0x09b8 ql1280 - ok
07:43:03.0390 0x09b8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:43:03.0390 0x09b8 RasAcd - ok
07:43:03.0453 0x09b8 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:43:03.0484 0x09b8 RasAuto - ok
07:43:03.0531 0x09b8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:43:03.0531 0x09b8 Rasl2tp - ok
07:43:03.0625 0x09b8 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:43:03.0625 0x09b8 RasMan - ok
07:43:03.0656 0x09b8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:43:03.0656 0x09b8 RasPppoe - ok
07:43:03.0671 0x09b8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:43:03.0671 0x09b8 Raspti - ok
07:43:03.0734 0x09b8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:43:03.0750 0x09b8 Rdbss - ok
07:43:03.0765 0x09b8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:43:03.0765 0x09b8 RDPCDD - ok
07:43:03.0906 0x09b8 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:43:03.0953 0x09b8 RDPWD - ok
07:43:04.0031 0x09b8 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:43:04.0125 0x09b8 RDSessMgr - ok
07:43:04.0234 0x09b8 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
07:43:04.0250 0x09b8 RealNetworks Downloader Resolver Service - ok
07:43:04.0312 0x09b8 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:43:04.0312 0x09b8 redbook - ok
07:43:04.0375 0x09b8 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:43:04.0453 0x09b8 RemoteAccess - ok
07:43:04.0562 0x09b8 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe
07:43:04.0593 0x09b8 RpcLocator - ok
07:43:04.0781 0x09b8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
07:43:04.0796 0x09b8 RpcSs - ok
07:43:04.0937 0x09b8 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe
07:43:05.0015 0x09b8 RSVP - ok
07:43:05.0093 0x09b8 [ 223D721E1334425DF479B58123C9E886, D0B3B68C66E918CDD117E2E5FFEBDE83B892096A1CBEC34F0EB5142BCDF9F0DE ] RTL8023xp C:\WINDOWS\system32\DRIVERS\EG1032xp.sys
07:43:05.0093 0x09b8 RTL8023xp - ok
07:43:05.0109 0x09b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
07:43:05.0109 0x09b8 SamSs - ok
07:43:05.0203 0x09b8 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:43:05.0281 0x09b8 SCardSvr - ok
07:43:05.0468 0x09b8 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:43:05.0468 0x09b8 Schedule - ok
07:43:05.0546 0x09b8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:43:05.0562 0x09b8 Secdrv - ok
07:43:05.0593 0x09b8 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:43:05.0609 0x09b8 seclogon - ok
07:43:05.0687 0x09b8 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
07:43:05.0687 0x09b8 SENS - ok
07:43:05.0718 0x09b8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:43:05.0718 0x09b8 serenum - ok
07:43:05.0765 0x09b8 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:43:05.0765 0x09b8 Serial - ok
07:43:05.0843 0x09b8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:43:05.0843 0x09b8 Sfloppy - ok
07:43:06.0000 0x09b8 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:43:06.0109 0x09b8 SharedAccess - ok
07:43:06.0187 0x09b8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:43:06.0203 0x09b8 ShellHWDetection - ok
07:43:06.0218 0x09b8 Simbad - ok
07:43:06.0281 0x09b8 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:43:06.0328 0x09b8 SLIP - ok
07:43:06.0625 0x09b8 [ 39F9595D2F6F7EB93F45A466789A6F49, 57BF163924D9EA1CC109ABA49899E04D478D9A85195A1161F9611C07A8F58D4D ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
07:43:06.0640 0x09b8 smwdm - ok
07:43:06.0640 0x09b8 Sparrow - ok
07:43:06.0812 0x09b8 [ DC7F26E519331D074E6D3D8A90595364, 4DB650046BB439101F48224E21F69CB10DD441EDA25E1A1895496C5FF1F88C6D ] spkrmon C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
07:43:06.0812 0x09b8 spkrmon - ok
07:43:06.0875 0x09b8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:43:06.0875 0x09b8 splitter - ok
07:43:06.0953 0x09b8 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:43:06.0953 0x09b8 Spooler - ok
07:43:07.0046 0x09b8 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:43:07.0125 0x09b8 sr - ok
07:43:07.0250 0x09b8 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\System32\srsvc.dll
07:43:07.0265 0x09b8 srservice - ok
07:43:07.0546 0x09b8 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:43:07.0562 0x09b8 Srv - ok
07:43:07.0640 0x09b8 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:43:07.0640 0x09b8 SSDPSRV - ok
07:43:07.0828 0x09b8 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:43:07.0843 0x09b8 stisvc - ok
07:43:07.0906 0x09b8 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:43:07.0906 0x09b8 streamip - ok
07:43:07.0953 0x09b8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:43:07.0953 0x09b8 swenum - ok
07:43:08.0015 0x09b8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:43:08.0015 0x09b8 swmidi - ok
07:43:08.0015 0x09b8 SwPrv - ok
07:43:08.0062 0x09b8 symc810 - ok
07:43:08.0093 0x09b8 symc8xx - ok
07:43:08.0125 0x09b8 sym_hi - ok
07:43:08.0140 0x09b8 sym_u3 - ok
07:43:08.0203 0x09b8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:43:08.0203 0x09b8 sysaudio - ok
07:43:08.0328 0x09b8 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:43:08.0390 0x09b8 SysmonLog - ok
07:43:08.0578 0x09b8 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:43:08.0593 0x09b8 TapiSrv - ok
07:43:08.0812 0x09b8 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:43:08.0828 0x09b8 Tcpip - ok
07:43:08.0890 0x09b8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:43:08.0906 0x09b8 TDPIPE - ok
07:43:08.0984 0x09b8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:43:09.0000 0x09b8 TDTCP - ok
07:43:09.0046 0x09b8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:43:09.0062 0x09b8 TermDD - ok
07:43:09.0250 0x09b8 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
07:43:09.0265 0x09b8 TermService - ok
07:43:09.0718 0x09b8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
07:43:09.0718 0x09b8 Themes - ok
07:43:09.0734 0x09b8 TosIde - ok
07:43:09.0796 0x09b8 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:43:09.0812 0x09b8 TrkWks - ok
07:43:09.0875 0x09b8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:43:09.0875 0x09b8 Udfs - ok
07:43:09.0890 0x09b8 ultra - ok
07:43:10.0187 0x09b8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:43:10.0203 0x09b8 Update - ok
07:43:10.0359 0x09b8 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
07:43:10.0437 0x09b8 upnphost - ok
07:43:10.0515 0x09b8 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
07:43:10.0578 0x09b8 UPS - ok
07:43:10.0765 0x09b8 [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
07:43:10.0812 0x09b8 USBAAPL - ok
07:43:10.0890 0x09b8 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
07:43:10.0890 0x09b8 usbaudio - ok
07:43:10.0937 0x09b8 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:43:10.0937 0x09b8 usbccgp - ok
07:43:11.0015 0x09b8 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:43:11.0015 0x09b8 usbehci - ok
07:43:11.0125 0x09b8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:43:11.0125 0x09b8 usbhub - ok
07:43:11.0171 0x09b8 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:43:11.0171 0x09b8 usbprint - ok
07:43:11.0265 0x09b8 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:43:11.0265 0x09b8 usbscan - ok
07:43:11.0406 0x09b8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:43:11.0453 0x09b8 USBSTOR - ok
07:43:11.0609 0x09b8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:43:11.0609 0x09b8 usbuhci - ok
07:43:11.0671 0x09b8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:43:11.0671 0x09b8 VgaSave - ok
07:43:11.0671 0x09b8 ViaIde - ok
07:43:11.0734 0x09b8 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:43:11.0750 0x09b8 VolSnap - ok
07:43:11.0875 0x09b8 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
07:43:11.0984 0x09b8 VSS - ok
07:43:12.0062 0x09b8 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\System32\w32time.dll
07:43:12.0062 0x09b8 W32Time - ok
07:43:12.0125 0x09b8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:43:12.0125 0x09b8 Wanarp - ok
07:43:12.0328 0x09b8 [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
07:43:12.0343 0x09b8 Wdf01000 - ok
07:43:12.0343 0x09b8 WDICA - ok
07:43:12.0390 0x09b8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:43:12.0390 0x09b8 wdmaud - ok
07:43:12.0453 0x09b8 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
07:43:12.0453 0x09b8 WebClient - ok
07:43:12.0578 0x09b8 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:43:12.0578 0x09b8 winmgmt - ok
07:43:12.0656 0x09b8 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
07:43:12.0671 0x09b8 WmdmPmSN - ok
07:43:12.0765 0x09b8 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
07:43:12.0812 0x09b8 WmiApSrv - ok
07:43:13.0140 0x09b8 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:43:13.0406 0x09b8 WPFFontCache_v0400 - ok
07:43:13.0500 0x09b8 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:43:13.0500 0x09b8 wscsvc - ok
07:43:13.0546 0x09b8 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:43:13.0546 0x09b8 WSTCODEC - ok
07:43:13.0578 0x09b8 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:43:13.0593 0x09b8 wuauserv - ok
07:43:13.0781 0x09b8 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:43:13.0781 0x09b8 WZCSVC - ok
07:43:13.0859 0x09b8 x10nets - ok
07:43:13.0937 0x09b8 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:43:13.0984 0x09b8 xmlprov - ok
07:43:14.0218 0x09b8 [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
07:43:14.0234 0x09b8 YahooAUService - ok
07:43:14.0234 0x09b8 ================ Scan global ===============================
07:43:14.0296 0x09b8 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
07:43:14.0437 0x09b8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:43:14.0546 0x09b8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:43:14.0609 0x09b8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
07:43:14.0609 0x09b8 [ Global ] - ok
07:43:14.0609 0x09b8 ================ Scan MBR ==================================
07:43:14.0640 0x09b8 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:43:14.0953 0x09b8 \Device\Harddisk0\DR0 - ok
07:43:14.0953 0x09b8 ================ Scan VBR ==================================
07:43:14.0968 0x09b8 [ F6955C1DEF39845F2D0E0F37C582E01F ] \Device\Harddisk0\DR0\Partition1
07:43:15.0000 0x09b8 \Device\Harddisk0\DR0\Partition1 - ok
07:43:15.0000 0x09b8 ================ Scan generic autorun ======================
07:43:15.0203 0x09b8 [ 2B4EC8708AF814DC49E55404988D010A, E6AFD61DD865D65CFB1B55897DBA57EA7457A6F16D4B3C48AAD996322BFBFBB7 ] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
07:43:15.0203 0x09b8 ATIPTA - ok
07:43:15.0218 0x09b8 ATI DeviceDetect - ok
07:43:15.0218 0x09b8 Waiting for KSN requests completion. In queue: 183
07:43:16.0218 0x09b8 Waiting for KSN requests completion. In queue: 183
07:43:17.0218 0x09b8 Waiting for KSN requests completion. In queue: 183
07:43:18.0265 0x09b8 Win FW state via NFM: enabled
07:43:20.0734 0x09b8 ============================================================
07:43:20.0734 0x09b8 Scan finished
07:43:20.0734 0x09b8 ============================================================
07:43:20.0750 0x09b0 Detected object count: 0
07:43:20.0750 0x09b0 Actual detected object count: 0

Broni · Nov 20, 2014

Very good

Re-run DDS and you should get both logs now.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download

Malwarebytes Anti-Rootkit to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Double click on downloaded file. OK self extracting prompt.
MBAR will start. Click "Next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes icon in the system tray and click on Exit.

dennis pengelly · Nov 20, 2014

Here are both DDS Logs:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/22/2014 9:37:16 AM
System Uptime: 11/20/2014 2:42:23 PM (7 hours ago)
.
Motherboard: Dell Computer Corp. | | 0W2562
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 51.143 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP138: 8/27/2014 12:37:21 PM - System Checkpoint
RP139: 8/29/2014 9:53:40 AM - System Checkpoint
RP140: 9/5/2014 1:08:53 PM - System Checkpoint
RP141: 9/6/2014 1:03:11 PM - Software Distribution Service 3.0
RP142: 9/11/2014 8:08:54 AM - System Checkpoint
RP143: 9/12/2014 6:35:18 PM - System Checkpoint
RP144: 9/13/2014 7:04:53 PM - System Checkpoint
RP145: 9/14/2014 7:52:48 PM - System Checkpoint
RP146: 9/15/2014 8:52:48 PM - System Checkpoint
RP147: 9/16/2014 9:52:48 PM - System Checkpoint
RP148: 9/17/2014 10:52:48 PM - System Checkpoint
RP149: 9/18/2014 11:52:48 PM - System Checkpoint
RP150: 9/20/2014 12:52:49 AM - System Checkpoint
RP151: 9/21/2014 8:07:36 PM - System Checkpoint
RP152: 9/23/2014 8:08:00 AM - System Checkpoint
RP153: 9/25/2014 1:04:58 PM - System Checkpoint
RP154: 9/25/2014 2:15:39 PM - Software Distribution Service 3.0
RP155: 9/25/2014 3:22:08 PM - Installed Microsoft Fix it 50267
RP156: 9/29/2014 4:55:28 PM - System Checkpoint
RP157: 10/12/2014 10:49:15 AM - Installed iTunes
RP158: 10/15/2014 1:15:23 PM - System Checkpoint
RP159: 10/16/2014 1:16:17 PM - System Checkpoint
RP160: 10/17/2014 6:00:47 PM - System Checkpoint
RP161: 10/20/2014 5:08:47 PM - System Checkpoint
RP162: 10/21/2014 5:13:52 PM - System Checkpoint
RP163: 10/22/2014 6:01:28 PM - System Checkpoint
RP164: 10/23/2014 6:07:52 PM - System Checkpoint
RP165: 10/24/2014 7:01:46 PM - System Checkpoint
RP166: 10/25/2014 7:55:39 PM - System Checkpoint
RP167: 11/5/2014 1:44:44 PM - System Checkpoint
RP168: 11/6/2014 2:22:17 PM - System Checkpoint
RP169: 11/7/2014 3:11:40 PM - System Checkpoint
RP170: 11/9/2014 1:19:51 PM - System Checkpoint
RP171: 11/12/2014 10:17:14 AM - System Checkpoint
RP172: 11/13/2014 12:03:01 PM - System Checkpoint
RP173: 11/15/2014 9:36:55 AM - System Checkpoint
RP174: 11/17/2014 11:49:25 AM - System Checkpoint
RP175: 11/18/2014 12:08:31 PM - System Checkpoint
RP176: 11/19/2014 12:14:14 PM - System Checkpoint
RP177: 11/20/2014 12:15:55 PM - Removed Logitech SetPoint 5.00.
RP178: 11/20/2014 12:41:13 PM - Software Distribution Service 3.0
RP179: 11/20/2014 2:37:12 PM - Removed Logitech Vid.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 15 ActiveX
Adobe Reader XI (11.0.08)
AIO_Scan
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Decoder
ATI Display Driver
ATI HYDRAVISION
ATI Multimedia Center 9.0.0.0
ATI Remote Wonder 2.3
ATIRW2
Bonjour
BufferChm
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
CameraHelperMsi
Copy
CustomerResearchQFolder
DAO
Dell ResourceCD
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
erLT
eSupportQFolder
F4100
F4100_doccd
F4100_Help
File Association Helper
Free M4a to MP3 Converter 8.2
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
iTunes
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 2.0.3.1025
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft ReportViewer 2010 Redistributable
Microsoft Silverlight
MMC90
Mozilla Firefox 33.1.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Pdf2Jpg version 1.2
PSSWCORE
QuickTime 7
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Scan
ScopeUserGuide
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2898785)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype™ 6.21
SolutionCenter
SoundMAX
Status
Toolbox
TrayApp
TurboTax 2013
TurboTax 2013 wctiper
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wrapper
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VideoToolkit01
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Encoder 9 Series
Windows XP Service Pack 3
WinZip 19.0
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/20/2014 12:03:49 PM, error: Dhcp [1002] - The IP address lease 192.168.1.114 for the Network Card with network address 00226BC44363 has been denied by the DHCP server 68.114.36.67 (The DHCP Server sent a DHCPNACK message).
11/20/2014 12:02:00 PM, error: Service Control Manager [7034] - The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).
11/20/2014 1:19:25 PM, error: Dhcp [1002] - The IP address lease 75.134.11.47 for the Network Card with network address 00226BC44363 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/18/2014 9:43:22 AM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 2 time(s).
11/18/2014 9:13:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Emsisoft Protection Service service to connect.
11/18/2014 9:13:07 AM, error: Service Control Manager [7000] - The Emsisoft Protection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/18/2014 8:11:08 AM, error: Service Control Manager [7034] - The Emsisoft Protection Service service terminated unexpectedly. It has done this 4 time(s).
11/18/2014 8:10:01 AM, error: Service Control Manager [7034] - The Emsisoft Protection Service service terminated unexpectedly. It has done this 3 time(s).
11/18/2014 8:09:24 AM, error: Service Control Manager [7031] - The Emsisoft Protection Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/18/2014 7:38:22 AM, error: Service Control Manager [7031] - The Emsisoft Protection Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/17/2014 3:05:51 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
11/17/2014 2:21:27 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
11/16/2014 8:06:26 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 2 time(s).
11/16/2014 1:01:50 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512
Run by dennis pengelly at 21:31:40 on 2014-11-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.240 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\File Association Helper\FAHWindow.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uProxyServer = 0.0.0.0:80
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn13\yt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users.windows\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: AOL Toolbar Launcher: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ATI Launchpad] "c:\program files\ati multimedia\main\launchpd.exe"
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [Logitech Vid HD] "c:\program files\logitech\vid\vid.exe" -bootmode
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATI DeviceDetect] c:\program files\ati multimedia\\program files\ati multimedia\main\ATIDtct.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [FAHConsole] c:\program files\file association helper\FAHConsole.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
StartupFolder: c:\docume~1\dennis~1.den\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 71.10.216.1 71.10.216.2
TCP: Interfaces\{1C654C1B-F352-41BE-A63C-8ECEC7166322} : DHCPNameServer = 71.10.216.1 71.10.216.2
Notify: AtiExtEvent - Ati2evxx.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dennis pengelly.dentech-cxslvns\application data\mozilla\firefox\profiles\uifpypoh.default\
FF - plugin: c:\documents and settings\all users.windows\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users.windows\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users.windows\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users.windows\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2014-1-3 14624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-3-24 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-3-24 968504]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-24 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-3-24 114904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 a2acc;a2acc;\??\c:\program files\emsisoft anti-malware\a2accx86.sys --> c:\program files\emsisoft anti-malware\a2accx86.sys [?]
S3 cleanhlp;cleanhlp;\??\c:\program files\emsisoft anti-malware\cleanhlp32.sys --> c:\program files\emsisoft anti-malware\cleanhlp32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-11-20 20:36:41 -------- d-----w- c:\documents and settings\dennis pengelly.dentech-cxslvns\local settings\application data\Mozilla
2014-11-20 20:36:15 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-11-20 20:36:04 48240 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-11-20 20:36:03 904104 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2014-11-20 19:37:48 -------- d-----w- c:\documents and settings\dennis pengelly.dentech-cxslvns\local settings\application data\Logitech® Webcam Software
2014-11-20 18:43:20 53248 ----a-r- c:\documents and settings\dennis pengelly.dentech-cxslvns\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2014-11-20 12:37:09 -------- d-----w- C:\TDSSKiller_Quarantine
2014-11-18 02:56:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-11-18 02:56:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-11-18 02:56:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-11-18 02:56:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-11-18 02:56:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-11-18 02:50:47 -------- d-----w- c:\program files\iPod
2014-11-18 02:50:46 -------- d-----w- c:\program files\iTunes
2014-11-18 02:47:26 -------- d-----w- c:\documents and settings\all users.windows\application data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-18 02:05:06 -------- d-----w- c:\documents and settings\all users.windows\application data\Emsisoft
2014-11-17 20:00:45 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2014-11-16 01:26:50 -------- d-----w- c:\documents and settings\dennis pengelly.dentech-cxslvns\local settings\application data\WinZip
2014-11-16 01:24:27 -------- d-----w- c:\program files\File Association Helper
2014-10-22 19:48:43 6000640 ----a-w- c:\program files\GUT141.tmp
2014-10-22 19:48:43 -------- d-----w- c:\program files\GUM140.tmp
.
==================== Find3M ====================
.
2014-11-20 22:16:37 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 13:47:24 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-12 13:47:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 13:46:12 17339056 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-10-01 16:11:18 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 16:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 21:32:56.98 ===============

Broni · Nov 20, 2014

I don't see any AV program running.
Why?

dennis pengelly · Nov 20, 2014

Malwarebytes is running

dennis pengelly · Nov 20, 2014

RogueKiller Log

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : dennis pengelly [Administrator]
Mode : Delete -- Date : 11/20/2014 22:13:33

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\DOCUME~1\DENNIS~1.DEN\LOCALS~1\Temp\mbr.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\DOCUME~1\DENNIS~1.DEN\LOCALS~1\Temp\mbr.sys) -> Not selected
[PUM.Proxy] HKEY_USERS\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 0.0.0.0:80 -> Not selected
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Not selected
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C654C1B-F352-41BE-A63C-8ECEC7166322} | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1C654C1B-F352-41BE-A63C-8ECEC7166322} | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1C654C1B-F352-41BE-A63C-8ECEC7166322} | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 5 (Driver: Loaded) ¤¤¤
[IAT:Addr] (firefox.exe @ SHELL32.dll) USERENV.dll - GetUserProfileDirectoryW : Unknown @ 0x769c6357
[IAT:Addr] (firefox.exe @ mswsock.dll) DNSAPI.dll - DnsQueryConfigAllocEx : Unknown @ 0x76f27a55
[IAT:Addr] (firefox.exe @ mswsock.dll) DNSAPI.dll - DnsRecordListFree : Unknown @ 0x76f25b12
[IAT:Addr] (firefox.exe @ mswsock.dll) DNSAPI.dll - DnsApiFree : Unknown @ 0x76f237a1
[IAT:Addr] (firefox.exe @ mswsock.dll) DNSAPI.dll - DnsQuery_W : Unknown @ 0x76f22da3

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3120026AS +++++
--- User ---
[MBR] a383a678cd224af9ca496c06637b93d2
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 80325 | Size: 114400 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_11202014_221041.log

Broni · Nov 20, 2014

Malwarebytes is NOT an AV program.
When you're done with MBAR...

Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Update, run full scan, report on any findings.

dennis pengelly · Nov 20, 2014

OK...Going to create restore point and run MBAR

dennis pengelly · Nov 21, 2014

MBAR Results

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.11.21.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
dennis pengelly :: DENTECH-CXSLVNS [administrator]

11/20/2014 10:50:16 PM
mbar-log-2014-11-20 (22-50-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 506372
Time elapsed: 1 hour(s), 39 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 1072693248, free: 325308416

Downloaded database version: v2014.11.21.02
Downloaded database version: v2014.11.18.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
------------ Kernel report ------------
11/20/2014 22:49:20
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\EG1032xp.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\ATIRWVD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\ipfltdrv.sys
\??\C:\DOCUME~1\DENNIS~1.DEN\LOCALS~1\Temp\mbr.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86766ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-5\
Lower Device Object: 0xffffffff8675ed98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86766ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86796900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86766ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8675ed98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9DC96E9E

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 80325 Numsec = 234291960
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 120000000000 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-80325-I.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Broni · Nov 21, 2014

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

dennis pengelly · Nov 21, 2014

Combofix Log

ComboFix 14-11-18.01 - dennis pengelly 11/21/2014 20:23:04.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.680 [GMT -5:00]
Running from: c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
C:\END
c:\program files\Internet Explorer\SET2CC.tmp
c:\program files\Internet Explorer\SET2CE.tmp
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\dasetup.log
c:\windows\msdownld.tmp
c:\windows\system32\AutoRun.inf
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\SET2B9.tmp
c:\windows\system32\SET2BA.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2C1.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C6.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\WNLT
c:\windows\wmsysprx.prx
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LEVEL_QUALITY_WATCHER
.
.
((((((((((((((((((((((((( Files Created from 2014-10-22 to 2014-11-22 )))))))))))))))))))))))))))))))
.
.
2014-11-21 20:41 . 2014-11-21 20:41 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Temp
2014-11-21 20:39 . 2014-11-21 20:39 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\AVAST Software
2014-11-21 20:38 . 2014-11-21 20:38 -------- d-----w- c:\windows\jumpshot.com
2014-11-21 20:34 . 2014-11-21 20:33 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-11-21 20:34 . 2014-11-21 20:37 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-21 20:34 . 2014-11-21 20:33 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-21 20:34 . 2014-11-21 20:33 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-21 20:34 . 2014-11-21 20:33 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-21 20:34 . 2014-11-21 20:33 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-21 20:34 . 2014-11-21 20:33 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-11-21 20:34 . 2014-11-22 01:47 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 20:34 . 2014-11-21 20:33 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-21 20:33 . 2014-11-21 20:33 43152 ----a-w- c:\windows\avastSS.scr
2014-11-21 20:29 . 2014-11-21 20:29 -------- d-----w- c:\program files\AVAST Software
2014-11-21 20:28 . 2014-11-21 20:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2014-11-21 17:06 . 2014-11-21 17:06 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\CHARTER
2014-11-21 17:06 . 2014-11-21 17:06 92504 ----a-r- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Microsoft\Installer\{c9ca25aa-aa3a-4b61-ad9f-070a2ed1a082}\ARPPRODUCTICON.exe
2014-11-21 17:05 . 2014-11-21 17:05 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter
2014-11-21 14:47 . 2014-11-21 14:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F-Secure
2014-11-21 03:49 . 2014-11-21 06:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2014-11-21 03:01 . 2014-11-21 03:01 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-21 03:01 . 2014-11-21 03:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RogueKiller
2014-11-20 20:36 . 2014-11-20 20:36 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Mozilla
2014-11-20 20:36 . 2014-11-20 20:36 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-11-20 19:37 . 2014-11-20 19:37 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Logitech® Webcam Software
2014-11-20 18:43 . 2014-11-20 18:43 53248 ----a-r- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-11-20 18:39 . 2014-11-20 18:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Logitech
2014-11-20 12:37 . 2014-11-20 12:37 -------- d-----w- C:\TDSSKiller_Quarantine
2014-11-18 02:56 . 2014-11-18 02:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2014-11-18 02:56 . 2014-11-18 02:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2014-11-18 02:56 . 2014-11-18 02:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2014-11-18 02:56 . 2014-11-18 02:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2014-11-18 02:56 . 2014-11-18 02:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2014-11-18 02:50 . 2014-11-18 02:51 -------- d-----w- c:\program files\iPod
2014-11-18 02:50 . 2014-11-18 02:51 -------- d-----w- c:\program files\iTunes
2014-11-18 02:47 . 2014-11-18 02:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-18 02:05 . 2014-11-18 02:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Emsisoft
2014-11-17 20:00 . 2014-11-18 14:21 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2014-11-16 01:26 . 2014-11-16 01:27 -------- d-----w- c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\WinZip
2014-11-16 01:26 . 2014-11-16 01:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2014-11-16 01:24 . 2014-11-16 01:24 -------- d-----w- c:\program files\File Association Helper
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-21 20:32 . 2014-11-21 20:34 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1416620858734
2014-11-21 17:34 . 2014-03-24 19:59 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-21 03:44 . 2014-03-24 19:58 55000 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-12 13:47 . 2014-01-23 15:00 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-12 13:47 . 2014-01-23 15:00 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 13:46 . 2014-07-09 13:44 17339056 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-10-22 19:49 . 2014-10-22 19:48 6000640 ----a-w- c:\program files\GUT141.tmp
2014-10-01 16:11 . 2014-03-24 19:58 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn13\yt.dll" [2014-06-02 1583384]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-21 20:33 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2004-03-31 106570]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-03-23 196608]
"PCShowServer"="c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\PCShowServerPMWrapper.exe" [2014-10-29 1651072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-24 335872]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 55824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2014-07-01 295512]
"FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2014-01-28 616632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-21 5226600]
.
c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Documents and Settings\\dennis pengelly\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [11/21/2014 3:34 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [11/21/2014 3:34 PM 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [11/21/2014 3:34 PM 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [11/21/2014 3:34 PM 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [11/21/2014 3:34 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [11/21/2014 3:34 PM 70384]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [1/3/2014 11:44 AM 14624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [3/24/2014 2:58 PM 1871160]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 2:19 PM 39056]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe [4/1/2011 12:11 AM 450848]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/24/2014 2:58 PM 23256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [3/24/2014 2:58 PM 968504]
S3 a2acc;a2acc;\??\c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys --> c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [?]
S3 cleanhlp;cleanhlp;\??\c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys --> c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [3/24/2014 2:59 PM 114904]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWRVRT
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-21 19:06 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-23 13:47]
.
2014-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-11-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-21 20:32]
.
2014-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 19:48]
.
2014-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 19:48]
.
2014-11-22 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-05-02 01:59]
.
2014-09-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-05-02 01:59]
.
2014-11-22 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-11-22 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/?trackid=sp-006
mStart Page = https://www.google.com/?trackid=sp-006
mSearch Bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyServer = 0.0.0.0:80
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
TCP: DhcpNameServer = 71.10.216.1 71.10.216.2
FF - ProfilePath - c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Mozilla\Firefox\Profiles\uifpypoh.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Logitech Vid HD - c:\program files\Logitech\Vid\vid.exe
HKLM-Run-ATI DeviceDetect - c:\program files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
SafeBoot-68122047.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-21 20:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3788)
c:\program files\File Association Helper\FAHDll.dll
c:\documents and settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\File Association Helper\FAHWindow.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\rundll32.exe
c:\documents and settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\NDSPCShowServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-11-21 20:52:31 - machine was rebooted
ComboFix-quarantined-files.txt 2014-11-22 01:52
.
Pre-Run: 53,953,196,032 bytes free
Post-Run: 55,320,920,064 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 4AC4AE038507367AD3BDB02CE9095887
8F558EB6672622401DA993E1E865C861

Broni · Nov 21, 2014

Looks good.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

dennis pengelly · Nov 21, 2014

AdwCleaner Log

# AdwCleaner v4.101 - Report created 21/11/2014 at 22:22:00
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : dennis pengelly - DENTECH-CXSLVNS
# Running from : C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\My Documents\Downloads\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

-\\ Google Chrome v39.0.2171.65

*************************

AdwCleaner[R0].txt - [2550 octets] - [21/11/2014 22:17:36]
AdwCleaner[S0].txt - [2505 octets] - [21/11/2014 22:22:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2565 octets] ##########

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Microsoft Windows XP x86
Ran by dennis pengelly on Fri 11/21/2014 at 22:32:18.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/21/2014 at 22:39:20.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logs (Part 1)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-11-2014
Ran by dennis pengelly (administrator) on DENTECH-CXSLVNS on 21-11-2014 22:43:21
Running from C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\My Documents\Downloads
Loaded Profile: dennis pengelly (Available profiles: dennis pengelly)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ATI Technologies Inc.) C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
(NDS Technologies) C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\PCShowServerPMWrapper.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
() C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\NDSPCShowServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2004-03-23] (ATI Technologies, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [55824 2007-07-17] (Logitech, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-07-01] (RealNetworks, Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-21] (AVAST Software)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1801674531-790525478-725345543-1004\...\Run: [ATI Launchpad] => C:\Program Files\ATI Multimedia\main\launchpd.exe [106570 2004-03-31] (ATI Technologies Inc.)
HKU\S-1-5-21-1801674531-790525478-725345543-1004\...\Run: [ATI Remote Control] => C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe [196608 2004-03-23] (ATI Technologies Inc.)
HKU\S-1-5-21-1801674531-790525478-725345543-1004\...\Run: [PCShowServer] => C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\PCShowServerPMWrapper.exe [1651072 2014-10-29] (NDS Technologies)
Startup: C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1801674531-790525478-725345543-1004] => 0.0.0.0:80
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
URLSearchHook: HKU\S-1-5-21-1801674531-790525478-725345543-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-1801674531-790525478-725345543-1004 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\yt.dll (Yahoo! Inc.)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2

FireFox:
========
FF ProfilePath: C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Mozilla\Firefox\Profiles\uifpypoh.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1801674531-790525478-725345543-1004: @cisco.com/PlayerPlugin -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\npPlayerPlugin.dll (Cisco)
FF Plugin HKU\S-1-5-21-1801674531-790525478-725345543-1004: @cisco.com/PlayerPlugin64 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\win64\npPlayerPlugin64.dll (Cisco)
FF Plugin HKU\S-1-5-21-1801674531-790525478-725345543-1004: Charter.com/PlayerPlugin -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\npPlayerPlugin.dll (Cisco)
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-21]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-28]
CHR Extension: (Google Drive) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-02]
CHR Extension: (YouTube) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-28]
CHR Extension: (Google Search) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-28]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-21]
CHR Extension: (RealDownloader) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-28]
CHR Extension: (Gmail) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-03-23] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [61440 2003-06-16] () [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 x10nets; C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
R3 ATI Remote Wonder II; C:\WINDOWS\System32\drivers\ATIRWVD.SYS [258044 2004-01-23] (Jungo) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-14] (Logitech Inc.)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-21] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\EG1032xp.sys [71040 2005-01-31] (Linksys, A Division of Cisco Systems, Inc )
S3 a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 22:42 - 2014-11-21 22:43 - 00000000 ____D () C:\FRST
2014-11-21 22:39 - 2014-11-21 22:39 - 00001206 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\JRT.txt
2014-11-21 22:32 - 2014-11-21 22:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-21 22:26 - 2014-11-21 22:26 - 00002645 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\AdwCleaner[S0].txt
2014-11-21 22:17 - 2014-11-21 22:22 - 00000000 ____D () C:\AdwCleaner
2014-11-21 20:52 - 2014-11-21 22:43 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp
2014-11-21 20:52 - 2014-11-21 20:52 - 00019613 _____ () C:\ComboFix.txt
2014-11-21 20:52 - 2014-11-21 20:52 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2014-11-21 20:52 - 2014-11-21 20:52 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2014-11-21 20:17 - 2014-01-22 11:38 - 00000211 _____ () C:\Boot.bak
2014-11-21 20:16 - 2014-11-21 20:17 - 00000000 _RSHD () C:\cmdcons
2014-11-21 20:16 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-11-21 20:12 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-21 20:12 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-21 20:12 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-11-21 20:12 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-21 20:12 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-21 20:12 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-21 20:12 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-21 20:12 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-21 20:12 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-21 20:11 - 2014-11-21 20:52 - 00000000 ____D () C:\Qoobox
2014-11-21 20:10 - 2014-11-21 20:50 - 00000000 ____D () C:\WINDOWS\erdnt
2014-11-21 15:41 - 2014-11-21 15:41 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Temp
2014-11-21 15:39 - 2014-11-21 15:39 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\AVAST Software
2014-11-21 15:38 - 2014-11-21 15:38 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-11-21 15:37 - 2014-11-21 22:25 - 00000382 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-21 15:37 - 2014-11-21 15:37 - 00001731 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Avast Free Antivirus.lnk
2014-11-21 15:37 - 2014-11-21 15:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVAST Software
2014-11-21 15:37 - 2014-11-21 15:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVAST Software
2014-11-21 15:34 - 2014-11-21 20:47 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-21 15:34 - 2014-11-21 15:37 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-11-21 15:34 - 2014-11-21 15:33 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-11-21 15:34 - 2014-11-21 15:33 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-11-21 15:34 - 2014-11-21 15:33 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-11-21 15:34 - 2014-11-21 15:33 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-11-21 15:34 - 2014-11-21 15:33 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-11-21 15:34 - 2014-11-21 15:33 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-11-21 15:34 - 2014-11-21 15:33 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-11-21 15:33 - 2014-11-21 15:33 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-11-21 15:29 - 2014-11-21 15:29 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-21 15:28 - 2014-11-21 15:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
2014-11-21 15:28 - 2014-11-21 15:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
2014-11-21 14:56 - 2014-11-21 21:00 - 00000353 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\Other PC problems.txt
2014-11-21 14:40 - 2014-11-21 14:40 - 00001507 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\Notepad.lnk
2014-11-21 12:06 - 2014-11-21 12:06 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\CHARTER
2014-11-21 12:05 - 2014-11-21 12:05 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter
2014-11-21 09:47 - 2014-11-21 09:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
2014-11-21 09:47 - 2014-11-21 09:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
2014-11-20 22:49 - 2014-11-21 01:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2014-11-20 22:49 - 2014-11-21 01:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2014-11-20 22:01 - 2014-11-20 22:01 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-20 22:01 - 2014-11-20 22:01 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\RogueKiller
2014-11-20 22:01 - 2014-11-20 22:01 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\RogueKiller
2014-11-20 15:36 - 2014-11-20 15:37 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Mozilla
2014-11-20 15:36 - 2014-11-20 15:36 - 00000730 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-20 15:36 - 2014-11-20 15:36 - 00000730 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-20 15:36 - 2014-11-20 15:36 - 00000724 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
2014-11-20 15:36 - 2014-11-20 15:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-20 15:36 - 2014-11-20 15:36 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Mozilla
2014-11-20 15:36 - 2014-11-20 15:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
2014-11-20 15:36 - 2014-11-20 15:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
2014-11-20 15:35 - 2014-11-20 15:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-20 14:50 - 2014-11-20 14:50 - 00015648 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-20 14:37 - 2014-11-20 14:37 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Logitech® Webcam Software
2014-11-20 13:39 - 2014-11-20 13:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech
2014-11-20 13:39 - 2014-11-20 13:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech
2014-11-20 13:38 - 2014-11-20 14:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Logitech
2014-11-20 13:38 - 2014-11-20 14:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Logitech
2014-11-20 13:38 - 2014-11-20 13:38 - 00001261 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Logitech Webcam Software .lnk
2014-11-20 07:37 - 2014-11-20 07:37 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-18 07:55 - 2014-11-18 08:00 - 00026551 _____ () C:\WINDOWS\ie8Uninst.log
2014-11-17 21:56 - 2014-11-17 21:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\QuickTime
2014-11-17 21:56 - 2014-11-17 21:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\QuickTime
2014-11-17 21:51 - 2014-11-17 21:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
2014-11-17 21:51 - 2014-11-17 21:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
2014-11-17 21:50 - 2014-11-17 21:51 - 00000000 ____D () C:\Program Files\iTunes
2014-11-17 21:50 - 2014-11-17 21:51 - 00000000 ____D () C:\Program Files\iPod
2014-11-17 21:47 - 2014-11-17 21:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-17 21:47 - 2014-11-17 21:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-17 21:05 - 2014-11-17 21:05 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Emsisoft
2014-11-17 21:05 - 2014-11-17 21:05 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Emsisoft
2014-11-17 15:00 - 2014-11-18 09:21 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-11-15 20:26 - 2014-11-15 20:27 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\WinZip
2014-11-15 20:26 - 2014-11-15 20:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2014-11-15 20:26 - 2014-11-15 20:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2014-11-15 20:26 - 2014-11-15 20:26 - 00001732 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\WinZip.lnk
2014-11-15 20:26 - 2014-11-15 20:26 - 00001732 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\WinZip.lnk
2014-11-15 20:26 - 2014-11-15 20:26 - 00001732 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\WinZip.lnk
2014-11-15 20:26 - 2014-11-15 20:26 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinZip
2014-11-15 20:26 - 2014-11-15 20:26 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinZip
2014-11-15 20:25 - 2014-11-15 20:26 - 00000000 ____D () C:\Program Files\WinZip
2014-11-15 20:24 - 2014-11-15 20:24 - 00000000 ____D () C:\Program Files\File Association Helper
2014-11-15 19:54 - 2014-11-15 17:41 - 70867717 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\WP Productions Movie.MPG
2014-11-15 19:53 - 2014-11-15 19:53 - 00000529 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\Shortcut to explorer.lnk
2014-11-12 10:58 - 2014-11-12 11:00 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\Electronic Data Books
2014-11-07 09:12 - 2014-01-22 09:29 - 00000879 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\WordPad.lnk
2014-10-22 14:48 - 2014-10-22 14:49 - 06000640 _____ () C:\Program Files\GUT141.tmp
2014-10-22 14:48 - 2014-10-22 14:48 - 00000000 ____D () C:\Program Files\GUM140.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 22:44 - 2014-01-23 10:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-21 22:25 - 2014-07-01 08:32 - 00000298 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-790525478-725345543-1004.job
2014-11-21 22:25 - 2014-01-22 11:50 - 01545138 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-21 22:24 - 2014-07-01 08:32 - 00000306 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-790525478-725345543-1004.job
2014-11-21 22:24 - 2014-05-02 08:25 - 00000242 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-21 22:24 - 2014-01-23 10:00 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 22:24 - 2014-01-22 09:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-21 22:24 - 2014-01-22 04:15 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-21 22:24 - 2014-01-22 04:15 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-21 22:23 - 2014-01-22 09:38 - 00032498 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-21 22:22 - 2014-01-22 09:39 - 00000178 ___SH () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\ntuser.ini
2014-11-21 22:22 - 2014-01-22 09:39 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS
2014-11-21 22:06 - 2014-03-24 14:59 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-21 21:59 - 2014-01-23 10:00 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-21 20:52 - 2009-03-09 12:26 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-21 20:52 - 2009-03-09 12:26 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-21 20:47 - 2003-07-16 15:47 - 00000227 _____ () C:\WINDOWS\system.ini
2014-11-21 20:17 - 2014-01-22 04:10 - 00000327 __RSH () C:\boot.ini
2014-11-21 16:10 - 2014-04-09 09:40 - 00000000 ___RD () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\My Documents\Dropbox
2014-11-21 16:09 - 2014-04-09 09:36 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Dropbox
2014-11-21 15:03 - 2014-05-02 07:14 - 00083340 _____ () C:\WINDOWS\setupapi.log
2014-11-21 14:35 - 2014-01-22 13:01 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Skype
2014-11-21 14:14 - 2014-03-28 07:54 - 00001813 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
2014-11-21 13:48 - 2014-09-10 10:35 - 00002265 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk
2014-11-20 22:44 - 2014-03-24 14:58 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-20 14:37 - 2009-03-10 10:06 - 00000000 ____D () C:\Program Files\Logitech
2014-11-20 13:43 - 2014-01-22 13:55 - 00011870 _____ () C:\WINDOWS\system32\lvcoinst.log
2014-11-20 13:43 - 2014-01-22 13:54 - 00011659 _____ () C:\WINDOWS\LDPINST.LOG
2014-11-20 13:43 - 2009-04-03 12:16 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2014-11-20 13:39 - 2011-01-11 07:25 - 00000000 ____D () C:\Program Files\Common Files\LWS
2014-11-20 12:43 - 2013-09-05 16:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-20 12:17 - 2014-01-22 04:11 - 00153897 _____ () C:\WINDOWS\setupact.log
2014-11-20 12:16 - 2014-01-28 12:14 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd
2014-11-20 12:16 - 2014-01-28 12:14 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd
2014-11-20 12:16 - 2014-01-22 13:59 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\LogiShrd
2014-11-20 07:41 - 2011-01-11 07:26 - 00000000 ____D () C:\WINDOWS\system32\logishrd
2014-11-20 07:40 - 2014-01-22 13:55 - 00000000 _____ () C:\WINDOWS\system32\Drivers\logiflt.iad
2014-11-18 08:02 - 2014-01-22 09:39 - 00000000 ___RD () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Start Menu\Programs\Accessories
2014-11-18 08:02 - 2009-03-09 07:05 - 00000000 ____D () C:\WINDOWS\Help
2014-11-18 08:00 - 2014-01-22 04:12 - 00369938 _____ () C:\WINDOWS\tsoc.log
2014-11-18 08:00 - 2014-01-22 04:12 - 00336371 _____ () C:\WINDOWS\comsetup.log
2014-11-18 08:00 - 2014-01-22 04:12 - 00204432 _____ () C:\WINDOWS\ntdtcsetup.log
2014-11-18 08:00 - 2014-01-22 04:12 - 00149926 _____ () C:\WINDOWS\iis6.log
2014-11-18 08:00 - 2014-01-22 04:12 - 00053281 _____ () C:\WINDOWS\ocmsn.log
2014-11-18 08:00 - 2014-01-22 04:12 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-11-18 07:56 - 2014-01-22 11:34 - 00169367 _____ () C:\WINDOWS\updspapi.log
2014-11-18 07:55 - 2014-01-22 04:12 - 00956176 _____ () C:\WINDOWS\FaxSetup.log
2014-11-18 07:55 - 2014-01-22 04:12 - 00476227 _____ () C:\WINDOWS\ocgen.log
2014-11-18 07:55 - 2014-01-22 04:12 - 00048408 _____ () C:\WINDOWS\msgsocm.log
2014-11-17 21:56 - 2014-01-22 08:13 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-17 21:50 - 2014-10-12 09:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-17 21:50 - 2014-10-12 09:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-17 21:28 - 2014-01-22 13:28 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\SlimWare Utilities Inc
2014-11-17 17:24 - 2014-10-12 09:48 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-16 14:55 - 2014-09-10 10:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2014-11-16 14:55 - 2014-09-10 10:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2014-11-13 10:34 - 2014-01-22 10:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI MMC
2014-11-13 10:34 - 2014-01-22 10:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI MMC
2014-11-12 10:30 - 2014-06-17 07:21 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\SELL
2014-11-12 09:43 - 2013-09-10 19:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-11-12 08:47 - 2014-01-23 10:00 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-12 08:47 - 2014-01-23 10:00 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-12 08:46 - 2014-07-09 08:44 - 17339056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-11-12 08:14 - 2014-07-17 07:51 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-12 08:14 - 2014-03-24 14:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-12 08:14 - 2014-03-24 14:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-12 08:14 - 2014-03-24 14:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-12 08:11 - 2003-07-16 15:53 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-05 11:08 - 2014-01-22 04:12 - 00466934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-31 23:25 - 2014-01-22 12:33 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Files to move or delete:
====================
C:\Documents and Settings\dennis pengelly\Application Data\skype.ini

Some content of TEMP:
====================
C:\Documents and Settings\dennis pengelly\Local Settings\temp\10-2_legacy_xp32-64_dd_ccc.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\1MdMj.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\7HQr2P.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar23.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar37.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\AtiCimUn.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\avg-antivirus-free.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\AvWLF.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\bpuninstall.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\GenericUninstall.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\hsbing_717_active.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\qPwGj.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\SkypeSetup.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Documents and Settings\dennis pengelly\Local Settings\temp\System.Data.SQLite.dll
C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst20.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst35.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\uninstaller.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\WSSetup.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\xMts8.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\Y9mSd1.exe
C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

dennis pengelly · Nov 21, 2014

FRST Logs (Part 2)

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-11-2014
Ran by dennis pengelly at 2014-11-21 22:44:43
Running from C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\My Documents\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AIO_Scan (Version: 90.0.200.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5097 - )
ATI Decoder (HKLM\...\InstallShield_{EB452503-A684-4F89-9138-2E590D60478B}) (Version: 3.0.0 - ATI Technologeis Inc.)
ATI Decoder (Version: 3.0.0 - ATI Technologeis Inc.) Hidden
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.231-060221a1-030895C-ATI - )
ATI HYDRAVISION (HKLM\...\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}) (Version: 3.25.0006 - )
ATI Multimedia Center 9.0.0.0 (HKLM\...\InstallShield_{56E005A4-2921-4C77-A4EB-9FF21C1438B5}) (Version: 9.0.0.0 - ATI Technologies)
ATI Remote Wonder 2.3 (HKLM\...\InstallShield_{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}) (Version: 2.3.0.0 - ATI Technologies)
ATIRW2 (Version: 2.3.0.0 - ATI Technologies) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Call of Duty(R) 2 (HKLM\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.3 - Activision)
Call of Duty(R) 2 (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 Patch 1.3 (Version: 1.3 - ) Hidden
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
Charter TV Player (HKLM\...\{c9ca25aa-aa3a-4b61-ad9f-070a2ed1a082}) (Version: 4.12 - Charter)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DAO (HKLM\...\InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}) (Version: 3.5 - ATI)
DAO (Version: 3.5 - ATI) Hidden
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (Version: 90.0.201.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 90.0.200.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.200.000 - Hewlett-Packard) Hidden
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 90.0.200.000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 90.0.200.000 - Hewlett-Packard) Hidden
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Free M4a to MP3 Converter 8.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet All-In-One Software 9.0 (HKLM\...\{706BB40A-4102-4c89-8107-DC68C4EBD19B}) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.006.002 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
MMC90 (Version: 9.0.0.0 - ATI Technologies) Hidden
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Pdf2Jpg version 1.2 (HKLM\...\{533D415A-4151-4AC5-858E-4068524C8051}_is1) (Version: 1.2 - Office Necessities inc.)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
ScopeUserGuide (Version: 1.00.0000 - Logitech) Hidden
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3650 - Analog Devices)
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E4}) (Version: 19.0.11293 - WinZip Computing, S.L. )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{052253BF-F1FF-4686-B231-8D1904DEED68}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{0C03DEC4-B374-44DF-9B0D-38BD942080C4}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Ch (the data entry has 40 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{0F81C552-68AD-4AAB-99D2-26F7F72A423C}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\C (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{1B72D1C3-A1B3-4C87-9552-894CFF74051F}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{1BC0C7E7-0ADF-4FCE-9FBD-70B2DBC3BD48}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{1E1C74D3-EF64-4F13-B631-DFDCEE4572FD}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\L (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{1FD9E587-43E1-4F1F-A41F-A6E8B93A5546}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{2D0235FC-1701-4F1C-B36C-84CD8813EDB5}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{31DC369C-75C3-4D8B-9C2D-0B10BF77BA0F}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{343ADE39-3C61-421B-93CB-19C44D33ED9B}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{47231DCA-F7A4-4696-B836-B2430D451226}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\I (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{4AC4E235-EB53-4942-B113-931D66A470B8}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 26 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{50021F2A-9C64-4766-A697-84E366A407B1}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{50632C37-EDD8-4B8F-A32B-8E280D942A8E}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{51B894AD-B2D5-48F6-B1D1-C1F0CF849587}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{553E32D1-AAF3-406A-B19E-E575829EC651}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{61F275A6-D089-4005-8971-9416F9AEA003}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\npPlayerPlugin.dll (Cisco)
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{648326CD-6F37-4A8F-BF14-E2BAD67AAAA8}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{6BB1EAF0-7572-4166-9DF4-2A817F5FCD83}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{6F80F85C-FC5C-4C7E-B7ED-9ECCECC7CF57}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\C (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{72A62965-EF25-42E0-97CE-7A2D69BF28C0}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{8A0F754D-9636-4771-A1A6-8A1126E03345}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{8A73CF97-446B-46AD-964C-2C3400CAA60F}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{8B48847D-052F-4153-93B8-7223BFF1C406}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\C (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{8B5F91E9-0032-4560-93B0-4539497C5366}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{941D2E9A-D724-4FB5-94D5-775B70E8C408}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{97637B78-01D0-4A40-A842-68774AA416BB}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{987585FA-DD0C-4E8B-8FC2-89B1181CA701}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{9A5A84A0-2E60-47D1-8C75-278A8D0F41FF}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{9E8F05AF-C18E-4A72-8743-A479EFD255E6}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{A16CA865-CD74-46EC-9432-74579FD657A0}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{A2DF38B5-93D0-44D6-8130-AA80F351F852}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\T (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{A70E086C-1477-4B0C-808A-94EF8271ED39}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\R (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{A7674421-DB75-4081-B0FE-2B378F1FFAEB}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{A8152EA9-8603-4217-9B22-06E801AE1D9C}\localserver32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\PCShowServerPMWrapper.exe (NDS Technologies)
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{ACAB158F-423F-4D59-BEDD-15C9E0CC2DD1}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{B10A3751-CC13-4A25-875B-EEC84674C6C0}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\S (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{B1267A8A-D143-41F7-A655-5765A8464796}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{B6C64A50-7BB8-441B-AE31-C4366C84BF00}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{B8217B92-8FDD-4A74-9417-B77BD74F62B7}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{BD75936F-2B69-477E-9E9A-218FFAF35F49}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{BE742811-02F4-4D7E-87C1-886909462A16}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\M (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{D2E87C0B-C06A-4E69-8A41-0AC3117505B4}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{D4A86438-A95B-487D-8B1D-1E67B2A0F379}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\D (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{D7B3EAC0-36D9-459E-AC96-3A88309FDDCC}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{E65E6AAE-9169-4625-B98D-EB903E707116}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{E6BFA606-59F2-4CD6-89C8-DAED6D789027}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{E9AC37A2-E79C-4CA3-A6A8-1884BF9A7852}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{EAD67B06-459C-48B9-90C1-5F2F34D4F83F}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{ECA7C134-E84B-4E6B-A3E2-355FCB853766}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{ED0BD0F4-ECAC-41D2-BD28-0ABFB129F40C}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\V (the data entry has 21 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{F0349E13-BD03-4073-BA25-6B2610C0750D}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{F53E4C9E-703C-41f3-8F69-C7E3D277594B}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{FD995983-DC2B-4B97-B3FE-E9534AA1A769}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\G (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1801674531-790525478-725345543-1004_Classes\CLSID\{FE0AA82B-B32A-4D54-BA97-918D2A9F6E70}\InprocServer32 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\VTShared\W (the data entry has 20 more characters).

==================== Restore Points =========================

27-08-2014 16:37:21 System Checkpoint
29-08-2014 13:53:40 System Checkpoint
05-09-2014 17:08:53 System Checkpoint
06-09-2014 17:03:11 Software Distribution Service 3.0
11-09-2014 12:08:54 System Checkpoint
12-09-2014 22:35:18 System Checkpoint
13-09-2014 23:04:53 System Checkpoint
14-09-2014 23:52:48 System Checkpoint
16-09-2014 00:52:48 System Checkpoint
17-09-2014 01:52:48 System Checkpoint
18-09-2014 02:52:48 System Checkpoint
19-09-2014 03:52:48 System Checkpoint
20-09-2014 04:52:49 System Checkpoint
22-09-2014 00:07:36 System Checkpoint
23-09-2014 12:08:00 System Checkpoint
25-09-2014 17:04:58 System Checkpoint
25-09-2014 18:15:39 Software Distribution Service 3.0
25-09-2014 19:22:08 Installed Microsoft Fix it 50267
29-09-2014 20:55:28 System Checkpoint
12-10-2014 14:49:15 Installed iTunes
15-10-2014 17:15:23 System Checkpoint
16-10-2014 17:16:17 System Checkpoint
17-10-2014 22:00:47 System Checkpoint
20-10-2014 21:08:47 System Checkpoint
21-10-2014 21:13:52 System Checkpoint
22-10-2014 22:01:28 System Checkpoint
23-10-2014 22:07:52 System Checkpoint
24-10-2014 23:01:46 System Checkpoint
25-10-2014 23:55:39 System Checkpoint
05-11-2014 18:44:44 System Checkpoint
06-11-2014 19:22:17 System Checkpoint
07-11-2014 20:11:40 System Checkpoint
09-11-2014 18:19:51 System Checkpoint
12-11-2014 15:17:14 System Checkpoint
13-11-2014 17:03:01 System Checkpoint
15-11-2014 14:36:55 System Checkpoint
17-11-2014 16:49:25 System Checkpoint
18-11-2014 17:08:31 System Checkpoint
19-11-2014 17:14:14 System Checkpoint
20-11-2014 17:15:55 Removed Logitech SetPoint 5.00.
20-11-2014 17:41:13 Software Distribution Service 3.0
20-11-2014 19:37:12 Removed Logitech Vid.
21-11-2014 03:41:13 preclean
21-11-2014 17:05:38 Installed Charter TV Player.
21-11-2014 20:29:24 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-07-16 15:29 - 2014-11-21 20:45 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-790525478-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-790525478-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2014-11-21 15:35 - 2014-11-21 15:35 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14112101\algo.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-03-09 12:33 - 2003-06-16 18:02 - 00061440 ____N () C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-11-21 15:33 - 2014-11-21 15:33 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-29 12:02 - 2014-10-29 12:02 - 01452400 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\NDSPCShowServer.exe
2014-10-29 12:02 - 2014-10-29 12:02 - 08305512 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\PCShowServer.dll
2014-10-29 12:02 - 2014-10-29 12:02 - 03242344 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\DrmSingleton.dll
2014-10-29 12:02 - 2014-10-29 12:02 - 00339304 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\ndsLogStore.dll
2014-10-29 12:02 - 2014-10-29 12:02 - 02183536 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\DiscoveryManager.dll
2014-10-29 12:02 - 2014-10-29 12:02 - 00689016 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\libgstreamer-0.10.dll
2014-10-29 12:02 - 2014-10-29 12:02 - 01403240 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\libxml2-2.dll
2014-10-29 12:03 - 2014-10-29 12:03 - 00091992 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\z.dll
2014-10-29 12:02 - 2014-10-29 12:02 - 00205680 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\libgstbase-0.10.dll
2014-10-29 12:02 - 2014-10-29 12:02 - 00060288 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\libgstinterfaces-0.10.dll
2014-10-29 12:02 - 2014-10-29 12:02 - 00043888 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\libgstvideo-0.10.dll
2014-10-29 12:02 - 2014-10-29 12:02 - 00044912 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\libgstapp-0.10.dll
2014-10-29 12:02 - 2014-10-29 12:02 - 08236392 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\gsttspplugin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1801674531-790525478-725345543-500 - Administrator - Enabled)
dennis pengelly (S-1-5-21-1801674531-790525478-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS
Guest (S-1-5-21-1801674531-790525478-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1801674531-790525478-725345543-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1801674531-790525478-725345543-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2014 09:56:12 PM) (Source: MsiInstaller) (EventID: 11406) (User: DENTECH-CXSLVNS)
Description: Product: QuickTime 7 -- Error 1406. Could not write value to key \Software\Classes\TypeLib\{7B92F833-027D-402B-BFF9-A67697366F4E}\1.0. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/17/2014 09:50:22 PM) (Source: MsiInstaller) (EventID: 11406) (User: DENTECH-CXSLVNS)
Description: Product: iTunes -- Error 1406. Could not write value to key \CLSID\{80EE9910-D470-4AED-AC5D-987046FDB574}\LocalServer32. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/17/2014 02:22:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (11/17/2014 02:22:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Error: (11/15/2014 08:10:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (11/15/2014 08:10:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Error: (11/15/2014 08:08:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wturbotax1040dlxamz20130900101.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/15/2014 08:07:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wturbotax1040dlxamz20130900101.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/25/2014 00:53:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (09/25/2014 00:53:12 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

System errors:
=============
Error: (11/21/2014 10:26:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (11/21/2014 10:24:37 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (11/21/2014 10:12:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (11/21/2014 10:11:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (11/21/2014 08:45:44 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (11/21/2014 02:50:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).

Error: (11/21/2014 01:47:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 2 time(s).

Error: (11/21/2014 01:47:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 2 time(s).

Error: (11/21/2014 09:55:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (11/21/2014 08:51:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (11/17/2014 09:56:12 PM) (Source: MsiInstaller) (EventID: 11406) (User: DENTECH-CXSLVNS)
Description: Product: QuickTime 7 -- Error 1406. Could not write value to key \Software\Classes\TypeLib\{7B92F833-027D-402B-BFF9-A67697366F4E}\1.0. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)

Error: (11/17/2014 09:50:22 PM) (Source: MsiInstaller) (EventID: 11406) (User: DENTECH-CXSLVNS)
Description: Product: iTunes -- Error 1406. Could not write value to key \CLSID\{80EE9910-D470-4AED-AC5D-987046FDB574}\LocalServer32. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)

Error: (11/17/2014 02:22:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (11/17/2014 02:22:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (11/15/2014 08:10:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (11/15/2014 08:10:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (11/15/2014 08:08:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wturbotax1040dlxamz20130900101.exe0.0.0.0hungapp0.0.0.000000000

Error: (11/15/2014 08:07:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wturbotax1040dlxamz20130900101.exe0.0.0.0hungapp0.0.0.000000000

Error: (09/25/2014 00:53:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80040206

Error: (09/25/2014 00:53:12 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070005

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 39%
Total physical RAM: 1023 MB
Available physical RAM: 616.82 MB
Total Pagefile: 2461.66 MB
Available Pagefile: 2073.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.72 GB) (Free:51.48 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Broni · Nov 21, 2014

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

dennis pengelly · Nov 22, 2014

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-11-2014
Ran by dennis pengelly at 2014-11-21 23:54:32 Run:1
Running from C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop
Loaded Profile: dennis pengelly (Available profiles: dennis pengelly)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ProxyServer: [S-1-5-21-1801674531-790525478-725345543-1004] => 0.0.0.0:80
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
Toolbar: HKLM - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
S3 x10nets; C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe [X]
S3 a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S4 IntelIde; No ImagePath
U3 TlntSvr; No ImagePath
C:\Documents and Settings\dennis pengelly\Application Data\skype.ini
C:\Documents and Settings\dennis pengelly\Local Settings\temp\10-2_legacy_xp32-64_dd_ccc.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\1MdMj.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\7HQr2P.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar23.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar37.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\AtiCimUn.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\avg-antivirus-free.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\AvWLF.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\bpuninstall.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\GenericUninstall.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\hsbing_717_active.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\qPwGj.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\SkypeSetup.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Documents and Settings\dennis pengelly\Local Settings\temp\System.Data.SQLite.dll
C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst20.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst35.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\uninstaller.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\WSSetup.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\xMts8.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\Y9mSd1.exe
C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\sqlite3.dll

*****************

HKU\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
"HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}" => Key not found.
HKU\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
"HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}" => Key not found.
x10nets => Service deleted successfully.
a2acc => Service deleted successfully.
catchme => Service deleted successfully.
cleanhlp => Service deleted successfully.
IntelIde => Service deleted successfully.
TlntSvr => Service deleted successfully.
C:\Documents and Settings\dennis pengelly\Application Data\skype.ini => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\10-2_legacy_xp32-64_dd_ccc.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\1MdMj.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\7HQr2P.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar23.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar37.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\AtiCimUn.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\avg-antivirus-free.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\AvWLF.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\bpuninstall.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\GenericUninstall.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\hsbing_717_active.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\qPwGj.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\SkypeSetup.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\System.Data.SQLite.dll => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst20.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst35.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\uninstaller.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\WSSetup.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\xMts8.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly\Local Settings\temp\Y9mSd1.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\sqlite3.dll => Moved successfully.

==== End of Fixlog ====

Solved Multiple iexplore processes

Posts: 34 +0

Posts: 56,041 +516

Posts: 34 +0

Attachments

Posts: 34 +0

Posts: 56,041 +516

Posts: 34 +0

Posts: 34 +0

Posts: 34 +0

Posts: 34 +0

Posts: 34 +0

Posts: 56,041 +516

Posts: 34 +0

Posts: 56,041 +516

Posts: 34 +0

Posts: 34 +0

Posts: 56,041 +516

Posts: 34 +0

Posts: 34 +0

Posts: 56,041 +516

Posts: 34 +0

Posts: 56,041 +516

Posts: 34 +0

Posts: 34 +0

Posts: 56,041 +516

Attachments

Posts: 34 +0

Similar threads